Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/yf5DE453VSZNaMBDFecfcs8_ti8.roa
File: yf5DE453VSZNaMBDFecfcs8_ti8.roa (raw, json)
Hash identifier: /6VfJrCwSdAcWd7VeCBpZye97Dzq0Ew18Tz6xEOZHdo=
Subject key identifier: C9:FE:43:13:8E:77:55:26:4D:68:C0:43:15:E7:1F:72:CF:3F:B6:2F
Certificate issuer: /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial: 019ECF37AFAE8021CBDC1795601A50B80BC7
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/yf5DE453VSZNaMBDFecfcs8_ti8.roa
Signing time: Tue 16 Jun 2026 06:56:33 +0000
ROA not before: Tue 16 Jun 2026 06:56:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205020
IP address blocks: 5.11.28.0/22 maxlen: 22
5.11.28.0/23 maxlen: 23
5.11.28.0/24 maxlen: 24
5.11.29.0/24 maxlen: 24
5.11.30.0/23 maxlen: 23
5.11.30.0/24 maxlen: 24
80.251.0.0/20 maxlen: 20
80.251.5.0/24 maxlen: 24
85.31.64.0/19 maxlen: 19
85.31.75.0/24 maxlen: 24
85.31.94.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 14:12:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:cf:37:af:ae:80:21:cb:dc:17:95:60:1a:50:b8:0b:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
Validity
Not Before: Jun 16 06:56:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c9fe43138e7755264d68c04315e71f72cf3fb62f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:0d:af:ee:bf:15:1d:5c:12:12:3e:8f:e3:61:
9a:38:9b:73:63:2d:80:87:e6:58:c1:35:bb:d6:99:
73:2a:65:50:e3:1b:ca:91:26:ac:46:ea:7e:1b:cd:
1c:72:84:4b:58:f8:f5:cd:b6:33:24:92:43:75:23:
c7:ce:a9:99:d5:9d:5d:e9:ea:0a:dd:7d:6d:82:72:
30:74:c1:51:d0:62:a2:0a:ef:13:cf:c3:c0:18:6e:
74:54:36:cd:5c:01:78:06:38:b5:af:cb:10:23:ba:
e2:c6:29:81:1b:be:76:59:60:d3:7b:1e:b7:48:8e:
cd:9d:a7:62:4e:82:66:3a:d4:c8:26:a7:f0:15:01:
e5:7e:97:60:5e:e4:e2:40:a7:f3:72:0e:20:82:cb:
94:82:10:ab:2a:cd:f6:fd:ae:56:65:7c:e7:b8:82:
f2:f1:f5:f4:98:d2:3f:28:1b:26:60:36:1c:db:41:
00:72:10:7e:db:d1:3c:a0:e2:2c:58:1b:77:46:28:
d2:33:ce:88:a2:9f:63:e7:f6:fe:9b:87:f3:48:66:
39:66:8e:61:32:e1:da:1a:94:77:53:ce:9d:5a:4a:
d9:2f:83:53:d5:97:a3:45:93:4b:47:c6:59:39:12:
58:f3:00:80:b8:96:9c:67:af:e0:cb:16:f5:bb:23:
b3:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:FE:43:13:8E:77:55:26:4D:68:C0:43:15:E7:1F:72:CF:3F:B6:2F
X509v3 Authority Key Identifier:
keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/yf5DE453VSZNaMBDFecfcs8_ti8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.11.28.0/22
80.251.0.0/20
85.31.64.0/19
Signature Algorithm: sha256WithRSAEncryption
22:8d:c5:f9:cd:dd:b0:40:d9:fc:b9:22:9f:f9:56:a8:24:67:
40:31:b0:8e:41:55:63:cf:7e:94:fe:70:12:6d:05:b4:3c:10:
b3:7f:5a:85:f2:c3:b1:70:d1:17:c7:d7:28:a4:c2:19:9b:45:
f1:6f:5d:72:0b:66:73:02:a7:3f:a0:61:d2:94:1b:29:68:ae:
f5:71:a9:e1:33:ed:da:2b:c8:f1:7b:ae:10:ba:7f:d2:4e:d8:
68:eb:a8:ea:03:c4:8d:99:57:7d:c3:65:b0:68:ff:a1:28:94:
b2:ad:31:b9:c3:b8:3b:79:2b:b4:6a:21:8f:eb:4c:3f:b8:43:
ed:63:ec:26:c1:f0:ae:0c:84:08:df:e6:f6:85:23:5c:5f:2a:
7e:42:d2:16:18:ba:db:6a:23:8c:f4:41:8a:d1:7d:ea:6c:5d:
60:d0:5a:24:ae:6e:46:e7:2f:09:ab:2a:98:63:9c:3f:b4:51:
d5:0a:e7:7e:dd:73:e1:b2:80:1f:e3:00:25:40:6c:fe:51:cc:
a8:cd:ce:22:16:5b:f4:eb:c0:84:a0:62:a3:b5:45:1f:ff:1c:
73:ed:1b:80:28:34:86:18:7f:07:dd:3d:48:63:69:1a:aa:e5:
2a:a3:08:07:00:da:22:e3:78:67:65:4d:f1:20:84:da:92:93:
09:9b:d1:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7PN6+ugCHL3BeVYBpQuAvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjYwNjE2MDY1NjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWZlNDMxMzhlNzc1NTI2NGQ2OGMwNDMxNWU3MWY3MmNmM2ZiNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2w2v7r8VHVwSEj6P42GaOJtzYy2A
h+ZYwTW71plzKmVQ4xvKkSasRup+G80ccoRLWPj1zbYzJJJDdSPHzqmZ1Z1d6eoK
3X1tgnIwdMFR0GKiCu8Tz8PAGG50VDbNXAF4Bji1r8sQI7riximBG752WWDTex63
SI7NnadiToJmOtTIJqfwFQHlfpdgXuTiQKfzcg4ggsuUghCrKs32/a5WZXznuILy
8fX0mNI/KBsmYDYc20EAchB+29E8oOIsWBt3RijSM86Iop9j5/b+m4fzSGY5Zo5h
MuHaGpR3U86dWkrZL4NT1ZejRZNLR8ZZORJY8wCAuJacZ6/gyxb1uyOzNwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMn+QxOOd1UmTWjAQxXnH3LPP7YvMB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEveWY1REU0NTNWU1pOYU1CREZlY2ZjczhfdGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBQscAwQE
UPsAAwQFVR9AMA0GCSqGSIb3DQEBCwUAA4IBAQAijcX5zd2wQNn8uSKf+VaoJGdA
MbCOQVVjz36U/nASbQW0PBCzf1qF8sOxcNEXx9copMIZm0Xxb11yC2ZzAqc/oGHS
lBspaK71canhM+3aK8jxe64Qun/STtho66jqA8SNmVd9w2WwaP+hKJSyrTG5w7g7
eSu0aiGP60w/uEPtY+wmwfCuDIQI3+b2hSNcXyp+QtIWGLrbaiOM9EGK0X3qbF1g
0Fokrm5G5y8JqyqYY5w/tFHVCud+3XPhsoAf4wAlQGz+Ucyozc4iFlv068CEoGKj
tUUf/xxz7RuAKDSGGH8H3T1IY2kaquUqowgHANoi43hnZU3xIITakpMJm9Hv
-----END CERTIFICATE-----
Generated at Mon Jun 29 23:06:49 2026 by rpki-client