Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/NSKhyUya1x-PyKiiTfwVVTZVm6A.roa
File: NSKhyUya1x-PyKiiTfwVVTZVm6A.roa (raw, json)
Hash identifier: wduaY6yIGEaa6Q7/D9YyI5iy8gfW5slOIEt9QDoD1eQ=
Subject key identifier: 35:22:A1:C9:4C:9A:D7:1F:8F:C8:A8:A2:4D:FC:15:55:36:55:9B:A0
Certificate issuer: /CN=b795aaf033004c92d7a26c236c14d32552d78d94
Certificate serial: 019D002CED447F129D348988D3519E8A8329
Authority key identifier: B7:95:AA:F0:33:00:4C:92:D7:A2:6C:23:6C:14:D3:25:52:D7:8D:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t5Wq8DMATJLXomwjbBTTJVLXjZQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/NSKhyUya1x-PyKiiTfwVVTZVm6A.roa
Signing time: Wed 18 Mar 2026 09:00:37 +0000
ROA not before: Wed 18 Mar 2026 09:00:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199758
IP address blocks: 91.132.252.0/22 maxlen: 22
91.132.252.0/23 maxlen: 23
91.132.254.0/23 maxlen: 23
185.46.228.0/22 maxlen: 22
185.46.228.0/23 maxlen: 23
185.46.230.0/23 maxlen: 23
185.153.8.0/22 maxlen: 22
185.153.8.0/23 maxlen: 23
185.153.9.0/24 maxlen: 24
185.153.10.0/23 maxlen: 23
195.13.47.0/24 maxlen: 24
195.13.51.0/24 maxlen: 24
195.14.7.0/24 maxlen: 24
2a01:8760::/32 maxlen: 32
2a03:ac60::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/t5Wq8DMATJLXomwjbBTTJVLXjZQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/t5Wq8DMATJLXomwjbBTTJVLXjZQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/t5Wq8DMATJLXomwjbBTTJVLXjZQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:2c:ed:44:7f:12:9d:34:89:88:d3:51:9e:8a:83:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b795aaf033004c92d7a26c236c14d32552d78d94
Validity
Not Before: Mar 18 09:00:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3522a1c94c9ad71f8fc8a8a24dfc155536559ba0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:d9:cc:df:d8:fa:1a:0e:e2:15:62:a5:17:54:
a8:a6:8e:c1:7f:f5:e0:2d:ad:5d:7f:ee:22:ff:23:
77:ea:d7:eb:d0:7e:4f:9e:03:39:16:31:48:ca:0b:
04:a1:62:52:8b:ec:e1:78:03:d9:43:29:23:54:06:
13:22:47:3b:ff:30:94:26:7d:d5:e9:b8:85:74:71:
7d:d1:50:e0:a5:96:3f:68:d5:98:e5:96:27:83:43:
15:52:b8:a5:e9:e6:88:03:42:f4:06:aa:14:e1:c3:
04:04:f6:e7:76:a9:6c:e9:be:c0:a7:45:16:ea:0f:
ec:e8:08:ee:fa:ff:3e:7e:6c:96:8d:fa:3c:89:07:
2e:eb:df:bd:23:b2:b6:35:07:c7:95:22:64:5b:aa:
23:89:c1:7c:d9:50:2b:50:79:79:2a:7a:f3:b9:1e:
6f:fc:d6:0f:ad:56:4c:54:83:90:a4:02:dd:11:7f:
6b:20:90:db:ed:de:5e:87:bf:dc:3d:95:e9:85:84:
36:23:55:38:8d:b0:a0:48:64:b1:5f:50:14:89:e3:
d0:b3:49:cc:8c:63:ec:d1:63:16:39:a3:12:cf:57:
46:1e:a7:9c:74:48:72:88:9e:3e:56:af:53:ec:28:
11:6d:3b:f5:ed:9c:03:b3:bd:41:83:c7:65:6e:de:
2b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:22:A1:C9:4C:9A:D7:1F:8F:C8:A8:A2:4D:FC:15:55:36:55:9B:A0
X509v3 Authority Key Identifier:
keyid:B7:95:AA:F0:33:00:4C:92:D7:A2:6C:23:6C:14:D3:25:52:D7:8D:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5Wq8DMATJLXomwjbBTTJVLXjZQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/NSKhyUya1x-PyKiiTfwVVTZVm6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c752b2-18f9-4191-88f8-c065f242f020/1/t5Wq8DMATJLXomwjbBTTJVLXjZQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.252.0/22
185.46.228.0/22
185.153.8.0/22
195.13.47.0/24
195.13.51.0/24
195.14.7.0/24
IPv6:
2a01:8760::/32
2a03:ac60::/32
Signature Algorithm: sha256WithRSAEncryption
8b:74:ee:db:4c:17:21:e2:fe:dd:97:d6:44:69:e2:78:14:39:
59:01:dc:53:67:0b:03:98:76:50:6e:a3:f3:6d:64:13:e9:5e:
66:16:99:b7:04:dc:9b:de:1e:b9:3f:4d:a6:0d:68:46:7d:cf:
7a:ba:96:1e:84:9e:3d:cb:5f:83:2e:09:8f:12:cf:42:a0:b0:
65:49:91:27:79:c5:61:0f:e2:f0:0a:3e:2c:93:4c:ce:a9:6a:
16:98:1b:75:e2:5e:46:d1:ca:3c:8b:01:47:fc:51:5d:85:ce:
5f:93:2f:72:ec:f8:f5:26:cf:bb:11:f8:16:19:94:fa:a1:dc:
77:8f:cd:a2:be:bc:6d:cb:72:79:65:b9:90:bf:43:79:0d:25:
ef:bb:a5:3f:24:07:26:d8:d4:e9:8e:f0:0d:77:1f:6b:4d:c7:
c6:2c:58:05:ca:b3:0f:eb:a9:84:ad:1d:cd:18:cb:34:a6:7b:
2e:4e:0f:a6:da:30:5d:94:99:0a:ba:a7:c2:ae:de:29:bb:99:
c2:70:94:54:24:99:cb:69:8a:32:19:af:49:6f:35:fc:71:ef:
9e:44:88:e8:77:03:ea:79:4d:d7:4b:ba:68:2e:a1:85:6d:00:
51:62:ea:89:6b:b7:d9:52:4c:fd:df:9d:67:f8:4d:69:88:47:
8a:3d:dd:20
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ0ALO1EfxKdNImI01GeioMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTVhYWYwMzMwMDRjOTJkN2EyNmMyMzZjMTRkMzI1NTJk
NzhkOTQwHhcNMjYwMzE4MDkwMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTIyYTFjOTRjOWFkNzFmOGZjOGE4YTI0ZGZjMTU1NTM2NTU5YmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdnM39j6Gg7iFWKlF1Sopo7Bf/Xg
La1df+4i/yN36tfr0H5PngM5FjFIygsEoWJSi+zheAPZQykjVAYTIkc7/zCUJn3V
6biFdHF90VDgpZY/aNWY5ZYng0MVUril6eaIA0L0BqoU4cMEBPbndqls6b7Ap0UW
6g/s6Aju+v8+fmyWjfo8iQcu69+9I7K2NQfHlSJkW6ojicF82VArUHl5KnrzuR5v
/NYPrVZMVIOQpALdEX9rIJDb7d5eh7/cPZXphYQ2I1U4jbCgSGSxX1AUiePQs0nM
jGPs0WMWOaMSz1dGHqecdEhyiJ4+Vq9T7CgRbTv17ZwDs71Bg8dlbt4r+wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDUioclMmtcfj8iook38FVU2VZugMB8GA1UdIwQY
MBaAFLeVqvAzAEyS16JsI2wU0yVS142UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVXcThETUFUSkxYb213amJCVFRKVkxYalpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9jNzUyYjItMThmOS00MTkxLTg4Zjgt
YzA2NWYyNDJmMDIwLzEvTlNLaHlVeWExeC1QeUtpaVRmd1ZWVFpWbTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9jNzUyYjItMThmOS00MTkxLTg4ZjgtYzA2NWYyNDJmMDIw
LzEvdDVXcThETUFUSkxYb213amJCVFRKVkxYalpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCW4T8AwQC
uS7kAwQCuZkIAwQAww0vAwQAww0zAwQAww4HMBQEAgACMA4DBQAqAYdgAwUAKgOs
YDANBgkqhkiG9w0BAQsFAAOCAQEAi3Tu20wXIeL+3ZfWRGnieBQ5WQHcU2cLA5h2
UG6j821kE+leZhaZtwTcm94euT9Npg1oRn3PerqWHoSePctfgy4JjxLPQqCwZUmR
J3nFYQ/i8Ao+LJNMzqlqFpgbdeJeRtHKPIsBR/xRXYXOX5Mvcuz49SbPuxH4FhmU
+qHcd4/Nor68bctyeWW5kL9DeQ0l77ulPyQHJtjU6Y7wDXcfa03HxixYBcqzD+up
hK0dzRjLNKZ7Lk4PptowXZSZCrqnwq7eKbuZwnCUVCSZy2mKMhmvSW81/HHvnkSI
6HcD6nlN10u6aC6hhW0AUWLqiWu32VJM/d+dZ/hNaYhHij3dIA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 19:13:22 2026 by rpki-client