Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/1gD0xKtrfxty19FMS97i_Oy-wOY.roa
File: 1gD0xKtrfxty19FMS97i_Oy-wOY.roa (raw, json)
Hash identifier: WGgjiKY58p0ne1/tkVFdxs2GemZnjhjJupVd+O0GbrM=
Subject key identifier: D6:00:F4:C4:AB:6B:7F:1B:72:D7:D1:4C:4B:DE:E2:FC:EC:BE:C0:E6
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019DFC8734C48E1B9FF4071EAB183624CF3F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/1gD0xKtrfxty19FMS97i_Oy-wOY.roa
Signing time: Wed 06 May 2026 09:03:32 +0000
ROA not before: Wed 06 May 2026 09:03:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16276
IP address blocks: 45.43.142.0/24 maxlen: 24
104.222.176.0/24 maxlen: 24
104.222.182.0/24 maxlen: 24
104.239.79.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 13:34:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fc:87:34:c4:8e:1b:9f:f4:07:1e:ab:18:36:24:cf:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: May 6 09:03:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d600f4c4ab6b7f1b72d7d14c4bdee2fcecbec0e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:84:71:7c:5b:92:03:11:9c:65:f3:74:cb:ef:
a2:85:c3:14:01:39:2e:7d:5a:4b:30:b5:84:83:29:
a8:07:7f:bf:cb:9f:e6:30:5e:80:ed:33:8f:eb:9f:
c6:c8:a3:c5:4a:ee:2a:b3:28:07:0f:4a:ec:15:e4:
9c:ac:c8:bf:a2:63:9b:94:ae:31:e6:68:9f:cf:18:
99:ca:c7:1b:8e:f5:09:8a:77:95:76:6c:4a:05:80:
7a:f4:1e:36:aa:08:28:0e:4e:d9:0f:d3:86:6c:79:
77:93:ee:4d:74:f0:b0:66:58:34:b5:26:5b:ef:70:
df:6f:f8:2c:23:ea:bc:88:5b:86:64:b3:f2:5a:7d:
41:7f:eb:93:ac:f6:7b:53:8a:39:4b:6d:83:04:58:
3e:7c:29:d8:b3:b2:0e:79:b9:4f:0d:92:71:b4:08:
af:9d:67:aa:5a:61:1f:d4:89:61:1e:34:98:bf:9c:
90:fc:26:c0:16:97:69:c9:63:3b:55:6e:8d:74:11:
13:6b:15:88:67:3b:f8:00:24:38:b4:10:66:c2:76:
43:3b:77:03:8f:79:d4:dd:67:ab:f0:32:d0:77:c2:
ec:00:1b:51:be:1a:0e:60:c7:ca:fe:ff:01:15:96:
77:be:1b:ad:86:b7:58:8d:d2:ae:c2:b5:72:3d:ce:
e2:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:00:F4:C4:AB:6B:7F:1B:72:D7:D1:4C:4B:DE:E2:FC:EC:BE:C0:E6
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/1gD0xKtrfxty19FMS97i_Oy-wOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.142.0/24
104.222.176.0/24
104.222.182.0/24
104.239.79.0/24
Signature Algorithm: sha256WithRSAEncryption
19:79:76:2f:fb:63:c0:b8:50:e7:df:76:1d:70:47:1d:c2:55:
59:1b:ef:bd:1e:d0:19:b8:c7:b4:fb:bf:c8:9e:0f:42:3b:41:
9d:c8:61:4b:84:bf:11:94:54:8d:6f:e0:6c:a4:3c:f5:03:fa:
31:8a:ab:09:5a:0d:8a:fe:af:58:ce:f2:25:df:60:74:be:14:
44:3a:59:e5:e4:23:a3:70:9a:aa:57:92:01:17:aa:25:bd:bf:
79:f1:56:43:da:d9:4b:f2:84:0c:86:63:05:a8:e2:97:2b:b9:
d7:01:5c:04:91:9f:89:ea:f2:76:09:45:3d:23:b8:a2:e3:aa:
a7:14:d3:01:dd:fb:61:2f:b6:21:3e:71:18:b3:89:14:22:d2:
5b:6f:54:7b:6e:90:fd:b5:87:e3:27:cf:3a:45:53:db:04:04:
23:7a:a4:33:15:fb:b8:da:38:65:68:73:59:0a:53:a4:a7:35:
e0:cb:4c:ed:4a:00:af:68:9e:75:73:a2:b7:4b:b3:50:03:fe:
bf:a1:e5:88:d4:59:f2:d3:fa:e5:b9:c3:ab:8d:98:30:6a:c2:
65:44:94:67:29:8f:2a:17:31:b9:da:22:8a:61:d8:7b:7e:12:
cc:dc:f5:b5:30:93:98:db:a8:8f:ec:97:c9:b1:28:1a:b7:c3:
6b:cf:22:9f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ38hzTEjhuf9Aceqxg2JM8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA2MDkwMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjAwZjRjNGFiNmI3ZjFiNzJkN2QxNGM0YmRlZTJmY2VjYmVjMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34RxfFuSAxGcZfN0y++ihcMUATku
fVpLMLWEgymoB3+/y5/mMF6A7TOP65/GyKPFSu4qsygHD0rsFeScrMi/omOblK4x
5mifzxiZyscbjvUJineVdmxKBYB69B42qggoDk7ZD9OGbHl3k+5NdPCwZlg0tSZb
73Dfb/gsI+q8iFuGZLPyWn1Bf+uTrPZ7U4o5S22DBFg+fCnYs7IOeblPDZJxtAiv
nWeqWmEf1IlhHjSYv5yQ/CbAFpdpyWM7VW6NdBETaxWIZzv4ACQ4tBBmwnZDO3cD
j3nU3Wer8DLQd8LsABtRvhoOYMfK/v8BFZZ3vhuthrdYjdKuwrVyPc7iaQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNYA9MSra38bctfRTEve4vzsvsDmMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvMWdEMHhLdHJmeHR5MTlGTVM5N2lfT3ktd09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALSuOAwQA
aN6wAwQAaN62AwQAaO9PMA0GCSqGSIb3DQEBCwUAA4IBAQAZeXYv+2PAuFDn33Yd
cEcdwlVZG++9HtAZuMe0+7/Ing9CO0GdyGFLhL8RlFSNb+BspDz1A/oxiqsJWg2K
/q9YzvIl32B0vhREOlnl5COjcJqqV5IBF6olvb958VZD2tlL8oQMhmMFqOKXK7nX
AVwEkZ+J6vJ2CUU9I7ii46qnFNMB3fthL7YhPnEYs4kUItJbb1R7bpD9tYfjJ886
RVPbBAQjeqQzFfu42jhlaHNZClOkpzXgy0ztSgCvaJ51c6K3S7NQA/6/oeWI1Fny
0/rlucOrjZgwasJlRJRnKY8qFzG52iKKYdh7fhLM3PW1MJOY26iP7JfJsSgat8Nr
zyKf
-----END CERTIFICATE-----
Generated at Tue May 12 22:32:20 2026 by rpki-client