Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/vldYV3LWOW9tys3pjIJKZGnUQ1c.roa
File: vldYV3LWOW9tys3pjIJKZGnUQ1c.roa (raw, json)
Hash identifier: iuNVM1moJTBXO3h20HhJjEBtsYGf3s4iabPV9C2WSgw=
Subject key identifier: BE:57:58:57:72:D6:39:6F:6D:CA:CD:E9:8C:82:4A:64:69:D4:43:57
Certificate issuer: /CN=e5f985a94025448914deaa1742207304392513dd
Certificate serial: 019E2094183E74E96FC6B5D612387B21079D
Authority key identifier: E5:F9:85:A9:40:25:44:89:14:DE:AA:17:42:20:73:04:39:25:13:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/vldYV3LWOW9tys3pjIJKZGnUQ1c.roa
Signing time: Wed 13 May 2026 09:03:56 +0000
ROA not before: Wed 13 May 2026 09:03:56 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212547
IP address blocks: 185.220.4.0/22 maxlen: 22
185.220.4.0/24 maxlen: 24
185.220.5.0/24 maxlen: 24
185.220.6.0/24 maxlen: 24
185.220.7.0/24 maxlen: 24
2a0b:ed40::/29 maxlen: 29
2a0b:ed40::/32 maxlen: 32
2a0b:ed41::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.crl
rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.mft
rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 15 May 2026 21:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:20:94:18:3e:74:e9:6f:c6:b5:d6:12:38:7b:21:07:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5f985a94025448914deaa1742207304392513dd
Validity
Not Before: May 13 09:03:56 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=be57585772d6396f6dcacde98c824a6469d44357
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d5:0b:ff:08:db:a3:5e:e5:65:c5:f8:81:88:
2b:78:31:d9:dc:6e:fe:dc:32:ee:6d:79:5b:f8:00:
75:4b:14:90:38:6f:9a:d0:09:fa:21:25:11:2f:b3:
a4:e0:87:b8:9b:e1:b4:9a:5e:b4:94:71:47:1e:c3:
ce:a6:b3:0d:c5:97:a7:3e:fa:46:4c:2d:f2:f4:fc:
a4:d6:f0:80:91:f0:34:ec:ba:5e:43:cc:a7:2d:0c:
98:53:30:86:a4:93:cd:44:7a:b6:29:4c:7f:39:22:
73:cc:f9:f6:23:fb:fc:1d:75:39:eb:6a:dd:48:8b:
b5:9f:b4:2b:3f:8a:6b:c6:1a:c2:d6:80:59:a3:15:
8d:e2:48:2b:df:5a:cc:1e:3c:03:fa:86:92:a7:cc:
84:80:f4:f3:0c:64:02:c4:15:1e:5f:fb:ff:2d:fb:
f2:54:bb:ce:0d:5c:54:70:86:20:4d:0f:23:55:98:
65:ad:10:5d:4c:fd:cb:4b:ad:df:17:b5:57:27:9d:
00:b0:f9:ff:36:8f:f1:22:7b:a5:31:4b:ed:29:af:
2d:c6:8d:78:2f:bb:3a:e4:36:1a:be:fb:a5:02:69:
31:fd:99:54:fb:43:ab:7a:80:f3:35:74:6a:da:96:
01:a3:1e:39:b6:06:d9:2b:93:72:f8:17:b5:c1:99:
a5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:57:58:57:72:D6:39:6F:6D:CA:CD:E9:8C:82:4A:64:69:D4:43:57
X509v3 Authority Key Identifier:
keyid:E5:F9:85:A9:40:25:44:89:14:DE:AA:17:42:20:73:04:39:25:13:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5fmFqUAlRIkU3qoXQiBzBDklE90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/vldYV3LWOW9tys3pjIJKZGnUQ1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ba1c97-0e56-4840-b613-b361a2c457c4/1/5fmFqUAlRIkU3qoXQiBzBDklE90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.220.4.0/22
IPv6:
2a0b:ed40::/29
Signature Algorithm: sha256WithRSAEncryption
6e:21:2f:5c:78:2b:c7:99:1e:bf:f5:4b:4e:c2:67:12:ca:21:
0a:d2:49:f9:0d:33:93:a8:f2:7c:7e:a3:ae:3d:57:1f:d4:14:
24:64:3a:02:44:fd:c1:52:5d:8d:6f:b0:ab:e7:4e:3d:06:72:
de:70:cd:55:2c:39:0d:5e:64:c1:5b:27:74:84:57:00:4d:84:
d3:c2:7d:40:ea:f1:a2:54:16:36:17:96:89:03:1f:e6:b5:16:
b5:cf:de:84:8b:6c:13:53:c5:75:7d:9f:41:e2:98:bb:e2:d5:
51:ce:ff:a4:b5:07:c0:89:b5:bc:57:2e:dc:6a:3d:9d:7c:bb:
e3:9d:04:5e:5b:b7:75:9f:d9:a5:51:36:c0:53:69:1e:b9:e1:
c6:6e:2e:37:d8:24:5e:ff:fd:31:37:92:99:7b:2d:84:c9:1b:
c7:38:0c:2a:22:cb:0a:8a:76:cb:05:b0:c7:f5:9c:98:60:15:
26:d4:9f:c1:85:5a:03:9a:33:d2:1c:56:b6:c8:53:93:c6:71:
4e:ad:ab:65:50:d5:8e:40:17:c6:81:9b:1f:a7:17:dd:b7:1d:
40:f7:41:f6:9f:28:8e:18:34:90:1b:5c:3f:12:a6:1b:01:19:
21:e0:d1:d8:b2:73:ce:dc:66:18:d5:04:f3:3f:20:68:a3:a1:
d1:3c:36:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4glBg+dOlvxrXWEjh7IQedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Zjk4NWE5NDAyNTQ0ODkxNGRlYWExNzQyMjA3MzA0Mzky
NTEzZGQwHhcNMjYwNTEzMDkwMzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU3NTg1NzcyZDYzOTZmNmRjYWNkZTk4YzgyNGE2NDY5ZDQ0MzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9UL/wjbo17lZcX4gYgreDHZ3G7+
3DLubXlb+AB1SxSQOG+a0An6ISURL7Ok4Ie4m+G0ml60lHFHHsPOprMNxZenPvpG
TC3y9Pyk1vCAkfA07LpeQ8ynLQyYUzCGpJPNRHq2KUx/OSJzzPn2I/v8HXU562rd
SIu1n7QrP4prxhrC1oBZoxWN4kgr31rMHjwD+oaSp8yEgPTzDGQCxBUeX/v/Lfvy
VLvODVxUcIYgTQ8jVZhlrRBdTP3LS63fF7VXJ50AsPn/No/xInulMUvtKa8txo14
L7s65DYavvulAmkx/ZlU+0OreoDzNXRq2pYBox45tgbZK5Ny+Be1wZml6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL5XWFdy1jlvbcrN6YyCSmRp1ENXMB8GA1UdIwQY
MBaAFOX5halAJUSJFN6qF0IgcwQ5JRPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWZtRnFVQWxSSWtVM3FvWFFpQnpCRGtsRTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iYTFjOTctMGU1Ni00ODQwLWI2MTMt
YjM2MWEyYzQ1N2M0LzEvdmxkWVYzTFdPVzl0eXMzcGpJSktaR25VUTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iYTFjOTctMGU1Ni00ODQwLWI2MTMtYjM2MWEyYzQ1N2M0
LzEvNWZtRnFVQWxSSWtVM3FvWFFpQnpCRGtsRTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudwEMA0E
AgACMAcDBQMqC+1AMA0GCSqGSIb3DQEBCwUAA4IBAQBuIS9ceCvHmR6/9UtOwmcS
yiEK0kn5DTOTqPJ8fqOuPVcf1BQkZDoCRP3BUl2Nb7Cr5049BnLecM1VLDkNXmTB
Wyd0hFcATYTTwn1A6vGiVBY2F5aJAx/mtRa1z96Ei2wTU8V1fZ9B4pi74tVRzv+k
tQfAibW8Vy7caj2dfLvjnQReW7d1n9mlUTbAU2keueHGbi432CRe//0xN5KZey2E
yRvHOAwqIssKinbLBbDH9ZyYYBUm1J/BhVoDmjPSHFa2yFOTxnFOratlUNWOQBfG
gZsfpxfdtx1A90H2nyiOGDSQG1w/EqYbARkh4NHYsnPO3GYY1QTzPyBoo6HRPDYi
-----END CERTIFICATE-----
Generated at Fri May 15 06:16:43 2026 by rpki-client