Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/YsmjC0C0fqf9CY4wLhiPtFlxZEw.roa
File: YsmjC0C0fqf9CY4wLhiPtFlxZEw.roa (raw, json)
Hash identifier: N0lxxgZ/gBnqbm0d/xg3YbjefGLIyBpN9+tqlNMsVRc=
Subject key identifier: 62:C9:A3:0B:40:B4:7E:A7:FD:09:8E:30:2E:18:8F:B4:59:71:64:4C
Certificate issuer: /CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Certificate serial: 019DBE82F5525B6223CF878EC3E8981B5A49
Authority key identifier: 34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/YsmjC0C0fqf9CY4wLhiPtFlxZEw.roa
Signing time: Fri 24 Apr 2026 08:02:26 +0000
ROA not before: Fri 24 Apr 2026 08:02:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25540
IP address blocks: 45.81.212.0/22 maxlen: 22
77.81.49.0/24 maxlen: 24
83.172.137.0/24 maxlen: 24
83.172.142.0/23 maxlen: 23
83.172.149.0/24 maxlen: 24
83.172.152.0/24 maxlen: 24
83.172.154.0/23 maxlen: 23
83.172.156.0/23 maxlen: 23
83.172.158.0/24 maxlen: 24
83.172.166.0/23 maxlen: 23
83.172.168.0/24 maxlen: 24
83.172.170.0/23 maxlen: 23
83.172.184.0/23 maxlen: 23
83.172.187.0/24 maxlen: 24
83.172.190.0/24 maxlen: 24
83.172.191.0/24 maxlen: 24
89.37.107.0/24 maxlen: 24
93.114.176.0/22 maxlen: 22
94.177.28.0/24 maxlen: 24
94.177.144.0/24 maxlen: 24
130.93.0.0/17 maxlen: 24
130.93.0.0/24 maxlen: 24
130.93.128.0/18 maxlen: 22
130.93.128.0/19 maxlen: 19
130.93.160.0/20 maxlen: 20
130.93.176.0/22 maxlen: 22
161.104.80.0/21 maxlen: 21
185.9.248.0/22 maxlen: 22
185.12.0.0/22 maxlen: 22
185.23.164.0/22 maxlen: 22
185.120.176.0/22 maxlen: 22
185.122.160.0/22 maxlen: 22
185.133.128.0/22 maxlen: 22
185.137.72.0/22 maxlen: 22
185.153.172.0/22 maxlen: 22
193.84.89.0/24 maxlen: 24
195.68.224.0/22 maxlen: 22
206.124.104.0/21 maxlen: 21
2a02:ec00::/29 maxlen: 29
2a0e:4180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.mft
rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 02:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:be:82:f5:52:5b:62:23:cf:87:8e:c3:e8:98:1b:5a:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Validity
Not Before: Apr 24 08:02:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=62c9a30b40b47ea7fd098e302e188fb45971644c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:be:4d:be:25:b3:3e:c2:da:fe:f9:0e:ac:7c:
bb:11:cb:8b:91:3b:e3:1b:29:e1:63:be:99:49:ce:
12:d5:2f:3f:bc:47:73:5f:10:2b:72:21:6f:81:46:
3a:e5:03:87:0f:41:80:39:7c:4f:71:da:65:e7:b3:
6b:7b:58:d5:92:1a:2d:ab:6a:c1:4a:a1:ee:4a:81:
6b:e0:7c:c5:19:2f:1e:fa:a7:79:24:3e:61:2c:b8:
6c:ef:cc:cc:66:f6:ae:4c:d1:67:eb:95:d9:c4:5c:
37:82:67:c5:ad:c1:a3:38:e5:65:49:5f:12:f2:1c:
52:08:4b:6c:4f:42:ba:96:8d:a3:ce:8a:d8:39:6e:
d3:15:a5:0a:79:14:62:d2:d1:fe:de:46:7d:7a:be:
f1:c3:bf:a1:ce:20:f1:eb:87:26:51:38:a0:d3:67:
d1:fd:b5:0b:9f:0a:02:58:46:eb:7a:44:f6:2f:07:
38:f7:86:e9:8b:87:65:19:00:05:41:da:a5:4c:4b:
ed:5a:d0:69:77:f3:96:06:ce:88:6c:45:a0:a3:ab:
32:22:44:76:f3:35:79:b6:55:9d:63:96:d6:d7:0e:
b5:e5:8a:60:d6:32:3f:26:6c:16:76:62:66:e1:ef:
3c:0b:29:50:72:6c:6b:d9:c5:4f:ac:96:d0:ae:03:
8d:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:C9:A3:0B:40:B4:7E:A7:FD:09:8E:30:2E:18:8F:B4:59:71:64:4C
X509v3 Authority Key Identifier:
keyid:34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/YsmjC0C0fqf9CY4wLhiPtFlxZEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.212.0/22
77.81.49.0/24
83.172.137.0/24
83.172.142.0/23
83.172.149.0/24
83.172.152.0/24
83.172.154.0-83.172.158.255
83.172.166.0-83.172.168.255
83.172.170.0/23
83.172.184.0/23
83.172.187.0/24
83.172.190.0/23
89.37.107.0/24
93.114.176.0/22
94.177.28.0/24
94.177.144.0/24
130.93.0.0-130.93.191.255
161.104.80.0/21
185.9.248.0/22
185.12.0.0/22
185.23.164.0/22
185.120.176.0/22
185.122.160.0/22
185.133.128.0/22
185.137.72.0/22
185.153.172.0/22
193.84.89.0/24
195.68.224.0/22
206.124.104.0/21
IPv6:
2a02:ec00::/29
2a0e:4180::/29
Signature Algorithm: sha256WithRSAEncryption
72:d5:94:26:2f:30:8e:1c:de:b1:cb:73:78:e8:e2:16:71:f7:
cc:de:44:0c:8b:ee:84:d4:22:f9:d9:c5:72:82:8d:52:50:d9:
5c:b4:a8:4e:1f:c2:7f:55:5f:97:d7:50:2e:71:3e:10:05:90:
eb:dd:3f:9f:1c:25:11:d6:8d:18:41:7f:e7:e9:1b:3a:74:5d:
9e:bd:fb:42:73:8a:f9:80:a1:90:84:d2:14:f7:1f:5e:d3:81:
4b:f9:9e:08:40:88:a5:7f:73:b1:b2:1e:ee:05:1f:34:92:c1:
26:98:bb:3b:c8:bb:63:b9:f0:c1:16:b9:fd:48:c9:54:79:f3:
5d:64:33:11:8b:56:7c:83:9e:cf:27:9b:8c:30:33:32:81:7c:
10:0e:82:97:94:cf:e0:33:e6:fa:34:b8:82:7d:6f:56:da:18:
67:12:f9:a5:09:15:95:48:17:a3:c7:82:b5:0a:cd:c2:48:69:
5a:ac:7c:bd:25:94:3c:f2:af:41:2d:c5:dd:5e:84:c3:ab:d6:
96:e6:4f:7d:49:13:ab:64:ba:ec:98:2e:1a:85:13:51:5d:99:
6a:42:7c:f1:15:08:7c:95:d7:6b:fb:d5:b2:2e:b1:03:d5:df:
84:8a:f7:83:cb:6d:ae:e6:0f:23:53:f5:f4:d9:6f:4d:b9:57:
53:3c:38:ca
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgISAZ2+gvVSW2Ijz4eOw+iYG1pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWZiM2ZlYjE1YzAzYzRkMzRkOWZmNDQ0ZDlhZDdlMzAw
NjcyMDgwHhcNMjYwNDI0MDgwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM5YTMwYjQwYjQ3ZWE3ZmQwOThlMzAyZTE4OGZiNDU5NzE2NDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwL5NviWzPsLa/vkOrHy7EcuLkTvj
GynhY76ZSc4S1S8/vEdzXxArciFvgUY65QOHD0GAOXxPcdpl57Nre1jVkhotq2rB
SqHuSoFr4HzFGS8e+qd5JD5hLLhs78zMZvauTNFn65XZxFw3gmfFrcGjOOVlSV8S
8hxSCEtsT0K6lo2jzorYOW7TFaUKeRRi0tH+3kZ9er7xw7+hziDx64cmUTig02fR
/bULnwoCWEbrekT2Lwc494bpi4dlGQAFQdqlTEvtWtBpd/OWBs6IbEWgo6syIkR2
8zV5tlWdY5bW1w615Ypg1jI/JmwWdmJm4e88CylQcmxr2cVPrJbQrgONkQIDAQAB
o4IC4zCCAt8wHQYDVR0OBBYEFGLJowtAtH6n/QmOMC4Yj7RZcWRMMB8GA1UdIwQY
MBaAFDRfs/6xXAPE002f9ETZrX4wBnIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUt
YmM1NGIxMjExYjYwLzEvWXNtakMwQzBmcWY5Q1k0d0xoaVB0Rmx4WkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUtYmM1NGIxMjExYjYw
LzEvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH4BggrBgEFBQcBBwEB/wSB6DCB5TCBzAQCAAEwgcUDBAIt
UdQDBABNUTEDBABTrIkDBAFTrI4DBABTrJUDBABTrJgwDAMEAVOsmgMEAFOsnjAM
AwQBU6ymAwQAU6yoAwQBU6yqAwQBU6y4AwQAU6y7AwQBU6y+AwQAWSVrAwQCXXKw
AwQAXrEcAwQAXrGQMAsDAwCCXQMEBoJdgAMEA6FoUAMEArkJ+AMEArkMAAMEArkX
pAMEArl4sAMEArl6oAMEArmFgAMEArmJSAMEArmZrAMEAMFUWQMEAsNE4AMEA858
aDAUBAIAAjAOAwUDKgLsAAMFAyoOQYAwDQYJKoZIhvcNAQELBQADggEBAHLVlCYv
MI4c3rHLc3jo4hZx98zeRAyL7oTUIvnZxXKCjVJQ2Vy0qE4fwn9VX5fXUC5xPhAF
kOvdP58cJRHWjRhBf+fpGzp0XZ69+0JzivmAoZCE0hT3H17TgUv5nghAiKV/c7Gy
Hu4FHzSSwSaYuzvIu2O58MEWuf1IyVR5811kMxGLVnyDns8nm4wwMzKBfBAOgpeU
z+Az5vo0uIJ9b1baGGcS+aUJFZVIF6PHgrUKzcJIaVqsfL0llDzyr0Etxd1ehMOr
1pbmT31JE6tkuuyYLhqFE1FdmWpCfPEVCHyV12v71bIusQPV34SK94PLba7mDyNT
9fTZb025V1M8OMo=
-----END CERTIFICATE-----
Generated at Wed May 13 11:22:25 2026 by rpki-client