Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YIoEjXI8iC4BEIx6NiFHIJpAI0A.roa
File: YIoEjXI8iC4BEIx6NiFHIJpAI0A.roa (raw, json)
Hash identifier: nKCaGIxDZA7MCtrLztei7BwcEIdP1du6eensEbufEXc=
Subject key identifier: 60:8A:04:8D:72:3C:88:2E:01:10:8C:7A:36:21:47:20:9A:40:23:40
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019DE3548E68D7F3796624286697308F3712
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YIoEjXI8iC4BEIx6NiFHIJpAI0A.roa
Signing time: Fri 01 May 2026 11:37:42 +0000
ROA not before: Fri 01 May 2026 11:37:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 138.249.21.0/24 maxlen: 24
138.249.126.0/24 maxlen: 24
138.249.148.0/24 maxlen: 24
170.168.7.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 18:48:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:e3:54:8e:68:d7:f3:79:66:24:28:66:97:30:8f:37:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: May 1 11:37:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=608a048d723c882e01108c7a362147209a402340
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:eb:c0:fb:0f:38:0b:03:83:0f:9e:70:b1:25:
40:3e:58:a4:f6:9d:c5:11:1e:fe:e6:4e:7a:91:16:
02:2a:56:05:93:8e:7b:09:aa:73:50:87:f2:fe:c4:
21:ec:4e:30:29:12:33:e4:d0:d3:10:d1:46:c7:39:
c5:b9:cf:ff:69:9a:d6:ac:52:69:9d:7b:6f:75:18:
ed:0f:53:84:c3:30:92:e3:0d:59:33:b1:74:81:f8:
32:83:a2:ab:68:6e:3e:82:00:31:26:c7:83:f0:d7:
46:24:8a:f9:d4:ba:ed:32:11:31:26:67:8b:b3:7b:
39:e8:93:12:8e:7b:b9:37:8b:3e:19:a2:41:67:c5:
12:9e:c2:95:c3:aa:0e:b3:31:61:36:2c:4c:9e:30:
cf:dc:f7:41:28:3a:77:db:96:af:e4:48:ab:9b:0b:
d1:8f:b4:d5:ff:9a:27:64:5c:56:10:02:4e:6f:08:
0e:66:30:21:5e:00:c2:d3:02:13:92:2c:5f:62:f9:
ca:79:cf:4a:46:c5:31:53:be:09:ed:26:a6:06:2b:
60:ca:ba:d5:e1:41:ca:3c:d3:62:b4:77:a8:69:94:
ed:11:a2:21:2e:5c:68:4f:67:30:98:c8:58:af:85:
c6:09:e7:c4:8a:17:b1:8c:4d:d7:11:40:44:e6:ad:
33:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:8A:04:8D:72:3C:88:2E:01:10:8C:7A:36:21:47:20:9A:40:23:40
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YIoEjXI8iC4BEIx6NiFHIJpAI0A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.249.21.0/24
138.249.126.0/24
138.249.148.0/24
170.168.7.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:4d:98:b5:ca:d8:f8:51:02:08:bc:00:7b:73:64:cc:8b:eb:
5e:2f:88:07:a7:a6:42:fe:92:15:2f:b8:47:7f:b4:d5:43:e4:
52:eb:7e:82:52:35:bb:60:b7:1c:d5:a6:92:e0:62:e1:cb:00:
a5:7f:8e:c7:4d:7c:d8:fb:18:e2:49:33:38:86:bd:d3:4b:6f:
46:08:d2:e7:15:7d:32:86:04:2f:e8:c0:d2:5b:7a:07:06:40:
34:21:42:c2:55:2a:15:a2:89:b8:46:ea:78:94:07:f9:46:01:
ab:81:84:c6:81:2d:54:b8:67:22:ad:c9:d7:3c:c9:34:45:c1:
e5:3f:d0:52:1d:11:2d:4d:d0:c4:44:68:43:ae:97:ae:c6:9b:
29:9e:4b:10:71:ac:4e:64:5a:b4:07:4e:91:d9:40:cf:0e:20:
32:b9:be:49:01:8f:d3:2d:7b:42:0c:0f:b2:ef:ad:34:d2:43:
a0:3e:b6:a5:8d:29:0d:30:88:af:59:b7:a5:f7:9a:8b:47:37:
86:13:d1:cf:45:97:ea:2a:00:5b:f1:6e:50:d6:0c:dc:c1:a8:
fb:40:89:33:c9:30:72:e3:71:c0:ae:55:bb:00:68:ad:80:e5:
e9:03:2a:b2:fc:70:bc:56:3f:8f:a9:be:a7:da:f8:24:fa:66:
cf:db:c4:31
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ3jVI5o1/N5ZiQoZpcwjzcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNTAxMTEzNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhhMDQ4ZDcyM2M4ODJlMDExMDhjN2EzNjIxNDcyMDlhNDAyMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uvA+w84CwODD55wsSVAPlik9p3F
ER7+5k56kRYCKlYFk457CapzUIfy/sQh7E4wKRIz5NDTENFGxznFuc//aZrWrFJp
nXtvdRjtD1OEwzCS4w1ZM7F0gfgyg6KraG4+ggAxJseD8NdGJIr51LrtMhExJmeL
s3s56JMSjnu5N4s+GaJBZ8USnsKVw6oOszFhNixMnjDP3PdBKDp325av5EirmwvR
j7TV/5onZFxWEAJObwgOZjAhXgDC0wITkixfYvnKec9KRsUxU74J7SamBitgyrrV
4UHKPNNitHeoaZTtEaIhLlxoT2cwmMhYr4XGCefEihexjE3XEUBE5q0zNQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGCKBI1yPIguARCMejYhRyCaQCNAMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvWUlvRWpYSThpQzRCRUl4Nk5pRkhJSnBBSTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAivkVAwQA
ivl+AwQAivmUAwQAqqgHMA0GCSqGSIb3DQEBCwUAA4IBAQA8TZi1ytj4UQIIvAB7
c2TMi+teL4gHp6ZC/pIVL7hHf7TVQ+RS636CUjW7YLcc1aaS4GLhywClf47HTXzY
+xjiSTM4hr3TS29GCNLnFX0yhgQv6MDSW3oHBkA0IULCVSoVoom4Rup4lAf5RgGr
gYTGgS1UuGcircnXPMk0RcHlP9BSHREtTdDERGhDrpeuxpspnksQcaxOZFq0B06R
2UDPDiAyub5JAY/TLXtCDA+y76000kOgPraljSkNMIivWbel95qLRzeGE9HPRZfq
KgBb8W5Q1gzcwaj7QIkzyTBy43HArlW7AGitgOXpAyqy/HC8Vj+Pqb6n2vgk+mbP
28Qx
-----END CERTIFICATE-----
Generated at Wed May 6 04:14:47 2026 by rpki-client