Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/GYkAYH4GlgFxJb3HfEIiU4VdRLs.roa
File: GYkAYH4GlgFxJb3HfEIiU4VdRLs.roa (raw, json)
Hash identifier: mPmyrDhwtpph0YzGy8Rd73AkujDJmoGuUoDG6KNajn8=
Subject key identifier: 19:89:00:60:7E:06:96:01:71:25:BD:C7:7C:42:22:53:85:5D:44:BB
Certificate issuer: /CN=53a125890a4af092455abc7bb5abfe48cd852c06
Certificate serial: 019E0347C93FE2F030D3D82D705DAB34FE26
Authority key identifier: 53:A1:25:89:0A:4A:F0:92:45:5A:BC:7B:B5:AB:FE:48:CD:85:2C:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U6EliQpK8JJFWrx7tav-SM2FLAY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/GYkAYH4GlgFxJb3HfEIiU4VdRLs.roa
Signing time: Thu 07 May 2026 16:31:36 +0000
ROA not before: Thu 07 May 2026 16:31:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3301
IP address blocks: 156.51.150.0/23 maxlen: 24
156.51.152.0/21 maxlen: 24
156.51.160.0/19 maxlen: 24
156.51.192.0/21 maxlen: 24
156.51.200.0/24 maxlen: 24
2001:67c:2cfc::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/U6EliQpK8JJFWrx7tav-SM2FLAY.crl
rsync://rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/U6EliQpK8JJFWrx7tav-SM2FLAY.mft
rsync://rpki.ripe.net/repository/DEFAULT/U6EliQpK8JJFWrx7tav-SM2FLAY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:03:47:c9:3f:e2:f0:30:d3:d8:2d:70:5d:ab:34:fe:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53a125890a4af092455abc7bb5abfe48cd852c06
Validity
Not Before: May 7 16:31:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=198900607e0696017125bdc77c422253855d44bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:3f:f9:29:aa:b9:a2:5c:8f:9d:9a:6f:ed:6f:
8c:de:d6:88:5a:c2:78:a8:0a:f2:ae:41:75:33:14:
2c:69:01:20:2f:aa:c1:a2:77:19:c3:d5:bd:60:f6:
e2:2c:0c:b6:8b:34:3b:b6:d7:82:cb:95:0a:cf:a7:
95:d5:2b:11:9c:ea:b6:08:1a:69:bc:8a:22:b6:2b:
7a:e5:a7:1e:36:32:34:b8:31:6a:b5:5b:eb:bb:f3:
83:a0:f8:2f:a4:e2:bc:6d:e2:20:6a:3b:0d:02:7e:
a0:33:06:79:45:8a:5e:df:f1:60:f8:b8:2a:e1:e4:
b7:a2:ec:c7:e5:42:ad:6e:61:0c:46:55:2d:ec:97:
d0:48:d7:91:2b:d6:74:ba:f1:78:89:b8:9f:1a:13:
af:c7:93:a2:7b:da:d4:71:40:67:41:08:06:2e:1b:
72:f7:e5:cf:ec:ec:65:28:16:97:a2:90:03:65:00:
b4:84:cd:ff:88:10:09:aa:76:5c:59:82:f4:17:1b:
36:c0:eb:d0:3a:be:1f:a0:f7:0f:0b:4f:83:2f:b3:
b6:b2:d0:43:e1:19:30:b5:db:ea:7c:d9:d7:d5:47:
92:aa:ad:77:aa:98:d5:6c:61:a0:96:ba:3a:6e:dc:
aa:17:b5:d0:65:95:d1:cb:21:66:70:45:a1:c4:bf:
7d:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:89:00:60:7E:06:96:01:71:25:BD:C7:7C:42:22:53:85:5D:44:BB
X509v3 Authority Key Identifier:
keyid:53:A1:25:89:0A:4A:F0:92:45:5A:BC:7B:B5:AB:FE:48:CD:85:2C:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U6EliQpK8JJFWrx7tav-SM2FLAY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/GYkAYH4GlgFxJb3HfEIiU4VdRLs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/62ff71-c4f2-4929-8899-c38330cbd965/1/U6EliQpK8JJFWrx7tav-SM2FLAY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
156.51.150.0-156.51.200.255
IPv6:
2001:67c:2cfc::/48
Signature Algorithm: sha256WithRSAEncryption
95:41:21:68:99:6d:b7:6d:49:a5:ed:d3:53:80:5a:b4:80:c5:
95:8f:f8:7b:5d:6c:71:1d:53:6d:02:80:4e:ae:8c:77:34:75:
6b:e3:74:ce:89:9c:68:ed:7e:e0:1f:39:5a:ae:98:a5:b2:13:
92:a8:c1:d4:61:0e:ac:72:80:fa:32:32:38:31:a9:83:53:82:
34:9f:f6:d6:a8:c4:da:b7:cc:50:d4:85:00:e3:f9:1c:b9:43:
2b:e2:9a:dc:43:5f:6c:ab:ce:6e:3d:ac:5c:a4:29:1a:17:41:
87:e0:93:e5:7c:02:0a:ad:bc:43:da:f2:ea:91:a8:61:60:db:
21:a4:b1:d2:9a:19:d8:2f:b1:86:dd:0c:c2:43:6f:73:12:2f:
36:48:6b:a6:55:0e:54:e5:80:45:21:77:c8:eb:0a:22:20:0d:
65:e1:f7:82:90:c4:57:dd:74:f5:18:be:d7:84:a0:20:c4:ac:
5e:bc:3f:97:36:bd:76:98:85:50:ed:5d:38:d6:a9:f2:59:80:
6b:73:61:2e:4f:dd:6f:e0:b2:f6:52:41:5b:c9:d3:be:27:3d:
8a:54:92:35:15:df:32:4f:fd:27:4f:6f:f9:22:44:7b:ba:29:
fa:a8:f1:8f:7b:f5:ce:e3:cf:c3:ba:80:aa:18:a0:a5:72:fe:
8e:6d:d3:9a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ4DR8k/4vAw09gtcF2rNP4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYTEyNTg5MGE0YWYwOTI0NTVhYmM3YmI1YWJmZTQ4Y2Q4
NTJjMDYwHhcNMjYwNTA3MTYzMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg5MDA2MDdlMDY5NjAxNzEyNWJkYzc3YzQyMjI1Mzg1NWQ0NGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD/5Kaq5olyPnZpv7W+M3taIWsJ4
qAryrkF1MxQsaQEgL6rBoncZw9W9YPbiLAy2izQ7tteCy5UKz6eV1SsRnOq2CBpp
vIoitit65aceNjI0uDFqtVvru/ODoPgvpOK8beIgajsNAn6gMwZ5RYpe3/Fg+Lgq
4eS3ouzH5UKtbmEMRlUt7JfQSNeRK9Z0uvF4ibifGhOvx5Oie9rUcUBnQQgGLhty
9+XP7OxlKBaXopADZQC0hM3/iBAJqnZcWYL0Fxs2wOvQOr4foPcPC0+DL7O2stBD
4RkwtdvqfNnX1UeSqq13qpjVbGGglro6btyqF7XQZZXRyyFmcEWhxL99nQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBmJAGB+BpYBcSW9x3xCIlOFXUS7MB8GA1UdIwQY
MBaAFFOhJYkKSvCSRVq8e7Wr/kjNhSwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTZFbGlRcEs4SkpGV3J4N3Rhdi1TTTJGTEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi82MmZmNzEtYzRmMi00OTI5LTg4OTkt
YzM4MzMwY2JkOTY1LzEvR1lrQVlINEdsZ0Z4SmIzSGZFSWlVNFZkUkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi82MmZmNzEtYzRmMi00OTI5LTg4OTktYzM4MzMwY2JkOTY1
LzEvVTZFbGlRcEs4SkpGV3J4N3Rhdi1TTTJGTEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAGcM5YD
BACcM8gwDwQCAAIwCQMHACABBnws/DANBgkqhkiG9w0BAQsFAAOCAQEAlUEhaJlt
t21Jpe3TU4BatIDFlY/4e11scR1TbQKATq6MdzR1a+N0zomcaO1+4B85Wq6YpbIT
kqjB1GEOrHKA+jIyODGpg1OCNJ/21qjE2rfMUNSFAOP5HLlDK+Ka3ENfbKvObj2s
XKQpGhdBh+CT5XwCCq28Q9ry6pGoYWDbIaSx0poZ2C+xht0MwkNvcxIvNkhrplUO
VOWARSF3yOsKIiANZeH3gpDEV9109Ri+14SgIMSsXrw/lza9dpiFUO1dONap8lmA
a3NhLk/db+Cy9lJBW8nTvic9ilSSNRXfMk/9J09v+SJEe7op+qjxj3v1zuPPw7qA
qhigpXL+jm3Tmg==
-----END CERTIFICATE-----
Generated at Wed May 13 01:45:32 2026 by rpki-client