Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/L5CGhyyEcuDPtwlMoB7T0ykBOW0.roa
File: L5CGhyyEcuDPtwlMoB7T0ykBOW0.roa (raw, json)
Hash identifier: KmUkqVbBWAmW4Wsgbx+66HRsHh83JXR5eCNYk4qTJ3c=
Subject key identifier: 2F:90:86:87:2C:84:72:E0:CF:B7:09:4C:A0:1E:D3:D3:29:01:39:6D
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 019CDCBF4FDCFD36DAB7EC94E2E5229B24F7
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/L5CGhyyEcuDPtwlMoB7T0ykBOW0.roa
Signing time: Wed 11 Mar 2026 11:54:11 +0000
ROA not before: Wed 11 Mar 2026 11:54:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 60490
IP address blocks: 62.113.66.0/24 maxlen: 24
62.113.67.0/24 maxlen: 24
62.113.71.0/24 maxlen: 24
62.113.72.0/24 maxlen: 24
62.113.73.0/24 maxlen: 24
62.113.76.0/24 maxlen: 24
91.185.95.0/24 maxlen: 24
176.109.64.0/23 maxlen: 23
176.109.64.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
176.109.67.0/24 maxlen: 24
176.109.70.0/24 maxlen: 24
176.109.80.0/24 maxlen: 24
178.236.25.0/24 maxlen: 24
194.150.88.0/24 maxlen: 24
194.150.89.0/24 maxlen: 24
194.150.90.0/24 maxlen: 24
194.150.91.0/24 maxlen: 24
2a02:28:7::/48 maxlen: 48
2a02:2a:1000::/36 maxlen: 48
2a02:2a:1000::/41 maxlen: 41
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:bf:4f:dc:fd:36:da:b7:ec:94:e2:e5:22:9b:24:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Mar 11 11:54:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2f9086872c8472e0cfb7094ca01ed3d32901396d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:fd:2b:a0:66:fc:b4:3f:ff:8e:8f:5b:e9:7a:
82:e7:4e:7d:88:27:8e:05:51:46:1a:81:78:81:5c:
f2:26:10:cc:21:6d:4c:31:ef:7d:ea:5c:a0:06:3a:
b0:a5:75:bc:b0:a9:00:35:16:a8:29:95:c8:53:8e:
99:bd:58:20:43:04:a4:f2:ce:32:31:1e:72:69:67:
6e:59:7f:23:dc:1f:fa:b8:f9:2b:72:84:30:c5:2b:
04:72:ff:00:06:36:89:43:2a:87:53:4c:21:d3:90:
a4:bb:c1:9f:a7:cb:c7:f1:6c:c5:9c:79:b7:99:52:
4f:d7:18:23:1c:ed:6c:19:44:86:09:a0:75:e1:80:
9b:ef:2e:60:84:0d:71:cc:d1:c6:8f:c6:93:54:c2:
44:25:9a:5f:2d:3e:cd:43:d9:7c:90:95:f6:4d:ae:
71:d2:17:ae:b0:89:96:3a:74:bd:b9:e9:79:6d:ed:
7b:14:e7:6e:fb:8c:5b:06:2b:bf:8c:ef:5d:72:2a:
df:a9:67:5e:d7:af:57:a7:ad:0b:df:54:94:fc:27:
a2:8b:d3:7e:f5:be:6a:43:09:90:e1:66:60:26:8e:
f6:bb:09:c5:de:c6:e1:16:a0:55:d0:66:af:f4:b0:
47:1f:8f:75:5d:23:4d:ac:83:6e:f5:da:35:1f:44:
62:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:90:86:87:2C:84:72:E0:CF:B7:09:4C:A0:1E:D3:D3:29:01:39:6D
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/L5CGhyyEcuDPtwlMoB7T0ykBOW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.113.66.0/23
62.113.71.0-62.113.73.255
62.113.76.0/24
91.185.95.0/24
176.109.64.0/23
176.109.67.0/24
176.109.70.0/24
176.109.80.0/24
178.236.25.0/24
194.150.88.0/22
IPv6:
2a02:28:7::/48
2a02:2a:1000::/36
Signature Algorithm: sha256WithRSAEncryption
21:48:74:24:59:e1:40:b9:02:86:8b:e7:02:8c:a6:ec:58:ea:
3b:fa:6a:70:f1:b4:0c:29:f3:21:b4:49:4c:75:d0:8e:ea:fc:
1b:14:d3:79:48:4a:8a:74:5a:e8:4b:19:f3:98:44:ac:65:21:
3c:34:ec:d9:64:54:71:88:f2:56:4a:af:32:e5:7a:dc:24:99:
49:24:97:18:cd:d1:2e:68:3a:85:52:ca:5c:79:19:eb:c3:57:
79:ad:8b:ab:ed:c4:f2:16:dd:43:ae:d5:56:51:00:79:0b:a7:
8f:0b:b9:2d:5f:e0:61:8f:bd:3b:16:de:2f:79:a4:98:21:d7:
9c:0d:ff:f8:99:c3:ae:fe:03:4b:8f:1c:53:f6:1b:4c:39:9d:
fa:1a:1a:02:90:a7:4d:b9:94:ae:e6:86:36:2a:be:a2:ab:be:
9c:b9:a6:d5:a7:4a:fc:f6:94:4b:cd:fc:fd:c7:e8:6f:9f:aa:
04:27:eb:d7:30:e3:f6:e5:fe:77:6d:7d:c5:fd:e2:45:d3:e3:
8e:8d:fc:fe:11:9c:4f:7f:f2:2d:a9:2a:1c:74:11:67:e1:c8:
27:ca:de:28:57:6f:2c:21:1d:77:07:9a:44:49:45:22:3e:de:
44:0e:f8:ae:dc:56:1e:c5:ae:bd:1a:30:1f:d6:6f:cf:45:77:
e5:a1:f4:53
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZzcv0/c/Tbat+yU4uUimyT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjYwMzExMTE1NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjkwODY4NzJjODQ3MmUwY2ZiNzA5NGNhMDFlZDNkMzI5MDEzOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf0roGb8tD//jo9b6XqC5059iCeO
BVFGGoF4gVzyJhDMIW1MMe996lygBjqwpXW8sKkANRaoKZXIU46ZvVggQwSk8s4y
MR5yaWduWX8j3B/6uPkrcoQwxSsEcv8ABjaJQyqHU0wh05Cku8Gfp8vH8WzFnHm3
mVJP1xgjHO1sGUSGCaB14YCb7y5ghA1xzNHGj8aTVMJEJZpfLT7NQ9l8kJX2Ta5x
0heusImWOnS9uel5be17FOdu+4xbBiu/jO9dcirfqWde169Xp60L31SU/Ceii9N+
9b5qQwmQ4WZgJo72uwnF3sbhFqBV0Gav9LBHH491XSNNrINu9do1H0RiawIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFC+QhocshHLgz7cJTKAe09MpATltMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvTDVDR2h5eUVjdURQdHdsTW9CN1QweWtCT1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBKBAIAATBEAwQBPnFCMAwD
BAA+cUcDBAE+cUgDBAA+cUwDBABbuV8DBAGwbUADBACwbUMDBACwbUYDBACwbVAD
BACy7BkDBALCllgwFwQCAAIwEQMHACoCACgABwMGBCoCACoQMA0GCSqGSIb3DQEB
CwUAA4IBAQAhSHQkWeFAuQKGi+cCjKbsWOo7+mpw8bQMKfMhtElMddCO6vwbFNN5
SEqKdFroSxnzmESsZSE8NOzZZFRxiPJWSq8y5XrcJJlJJJcYzdEuaDqFUspceRnr
w1d5rYur7cTyFt1DrtVWUQB5C6ePC7ktX+Bhj707Ft4veaSYIdecDf/4mcOu/gNL
jxxT9htMOZ36GhoCkKdNuZSu5oY2Kr6iq76cuabVp0r89pRLzfz9x+hvn6oEJ+vX
MOP25f53bX3F/eJF0+OOjfz+EZxPf/ItqSocdBFn4cgnyt4oV28sIR13B5pESUUi
Pt5EDviu3FYexa69GjAf1m/PRXflofRT
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:48:31 2026 by rpki-client