Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yiY4ZtIlghwtWY46POeRrJb6qZE.roa
File: yiY4ZtIlghwtWY46POeRrJb6qZE.roa (raw, json)
Hash identifier: 00TnS5saJbNzxehbfW8OVKFdXBglDulhcZ2U4KbJNeg=
Subject key identifier: CA:26:38:66:D2:25:82:1C:2D:59:8E:3A:3C:E7:91:AC:96:FA:A9:91
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019D67B5E85A2345A93F1FF9E5C3AE16702F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yiY4ZtIlghwtWY46POeRrJb6qZE.roa
Signing time: Tue 07 Apr 2026 11:31:07 +0000
ROA not before: Tue 07 Apr 2026 11:31:07 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29802
IP address blocks: 176.125.248.0/24 maxlen: 24
185.206.251.0/24 maxlen: 24
185.209.36.0/23 maxlen: 24
185.210.152.0/24 maxlen: 24
185.210.153.0/24 maxlen: 24
185.210.155.0/24 maxlen: 24
185.210.232.0/24 maxlen: 24
185.210.235.0/24 maxlen: 24
185.214.102.0/24 maxlen: 24
185.225.0.0/24 maxlen: 24
185.225.2.0/24 maxlen: 24
185.227.145.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 10 Apr 2026 23:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:67:b5:e8:5a:23:45:a9:3f:1f:f9:e5:c3:ae:16:70:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Apr 7 11:31:07 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ca263866d225821c2d598e3a3ce791ac96faa991
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:12:ff:c9:25:c3:2c:44:41:36:e1:77:ff:06:
4e:db:1b:02:26:38:e0:e3:73:1d:11:fd:e8:ab:2d:
c4:34:07:b9:6e:5e:bd:d3:9a:b4:b7:4a:3b:86:59:
63:ac:a0:35:f6:51:a8:f9:e8:f6:dd:26:eb:fe:b8:
92:6d:7c:82:4c:df:00:b5:66:f8:d8:f5:8d:0e:42:
5f:a9:c9:8c:14:e8:2a:ae:9f:8c:26:de:4b:bd:63:
63:a3:1a:c2:27:98:19:d7:34:1e:56:cd:e9:d2:0d:
db:2a:3c:d2:9a:d1:cf:fc:1e:c6:34:6e:84:7e:f6:
48:7d:d0:4a:24:52:d9:71:bd:b5:ec:b9:18:4e:c3:
0c:cd:aa:8c:9c:15:30:23:a3:03:dc:ce:a3:77:14:
22:d0:03:b9:a0:c8:2f:4f:ad:13:a8:75:92:d0:f6:
45:15:49:cb:a6:8f:6a:8c:bc:e8:48:f2:32:11:74:
d4:42:92:09:6f:22:af:44:4d:c9:9b:be:dc:56:01:
34:a9:99:c9:d1:75:a8:6a:6d:01:37:c2:3e:4c:dd:
f5:27:66:2e:f3:5a:67:c1:fc:bf:86:45:6c:5d:7c:
07:42:25:f5:63:f5:5c:f9:17:59:9f:1f:64:0c:1a:
b7:b4:f8:fe:57:66:36:78:14:31:9b:79:24:3e:79:
53:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:26:38:66:D2:25:82:1C:2D:59:8E:3A:3C:E7:91:AC:96:FA:A9:91
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yiY4ZtIlghwtWY46POeRrJb6qZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.125.248.0/24
185.206.251.0/24
185.209.36.0/23
185.210.152.0/23
185.210.155.0/24
185.210.232.0/24
185.210.235.0/24
185.214.102.0/24
185.225.0.0/24
185.225.2.0/24
185.227.145.0/24
185.251.231.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:72:98:5c:e3:e7:85:78:d5:78:e6:93:bd:d0:20:56:6c:3b:
18:75:78:bd:b1:49:8b:d7:e9:57:ca:a9:72:bc:04:a1:3b:78:
f0:e5:f9:b2:26:f5:d2:eb:1b:cb:ba:51:59:a9:0a:0d:48:a8:
f5:7c:f1:a1:48:80:fd:e2:3d:5e:f7:06:5f:ee:0d:56:f7:f8:
23:78:42:1e:08:bf:7f:fa:6e:bb:31:03:59:2e:73:5e:a5:36:
0f:0c:6b:c6:a6:12:e6:08:26:fd:d6:fd:17:0e:97:fb:6c:6e:
8b:f6:09:ea:20:21:bb:b6:b4:9b:5e:fb:68:e9:ff:42:46:ea:
ce:ee:40:0e:a0:a7:8f:0c:e7:7e:57:d1:09:31:bc:4f:25:57:
37:b6:13:8f:a4:c9:18:e6:7d:b7:d2:12:88:d6:3e:7c:f6:c7:
d6:28:23:e4:5b:f6:1d:e9:30:b4:85:9d:69:21:77:fa:b5:70:
f9:f7:58:c9:9f:54:77:90:fb:ff:48:1c:c3:72:87:9b:7b:74:
13:72:ea:74:dc:68:8e:de:b6:6f:a7:27:2e:dd:4b:6f:81:67:
52:52:fa:4d:e4:31:c2:bd:50:1a:37:05:b9:2f:e3:82:02:86:
62:a6:b4:e3:84:eb:f9:93:e4:12:2e:78:0a:47:eb:65:ed:01:
dd:8f:ec:2b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZ1ntehaI0WpPx/55cOuFnAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNDA3MTEzMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI2Mzg2NmQyMjU4MjFjMmQ1OThlM2EzY2U3OTFhYzk2ZmFhOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RL/ySXDLERBNuF3/wZO2xsCJjjg
43MdEf3oqy3ENAe5bl6905q0t0o7hlljrKA19lGo+ej23Sbr/riSbXyCTN8AtWb4
2PWNDkJfqcmMFOgqrp+MJt5LvWNjoxrCJ5gZ1zQeVs3p0g3bKjzSmtHP/B7GNG6E
fvZIfdBKJFLZcb217LkYTsMMzaqMnBUwI6MD3M6jdxQi0AO5oMgvT60TqHWS0PZF
FUnLpo9qjLzoSPIyEXTUQpIJbyKvRE3Jm77cVgE0qZnJ0XWoam0BN8I+TN31J2Yu
81pnwfy/hkVsXXwHQiX1Y/Vc+RdZnx9kDBq3tPj+V2Y2eBQxm3kkPnlT1QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMomOGbSJYIcLVmOOjznkayW+qmRMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveWlZNFp0SWxnaHd0V1k0NlBPZVJySmI2cVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAsH34AwQA
uc77AwQBudEkAwQBudKYAwQAudKbAwQAudLoAwQAudLrAwQAudZmAwQAueEAAwQA
ueECAwQAueORAwQAufvnMA0GCSqGSIb3DQEBCwUAA4IBAQBacphc4+eFeNV45pO9
0CBWbDsYdXi9sUmL1+lXyqlyvAShO3jw5fmyJvXS6xvLulFZqQoNSKj1fPGhSID9
4j1e9wZf7g1W9/gjeEIeCL9/+m67MQNZLnNepTYPDGvGphLmCCb91v0XDpf7bG6L
9gnqICG7trSbXvto6f9CRurO7kAOoKePDOd+V9EJMbxPJVc3thOPpMkY5n230hKI
1j589sfWKCPkW/Yd6TC0hZ1pIXf6tXD591jJn1R3kPv/SBzDcoebe3QTcup03GiO
3rZvpycu3UtvgWdSUvpN5DHCvVAaNwW5L+OCAoZiprTjhOv5k+QSLngKR+tl7QHd
j+wr
-----END CERTIFICATE-----
Generated at Fri Apr 10 06:07:20 2026 by rpki-client