Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nsRheFAl5sYIf69ZA2-lEa1c2n4.roa
File: nsRheFAl5sYIf69ZA2-lEa1c2n4.roa (raw, json)
Hash identifier: BPp2XQ3t/tQYCMkRPS8euZvqtBQ4DmQCayxjZbw1wJY=
Subject key identifier: 9E:C4:61:78:50:25:E6:C6:08:7F:AF:59:03:6F:A5:11:AD:5C:DA:7E
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019E21DB47FCBD1F97FCB58B5FE70A477B4D
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nsRheFAl5sYIf69ZA2-lEa1c2n4.roa
Signing time: Wed 13 May 2026 15:01:19 +0000
ROA not before: Wed 13 May 2026 15:01:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51713
IP address blocks: 65.98.127.0/24 maxlen: 24
69.72.248.0/24 maxlen: 24
77.95.113.0/24 maxlen: 24
93.113.110.0/23 maxlen: 23
93.114.86.0/23 maxlen: 23
93.114.184.0/23 maxlen: 23
93.114.234.0/23 maxlen: 23
176.56.56.0/21 maxlen: 21
185.17.180.0/22 maxlen: 22
185.65.40.0/22 maxlen: 22
185.164.196.0/22 maxlen: 22
188.212.34.0/23 maxlen: 23
192.250.224.0/24 maxlen: 24
192.250.234.0/24 maxlen: 24
192.250.239.0/24 maxlen: 24
195.250.23.0/24 maxlen: 24
198.38.80.0/24 maxlen: 24
198.38.82.0/24 maxlen: 24
198.38.92.0/24 maxlen: 24
209.42.16.0/24 maxlen: 24
209.42.17.0/24 maxlen: 24
209.42.18.0/24 maxlen: 24
209.42.19.0/24 maxlen: 24
209.42.20.0/24 maxlen: 24
209.42.21.0/24 maxlen: 24
209.42.22.0/24 maxlen: 24
209.42.23.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 20:26:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:21:db:47:fc:bd:1f:97:fc:b5:8b:5f:e7:0a:47:7b:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: May 13 15:01:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9ec461785025e6c6087faf59036fa511ad5cda7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:60:a1:bb:e0:66:f0:2b:c9:ef:e9:6d:25:83:
e6:b8:e5:bd:2c:99:21:f5:0f:34:13:f6:9b:e9:5e:
58:19:f6:c3:4e:46:3a:32:4a:ce:af:94:2c:a6:c3:
9b:a3:6b:5b:ce:13:37:2e:48:bd:d4:3d:8e:9b:f7:
d2:fd:66:b3:3d:da:7e:82:70:b9:da:fc:4f:03:02:
fa:d6:1d:9a:c3:9a:3d:50:db:ee:d1:1d:1e:c2:dd:
8c:36:ad:b8:1d:3e:ad:38:8b:33:48:97:6d:e0:6f:
e8:07:ba:56:dd:62:ba:28:d7:cb:e2:86:ac:7d:fc:
dd:2e:0d:73:2e:c8:15:24:41:57:f5:66:98:fa:8d:
b9:e5:2b:48:a3:c0:d4:cd:55:5b:de:14:52:1a:81:
10:21:62:09:b4:27:84:b4:26:d6:7e:76:7f:ba:95:
cc:52:d0:84:ae:fc:e3:3e:18:16:9b:da:38:66:5f:
58:fe:97:0e:9c:83:97:0f:b4:b3:14:25:7a:d7:88:
9b:5f:e3:1c:83:f5:58:a0:48:11:02:52:cb:1d:90:
c1:3f:75:70:71:a6:a5:d7:de:85:fd:ae:ed:43:96:
bc:de:af:84:f1:4a:3c:21:75:d0:f1:11:d2:91:09:
56:d9:fe:02:57:d6:02:d1:08:0d:1f:75:58:ad:1e:
46:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:C4:61:78:50:25:E6:C6:08:7F:AF:59:03:6F:A5:11:AD:5C:DA:7E
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/nsRheFAl5sYIf69ZA2-lEa1c2n4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.98.127.0/24
69.72.248.0/24
77.95.113.0/24
93.113.110.0/23
93.114.86.0/23
93.114.184.0/23
93.114.234.0/23
176.56.56.0/21
185.17.180.0/22
185.65.40.0/22
185.164.196.0/22
188.212.34.0/23
192.250.224.0/24
192.250.234.0/24
192.250.239.0/24
195.250.23.0/24
198.38.80.0/24
198.38.82.0/24
198.38.92.0/24
209.42.16.0/21
Signature Algorithm: sha256WithRSAEncryption
6b:c4:61:1c:bd:82:8a:86:95:b7:46:7c:ad:fb:65:5d:0b:c8:
e5:9e:27:7b:86:5c:e5:82:e1:17:31:0d:98:19:df:f9:48:d5:
7d:8d:e1:5b:33:50:db:c9:55:ae:6b:24:00:59:f1:89:90:3d:
a7:71:81:c9:cc:24:13:49:5f:08:85:31:71:94:9f:bd:9e:7d:
0f:30:c5:ee:13:b2:d3:3e:6c:da:77:99:23:4c:11:2c:31:83:
94:32:a8:7c:09:de:f5:aa:50:0b:93:4a:64:2e:31:88:62:4b:
d7:b7:ca:ec:86:cf:d6:72:be:3e:27:f2:d1:cb:5d:7d:45:14:
47:70:4c:e8:a0:24:79:e4:75:d6:d1:8c:e2:25:eb:24:22:26:
23:3d:46:1f:b0:60:26:ea:a6:1c:7f:72:e0:b2:03:2f:72:b8:
f1:0b:e5:f9:3f:db:fc:a6:eb:da:58:91:9e:cb:03:71:95:85:
11:c2:2d:ad:44:e0:1b:ae:e7:18:98:b1:ec:a7:0b:67:a1:94:
53:4f:82:42:1b:43:0d:2d:04:07:12:87:80:eb:8c:d3:f9:9e:
e6:f7:5e:01:f8:65:b5:87:46:64:f7:42:1c:cf:db:75:b1:24:
e9:b9:3b:7b:06:44:74:c0:67:2a:d7:2e:3b:23:46:4b:06:b1:
ad:4c:12:13
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZ4h20f8vR+X/LWLX+cKR3tNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwNTEzMTUwMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWM0NjE3ODUwMjVlNmM2MDg3ZmFmNTkwMzZmYTUxMWFkNWNkYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWChu+Bm8CvJ7+ltJYPmuOW9LJkh
9Q80E/ab6V5YGfbDTkY6MkrOr5QspsObo2tbzhM3Lki91D2Om/fS/WazPdp+gnC5
2vxPAwL61h2aw5o9UNvu0R0ewt2MNq24HT6tOIszSJdt4G/oB7pW3WK6KNfL4oas
ffzdLg1zLsgVJEFX9WaY+o255StIo8DUzVVb3hRSGoEQIWIJtCeEtCbWfnZ/upXM
UtCErvzjPhgWm9o4Zl9Y/pcOnIOXD7SzFCV614ibX+Mcg/VYoEgRAlLLHZDBP3Vw
caal196F/a7tQ5a83q+E8Uo8IXXQ8RHSkQlW2f4CV9YC0QgNH3VYrR5GpwIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFJ7EYXhQJebGCH+vWQNvpRGtXNp+MB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvbnNSaGVGQWw1c1lJZjY5WkEyLWxFYTFjMm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQAQWJ/
AwQARUj4AwQATV9xAwQBXXFuAwQBXXJWAwQBXXK4AwQBXXLqAwQDsDg4AwQCuRG0
AwQCuUEoAwQCuaTEAwQBvNQiAwQAwPrgAwQAwPrqAwQAwPrvAwQAw/oXAwQAxiZQ
AwQAxiZSAwQAxiZcAwQD0SoQMA0GCSqGSIb3DQEBCwUAA4IBAQBrxGEcvYKKhpW3
Rnyt+2VdC8jlnid7hlzlguEXMQ2YGd/5SNV9jeFbM1DbyVWuayQAWfGJkD2ncYHJ
zCQTSV8IhTFxlJ+9nn0PMMXuE7LTPmzad5kjTBEsMYOUMqh8Cd71qlALk0pkLjGI
YkvXt8rshs/Wcr4+J/LRy119RRRHcEzooCR55HXW0YziJeskIiYjPUYfsGAm6qYc
f3LgsgMvcrjxC+X5P9v8puvaWJGeywNxlYURwi2tROAbrucYmLHspwtnoZRTT4JC
G0MNLQQHEoeA64zT+Z7m914B+GW1h0Zk90Icz9t1sSTpuTt7BkR0wGcq1y47I0ZL
BrGtTBIT
-----END CERTIFICATE-----
Generated at Fri Jun 12 04:40:55 2026 by rpki-client