Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/y3MJ35v0DN8EGBWaVTA8s0fMxDA.roa
File: y3MJ35v0DN8EGBWaVTA8s0fMxDA.roa (raw, json)
Hash identifier: 87kF34PLF6bTNYwCn3MPpS1OHvetbTH2pCHioT3Dtyg=
Subject key identifier: CB:73:09:DF:9B:F4:0C:DF:04:18:15:9A:55:30:3C:B3:47:CC:C4:30
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 019D2C2B72B729A43A8E7B56991F954D031B
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/y3MJ35v0DN8EGBWaVTA8s0fMxDA.roa
Signing time: Thu 26 Mar 2026 22:02:18 +0000
ROA not before: Thu 26 Mar 2026 22:02:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12722
IP address blocks: 45.8.156.0/24 maxlen: 24
45.85.64.0/24 maxlen: 24
45.85.67.0/24 maxlen: 24
45.144.38.0/24 maxlen: 24
45.145.3.0/24 maxlen: 24
85.8.187.0/24 maxlen: 24
185.21.140.0/24 maxlen: 24
194.32.250.0/24 maxlen: 24
194.61.234.0/24 maxlen: 24
213.139.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 20:56:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2c:2b:72:b7:29:a4:3a:8e:7b:56:99:1f:95:4d:03:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: Mar 26 22:02:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cb7309df9bf40cdf0418159a55303cb347ccc430
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:5b:1c:bd:3a:9c:f0:05:dd:61:bc:2f:ef:b7:
ea:e5:1c:47:19:55:42:2a:fb:83:64:34:6f:09:ff:
16:d9:53:7e:c2:fa:c8:af:40:35:e0:f7:98:6d:10:
50:99:5f:bf:3b:11:d7:da:dd:ab:77:25:fa:4e:31:
7c:d0:76:18:fa:f4:81:ca:5a:02:ba:9a:08:ff:f4:
0e:57:21:38:4d:4c:ce:dd:c4:4e:bb:8f:5c:4f:c1:
b9:7c:a5:9e:43:6d:32:d4:b7:83:63:36:b4:bc:2d:
49:da:0d:53:a0:12:5c:9b:93:2c:d6:8e:12:af:32:
d5:c4:8b:c8:66:c4:e1:cd:c5:16:77:43:f6:db:eb:
38:8c:22:6e:d0:88:01:27:b3:e4:01:c3:6c:7a:11:
32:b2:60:ff:89:ad:6f:fa:2a:c4:68:6d:7b:fc:5c:
7c:fd:51:08:8b:3d:60:b8:77:bf:44:75:51:ce:3f:
ae:72:a2:d1:2f:ca:f7:d5:fd:e3:0b:e9:9e:cb:49:
fc:19:3c:8c:5c:d6:72:6c:af:14:2f:86:eb:79:38:
ee:1f:8a:03:31:4d:82:c2:c4:d7:58:1c:1a:68:64:
9b:76:cc:66:46:94:a7:74:08:34:98:d5:1e:d1:30:
df:b6:e0:dc:58:0b:36:51:c0:69:5a:eb:b7:20:b4:
7a:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:73:09:DF:9B:F4:0C:DF:04:18:15:9A:55:30:3C:B3:47:CC:C4:30
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/y3MJ35v0DN8EGBWaVTA8s0fMxDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.156.0/24
45.85.64.0/24
45.85.67.0/24
45.144.38.0/24
45.145.3.0/24
85.8.187.0/24
185.21.140.0/24
194.32.250.0/24
194.61.234.0/24
213.139.231.0/24
Signature Algorithm: sha256WithRSAEncryption
41:79:4f:43:f3:e0:88:18:5b:bc:8b:d8:a9:a5:7c:14:89:61:
b8:32:03:a6:40:34:5d:c2:e2:bc:51:47:21:9b:fb:88:a6:69:
3f:97:21:47:f7:7e:aa:e2:4d:54:34:4f:db:2d:73:61:62:1d:
ee:0e:93:0a:2d:80:4b:1c:a4:05:76:3e:a2:3e:14:dd:1c:d5:
d6:47:37:5a:51:04:ef:a0:71:04:ff:40:30:04:1b:20:81:c8:
50:af:c4:bf:bb:ed:e4:3b:1b:d8:13:87:d2:75:36:d6:25:be:
00:ae:07:e4:66:f6:2c:ba:04:c9:ae:52:cb:4c:03:9a:67:26:
6f:d7:35:b4:ea:6b:e0:b9:03:f2:fd:1f:9b:8c:05:bc:f7:5e:
cf:e8:71:9a:54:da:c8:a4:cd:9d:85:19:9f:1b:12:02:bc:68:
52:1e:0b:60:c1:93:ee:8e:42:da:1e:99:02:c3:de:c5:02:15:
d4:a4:20:77:7d:2b:e8:fc:a9:47:c6:8d:4f:4e:49:1f:a8:ea:
25:f4:21:5a:3f:cd:0b:d0:b1:06:e2:32:11:a8:73:2f:15:82:
23:1f:73:22:c7:e2:be:c4:7f:b7:2d:22:84:d8:c0:24:65:ac:
d7:7e:69:11:04:33:38:5f:bd:a0:57:4b:9c:14:4a:b2:02:7b:
98:c9:dd:74
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZ0sK3K3KaQ6jntWmR+VTQMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMzI2MjIwMjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjczMDlkZjliZjQwY2RmMDQxODE1OWE1NTMwM2NiMzQ3Y2NjNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFscvTqc8AXdYbwv77fq5RxHGVVC
KvuDZDRvCf8W2VN+wvrIr0A14PeYbRBQmV+/OxHX2t2rdyX6TjF80HYY+vSByloC
upoI//QOVyE4TUzO3cROu49cT8G5fKWeQ20y1LeDYza0vC1J2g1ToBJcm5Ms1o4S
rzLVxIvIZsThzcUWd0P22+s4jCJu0IgBJ7PkAcNsehEysmD/ia1v+irEaG17/Fx8
/VEIiz1guHe/RHVRzj+ucqLRL8r31f3jC+mey0n8GTyMXNZybK8UL4breTjuH4oD
MU2CwsTXWBwaaGSbdsxmRpSndAg0mNUe0TDftuDcWAs2UcBpWuu3ILR6zwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMtzCd+b9AzfBBgVmlUwPLNHzMQwMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEveTNNSjM1djBETjhFR0JXYVZUQThzMGZNeERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQicAwQA
LVVAAwQALVVDAwQALZAmAwQALZEDAwQAVQi7AwQAuRWMAwQAwiD6AwQAwj3qAwQA
1YvnMA0GCSqGSIb3DQEBCwUAA4IBAQBBeU9D8+CIGFu8i9ippXwUiWG4MgOmQDRd
wuK8UUchm/uIpmk/lyFH936q4k1UNE/bLXNhYh3uDpMKLYBLHKQFdj6iPhTdHNXW
RzdaUQTvoHEE/0AwBBsggchQr8S/u+3kOxvYE4fSdTbWJb4ArgfkZvYsugTJrlLL
TAOaZyZv1zW06mvguQPy/R+bjAW8917P6HGaVNrIpM2dhRmfGxICvGhSHgtgwZPu
jkLaHpkCw97FAhXUpCB3fSvo/KlHxo1PTkkfqOol9CFaP80L0LEG4jIRqHMvFYIj
H3Mix+K+xH+3LSKE2MAkZazXfmkRBDM4X72gV0ucFEqyAnuYyd10
-----END CERTIFICATE-----
Generated at Fri Mar 27 04:44:34 2026 by rpki-client