Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/YK_U4CDjht97i8Ypl3EcF7cq1PE.roa
File: YK_U4CDjht97i8Ypl3EcF7cq1PE.roa (raw, json)
Hash identifier: OWygReEMOp5WSHS2/sVrjgB4dtyR3z4cMlsYbMiaOY0=
Subject key identifier: 60:AF:D4:E0:20:E3:86:DF:7B:8B:C6:29:97:71:1C:17:B7:2A:D4:F1
Certificate issuer: /CN=a97ff9579d5ba045dbb901a28c2c51588d04fd11
Certificate serial: 019B78A21B5FEA85A5686B4DBADE227430C2
Authority key identifier: A9:7F:F9:57:9D:5B:A0:45:DB:B9:01:A2:8C:2C:51:58:8D:04:FD:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qX_5V51boEXbuQGijCxRWI0E_RE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/YK_U4CDjht97i8Ypl3EcF7cq1PE.roa
Signing time: Thu 01 Jan 2026 08:17:28 +0000
ROA not before: Thu 01 Jan 2026 08:17:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215998
IP address blocks: 5.61.210.0/24 maxlen: 24
2a0d:9140::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/qX_5V51boEXbuQGijCxRWI0E_RE.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/qX_5V51boEXbuQGijCxRWI0E_RE.mft
rsync://rpki.ripe.net/repository/DEFAULT/qX_5V51boEXbuQGijCxRWI0E_RE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:a2:1b:5f:ea:85:a5:68:6b:4d:ba:de:22:74:30:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a97ff9579d5ba045dbb901a28c2c51588d04fd11
Validity
Not Before: Jan 1 08:17:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=60afd4e020e386df7b8bc62997711c17b72ad4f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:6d:48:9a:86:3d:9b:9a:06:fe:10:0f:13:7d:
41:d2:40:37:29:f9:da:13:53:20:7d:fb:96:58:df:
8a:4b:f2:20:40:cf:f0:53:be:a2:de:17:79:5a:8b:
34:b0:45:63:4d:72:fc:91:d7:d1:9b:97:8e:05:24:
7f:db:bb:62:57:af:79:1d:39:ac:98:46:69:62:e3:
cb:77:58:83:6f:1b:a0:a3:83:e4:84:30:e4:3d:35:
cc:6f:f1:ee:76:c2:cb:59:6a:98:3f:ad:27:a4:19:
69:be:31:78:26:42:cd:8a:9a:69:b3:74:44:46:cb:
37:e8:dd:c5:57:b2:22:67:44:17:3b:98:1e:32:9d:
1f:a1:4f:40:ca:e4:bb:d9:0c:5c:67:ae:a5:cb:df:
eb:2f:b9:d6:1b:f8:6b:8b:29:5b:2b:ce:3b:91:80:
44:b8:fe:16:bc:38:6f:f3:f4:5e:02:e2:eb:36:a6:
d6:5c:fd:be:e8:6b:f6:c3:1b:5d:0c:91:4f:5b:0d:
05:d5:4d:ca:5c:1b:6c:43:69:cb:e7:94:91:64:2f:
b5:69:15:61:b7:25:7f:bf:fa:4d:df:1c:cd:df:51:
25:22:c1:65:c8:6e:b1:ac:7a:c2:d1:3a:71:5c:1b:
bd:e6:32:02:95:4b:53:01:c2:24:9e:0e:2d:ee:74:
c6:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:AF:D4:E0:20:E3:86:DF:7B:8B:C6:29:97:71:1C:17:B7:2A:D4:F1
X509v3 Authority Key Identifier:
keyid:A9:7F:F9:57:9D:5B:A0:45:DB:B9:01:A2:8C:2C:51:58:8D:04:FD:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qX_5V51boEXbuQGijCxRWI0E_RE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/YK_U4CDjht97i8Ypl3EcF7cq1PE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/fe46bd-67da-4dfe-9cb4-e25d38f5c930/1/qX_5V51boEXbuQGijCxRWI0E_RE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.210.0/24
IPv6:
2a0d:9140::/29
Signature Algorithm: sha256WithRSAEncryption
19:de:e9:ba:1f:27:41:30:d9:e2:c2:0f:aa:73:ec:cf:96:bc:
a0:43:c0:d8:6e:b0:1c:36:28:a0:f0:9f:87:89:f5:36:80:d4:
34:5c:d6:2f:3d:32:2d:f3:4e:26:cd:d5:2d:99:34:ef:ef:9a:
3c:a7:8e:7e:4c:dc:60:8d:40:b9:5d:9a:93:24:e4:ac:65:ae:
5f:42:d2:d7:17:d7:fb:c8:3b:a7:6d:93:2e:a3:7e:eb:ea:24:
c8:14:12:b8:b5:6e:90:db:79:32:9a:29:a5:c2:e9:d4:a0:34:
b6:6e:dc:52:09:31:47:e4:20:2d:7c:8e:90:5c:96:ea:dc:a3:
8a:1a:bd:45:4a:e9:14:76:0c:d8:00:cd:45:3a:0a:a0:f9:d5:
35:63:d8:bd:41:d8:8c:99:bd:09:18:9f:28:63:88:8d:cc:21:
7e:c4:f1:c4:fe:c9:b2:4b:05:13:04:ea:d9:04:c4:65:66:87:
f5:b6:d1:62:8c:94:9c:9e:04:69:8b:10:12:a9:7f:64:74:05:
d7:09:5c:6f:f6:5d:7b:2e:af:3c:c0:6b:f7:e7:25:1e:9e:84:
c0:44:dd:d1:ff:d1:9a:12:74:e3:d6:01:fb:56:9d:ad:39:f5:
2e:d8:fe:72:71:08:4d:95:02:0f:7e:12:32:b1:4a:6c:04:bf:
62:c0:e5:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4ohtf6oWlaGtNut4idDDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5N2ZmOTU3OWQ1YmEwNDVkYmI5MDFhMjhjMmM1MTU4OGQw
NGZkMTEwHhcNMjYwMTAxMDgxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFmZDRlMDIwZTM4NmRmN2I4YmM2Mjk5NzcxMWMxN2I3MmFkNGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn21ImoY9m5oG/hAPE31B0kA3Kfna
E1MgffuWWN+KS/IgQM/wU76i3hd5Wos0sEVjTXL8kdfRm5eOBSR/27tiV695HTms
mEZpYuPLd1iDbxugo4PkhDDkPTXMb/HudsLLWWqYP60npBlpvjF4JkLNippps3RE
Rss36N3FV7IiZ0QXO5geMp0foU9AyuS72QxcZ66ly9/rL7nWG/hriylbK847kYBE
uP4WvDhv8/ReAuLrNqbWXP2+6Gv2wxtdDJFPWw0F1U3KXBtsQ2nL55SRZC+1aRVh
tyV/v/pN3xzN31ElIsFlyG6xrHrC0TpxXBu95jIClUtTAcIkng4t7nTGowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCv1OAg44bfe4vGKZdxHBe3KtTxMB8GA1UdIwQY
MBaAFKl/+VedW6BF27kBoowsUViNBP0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVhfNVY1MWJvRVhidVFHaWpDeFJXSTBFX1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9mZTQ2YmQtNjdkYS00ZGZlLTljYjQt
ZTI1ZDM4ZjVjOTMwLzEvWUtfVTRDRGpodDk3aThZcGwzRWNGN2NxMVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9mZTQ2YmQtNjdkYS00ZGZlLTljYjQtZTI1ZDM4ZjVjOTMw
LzEvcVhfNVY1MWJvRVhidVFHaWpDeFJXSTBFX1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABT3SMA0E
AgACMAcDBQMqDZFAMA0GCSqGSIb3DQEBCwUAA4IBAQAZ3um6HydBMNniwg+qc+zP
lrygQ8DYbrAcNiig8J+HifU2gNQ0XNYvPTIt804mzdUtmTTv75o8p45+TNxgjUC5
XZqTJOSsZa5fQtLXF9f7yDunbZMuo37r6iTIFBK4tW6Q23kymimlwunUoDS2btxS
CTFH5CAtfI6QXJbq3KOKGr1FSukUdgzYAM1FOgqg+dU1Y9i9QdiMmb0JGJ8oY4iN
zCF+xPHE/smySwUTBOrZBMRlZof1ttFijJScngRpixASqX9kdAXXCVxv9l17Lq88
wGv35yUenoTARN3R/9GaEnTj1gH7Vp2tOfUu2P5ycQhNlQIPfhIysUpsBL9iwOVp
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:14:46 2026 by rpki-client