Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YA88VguwDrspeMoykq7apU82gMo.roa
File: YA88VguwDrspeMoykq7apU82gMo.roa (raw, json)
Hash identifier: yy9PvoHuKIf5D5asUcDhjLUmBO+7MF+k0ttZ0c2XsOk=
Subject key identifier: 60:0F:3C:56:0B:B0:0E:BB:29:78:CA:32:92:AE:DA:A5:4F:36:80:CA
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019CAE10A898F94B7F83B250C7C338A85003
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YA88VguwDrspeMoykq7apU82gMo.roa
Signing time: Mon 02 Mar 2026 10:20:53 +0000
ROA not before: Mon 02 Mar 2026 10:20:53 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 135402
IP address blocks: 151.242.86.0/24 maxlen: 24
151.243.4.0/24 maxlen: 24
151.243.206.0/24 maxlen: 24
151.243.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Mar 2026 07:18:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ae:10:a8:98:f9:4b:7f:83:b2:50:c7:c3:38:a8:50:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 2 10:20:53 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=600f3c560bb00ebb2978ca3292aedaa54f3680ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:41:7e:0a:ae:1e:5b:d6:62:22:df:cb:30:97:
d7:86:c9:ab:23:c6:32:c1:7c:31:c6:df:27:17:46:
34:b1:75:d2:3e:94:d4:91:78:77:b6:a2:b5:ec:05:
71:47:4f:43:0f:3a:99:ea:11:4d:3e:f0:b7:5f:79:
07:c2:01:b0:d2:06:16:33:fc:a7:3e:18:e4:da:00:
63:dd:76:d3:7e:9e:b4:dd:a0:a0:48:9d:94:74:17:
7c:31:29:13:0b:43:e4:17:84:2a:d3:a8:8b:46:6e:
cc:50:66:82:9d:6e:42:c4:e1:53:22:44:bb:0c:91:
2d:84:7c:9e:b3:b0:07:ff:36:60:4d:d8:45:b7:47:
53:54:e3:4b:3c:fe:d5:03:70:27:6d:c8:35:4f:0f:
db:03:0b:b0:b6:80:ee:21:41:45:ea:24:60:9c:31:
dc:af:16:ee:01:a1:66:1c:e0:82:b5:63:19:b6:fb:
0f:05:84:12:75:65:22:32:d6:d0:6b:e2:42:57:d5:
9a:e0:b4:59:e1:c8:47:b6:93:fe:64:52:7d:c6:e4:
e3:31:03:5a:38:d8:da:62:f6:b2:13:70:5f:c7:fd:
9a:b5:9d:bc:53:f3:79:b4:50:5c:68:fc:63:e9:18:
1f:42:f3:1e:99:07:36:c4:a6:7d:04:fa:86:13:cd:
ed:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:0F:3C:56:0B:B0:0E:BB:29:78:CA:32:92:AE:DA:A5:4F:36:80:CA
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/YA88VguwDrspeMoykq7apU82gMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.242.86.0/24
151.243.4.0/24
151.243.206.0/24
151.243.221.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:c1:8a:2f:92:a8:fb:9a:5a:8d:3d:23:41:53:a6:01:1c:6d:
60:5c:d0:f4:a8:3e:02:6a:c2:45:dd:bd:46:8e:53:c9:58:5c:
f9:36:59:6a:a5:42:ec:17:7a:61:02:1d:c1:38:d4:95:1a:37:
0f:c1:9b:6e:b2:84:59:84:84:2c:01:03:0b:a3:be:93:72:e6:
81:0e:82:65:ea:79:e2:3f:4d:db:69:35:98:7f:4b:89:85:62:
18:d0:4b:0f:10:d0:e7:1c:da:e6:1e:b7:6e:d6:ac:e9:95:1d:
51:ed:9c:74:7d:b9:da:25:f4:5b:f8:2c:28:45:ae:0a:65:a5:
2d:ec:02:26:36:b9:65:0f:38:df:07:23:96:b9:3c:ac:5b:25:
6d:de:16:81:23:ae:b3:96:e0:8a:b7:5e:de:8f:89:d9:ed:c9:
cd:da:e1:9e:06:54:4a:cc:1e:36:d8:dc:3d:5c:fc:bc:19:b8:
11:ce:7a:b4:bc:13:ea:bb:a5:82:19:0c:68:30:9f:dc:e3:b3:
22:54:1f:be:6b:87:74:1e:3e:f7:ee:2d:81:8c:ba:15:25:bd:
d8:14:19:04:12:57:4b:46:9c:ee:d9:cf:ab:26:8d:10:ec:78:
45:87:09:1c:c2:d4:aa:49:f5:49:f5:23:e8:00:01:94:71:63:
c7:2d:d5:57
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyuEKiY+Ut/g7JQx8M4qFADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzAyMTAyMDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBmM2M1NjBiYjAwZWJiMjk3OGNhMzI5MmFlZGFhNTRmMzY4MGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkF+Cq4eW9ZiIt/LMJfXhsmrI8Yy
wXwxxt8nF0Y0sXXSPpTUkXh3tqK17AVxR09DDzqZ6hFNPvC3X3kHwgGw0gYWM/yn
Phjk2gBj3XbTfp603aCgSJ2UdBd8MSkTC0PkF4Qq06iLRm7MUGaCnW5CxOFTIkS7
DJEthHyes7AH/zZgTdhFt0dTVONLPP7VA3Anbcg1Tw/bAwuwtoDuIUFF6iRgnDHc
rxbuAaFmHOCCtWMZtvsPBYQSdWUiMtbQa+JCV9Wa4LRZ4chHtpP+ZFJ9xuTjMQNa
ONjaYvayE3Bfx/2atZ28U/N5tFBcaPxj6RgfQvMemQc2xKZ9BPqGE83tUwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGAPPFYLsA67KXjKMpKu2qVPNoDKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWUE4OFZndXdEcnNwZU1veWtxN2FwVTgyZ01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/JWAwQA
l/MEAwQAl/POAwQAl/PdMA0GCSqGSIb3DQEBCwUAA4IBAQANwYovkqj7mlqNPSNB
U6YBHG1gXND0qD4CasJF3b1GjlPJWFz5NllqpULsF3phAh3BONSVGjcPwZtusoRZ
hIQsAQMLo76TcuaBDoJl6nniP03baTWYf0uJhWIY0EsPENDnHNrmHrdu1qzplR1R
7Zx0fbnaJfRb+CwoRa4KZaUt7AImNrllDzjfByOWuTysWyVt3haBI66zluCKt17e
j4nZ7cnN2uGeBlRKzB422Nw9XPy8GbgRznq0vBPqu6WCGQxoMJ/c47MiVB++a4d0
Hj737i2BjLoVJb3YFBkEEldLRpzu2c+rJo0Q7HhFhwkcwtSqSfVJ9SPoAAGUcWPH
LdVX
-----END CERTIFICATE-----
Generated at Wed Mar 4 16:03:45 2026 by rpki-client