Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/35F9BUVYhSBJpCrHHNRCOVEmvV8.roa
File: 35F9BUVYhSBJpCrHHNRCOVEmvV8.roa (raw, json)
Hash identifier: JQ3EKYI0gjeYiwZuDVUsPx0CsWn3rNtzhmjY1f7/1ro=
Subject key identifier: DF:91:7D:05:45:58:85:20:49:A4:2A:C7:1C:D4:42:39:51:26:BD:5F
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019DF7FE511B0107CB6375BD203E6F06F433
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/35F9BUVYhSBJpCrHHNRCOVEmvV8.roa
Signing time: Tue 05 May 2026 11:55:32 +0000
ROA not before: Tue 05 May 2026 11:55:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215391
IP address blocks: 45.43.143.0/24 maxlen: 24
45.43.161.0/24 maxlen: 24
104.238.21.0/24 maxlen: 24
104.238.23.0/24 maxlen: 24
104.239.83.0/24 maxlen: 24
216.173.108.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f7:fe:51:1b:01:07:cb:63:75:bd:20:3e:6f:06:f4:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: May 5 11:55:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=df917d054558852049a42ac71cd442395126bd5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:30:18:29:3e:49:de:3d:32:ac:8f:f6:8a:71:
32:a0:c0:30:38:9f:0f:28:c4:d1:68:1d:f6:77:80:
3e:56:dd:fe:c9:ca:f1:63:67:b9:72:6e:01:ea:f5:
ce:14:60:0e:b2:c3:10:61:76:aa:96:e0:6d:0e:5f:
96:56:33:85:d2:6d:a6:1c:6e:82:13:e6:f9:38:74:
55:6a:36:53:61:9b:5a:25:5f:04:a5:00:22:16:93:
f6:be:14:d0:95:73:92:d7:af:d9:f4:e4:b3:82:d3:
68:22:c9:ce:15:7a:90:15:be:5d:d2:b7:d1:7b:3c:
7c:d4:93:4c:92:f0:f2:49:83:ce:b3:a2:c8:f0:33:
e3:a4:a2:d9:64:34:74:ab:96:4f:b6:70:90:a9:c8:
d9:29:f5:9d:24:cb:85:5f:42:ad:59:48:93:cd:85:
3c:70:b7:22:80:12:09:e8:db:3f:23:eb:a7:21:71:
bb:32:11:9b:2e:7d:05:79:e9:73:3c:7b:c7:ce:bf:
15:3a:d5:02:95:a3:8c:bc:89:31:a4:46:13:4c:ff:
cc:9b:43:f8:15:3a:36:bb:63:a0:f9:17:8b:56:7e:
2b:20:e8:9b:fd:c2:5f:58:75:11:e1:54:fe:1f:a8:
8c:13:ff:cc:1b:64:9b:91:6f:28:64:28:f2:9a:14:
05:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:91:7D:05:45:58:85:20:49:A4:2A:C7:1C:D4:42:39:51:26:BD:5F
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/35F9BUVYhSBJpCrHHNRCOVEmvV8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.143.0/24
45.43.161.0/24
104.238.21.0/24
104.238.23.0/24
104.239.83.0/24
216.173.108.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:f4:04:c6:24:f8:8a:6b:8e:e7:7e:1b:84:b6:53:d6:7d:74:
17:9f:1d:c5:90:c1:19:38:cd:1f:29:91:6d:05:c5:84:da:fc:
17:01:f6:8f:a0:2e:06:94:99:e4:f9:4f:d7:e7:d3:18:33:1d:
83:37:b8:e1:18:f5:80:34:62:ce:e1:cf:e1:09:e5:5f:30:15:
23:8f:c8:c6:a2:f1:57:bf:84:f3:3b:a6:40:d7:d5:a0:c1:5e:
32:bf:d2:3d:03:4f:1f:e1:31:f9:42:86:44:a3:dd:15:9a:b2:
dd:b5:95:42:6a:70:24:47:22:33:9b:f2:64:6c:92:26:fb:ea:
de:8a:a6:24:52:cf:8f:db:61:6b:17:9a:7c:94:51:de:8e:6c:
e8:e4:d6:19:7e:f9:f5:55:73:39:4b:7f:b9:a8:ae:0b:f9:1f:
ff:95:0e:35:0b:15:5c:f3:a2:cb:3f:f3:53:0d:a3:e4:a9:f3:
a0:2d:4a:77:ff:75:bc:02:e5:ee:ff:b1:91:dd:10:73:3e:f1:
c2:3c:04:b6:0c:2d:e2:ac:29:6f:aa:ab:1a:2c:b6:43:36:b6:
bd:8e:26:8e:9e:6b:9a:6a:78:64:5c:91:b3:a4:b9:49:08:62:
db:77:39:32:d9:32:1e:79:b5:fc:28:89:17:08:34:0a:ec:48:
58:b4:70:ef
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ33/lEbAQfLY3W9ID5vBvQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA1MTE1NTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjkxN2QwNTQ1NTg4NTIwNDlhNDJhYzcxY2Q0NDIzOTUxMjZiZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTAYKT5J3j0yrI/2inEyoMAwOJ8P
KMTRaB32d4A+Vt3+ycrxY2e5cm4B6vXOFGAOssMQYXaqluBtDl+WVjOF0m2mHG6C
E+b5OHRVajZTYZtaJV8EpQAiFpP2vhTQlXOS16/Z9OSzgtNoIsnOFXqQFb5d0rfR
ezx81JNMkvDySYPOs6LI8DPjpKLZZDR0q5ZPtnCQqcjZKfWdJMuFX0KtWUiTzYU8
cLcigBIJ6Ns/I+unIXG7MhGbLn0FeelzPHvHzr8VOtUClaOMvIkxpEYTTP/Mm0P4
FTo2u2Og+ReLVn4rIOib/cJfWHUR4VT+H6iME//MG2SbkW8oZCjymhQFfwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN+RfQVFWIUgSaQqxxzUQjlRJr1fMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvMzVGOUJVVlloU0JKcENySEhOUkNPVkVtdlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALSuPAwQA
LSuhAwQAaO4VAwQAaO4XAwQAaO9TAwQA2K1sMA0GCSqGSIb3DQEBCwUAA4IBAQAq
9ATGJPiKa47nfhuEtlPWfXQXnx3FkMEZOM0fKZFtBcWE2vwXAfaPoC4GlJnk+U/X
59MYMx2DN7jhGPWANGLO4c/hCeVfMBUjj8jGovFXv4TzO6ZA19WgwV4yv9I9A08f
4TH5QoZEo90VmrLdtZVCanAkRyIzm/JkbJIm++reiqYkUs+P22FrF5p8lFHejmzo
5NYZfvn1VXM5S3+5qK4L+R//lQ41CxVc86LLP/NTDaPkqfOgLUp3/3W8AuXu/7GR
3RBzPvHCPAS2DC3irClvqqsaLLZDNra9jiaOnmuaanhkXJGzpLlJCGLbdzky2TIe
ebX8KIkXCDQK7EhYtHDv
-----END CERTIFICATE-----
Generated at Wed May 13 03:48:50 2026 by rpki-client