Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/llhcsYDLkm4Ou2uZaJyDW3EMdA0.roa
File: llhcsYDLkm4Ou2uZaJyDW3EMdA0.roa (raw, json)
Hash identifier: v77F3OYndH+vxoqA2hOKsJpKUx5tr3Ki2/ZCUFpENYI=
Subject key identifier: 96:58:5C:B1:80:CB:92:6E:0E:BB:6B:99:68:9C:83:5B:71:0C:74:0D
Certificate issuer: /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial: 019CD161C4096E569F1F9F5443D5CB3A3F18
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/llhcsYDLkm4Ou2uZaJyDW3EMdA0.roa
Signing time: Mon 09 Mar 2026 06:56:10 +0000
ROA not before: Mon 09 Mar 2026 06:56:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42473
IP address blocks: 152.53.0.0/16 maxlen: 24
152.53.6.0/24 maxlen: 24
152.53.7.0/24 maxlen: 24
152.53.8.0/24 maxlen: 24
152.53.9.0/24 maxlen: 24
152.53.24.0/24 maxlen: 24
152.53.25.0/24 maxlen: 24
152.53.26.0/24 maxlen: 24
152.53.27.0/24 maxlen: 24
152.53.30.0/24 maxlen: 24
152.53.36.0/22 maxlen: 24
152.53.41.0/24 maxlen: 24
152.53.48.0/22 maxlen: 22
152.53.58.0/24 maxlen: 24
152.53.59.0/24 maxlen: 24
152.53.62.0/24 maxlen: 24
152.53.63.0/24 maxlen: 24
152.53.64.0/22 maxlen: 24
152.53.69.0/24 maxlen: 24
152.53.74.0/24 maxlen: 24
152.53.75.0/24 maxlen: 24
152.53.78.0/24 maxlen: 24
152.53.79.0/24 maxlen: 24
152.53.80.0/22 maxlen: 22
152.53.84.0/22 maxlen: 22
152.53.88.0/22 maxlen: 22
152.53.92.0/22 maxlen: 22
152.53.96.0/24 maxlen: 24
152.53.97.0/24 maxlen: 24
152.53.98.0/24 maxlen: 24
152.53.99.0/24 maxlen: 24
152.53.100.0/22 maxlen: 22
152.53.104.0/22 maxlen: 22
152.53.108.0/22 maxlen: 22
152.53.112.0/22 maxlen: 22
152.53.116.0/22 maxlen: 22
152.53.124.0/22 maxlen: 22
152.53.128.0/20 maxlen: 22
152.53.160.0/22 maxlen: 22
152.53.164.0/22 maxlen: 22
152.53.168.0/22 maxlen: 22
152.53.176.0/22 maxlen: 22
152.53.180.0/22 maxlen: 22
152.53.224.0/22 maxlen: 22
152.53.228.0/22 maxlen: 22
152.53.236.0/22 maxlen: 22
152.53.240.0/22 maxlen: 22
152.53.244.0/22 maxlen: 22
152.53.248.0/22 maxlen: 22
152.53.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 21:05:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d1:61:c4:09:6e:56:9f:1f:9f:54:43:d5:cb:3a:3f:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Validity
Not Before: Mar 9 06:56:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=96585cb180cb926e0ebb6b99689c835b710c740d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:da:a1:d6:b5:f7:fc:20:17:ef:7f:74:b3:d0:
c9:4c:28:01:09:a8:14:88:1a:49:ba:4e:39:a5:9d:
34:84:32:fb:b7:de:2e:f1:b0:cb:50:09:91:49:6c:
ad:8b:c3:86:d7:39:10:19:c8:1a:b4:69:ab:54:3f:
b0:4d:b9:b0:16:1d:04:96:63:85:32:f8:67:d8:1c:
b5:51:ee:46:66:23:69:ad:17:e4:69:0f:7f:d9:68:
69:1d:d7:90:bb:a1:37:fd:69:20:10:ec:f6:99:77:
de:8c:13:84:81:e5:6a:92:d0:ab:b3:ed:36:f6:14:
83:d1:13:69:f9:79:79:ed:50:e9:05:05:1c:18:72:
db:a7:6f:1a:63:d1:55:5b:d6:f6:30:0f:db:3c:8f:
17:fd:d9:15:1b:06:98:e3:38:77:b6:ea:96:f9:42:
71:2b:ef:1b:17:53:53:a8:36:80:9c:c2:8e:fd:c7:
b4:6b:01:10:5e:eb:98:df:64:77:a0:2f:04:61:ab:
6a:b7:16:e2:fe:16:d7:62:8d:01:5a:b3:81:4e:07:
b2:9d:b9:15:a7:0e:33:a7:7c:e2:57:a2:72:5b:ee:
2f:e1:04:41:31:2b:68:f7:ff:59:f7:b6:4a:86:98:
0d:5c:43:8f:d8:b4:f8:68:d0:d2:30:ee:c0:b7:58:
1d:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:58:5C:B1:80:CB:92:6E:0E:BB:6B:99:68:9C:83:5B:71:0C:74:0D
X509v3 Authority Key Identifier:
keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/llhcsYDLkm4Ou2uZaJyDW3EMdA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.53.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:d1:86:bb:f2:f0:13:52:55:63:6b:a7:90:ff:ea:35:c6:34:
f0:02:8c:51:d8:9b:89:f5:30:8e:5d:c0:19:a7:77:9e:90:22:
60:2d:c3:32:42:60:76:d5:25:2e:f0:e4:79:a1:f8:be:6e:19:
bf:bb:4f:d2:15:e9:7a:af:78:85:b7:0e:ca:f7:ee:c3:d0:27:
a9:27:f9:a3:30:89:55:de:c6:5d:63:f0:64:26:04:f3:2b:c1:
ec:ea:0a:95:5e:1f:9b:fd:87:ba:0c:79:24:91:8a:68:b9:da:
ee:a0:61:17:d3:dc:a1:8e:66:be:a9:61:58:24:27:66:b3:f8:
4e:5e:e8:b5:b2:49:c0:ef:8a:f8:42:e1:f2:34:38:93:99:88:
aa:57:3e:23:6c:64:87:6e:4e:a0:1d:97:dd:d1:f2:b1:6a:df:
08:41:1d:a3:cd:85:8c:2d:4d:22:b4:e7:9b:bf:bf:8c:0b:3e:
35:d8:4f:37:0d:f2:1c:8b:8c:53:ed:00:b2:8e:77:9b:9b:c8:
0a:e7:d2:1c:ac:00:b3:cd:a0:c0:2c:4e:a5:7d:89:f9:e6:13:
e1:87:41:f9:59:6b:31:bd:8f:23:d8:33:e2:23:6b:de:67:de:
28:67:a1:9e:38:56:0b:48:fd:3f:73:7c:8d:3b:47:27:8f:10:
49:89:74:a8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZzRYcQJblafH59UQ9XLOj8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjYwMzA5MDY1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU4NWNiMTgwY2I5MjZlMGViYjZiOTk2ODljODM1YjcxMGM3NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNqh1rX3/CAX7390s9DJTCgBCagU
iBpJuk45pZ00hDL7t94u8bDLUAmRSWyti8OG1zkQGcgatGmrVD+wTbmwFh0ElmOF
Mvhn2By1Ue5GZiNprRfkaQ9/2WhpHdeQu6E3/WkgEOz2mXfejBOEgeVqktCrs+02
9hSD0RNp+Xl57VDpBQUcGHLbp28aY9FVW9b2MA/bPI8X/dkVGwaY4zh3tuqW+UJx
K+8bF1NTqDaAnMKO/ce0awEQXuuY32R3oC8EYatqtxbi/hbXYo0BWrOBTgeynbkV
pw4zp3ziV6JyW+4v4QRBMSto9/9Z97ZKhpgNXEOP2LT4aNDSMO7At1gd2QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJZYXLGAy5JuDrtrmWicg1txDHQNMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvbGxoY3NZRExrbTRPdTJ1WmFKeURXM0VNZEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAIjRhrvy8BNSVWNrp5D/6jXGNPACjFHYm4n1MI5dwBmn
d56QImAtwzJCYHbVJS7w5Hmh+L5uGb+7T9IV6XqveIW3Dsr37sPQJ6kn+aMwiVXe
xl1j8GQmBPMrwezqCpVeH5v9h7oMeSSRimi52u6gYRfT3KGOZr6pYVgkJ2az+E5e
6LWyScDvivhC4fI0OJOZiKpXPiNsZIduTqAdl93R8rFq3whBHaPNhYwtTSK055u/
v4wLPjXYTzcN8hyLjFPtALKOd5ubyArn0hysALPNoMAsTqV9ifnmE+GHQflZazG9
jyPYM+Ija95n3ihnoZ44VgtI/T9zfI07RyePEEmJdKg=
-----END CERTIFICATE-----
Generated at Fri Mar 13 02:43:16 2026 by rpki-client