Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/yVjyK7moU749yDHM4YFWLT8BzMY.roa
File: yVjyK7moU749yDHM4YFWLT8BzMY.roa (raw, json)
Hash identifier: Qxg8YMNwND54rMep/aY9L2yiJefuWsNWVLjOpvtLiUg=
Subject key identifier: C9:58:F2:2B:B9:A8:53:BE:3D:C8:31:CC:E1:81:56:2D:3F:01:CC:C6
Certificate issuer: /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial: 019DF2A6670258D2C74E1827D448FF72F75A
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/yVjyK7moU749yDHM4YFWLT8BzMY.roa
Signing time: Mon 04 May 2026 11:01:24 +0000
ROA not before: Mon 04 May 2026 11:01:24 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44565
IP address blocks: 79.171.16.0/24 maxlen: 24
79.171.17.0/24 maxlen: 24
79.171.18.0/24 maxlen: 24
79.171.19.0/24 maxlen: 24
79.171.20.0/24 maxlen: 24
79.171.21.0/24 maxlen: 24
93.186.113.0/24 maxlen: 24
93.186.115.0/24 maxlen: 24
93.186.116.0/24 maxlen: 24
93.186.117.0/24 maxlen: 24
93.186.118.0/24 maxlen: 24
93.186.119.0/24 maxlen: 24
93.186.120.0/24 maxlen: 24
93.186.121.0/24 maxlen: 24
93.186.122.0/24 maxlen: 24
93.186.123.0/24 maxlen: 24
93.186.124.0/24 maxlen: 24
93.186.126.0/24 maxlen: 24
93.186.127.0/24 maxlen: 24
185.93.248.0/24 maxlen: 24
188.124.1.0/24 maxlen: 24
188.124.2.0/24 maxlen: 24
188.124.3.0/24 maxlen: 24
188.124.4.0/24 maxlen: 24
188.124.7.0/24 maxlen: 24
188.124.8.0/24 maxlen: 24
188.124.9.0/24 maxlen: 24
188.124.10.0/24 maxlen: 24
188.124.11.0/24 maxlen: 24
188.124.12.0/24 maxlen: 24
188.124.13.0/24 maxlen: 24
188.124.14.0/24 maxlen: 24
188.124.15.0/24 maxlen: 24
188.124.16.0/24 maxlen: 24
188.124.17.0/24 maxlen: 24
188.124.18.0/24 maxlen: 24
188.124.19.0/24 maxlen: 24
188.124.20.0/24 maxlen: 24
188.124.21.0/24 maxlen: 24
188.124.22.0/24 maxlen: 24
188.124.23.0/24 maxlen: 24
188.124.24.0/24 maxlen: 24
188.124.25.0/24 maxlen: 24
188.124.26.0/24 maxlen: 24
188.124.27.0/24 maxlen: 24
188.124.28.0/24 maxlen: 24
188.124.29.0/24 maxlen: 24
188.124.30.0/24 maxlen: 24
188.124.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f2:a6:67:02:58:d2:c7:4e:18:27:d4:48:ff:72:f7:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
Validity
Not Before: May 4 11:01:24 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c958f22bb9a853be3dc831cce181562d3f01ccc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:aa:bf:91:b6:98:46:91:c5:78:11:0a:6c:0d:
21:98:d0:25:66:24:a4:12:d0:fa:bd:e6:b1:55:ee:
c4:52:e8:9a:d0:87:37:6a:3b:05:9e:ab:10:1f:04:
2e:69:38:89:0d:a1:5a:ce:0e:aa:6f:ad:0a:5a:43:
4c:ce:53:fe:4c:73:30:b5:d1:1c:03:4b:fd:82:2d:
d3:25:fa:75:bc:2e:47:5f:41:3a:72:46:ed:c9:0a:
a1:86:04:63:7f:dd:a4:11:02:01:2a:29:5d:6b:e4:
9b:e3:62:12:39:2b:9e:6f:35:52:7b:f5:63:83:4a:
b7:9f:c4:55:0c:90:25:86:4c:ee:11:f7:ec:a9:c1:
d4:04:f4:8c:2c:e6:24:32:e9:d7:f2:90:e1:8d:96:
d1:88:06:4c:2c:b5:ab:af:ac:ef:a9:53:67:73:8e:
19:c9:b2:c4:55:d5:3b:eb:40:ec:0a:c2:72:a7:c8:
16:2e:e8:eb:c1:4c:25:5f:8a:73:3b:1c:d0:e4:df:
bf:35:e6:c8:b1:08:f3:c7:c4:d4:54:69:39:f1:bf:
6a:cc:62:eb:72:1b:e1:67:bc:4d:87:25:59:4d:ec:
7e:7b:87:a0:57:bb:e2:02:4b:6f:5f:91:2e:31:44:
73:0b:e8:9d:5f:ff:74:2a:32:f3:7f:ae:0e:0c:b6:
6e:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:58:F2:2B:B9:A8:53:BE:3D:C8:31:CC:E1:81:56:2D:3F:01:CC:C6
X509v3 Authority Key Identifier:
keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/yVjyK7moU749yDHM4YFWLT8BzMY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.171.16.0-79.171.21.255
93.186.113.0/24
93.186.115.0-93.186.124.255
93.186.126.0/23
185.93.248.0/24
188.124.1.0-188.124.4.255
188.124.7.0-188.124.31.255
Signature Algorithm: sha256WithRSAEncryption
24:da:ff:87:73:d3:a3:5a:89:52:18:65:f6:01:1a:25:87:76:
f2:3a:63:c8:32:0a:1e:75:a1:b0:be:25:c1:69:4a:72:ba:06:
a7:c5:cb:41:8e:88:6d:37:1e:26:08:45:bc:af:1d:5b:29:3d:
bc:58:86:51:bb:f7:a4:4b:a3:8a:cd:50:ef:d5:f9:45:3e:49:
33:6f:d6:6c:1f:ba:d1:bc:81:34:fd:2c:03:fb:9c:a0:b7:d1:
51:e5:64:82:73:52:c3:88:12:fc:cf:1d:c4:90:af:72:7b:d7:
9c:9f:89:9a:3d:8b:b7:fa:a6:13:cb:2b:ec:38:e8:1f:2a:63:
61:31:87:ae:b3:bf:62:45:fd:3a:08:bd:e0:40:c5:b2:3a:1a:
7f:97:58:00:34:3e:2d:e7:be:77:0c:57:65:1e:0a:17:e5:d1:
66:91:9a:ad:32:04:bc:d6:f7:60:1b:76:ad:cb:00:e2:eb:bf:
96:98:20:a5:ce:fd:1c:5c:a4:ba:67:84:b1:33:48:26:17:b3:
52:ed:a1:52:a4:da:5d:53:07:71:23:bf:89:66:0e:2d:b6:78:
90:6d:49:b0:b9:14:4d:6c:11:67:d0:02:2d:61:1f:1f:a0:67:
2c:cf:81:cd:91:4c:cc:bf:bd:06:ad:0b:a4:93:62:64:91:21:
cf:e0:aa:01
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZ3ypmcCWNLHThgn1Ej/cvdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjYwNTA0MTEwMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTU4ZjIyYmI5YTg1M2JlM2RjODMxY2NlMTgxNTYyZDNmMDFjY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqq/kbaYRpHFeBEKbA0hmNAlZiSk
EtD6veaxVe7EUuia0Ic3ajsFnqsQHwQuaTiJDaFazg6qb60KWkNMzlP+THMwtdEc
A0v9gi3TJfp1vC5HX0E6ckbtyQqhhgRjf92kEQIBKilda+Sb42ISOSuebzVSe/Vj
g0q3n8RVDJAlhkzuEffsqcHUBPSMLOYkMunX8pDhjZbRiAZMLLWrr6zvqVNnc44Z
ybLEVdU760DsCsJyp8gWLujrwUwlX4pzOxzQ5N+/NebIsQjzx8TUVGk58b9qzGLr
chvhZ7xNhyVZTex+e4egV7viAktvX5EuMURzC+idX/90KjLzf64ODLZuHQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMlY8iu5qFO+PcgxzOGBVi0/AczGMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEveVZqeUs3bW9VNzQ5eURITTRZRldMVDhCek1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBARPqxAD
BAFPqxQDBABdunEwDAMEAF26cwMEAF26fAMEAV26fgMEALld+DAMAwQAvHwBAwQA
vHwEMAwDBAC8fAcDBAW8fAAwDQYJKoZIhvcNAQELBQADggEBACTa/4dz06NaiVIY
ZfYBGiWHdvI6Y8gyCh51obC+JcFpSnK6BqfFy0GOiG03HiYIRbyvHVspPbxYhlG7
96RLo4rNUO/V+UU+STNv1mwfutG8gTT9LAP7nKC30VHlZIJzUsOIEvzPHcSQr3J7
15yfiZo9i7f6phPLK+w46B8qY2Exh66zv2JF/ToIveBAxbI6Gn+XWAA0Pi3nvncM
V2UeChfl0WaRmq0yBLzW92Abdq3LAOLrv5aYIKXO/RxcpLpnhLEzSCYXs1LtoVKk
2l1TB3Ejv4lmDi22eJBtSbC5FE1sEWfQAi1hHx+gZyzPgc2RTMy/vQatC6STYmSR
Ic/gqgE=
-----END CERTIFICATE-----
Generated at Wed May 13 07:46:38 2026 by rpki-client