Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/1-YByaiMeGaD1s6w4s77GCgHnrXY.roa
File: 1-YByaiMeGaD1s6w4s77GCgHnrXY.roa (raw, json)
Hash identifier: S1szHNMiYggU2bXWCJ0y5Z9O0Xe6ogWq7kcI9RRHPZA=
Subject key identifier: F9:80:72:6A:23:1E:19:A0:F5:B3:AC:38:B3:BE:C6:0A:01:E7:AD:76
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 019D219C3629EF2E242E07B0538AE93DE301
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/1-YByaiMeGaD1s6w4s77GCgHnrXY.roa
Signing time: Tue 24 Mar 2026 20:49:38 +0000
ROA not before: Tue 24 Mar 2026 20:49:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207456
IP address blocks: 31.171.132.0/22 maxlen: 24
45.154.4.0/22 maxlen: 24
69.161.192.0/22 maxlen: 24
109.235.52.0/22 maxlen: 24
109.235.53.0/24 maxlen: 24
109.235.54.0/23 maxlen: 24
185.68.196.0/22 maxlen: 24
185.153.188.0/22 maxlen: 24
185.196.92.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 23:01:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:21:9c:36:29:ef:2e:24:2e:07:b0:53:8a:e9:3d:e3:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Mar 24 20:49:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f980726a231e19a0f5b3ac38b3bec60a01e7ad76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:3b:bb:64:60:64:df:2e:fb:ca:fe:5f:48:f4:
b0:90:3e:08:75:5c:dc:8a:3d:45:7d:f6:de:08:6d:
19:e9:e3:fc:87:2e:df:7a:b5:58:04:d5:df:4b:06:
44:f8:c1:95:ea:e8:47:5b:54:3a:b1:32:fd:99:10:
80:f0:80:ec:4e:e1:18:26:74:17:5c:5e:ec:e0:30:
79:af:6f:87:59:9b:85:b4:dc:05:78:80:a3:db:12:
94:3f:f5:82:fd:93:c9:3f:0d:10:1d:63:01:5a:0c:
36:f9:2d:7d:f9:d6:09:6a:25:e7:38:f5:23:41:26:
f3:d4:c8:1c:1f:70:9d:44:c7:a0:c9:06:69:0b:bf:
f6:e4:7e:9d:a9:a0:20:6b:50:47:a5:04:74:e3:be:
40:85:a9:29:ee:0b:a4:ec:2f:98:e0:35:9e:c8:67:
c9:69:9d:c1:36:9f:8f:ab:25:2a:7f:fe:a7:f9:64:
9a:31:50:f2:a5:4f:ac:cc:58:38:d8:45:b5:35:15:
d8:b5:a8:28:43:b9:3f:0b:d6:72:2f:f5:0d:5e:9b:
7b:8d:56:25:4b:e4:83:b6:ee:27:be:4b:e1:b3:a7:
18:0b:11:fe:b6:c2:f7:4d:0a:28:8e:db:64:01:99:
d9:a3:f0:b6:59:14:04:a6:3c:db:2b:f9:d3:39:b2:
1c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:80:72:6A:23:1E:19:A0:F5:B3:AC:38:B3:BE:C6:0A:01:E7:AD:76
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/1-YByaiMeGaD1s6w4s77GCgHnrXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.132.0/22
45.154.4.0/22
69.161.192.0/22
109.235.52.0/22
185.68.196.0/22
185.153.188.0/22
185.196.92.0/22
Signature Algorithm: sha256WithRSAEncryption
5e:79:fe:0e:bb:93:0f:02:4b:0e:8c:c5:1f:fe:f6:e1:ca:bb:
18:6d:14:ce:42:38:5a:5d:a0:e4:e7:10:1c:ac:99:47:d2:30:
35:6e:3b:be:a7:36:c7:b3:b4:1d:57:2c:64:0e:99:5a:7f:f2:
89:f5:a8:af:d2:b6:1f:29:05:1a:48:df:e3:35:b4:64:2d:f2:
e7:a8:e8:11:d3:7e:17:0e:41:e6:e1:bc:9c:46:2a:e6:81:7b:
c0:59:f1:00:bf:c4:e9:30:ea:74:3d:7b:44:9e:19:22:96:3b:
ff:04:b8:98:c1:fd:19:bb:4b:5a:59:cb:b2:ae:34:72:27:75:
80:5b:98:de:72:1f:b2:09:7a:72:18:ba:d1:71:97:23:d0:8b:
41:3a:ee:de:ba:b6:fd:7f:57:23:5f:36:c7:4c:74:d6:f1:3f:
3f:2a:5b:ea:99:2c:e2:3b:bc:4d:b6:92:81:4b:e0:97:34:d6:
ec:44:f5:d8:eb:b0:56:50:d8:66:de:62:5d:3b:7c:ea:52:3c:
54:81:ce:29:91:a5:dd:71:64:9e:72:e7:45:4a:21:dc:1c:72:
a6:a8:35:84:23:46:11:05:d5:8f:77:8d:bd:e8:42:26:a7:62:
56:55:f0:42:c6:c4:12:b2:d8:b4:30:b8:5d:93:c3:f8:04:17:
2d:c2:57:de
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZ0hnDYp7y4kLgewU4rpPeMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjYwMzI0MjA0OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgwNzI2YTIzMWUxOWEwZjViM2FjMzhiM2JlYzYwYTAxZTdhZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Tu7ZGBk3y77yv5fSPSwkD4IdVzc
ij1FffbeCG0Z6eP8hy7ferVYBNXfSwZE+MGV6uhHW1Q6sTL9mRCA8IDsTuEYJnQX
XF7s4DB5r2+HWZuFtNwFeICj2xKUP/WC/ZPJPw0QHWMBWgw2+S19+dYJaiXnOPUj
QSbz1MgcH3CdRMegyQZpC7/25H6dqaAga1BHpQR0475Ahakp7guk7C+Y4DWeyGfJ
aZ3BNp+PqyUqf/6n+WSaMVDypU+szFg42EW1NRXYtagoQ7k/C9ZyL/UNXpt7jVYl
S+SDtu4nvkvhs6cYCxH+tsL3TQoojttkAZnZo/C2WRQEpjzbK/nTObIcYQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPmAcmojHhmg9bOsOLO+xgoB5612MB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvMS1ZQnlhaU1lR2FEMXM2dzRzNzdHQ2dIbnJYWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWQvNDA5YjdlLTEyNzUtNDNlZC1hZjBmLTUyZjk3YjI3N2Qx
Zi8xL1V0eWNJWXRSREFlOFpsbXduNzB5ci1hS3Y5SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAh+rhAME
Ai2aBAMEAkWhwAMEAm3rNAMEArlExAMEArmZvAMEArnEXDANBgkqhkiG9w0BAQsF
AAOCAQEAXnn+DruTDwJLDozFH/724cq7GG0UzkI4Wl2g5OcQHKyZR9IwNW47vqc2
x7O0HVcsZA6ZWn/yifWor9K2HykFGkjf4zW0ZC3y56joEdN+Fw5B5uG8nEYq5oF7
wFnxAL/E6TDqdD17RJ4ZIpY7/wS4mMH9GbtLWlnLsq40cid1gFuY3nIfsgl6chi6
0XGXI9CLQTru3rq2/X9XI182x0x01vE/Pypb6pks4ju8TbaSgUvglzTW7ET12Ouw
VlDYZt5iXTt86lI8VIHOKZGl3XFknnLnRUoh3Bxypqg1hCNGEQXVj3eNvehCJqdi
VlXwQsbEErLYtDC4XZPD+AQXLcJX3g==
-----END CERTIFICATE-----
Generated at Thu Mar 26 07:46:56 2026 by rpki-client