Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/bUX-9m6lkDourKJYcsFhWNYtB-o.roa
File: bUX-9m6lkDourKJYcsFhWNYtB-o.roa (raw, json)
Hash identifier: s/W1LlQFybZUwAK4v8o+LgCya8B7Y0S3+4VHQ0nLE5w=
Subject key identifier: 6D:45:FE:F6:6E:A5:90:3A:2E:AC:A2:58:72:C1:61:58:D6:2D:07:EA
Certificate issuer: /CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Certificate serial: 019D00BF4AB0C3A2DE8771BC6B5C66F27CA1
Authority key identifier: 60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/bUX-9m6lkDourKJYcsFhWNYtB-o.roa
Signing time: Wed 18 Mar 2026 11:40:29 +0000
ROA not before: Wed 18 Mar 2026 11:40:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213122
IP address blocks: 5.252.165.0/24 maxlen: 24
5.252.166.0/24 maxlen: 24
5.252.167.0/24 maxlen: 24
31.216.59.0/24 maxlen: 24
45.87.60.0/24 maxlen: 24
45.87.61.0/24 maxlen: 24
45.87.62.0/24 maxlen: 24
45.87.63.0/24 maxlen: 24
45.130.152.0/24 maxlen: 24
45.130.153.0/24 maxlen: 24
45.130.154.0/24 maxlen: 24
45.130.155.0/24 maxlen: 24
45.143.144.0/24 maxlen: 24
45.143.145.0/24 maxlen: 24
45.143.146.0/24 maxlen: 24
45.143.147.0/24 maxlen: 24
89.36.230.0/24 maxlen: 24
89.37.100.0/24 maxlen: 24
89.46.43.0/24 maxlen: 24
103.104.248.0/24 maxlen: 24
103.104.249.0/24 maxlen: 24
103.104.250.0/24 maxlen: 24
103.104.251.0/24 maxlen: 24
103.202.52.0/24 maxlen: 24
103.202.53.0/24 maxlen: 24
103.202.54.0/24 maxlen: 24
103.202.55.0/24 maxlen: 24
135.136.128.0/19 maxlen: 32
185.162.74.0/24 maxlen: 24
185.162.75.0/24 maxlen: 24
188.210.236.0/24 maxlen: 24
194.49.68.0/24 maxlen: 24
194.49.69.0/24 maxlen: 24
194.49.78.0/24 maxlen: 24
194.49.79.0/24 maxlen: 24
207.189.0.0/19 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:bf:4a:b0:c3:a2:de:87:71:bc:6b:5c:66:f2:7c:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Validity
Not Before: Mar 18 11:40:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6d45fef66ea5903a2eaca25872c16158d62d07ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:28:2a:a6:62:75:42:b5:49:89:29:c6:28:9f:
bb:5f:27:9a:a4:1b:5a:5c:80:62:8e:52:ce:ca:75:
77:bd:63:62:e1:eb:1e:e3:40:de:4c:a2:12:75:e3:
b9:d1:0e:31:7e:6b:e0:56:d0:df:02:95:b9:d2:28:
e0:2d:c9:70:08:38:65:39:03:cc:2a:7b:4b:43:f7:
f7:5b:4e:53:96:51:c9:0f:71:df:fb:5c:d4:16:8f:
6e:d4:cb:71:d6:a1:e1:31:e9:a7:be:56:e1:96:0e:
2e:21:4d:69:e7:22:e1:69:3b:57:fe:46:9a:85:16:
f8:4d:eb:c5:2d:ad:36:a0:1a:44:b2:2e:2c:81:a1:
53:53:94:5d:15:fc:89:ac:9e:67:f2:3e:06:f4:22:
6f:92:0f:c9:3d:19:11:10:e0:f9:46:c7:eb:af:c1:
9c:23:6b:66:40:14:54:02:56:5f:32:4c:4d:0c:89:
31:50:76:ff:ad:33:d8:06:d9:54:c5:88:b0:a3:80:
8e:a3:29:d1:89:db:f8:1c:2e:94:df:f9:18:3a:10:
4b:b8:3a:71:54:5f:58:75:f0:5a:48:ed:a1:3c:42:
7c:dd:8a:70:f8:35:ac:8c:61:bc:19:c6:7f:c5:4a:
67:bc:a5:f9:31:a8:8c:e7:5d:dd:16:df:29:80:11:
50:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:45:FE:F6:6E:A5:90:3A:2E:AC:A2:58:72:C1:61:58:D6:2D:07:EA
X509v3 Authority Key Identifier:
keyid:60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/bUX-9m6lkDourKJYcsFhWNYtB-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.165.0-5.252.167.255
31.216.59.0/24
45.87.60.0/22
45.130.152.0/22
45.143.144.0/22
89.36.230.0/24
89.37.100.0/24
89.46.43.0/24
103.104.248.0/22
103.202.52.0/22
135.136.128.0/19
185.162.74.0/23
188.210.236.0/24
194.49.68.0/23
194.49.78.0/23
207.189.0.0/19
Signature Algorithm: sha256WithRSAEncryption
32:bd:f5:36:1a:72:b4:6f:51:fb:62:06:4d:b4:54:d7:98:b9:
5b:9f:a0:b5:bb:f6:c1:e4:bb:de:24:58:80:83:66:65:61:4d:
16:62:02:77:a4:8f:8d:8f:b3:21:6c:db:a6:0b:42:e2:a2:86:
f8:03:a8:3c:18:cb:5a:89:0a:d7:6c:5c:0c:66:44:e6:65:ad:
ea:be:c6:0c:18:ae:55:89:c2:05:b1:0c:f2:1d:e4:c1:76:d9:
7b:0b:7c:c3:30:eb:65:e6:f7:da:87:38:fa:16:22:2c:e5:08:
f2:49:a3:14:f2:79:af:10:32:91:45:7b:e9:0c:b8:ed:45:10:
70:ed:a5:8b:cc:ef:ce:aa:17:ef:de:96:80:24:e7:0f:f6:f7:
53:f0:96:e9:12:ca:48:26:4b:cf:14:83:21:4d:7b:6b:b9:ff:
eb:85:28:1b:d0:9c:be:4b:c4:6c:1b:84:8a:83:f4:57:b3:f1:
36:49:0c:f2:dc:bc:71:40:4e:56:d9:e2:4a:f7:77:81:52:63:
df:84:f0:f0:56:1a:d2:4a:2b:c9:be:47:ea:aa:ff:cb:22:be:
d4:c3:48:73:fb:5a:78:c9:45:0f:1e:30:e8:88:2e:49:8b:d2:
ce:a6:5c:4b:89:86:b6:d0:0a:a0:4c:c6:90:7f:ab:1a:bd:b8:
1b:e0:87:ef
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZ0Av0qww6Leh3G8a1xm8nyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTU0MGNlNDUwNDU2MzQ1ZWM4ZTA5OGVmNGY1MzYzNGQ3
NGJmMWYwHhcNMjYwMzE4MTE0MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQ1ZmVmNjZlYTU5MDNhMmVhY2EyNTg3MmMxNjE1OGQ2MmQwN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSgqpmJ1QrVJiSnGKJ+7XyeapBta
XIBijlLOynV3vWNi4ese40DeTKISdeO50Q4xfmvgVtDfApW50ijgLclwCDhlOQPM
KntLQ/f3W05TllHJD3Hf+1zUFo9u1Mtx1qHhMemnvlbhlg4uIU1p5yLhaTtX/kaa
hRb4TevFLa02oBpEsi4sgaFTU5RdFfyJrJ5n8j4G9CJvkg/JPRkREOD5Rsfrr8Gc
I2tmQBRUAlZfMkxNDIkxUHb/rTPYBtlUxYiwo4COoynRidv4HC6U3/kYOhBLuDpx
VF9YdfBaSO2hPEJ83Ypw+DWsjGG8GcZ/xUpnvKX5MaiM513dFt8pgBFQ7QIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFG1F/vZupZA6LqyiWHLBYVjWLQfqMB8GA1UdIwQY
MBaAFGClQM5FBFY0XsjgmO9PU2NNdL8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEt
ZTQ3MzUzMWY2ZmU4LzEvYlVYLTltNmxrRG91cktKWWNzRmhXTll0Qi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEtZTQ3MzUzMWY2ZmU4
LzEvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaDAMAwQABfyl
AwQDBfygAwQAH9g7AwQCLVc8AwQCLYKYAwQCLY+QAwQAWSTmAwQAWSVkAwQAWS4r
AwQCZ2j4AwQCZ8o0AwQFh4iAAwQBuaJKAwQAvNLsAwQBwjFEAwQBwjFOAwQFz70A
MA0GCSqGSIb3DQEBCwUAA4IBAQAyvfU2GnK0b1H7YgZNtFTXmLlbn6C1u/bB5Lve
JFiAg2ZlYU0WYgJ3pI+Nj7MhbNumC0Lioob4A6g8GMtaiQrXbFwMZkTmZa3qvsYM
GK5VicIFsQzyHeTBdtl7C3zDMOtl5vfahzj6FiIs5QjySaMU8nmvEDKRRXvpDLjt
RRBw7aWLzO/Oqhfv3paAJOcP9vdT8JbpEspIJkvPFIMhTXtruf/rhSgb0Jy+S8Rs
G4SKg/RXs/E2SQzy3LxxQE5W2eJK93eBUmPfhPDwVhrSSivJvkfqqv/LIr7Uw0hz
+1p4yUUPHjDoiC5Ji9LOplxLiYa20AqgTMaQf6savbgb4Ifv
-----END CERTIFICATE-----
Generated at Thu Mar 26 15:10:57 2026 by rpki-client