Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/ybxPsztAzlmVPObK0OoBTddoDSQ.roa
File: ybxPsztAzlmVPObK0OoBTddoDSQ.roa (raw, json)
Hash identifier: d3b9yiAURGnHAdeyevteUI2cI7ETobUn55NXVEoQFao=
Subject key identifier: C9:BC:4F:B3:3B:40:CE:59:95:3C:E6:CA:D0:EA:01:4D:D7:68:0D:24
Certificate issuer: /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial: 019E8F9818993557BCBF4BE80F62AF1B94B1
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/ybxPsztAzlmVPObK0OoBTddoDSQ.roa
Signing time: Wed 03 Jun 2026 22:26:10 +0000
ROA not before: Wed 03 Jun 2026 22:26:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 328543
IP address blocks: 45.81.34.0/23 maxlen: 24
45.81.34.0/24 maxlen: 24
45.150.236.0/22 maxlen: 24
45.150.236.0/23 maxlen: 23
2a0e:4c80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:8f:98:18:99:35:57:bc:bf:4b:e8:0f:62:af:1b:94:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
Validity
Not Before: Jun 3 22:26:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c9bc4fb33b40ce59953ce6cad0ea014dd7680d24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:65:ca:53:9f:50:36:fe:75:bf:e7:1a:ce:8a:
56:ff:1c:ed:0c:c2:c7:33:3d:b9:c5:fb:46:4c:4c:
4d:c4:69:48:a1:fd:ef:9c:5e:16:52:c1:01:20:35:
d5:72:a2:28:6b:6d:57:19:79:03:66:c1:2d:08:ba:
47:78:6d:bf:b7:35:72:d9:92:79:1c:b1:5a:7f:e0:
03:4c:6f:57:db:b1:35:7f:21:d7:ba:f7:fa:cc:6c:
bc:af:d2:9d:69:cb:9c:47:5b:8c:8d:49:64:f7:6b:
f9:b0:6f:99:c2:33:d1:ca:32:44:3a:a9:23:77:8b:
33:50:4e:bc:9f:2e:f1:64:d5:1d:14:25:c4:9d:be:
99:0a:de:4a:ed:72:43:a1:2d:2b:86:d0:5a:a6:df:
6e:0a:61:6a:08:26:0c:aa:cc:8c:5b:90:bd:fe:df:
9f:17:43:11:08:5f:02:9d:f1:9b:c5:77:46:2f:5a:
bb:ac:be:ca:51:aa:15:90:63:5d:ab:36:27:cd:df:
2b:7b:dd:c3:35:ef:07:44:d7:bd:14:1a:8f:37:e7:
12:75:9c:b4:4b:3d:43:17:04:41:aa:18:da:14:38:
59:9c:46:5f:c1:29:58:db:9e:bb:fc:03:67:4e:ba:
3a:38:b3:1c:58:ff:6c:98:90:20:b6:0c:4f:a4:96:
0c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:BC:4F:B3:3B:40:CE:59:95:3C:E6:CA:D0:EA:01:4D:D7:68:0D:24
X509v3 Authority Key Identifier:
keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/ybxPsztAzlmVPObK0OoBTddoDSQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.34.0/23
45.150.236.0/22
IPv6:
2a0e:4c80::/29
Signature Algorithm: sha256WithRSAEncryption
5c:a6:77:fc:1a:3a:6b:ca:63:a6:93:79:23:21:6f:a6:f1:e1:
6d:cb:d1:ef:df:af:79:11:d8:fe:63:52:76:2c:65:30:59:97:
dd:0b:8f:96:27:6b:3f:0e:6e:2d:6e:32:e1:16:90:ef:9c:e4:
47:d8:5c:2b:16:4c:30:53:7f:23:45:68:6b:e9:71:40:8a:34:
27:c6:7e:cb:4d:3e:36:d8:43:71:b6:5a:ab:51:02:70:6c:b8:
2a:55:df:78:80:d1:53:bb:23:ef:b6:fa:8b:76:98:ef:4f:36:
d2:0b:ab:3b:8a:fd:10:33:08:4d:98:9c:4a:6d:bf:c5:a2:e8:
70:d1:16:62:24:32:9c:8b:a7:c7:93:d1:64:62:f5:e9:26:17:
0b:fc:d8:e0:a9:98:d2:09:bb:fc:03:2e:1c:b1:7c:e5:4b:6b:
e2:ce:d2:69:1a:f1:b1:1d:b5:c4:96:40:ed:0d:c7:c7:09:e1:
d9:18:be:53:28:b9:f9:52:67:0a:2e:c4:c9:a4:7c:51:22:af:
33:89:09:60:53:d7:ac:7c:65:ff:20:1b:2f:39:df:8a:1f:1a:
d2:5d:c9:c7:19:95:b3:b9:2c:7f:a4:82:a9:a5:a2:ef:16:2e:
69:a7:9c:9c:cd:6d:24:85:a8:7d:b0:ea:b8:88:9c:4a:a4:f0:
85:91:4d:85
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ6PmBiZNVe8v0voD2KvG5SxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwNjAzMjIyNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWJjNGZiMzNiNDBjZTU5OTUzY2U2Y2FkMGVhMDE0ZGQ3NjgwZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGXKU59QNv51v+cazopW/xztDMLH
Mz25xftGTExNxGlIof3vnF4WUsEBIDXVcqIoa21XGXkDZsEtCLpHeG2/tzVy2ZJ5
HLFaf+ADTG9X27E1fyHXuvf6zGy8r9KdacucR1uMjUlk92v5sG+ZwjPRyjJEOqkj
d4szUE68ny7xZNUdFCXEnb6ZCt5K7XJDoS0rhtBapt9uCmFqCCYMqsyMW5C9/t+f
F0MRCF8CnfGbxXdGL1q7rL7KUaoVkGNdqzYnzd8re93DNe8HRNe9FBqPN+cSdZy0
Sz1DFwRBqhjaFDhZnEZfwSlY2567/ANnTro6OLMcWP9smJAgtgxPpJYMlQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMm8T7M7QM5ZlTzmytDqAU3XaA0kMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEveWJ4UHN6dEF6bG1WUE9iSzBPb0JUZGRvRFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLVEiAwQC
LZbsMA0EAgACMAcDBQMqDkyAMA0GCSqGSIb3DQEBCwUAA4IBAQBcpnf8GjprymOm
k3kjIW+m8eFty9Hv3695Edj+Y1J2LGUwWZfdC4+WJ2s/Dm4tbjLhFpDvnORH2Fwr
FkwwU38jRWhr6XFAijQnxn7LTT422ENxtlqrUQJwbLgqVd94gNFTuyPvtvqLdpjv
TzbSC6s7iv0QMwhNmJxKbb/Fouhw0RZiJDKci6fHk9FkYvXpJhcL/NjgqZjSCbv8
Ay4csXzlS2viztJpGvGxHbXElkDtDcfHCeHZGL5TKLn5UmcKLsTJpHxRIq8ziQlg
U9esfGX/IBsvOd+KHxrSXcnHGZWzuSx/pIKppaLvFi5pp5yczW0khah9sOq4iJxK
pPCFkU2F
-----END CERTIFICATE-----
Generated at Thu Jun 11 21:37:34 2026 by rpki-client