Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Mwshrv3tdLLEhiwUUwYtL7_kuf8.roa
File: Mwshrv3tdLLEhiwUUwYtL7_kuf8.roa (raw, json)
Hash identifier: yo/R8QsBOVkkyP0G+8ijezQ0/3n6Wa44Rhy8F+FmzTA=
Subject key identifier: 33:0B:21:AE:FD:ED:74:B2:C4:86:2C:14:53:06:2D:2F:BF:E4:B9:FF
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019DFC8735EFE50211EA3AD6547F4CA17D2D
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Mwshrv3tdLLEhiwUUwYtL7_kuf8.roa
Signing time: Wed 06 May 2026 09:03:32 +0000
ROA not before: Wed 06 May 2026 09:03:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 40676
IP address blocks: 104.222.160.0/24 maxlen: 24
104.222.163.0/24 maxlen: 24
104.222.164.0/24 maxlen: 24
104.222.165.0/24 maxlen: 24
104.222.166.0/24 maxlen: 24
104.239.74.0/24 maxlen: 24
104.239.89.0/24 maxlen: 24
104.239.102.0/24 maxlen: 24
104.239.109.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fc:87:35:ef:e5:02:11:ea:3a:d6:54:7f:4c:a1:7d:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: May 6 09:03:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=330b21aefded74b2c4862c1453062d2fbfe4b9ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:36:98:42:d5:61:b3:32:5a:f7:8a:48:bc:b0:
5b:fb:1b:8a:ce:33:c8:15:0f:86:5d:66:2f:03:fa:
fe:ba:3b:44:aa:e4:ef:b0:9a:ab:d9:f3:9f:5f:d9:
cf:89:60:ba:59:9e:7d:f7:bb:d5:29:74:76:03:86:
18:1b:6f:50:15:22:5e:5d:46:3f:b1:74:78:cf:24:
33:1f:da:25:a1:f4:b7:60:f2:df:8f:15:7f:99:ec:
bd:48:0f:c6:66:bb:42:df:2d:61:8d:50:1f:94:c9:
27:36:e0:91:04:b4:ae:48:3e:ac:46:16:14:2e:02:
00:ef:41:43:72:3d:ad:a6:e8:4b:fa:2a:f3:c3:9e:
d2:1f:5a:79:ed:03:66:12:fe:1f:f2:86:4b:d1:23:
32:da:a0:23:64:f4:fe:c6:bd:98:2e:29:77:2f:b6:
cf:bc:1e:30:8a:b7:41:2c:34:fc:c8:f0:cf:d0:e1:
0a:1d:c7:ff:7a:d3:51:b0:f4:5a:cb:00:df:a5:63:
06:64:83:28:4f:ec:1a:b9:6e:66:e8:30:a3:bf:e2:
29:b4:26:71:26:81:d8:1a:ca:86:5b:9d:a8:29:15:
10:c9:28:26:37:f3:4f:dc:a2:59:bc:fa:37:67:d6:
06:69:28:fa:b5:fb:42:53:c0:14:a2:ff:67:c7:29:
32:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:0B:21:AE:FD:ED:74:B2:C4:86:2C:14:53:06:2D:2F:BF:E4:B9:FF
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Mwshrv3tdLLEhiwUUwYtL7_kuf8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.222.160.0/24
104.222.163.0-104.222.166.255
104.239.74.0/24
104.239.89.0/24
104.239.102.0/24
104.239.109.0/24
Signature Algorithm: sha256WithRSAEncryption
23:27:75:bb:d3:1e:6a:58:89:e7:84:69:87:62:c3:27:92:90:
93:86:72:b8:8e:9f:62:22:6e:42:30:5d:57:18:61:05:ca:bb:
ba:87:6b:fd:05:0e:8a:f8:86:72:4d:7b:c3:49:03:9d:b5:ef:
c2:87:f9:9b:37:7c:a5:28:58:03:71:7a:e3:49:70:66:c1:bd:
bf:f4:07:fb:35:38:bb:50:2c:36:37:01:1c:78:08:2b:b3:a2:
c9:85:36:41:98:72:a1:0a:1e:09:42:7b:4e:5d:43:3a:b4:63:
58:1b:07:79:4a:3d:8d:93:3e:e2:ea:86:bb:00:27:23:0d:18:
13:43:81:44:5c:b4:a8:1d:e7:c2:3a:d2:51:a0:04:d3:42:37:
d7:40:55:ca:bc:56:e5:8e:7b:51:a4:68:9c:33:78:56:02:1d:
57:22:2a:dd:9b:9a:ae:8d:c5:23:bb:d9:4c:9b:73:54:20:db:
a0:30:59:05:58:bb:12:5c:26:74:14:8d:d7:5f:19:03:38:22:
da:5f:b1:f4:e6:bd:6a:18:1a:96:86:96:3c:68:7f:7e:20:33:
85:18:f4:75:8d:21:ca:87:99:6f:3b:2d:f1:bc:d4:10:16:32:
52:a6:41:be:77:70:37:23:6f:f6:c7:78:36:6d:90:86:fb:bd:
5b:8c:39:e8
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ38hzXv5QIR6jrWVH9MoX0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA2MDkwMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBiMjFhZWZkZWQ3NGIyYzQ4NjJjMTQ1MzA2MmQyZmJmZTRiOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjaYQtVhszJa94pIvLBb+xuKzjPI
FQ+GXWYvA/r+ujtEquTvsJqr2fOfX9nPiWC6WZ5997vVKXR2A4YYG29QFSJeXUY/
sXR4zyQzH9olofS3YPLfjxV/mey9SA/GZrtC3y1hjVAflMknNuCRBLSuSD6sRhYU
LgIA70FDcj2tpuhL+irzw57SH1p57QNmEv4f8oZL0SMy2qAjZPT+xr2YLil3L7bP
vB4wirdBLDT8yPDP0OEKHcf/etNRsPRaywDfpWMGZIMoT+wauW5m6DCjv+IptCZx
JoHYGsqGW52oKRUQySgmN/NP3KJZvPo3Z9YGaSj6tftCU8AUov9nxykyCQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDMLIa797XSyxIYsFFMGLS+/5Ln/MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvTXdzaHJ2M3RkTExFaGl3VVV3WXRMN19rdWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAaN6gMAwD
BABo3qMDBABo3qYDBABo70oDBABo71kDBABo72YDBABo720wDQYJKoZIhvcNAQEL
BQADggEBACMndbvTHmpYieeEaYdiwyeSkJOGcriOn2IibkIwXVcYYQXKu7qHa/0F
Dor4hnJNe8NJA52178KH+Zs3fKUoWANxeuNJcGbBvb/0B/s1OLtQLDY3ARx4CCuz
osmFNkGYcqEKHglCe05dQzq0Y1gbB3lKPY2TPuLqhrsAJyMNGBNDgURctKgd58I6
0lGgBNNCN9dAVcq8VuWOe1GkaJwzeFYCHVciKt2bmq6NxSO72Uybc1Qg26AwWQVY
uxJcJnQUjddfGQM4ItpfsfTmvWoYGpaGljxof34gM4UY9HWNIcqHmW87LfG81BAW
MlKmQb53cDcjb/bHeDZtkIb7vVuMOeg=
-----END CERTIFICATE-----
Generated at Wed May 13 02:19:53 2026 by rpki-client