Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/1-BEhUmO0ut6OA3qSvrHuFMRpZQE.roa
File: 1-BEhUmO0ut6OA3qSvrHuFMRpZQE.roa (raw, json)
Hash identifier: yam/iELTfsrH6RDASPXjvZYKSY1utqMhfRTVx8Az1Po=
Subject key identifier: F8:11:21:52:63:B4:BA:DE:8E:03:7A:92:BE:B1:EE:14:C4:69:65:01
Certificate issuer: /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial: 019DC8C59B07F4C3F2BC7C504FA3735B490A
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/1-BEhUmO0ut6OA3qSvrHuFMRpZQE.roa
Signing time: Sun 26 Apr 2026 07:51:26 +0000
ROA not before: Sun 26 Apr 2026 07:51:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211183
IP address blocks: 5.35.124.0/24 maxlen: 24
5.35.125.0/24 maxlen: 24
5.35.126.0/24 maxlen: 24
5.35.127.0/24 maxlen: 24
5.253.62.0/24 maxlen: 24
37.140.241.0/24 maxlen: 24
45.128.204.0/24 maxlen: 24
79.133.181.0/24 maxlen: 24
79.133.182.0/24 maxlen: 24
79.133.183.0/24 maxlen: 24
89.191.225.0/24 maxlen: 24
91.200.84.0/24 maxlen: 24
94.154.11.0/24 maxlen: 24
130.49.128.0/24 maxlen: 24
130.49.129.0/24 maxlen: 24
130.49.140.0/24 maxlen: 24
130.49.143.0/24 maxlen: 24
130.49.146.0/24 maxlen: 24
130.49.153.0/24 maxlen: 24
153.80.184.0/24 maxlen: 24
153.80.185.0/24 maxlen: 24
153.80.245.0/24 maxlen: 24
153.80.246.0/24 maxlen: 24
153.80.247.0/24 maxlen: 24
153.80.250.0/24 maxlen: 24
153.80.251.0/24 maxlen: 24
155.212.245.0/24 maxlen: 24
155.212.246.0/24 maxlen: 24
155.212.247.0/24 maxlen: 24
157.22.172.0/24 maxlen: 24
157.22.173.0/24 maxlen: 24
157.22.174.0/24 maxlen: 24
157.22.175.0/24 maxlen: 24
157.22.230.0/24 maxlen: 24
157.22.231.0/24 maxlen: 24
185.198.152.0/24 maxlen: 24
185.219.41.0/24 maxlen: 24
185.233.185.0/24 maxlen: 24
185.239.50.0/24 maxlen: 24
185.239.51.0/24 maxlen: 24
185.240.103.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
185.250.44.0/24 maxlen: 24
185.250.46.0/24 maxlen: 24
185.250.47.0/24 maxlen: 24
193.187.96.0/24 maxlen: 24
194.5.78.0/24 maxlen: 24
194.5.79.0/24 maxlen: 24
195.93.252.0/24 maxlen: 24
217.171.146.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:c8:c5:9b:07:f4:c3:f2:bc:7c:50:4f:a3:73:5b:49:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
Validity
Not Before: Apr 26 07:51:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f811215263b4bade8e037a92beb1ee14c4696501
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:cb:10:c1:8c:41:82:5c:e2:2b:25:f8:7b:4c:
25:14:8a:ba:8f:bb:2c:28:65:e1:e7:24:59:13:49:
52:2c:84:11:08:35:0c:87:9f:0e:46:fc:09:57:8d:
77:0e:21:56:87:a6:54:ff:4b:a9:27:66:f2:a3:cb:
4d:0f:a1:84:bf:25:34:a1:21:8f:10:84:71:c5:3f:
93:8a:52:e3:57:91:27:5c:7d:99:01:d6:3f:15:8a:
6d:32:49:7c:25:83:68:80:06:1e:97:05:3d:c4:16:
98:f0:d7:1c:60:29:36:73:41:3b:0a:51:c4:1e:5e:
46:c5:fd:31:33:a1:b3:54:76:39:56:fb:18:02:26:
c8:8c:7e:a7:15:eb:b6:3e:3f:b7:c4:22:e4:37:ef:
6f:66:23:90:0f:46:c9:73:e6:4a:0b:73:e8:cc:ff:
08:7c:05:40:d2:b5:21:5f:d8:79:74:27:95:aa:af:
5d:01:04:fd:5a:76:46:47:1e:2d:ae:8c:fa:a4:74:
a9:c4:a0:8d:f2:89:d8:cd:1a:8a:28:22:c3:f3:a7:
32:8e:d4:33:88:56:79:91:f9:31:44:42:ab:1e:7b:
d8:50:a8:2e:51:1d:74:af:54:f5:52:60:2e:0c:a3:
d8:aa:d9:27:1f:28:19:4f:84:33:55:ad:3e:86:b2:
56:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:11:21:52:63:B4:BA:DE:8E:03:7A:92:BE:B1:EE:14:C4:69:65:01
X509v3 Authority Key Identifier:
keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/1-BEhUmO0ut6OA3qSvrHuFMRpZQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.124.0/22
5.253.62.0/24
37.140.241.0/24
45.128.204.0/24
79.133.181.0-79.133.183.255
89.191.225.0/24
91.200.84.0/24
94.154.11.0/24
130.49.128.0/23
130.49.140.0/24
130.49.143.0/24
130.49.146.0/24
130.49.153.0/24
153.80.184.0/23
153.80.245.0-153.80.247.255
153.80.250.0/23
155.212.245.0-155.212.247.255
157.22.172.0/22
157.22.230.0/23
185.198.152.0/24
185.219.41.0/24
185.233.185.0/24
185.239.50.0/23
185.240.103.0/24
185.244.51.0/24
185.250.44.0/24
185.250.46.0/23
193.187.96.0/24
194.5.78.0/23
195.93.252.0/24
217.171.146.0/24
Signature Algorithm: sha256WithRSAEncryption
50:e1:fe:32:c8:56:d7:17:36:5d:47:9f:1a:68:5f:f6:b8:b2:
aa:dd:fe:af:54:54:54:98:6c:6f:97:97:5d:16:44:a3:17:0b:
59:cb:08:dc:14:e8:06:0f:70:02:25:be:7b:70:df:67:81:32:
a9:c4:5c:be:c5:31:a7:4b:da:df:5b:65:7c:48:33:a2:ab:d7:
3d:db:60:0d:a5:f3:da:20:62:93:65:8e:dc:e1:94:6b:cc:c3:
65:2f:f3:30:14:ad:74:07:95:90:fd:1e:a0:dd:b9:95:17:7e:
04:ac:04:1a:e5:42:4b:23:8f:36:08:de:f2:13:a4:a5:50:e3:
f7:ca:5a:c7:f0:82:c5:20:78:7b:7d:dd:99:a8:25:3c:d4:15:
12:26:ea:28:a2:9b:a0:6f:50:35:9b:f2:c4:c1:39:7e:ab:8e:
4d:0b:2c:28:52:25:ae:dd:8e:a7:04:1c:c6:83:c4:b5:8e:20:
ef:7d:ab:ab:a9:98:d3:33:e2:8c:46:22:2e:35:f0:d8:84:72:
37:c7:bf:e1:16:5a:dc:43:d5:8a:fd:3e:72:ae:a8:e1:4b:aa:
3b:55:04:7c:09:a2:ab:11:89:0d:d3:98:e1:02:0c:e1:3d:2a:
aa:a9:6a:d7:65:38:29:70:99:42:af:f2:2c:a2:d0:dc:32:79:
85:6f:86:78
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgISAZ3IxZsH9MPyvHxQT6NzW0kKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjYwNDI2MDc1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODExMjE1MjYzYjRiYWRlOGUwMzdhOTJiZWIxZWUxNGM0Njk2NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08sQwYxBglziKyX4e0wlFIq6j7ss
KGXh5yRZE0lSLIQRCDUMh58ORvwJV413DiFWh6ZU/0upJ2byo8tND6GEvyU0oSGP
EIRxxT+TilLjV5EnXH2ZAdY/FYptMkl8JYNogAYelwU9xBaY8NccYCk2c0E7ClHE
Hl5Gxf0xM6GzVHY5VvsYAibIjH6nFeu2Pj+3xCLkN+9vZiOQD0bJc+ZKC3PozP8I
fAVA0rUhX9h5dCeVqq9dAQT9WnZGRx4troz6pHSpxKCN8onYzRqKKCLD86cyjtQz
iFZ5kfkxREKrHnvYUKguUR10r1T1UmAuDKPYqtknHygZT4QzVa0+hrJWeQIDAQAB
o4IC2zCCAtcwHQYDVR0OBBYEFPgRIVJjtLrejgN6kr6x7hTEaWUBMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvMS1CRWhVbU8wdXQ2T0EzcVN2ckh1Rk1ScFpRRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTEvZjQzMTlmLTNkZmItNDJlYS1iYTk1LTQ5MmFiMzcyNjg5
ZC8xL1g3NWxyaVB5Ql9wcFVsWDFXcEI2d1dDTDRKUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB7wYIKwYBBQUHAQcBAf8Egd8wgdwwgdkEAgABMIHSAwQC
BSN8AwQABf0+AwQAJYzxAwQALYDMMAwDBABPhbUDBANPhbADBABZv+EDBABbyFQD
BABemgsDBAGCMYADBACCMYwDBACCMY8DBACCMZIDBACCMZkDBAGZULgwDAMEAJlQ
9QMEA5lQ8AMEAZlQ+jAMAwQAm9T1AwQDm9TwAwQCnRasAwQBnRbmAwQAucaYAwQA
udspAwQAuem5AwQBue8yAwQAufBnAwQAufQzAwQAufosAwQBufouAwQAwbtgAwQB
wgVOAwQAw138AwQA2auSMA0GCSqGSIb3DQEBCwUAA4IBAQBQ4f4yyFbXFzZdR58a
aF/2uLKq3f6vVFRUmGxvl5ddFkSjFwtZywjcFOgGD3ACJb57cN9ngTKpxFy+xTGn
S9rfW2V8SDOiq9c922ANpfPaIGKTZY7c4ZRrzMNlL/MwFK10B5WQ/R6g3bmVF34E
rAQa5UJLI482CN7yE6SlUOP3ylrH8ILFIHh7fd2ZqCU81BUSJuooopugb1A1m/LE
wTl+q45NCywoUiWu3Y6nBBzGg8S1jiDvfaurqZjTM+KMRiIuNfDYhHI3x7/hFlrc
Q9WK/T5yrqjhS6o7VQR8CaKrEYkN05jhAgzhPSqqqWrXZTgpcJlCr/IsotDcMnmF
b4Z4
-----END CERTIFICATE-----
Generated at Mon Apr 27 13:58:29 2026 by rpki-client