Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/fhJYydXnvoN7Ac7AqkaPLuxtACY.roa
File: fhJYydXnvoN7Ac7AqkaPLuxtACY.roa (raw, json)
Hash identifier: e/9VG+aSWxjfrsY+2Dk5znjgI4W2xJG4DTb4yBqCYAc=
Subject key identifier: 7E:12:58:C9:D5:E7:BE:83:7B:01:CE:C0:AA:46:8F:2E:EC:6D:00:26
Certificate issuer: /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial: 019EAC6307D4748FC1F761C5585C45C4B5D4
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/fhJYydXnvoN7Ac7AqkaPLuxtACY.roa
Signing time: Tue 09 Jun 2026 12:37:11 +0000
ROA not before: Tue 09 Jun 2026 12:37:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197540
IP address blocks: 152.53.0.0/16 maxlen: 24
152.53.5.0/24 maxlen: 24
152.53.7.0/24 maxlen: 24
152.53.12.0/22 maxlen: 24
152.53.16.0/22 maxlen: 24
152.53.20.0/22 maxlen: 24
152.53.32.0/22 maxlen: 24
152.53.42.0/24 maxlen: 24
152.53.42.0/27 maxlen: 27
152.53.42.64/28 maxlen: 28
152.53.43.0/24 maxlen: 24
152.53.43.64/27 maxlen: 27
152.53.44.0/22 maxlen: 24
152.53.48.0/22 maxlen: 22
152.53.60.0/24 maxlen: 24
152.53.61.0/24 maxlen: 24
152.53.64.0/22 maxlen: 24
152.53.84.0/22 maxlen: 22
152.53.92.0/22 maxlen: 22
152.53.100.0/22 maxlen: 22
152.53.104.0/22 maxlen: 22
152.53.108.0/22 maxlen: 22
152.53.112.0/22 maxlen: 22
152.53.116.0/22 maxlen: 22
152.53.124.0/22 maxlen: 22
152.53.128.0/20 maxlen: 22
152.53.144.0/22 maxlen: 22
152.53.148.0/22 maxlen: 22
152.53.152.0/22 maxlen: 22
152.53.156.0/22 maxlen: 22
152.53.160.0/22 maxlen: 22
152.53.172.0/22 maxlen: 22
152.53.176.0/22 maxlen: 22
152.53.180.0/22 maxlen: 22
152.53.184.0/22 maxlen: 24
152.53.188.0/22 maxlen: 22
152.53.196.0/22 maxlen: 22
152.53.200.0/24 maxlen: 24
152.53.202.0/24 maxlen: 24
152.53.204.0/22 maxlen: 22
152.53.212.0/24 maxlen: 24
152.53.224.0/22 maxlen: 22
152.53.228.0/22 maxlen: 22
152.53.236.0/22 maxlen: 22
152.53.244.0/22 maxlen: 22
152.53.248.0/22 maxlen: 22
152.53.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 18:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ac:63:07:d4:74:8f:c1:f7:61:c5:58:5c:45:c4:b5:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Validity
Not Before: Jun 9 12:37:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7e1258c9d5e7be837b01cec0aa468f2eec6d0026
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:13:21:29:0d:cd:77:c4:29:c8:e0:1a:59:97:
47:0a:62:97:ea:04:61:1b:b9:ab:a2:a9:43:8d:63:
ed:27:03:9a:53:f0:8c:e5:a2:4f:21:ff:f6:8a:14:
db:bb:7e:9f:0b:fa:7d:08:f6:9f:b3:61:5d:ec:75:
ca:52:6c:f3:1d:df:32:6d:1a:b6:79:97:17:b4:f0:
b6:90:15:d6:4e:ae:67:5d:30:cf:da:97:d3:1d:ec:
07:31:9e:a2:f7:82:5d:06:da:81:4c:3f:28:20:e4:
63:e8:50:a8:e0:c2:38:84:44:fc:e1:17:7c:80:c1:
c9:0b:71:7b:e4:ae:c1:fd:0f:02:86:5e:e4:7a:06:
4f:97:55:d9:61:03:35:42:ce:8d:69:dd:7e:bc:13:
9f:a1:eb:70:9a:ab:f0:d2:45:c3:cc:fd:d4:8e:bc:
64:01:c5:da:7c:f3:80:67:28:a1:a9:e9:b0:b2:14:
6b:de:27:fd:08:a4:d4:11:fa:2c:c9:2b:b0:64:19:
43:81:ca:77:77:c5:3b:cf:f8:43:e7:0f:83:fe:99:
ae:a2:72:64:3a:d8:1a:04:b6:06:69:0a:4a:b3:7f:
ef:3e:fb:2d:12:10:89:94:31:7e:6d:71:a3:56:a8:
b2:45:6b:20:cd:0f:ca:d6:fc:eb:9e:37:d7:bd:68:
f7:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:12:58:C9:D5:E7:BE:83:7B:01:CE:C0:AA:46:8F:2E:EC:6D:00:26
X509v3 Authority Key Identifier:
keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/fhJYydXnvoN7Ac7AqkaPLuxtACY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.53.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:30:6d:0a:45:40:f5:2d:9b:f5:49:3b:d6:7e:54:dc:41:f5:
91:09:8f:52:31:35:30:ac:69:d3:57:49:4a:3e:97:d5:71:18:
db:f5:76:70:a6:44:e0:a2:d5:04:76:82:4e:d2:de:61:36:09:
18:1f:ea:0a:0d:48:40:a1:59:e1:d7:47:b0:28:86:47:1e:3c:
d8:bd:16:af:df:d2:13:e5:ef:1c:65:6e:79:d9:63:c5:70:41:
2f:ca:c8:e3:6e:73:90:3c:93:07:a0:65:16:59:82:6f:a2:d1:
e7:c8:94:8b:84:62:ed:13:9e:de:30:35:cc:ad:05:d6:26:61:
ce:a3:42:8a:96:5f:e2:84:d8:50:5e:63:68:18:e5:07:8f:32:
b6:d1:fc:a7:0b:11:16:62:6c:e4:30:98:e5:e0:bd:21:13:3c:
e9:d9:92:cd:80:03:ce:81:ad:c3:86:fb:82:4c:34:72:39:2b:
9f:6a:1e:fb:3f:33:75:b1:64:63:87:16:27:02:51:6e:0a:a7:
9d:2d:73:55:25:fa:79:3b:93:87:b7:53:94:8f:98:e6:c0:15:
2c:24:c2:9c:d0:9a:04:ee:67:c2:28:fc:c0:cf:60:a9:cb:3a:
20:3b:f5:0f:cc:82:16:c3:94:78:df:8c:ae:00:46:7d:9c:f8:
4c:da:99:c7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZ6sYwfUdI/B92HFWFxFxLXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjYwNjA5MTIzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTEyNThjOWQ1ZTdiZTgzN2IwMWNlYzBhYTQ2OGYyZWVjNmQwMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBMhKQ3Nd8QpyOAaWZdHCmKX6gRh
G7mroqlDjWPtJwOaU/CM5aJPIf/2ihTbu36fC/p9CPafs2Fd7HXKUmzzHd8ybRq2
eZcXtPC2kBXWTq5nXTDP2pfTHewHMZ6i94JdBtqBTD8oIORj6FCo4MI4hET84Rd8
gMHJC3F75K7B/Q8Chl7kegZPl1XZYQM1Qs6Nad1+vBOfoetwmqvw0kXDzP3Ujrxk
AcXafPOAZyihqemwshRr3if9CKTUEfosySuwZBlDgcp3d8U7z/hD5w+D/pmuonJk
OtgaBLYGaQpKs3/vPvstEhCJlDF+bXGjVqiyRWsgzQ/K1vzrnjfXvWj3bQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFH4SWMnV576DewHOwKpGjy7sbQAmMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvZmhKWXlkWG52b043QWM3QXFrYVBMdXh0QUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAKkwbQpFQPUtm/VJO9Z+VNxB9ZEJj1IxNTCsadNXSUo+
l9VxGNv1dnCmROCi1QR2gk7S3mE2CRgf6goNSEChWeHXR7AohkcePNi9Fq/f0hPl
7xxlbnnZY8VwQS/KyONuc5A8kwegZRZZgm+i0efIlIuEYu0Tnt4wNcytBdYmYc6j
QoqWX+KE2FBeY2gY5QePMrbR/KcLERZibOQwmOXgvSETPOnZks2AA86BrcOG+4JM
NHI5K59qHvs/M3WxZGOHFicCUW4Kp50tc1Ul+nk7k4e3U5SPmObAFSwkwpzQmgTu
Z8Io/MDPYKnLOiA79Q/MghbDlHjfjK4ARn2c+Ezamcc=
-----END CERTIFICATE-----
Generated at Fri Jun 12 02:40:45 2026 by rpki-client