Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aL6bUGTHkpcHHWs-Po3_bkcw8N0.roa
File: aL6bUGTHkpcHHWs-Po3_bkcw8N0.roa (raw, json)
Hash identifier: ri9rtr5v6mxkEnUcDShGl6eVFOsXr78RXTrqI9KwgSM=
Subject key identifier: 68:BE:9B:50:64:C7:92:97:07:1D:6B:3E:3E:8D:FF:6E:47:30:F0:DD
Certificate issuer: /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial: 019E3A547FAC4897E18257AA6F6628C1EBD6
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aL6bUGTHkpcHHWs-Po3_bkcw8N0.roa
Signing time: Mon 18 May 2026 09:04:36 +0000
ROA not before: Mon 18 May 2026 09:04:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2914
IP address blocks: 148.253.239.0/24 maxlen: 24
148.253.240.0/24 maxlen: 24
148.253.242.0/24 maxlen: 24
148.253.243.0/24 maxlen: 24
148.253.249.0/24 maxlen: 24
148.253.250.0/24 maxlen: 24
151.249.90.0/24 maxlen: 24
151.249.91.0/24 maxlen: 24
163.171.90.0/24 maxlen: 24
163.171.91.0/24 maxlen: 24
163.171.246.0/24 maxlen: 24
163.171.247.0/24 maxlen: 24
163.171.251.0/24 maxlen: 24
163.171.253.0/24 maxlen: 24
163.171.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 May 2026 11:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:3a:54:7f:ac:48:97:e1:82:57:aa:6f:66:28:c1:eb:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Validity
Not Before: May 18 09:04:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=68be9b5064c79297071d6b3e3e8dff6e4730f0dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:e1:2c:96:d5:d5:60:d5:a7:f7:f3:19:f6:ee:
e6:f5:00:41:6c:12:eb:19:3a:bb:51:e1:02:05:cc:
17:f6:f9:cd:1f:31:4a:05:6c:33:52:ae:37:62:d5:
37:00:6e:0a:76:c5:e1:f9:c0:a5:7c:c2:d1:b5:98:
df:9d:8c:f2:5f:36:5e:bf:fd:b7:a5:bb:a5:5f:79:
b5:e0:9f:74:64:a9:6c:62:fd:57:b2:98:31:ba:c4:
4a:11:c0:65:40:07:50:6d:89:fe:57:a8:1e:07:9d:
48:88:46:2e:a5:3a:71:9b:c6:66:06:2e:a1:7d:bb:
5f:54:16:13:04:07:13:c8:94:70:f9:95:f4:fc:e3:
2b:c4:c9:da:fb:60:59:fe:79:78:87:62:fe:5b:6f:
34:f8:4b:1a:71:8f:d2:83:fc:89:af:b7:0f:19:de:
53:17:0b:77:b0:b0:3e:cb:45:be:52:99:0d:77:96:
83:4d:8e:c6:00:ca:30:64:12:bc:c5:c3:86:32:aa:
89:36:9b:d4:ab:20:30:5e:b1:72:7d:8e:d2:a8:9a:
43:9f:28:80:e8:2d:32:fc:2a:ab:b2:78:80:99:c8:
12:0b:e4:ba:3b:67:c4:54:08:3b:be:c2:15:5a:26:
90:54:fc:06:8f:e0:a8:e9:4e:cb:bb:24:e7:e1:c6:
aa:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:BE:9B:50:64:C7:92:97:07:1D:6B:3E:3E:8D:FF:6E:47:30:F0:DD
X509v3 Authority Key Identifier:
keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aL6bUGTHkpcHHWs-Po3_bkcw8N0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.253.239.0-148.253.240.255
148.253.242.0/23
148.253.249.0-148.253.250.255
151.249.90.0/23
163.171.90.0/23
163.171.246.0/23
163.171.251.0/24
163.171.253.0-163.171.254.255
Signature Algorithm: sha256WithRSAEncryption
d3:11:3d:89:4f:7f:e3:38:5c:06:12:f1:f9:6e:07:e8:f8:0d:
1c:87:f6:43:21:d3:63:7c:9f:dd:d4:4f:34:34:a4:63:87:2b:
43:88:8a:53:9c:17:c7:bf:46:12:c9:dd:00:19:20:d5:44:b9:
2c:6b:5e:25:24:d0:d3:a2:09:fe:99:3e:7e:e4:86:bb:38:60:
40:1a:96:57:e3:d3:0a:b2:ab:98:4d:4c:98:3e:39:66:2d:25:
06:b9:16:af:d9:22:9f:16:e9:5e:38:2b:23:d1:d2:27:de:20:
65:bb:7a:59:6b:7e:5b:be:d0:76:96:ad:40:d8:f8:68:69:9a:
d8:ca:cf:31:fc:bd:d0:e3:2c:2f:ab:c0:8b:70:89:ae:4c:04:
f3:26:4b:22:70:e4:cd:98:41:1a:3a:e3:78:dd:27:e1:ae:ff:
e8:29:1e:50:2a:7f:be:36:43:98:98:17:f1:21:d0:2a:40:0f:
9a:60:62:58:3a:5b:09:39:b7:5e:9f:21:0b:b4:e1:6a:5c:97:
4b:35:b8:24:05:ba:23:8a:70:06:74:41:ca:60:c6:d2:8a:57:
c2:1a:71:af:e7:0b:c5:8a:4b:0c:71:69:02:b5:ba:28:94:fa:
46:4a:c2:0c:74:83:a8:36:8e:4b:f0:35:c0:54:49:00:c7:ac:
ec:03:69:09
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZ46VH+sSJfhgleqb2YowevWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjYwNTE4MDkwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJlOWI1MDY0Yzc5Mjk3MDcxZDZiM2UzZThkZmY2ZTQ3MzBmMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OEsltXVYNWn9/MZ9u7m9QBBbBLr
GTq7UeECBcwX9vnNHzFKBWwzUq43YtU3AG4KdsXh+cClfMLRtZjfnYzyXzZev/23
pbulX3m14J90ZKlsYv1XspgxusRKEcBlQAdQbYn+V6geB51IiEYupTpxm8ZmBi6h
fbtfVBYTBAcTyJRw+ZX0/OMrxMna+2BZ/nl4h2L+W280+EsacY/Sg/yJr7cPGd5T
Fwt3sLA+y0W+UpkNd5aDTY7GAMowZBK8xcOGMqqJNpvUqyAwXrFyfY7SqJpDnyiA
6C0y/CqrsniAmcgSC+S6O2fEVAg7vsIVWiaQVPwGj+Co6U7LuyTn4caqmQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGi+m1Bkx5KXBx1rPj6N/25HMPDdMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvYUw2YlVHVEhrcGNISFdzLVBvM19ia2N3OE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBACU/e8D
BACU/fADBAGU/fIwDAMEAJT9+QMEAJT9+gMEAZf5WgMEAaOrWgMEAaOr9gMEAKOr
+zAMAwQAo6v9AwQAo6v+MA0GCSqGSIb3DQEBCwUAA4IBAQDTET2JT3/jOFwGEvH5
bgfo+A0ch/ZDIdNjfJ/d1E80NKRjhytDiIpTnBfHv0YSyd0AGSDVRLksa14lJNDT
ogn+mT5+5Ia7OGBAGpZX49MKsquYTUyYPjlmLSUGuRav2SKfFuleOCsj0dIn3iBl
u3pZa35bvtB2lq1A2PhoaZrYys8x/L3Q4ywvq8CLcImuTATzJksicOTNmEEaOuN4
3Sfhrv/oKR5QKn++NkOYmBfxIdAqQA+aYGJYOlsJObdenyELtOFqXJdLNbgkBboj
inAGdEHKYMbSilfCGnGv5wvFiksMcWkCtboolPpGSsIMdIOoNo5L8DXAVEkAx6zs
A2kJ
-----END CERTIFICATE-----
Generated at Sat May 23 17:46:25 2026 by rpki-client