Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/y6UT9hV2iAVqBerVY1BgOffzcWo.roa
File: y6UT9hV2iAVqBerVY1BgOffzcWo.roa (raw, json)
Hash identifier: 2qZjEU6jGdQe6q1nziuM14rwudcmx0EsDCql/DbeX9Y=
Subject key identifier: CB:A5:13:F6:15:76:88:05:6A:05:EA:D5:63:50:60:39:F7:F3:71:6A
Certificate issuer: /CN=e15136feff3574ef9b2262de59b06a21908fab3e
Certificate serial: 019DCAB31379713AF5212BD9C9DFC413B631
Authority key identifier: E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/y6UT9hV2iAVqBerVY1BgOffzcWo.roa
Signing time: Sun 26 Apr 2026 16:50:26 +0000
ROA not before: Sun 26 Apr 2026 16:50:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41227
IP address blocks: 87.247.168.0/23 maxlen: 23
87.247.170.0/23 maxlen: 24
87.247.174.0/23 maxlen: 23
87.247.178.0/24 maxlen: 24
87.247.184.0/21 maxlen: 24
185.248.32.0/24 maxlen: 24
194.34.160.0/24 maxlen: 24
194.34.161.0/24 maxlen: 24
194.34.162.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 19:01:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ca:b3:13:79:71:3a:f5:21:2b:d9:c9:df:c4:13:b6:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e15136feff3574ef9b2262de59b06a21908fab3e
Validity
Not Before: Apr 26 16:50:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cba513f6157688056a05ead563506039f7f3716a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:71:7a:1d:39:9a:66:5a:5d:86:6d:ea:ba:1e:
63:41:37:82:d6:b0:4e:1d:87:be:76:f5:9c:91:2d:
1d:89:4a:f5:97:42:f8:ed:f6:21:a2:24:20:e1:36:
be:5a:57:8c:c3:7b:6c:7d:b6:d3:f3:e3:9e:b9:1f:
77:18:a6:80:18:06:bc:87:2a:fd:fd:ae:16:ed:1d:
b6:4a:50:ce:46:51:5c:a0:c2:bb:ed:61:33:71:ea:
87:ee:b5:8c:2c:56:3d:c9:99:31:25:2d:49:2d:fd:
6f:fa:15:1d:07:72:17:e2:81:f8:a4:9d:06:78:d7:
57:db:5b:60:cf:ef:50:e7:f7:72:18:9d:17:aa:a2:
98:6e:66:c6:6c:a0:31:2d:19:c5:e5:81:c8:ea:4c:
9f:d4:43:ce:ba:bc:71:c6:06:78:a8:03:d4:ea:77:
61:d6:e8:dd:01:12:d3:c7:39:c1:00:dc:9e:a6:5a:
16:cc:61:e1:bb:b9:43:5e:97:34:a4:a5:cb:16:4e:
f1:98:c7:7a:b0:10:5b:20:33:e6:64:8f:e1:cd:86:
ec:f2:4d:46:b5:be:9e:36:ad:eb:d7:0b:43:c7:4b:
23:b3:c8:85:25:d1:0e:72:7a:8d:4e:6a:02:d5:3f:
5f:5b:85:76:42:38:c6:ae:7e:be:76:b3:64:f0:4c:
89:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:A5:13:F6:15:76:88:05:6A:05:EA:D5:63:50:60:39:F7:F3:71:6A
X509v3 Authority Key Identifier:
keyid:E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/y6UT9hV2iAVqBerVY1BgOffzcWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.168.0/22
87.247.174.0/23
87.247.178.0/24
87.247.184.0/21
185.248.32.0/24
194.34.160.0-194.34.162.255
Signature Algorithm: sha256WithRSAEncryption
45:8e:b0:29:1c:fc:32:78:dd:6d:38:2a:31:b4:e8:08:eb:b0:
98:eb:33:87:e0:a6:07:2e:0b:d5:f8:47:97:c8:3d:00:b3:3c:
78:64:c5:dc:48:73:bb:03:1e:b4:93:7a:fa:32:19:1e:d9:f9:
ae:0b:a5:be:44:4b:71:d8:4a:65:41:a5:81:c0:d9:14:87:d1:
d6:39:f6:41:2a:fb:09:95:5b:9a:e8:34:8e:4f:f2:33:64:47:
76:2d:a4:c1:a4:c9:72:68:53:ca:30:91:f6:b7:90:7f:31:ec:
74:da:07:3a:3e:05:08:29:03:a1:e6:f9:03:68:2e:b8:49:0f:
80:05:ef:9b:23:04:65:88:87:d1:d7:2b:1b:d5:fb:24:7e:b3:
c7:a3:41:b6:e3:79:20:9c:10:5e:0c:2c:13:f0:8f:d5:b3:15:
a3:9a:64:75:eb:c5:42:04:e6:4f:de:a0:f1:a6:dc:df:27:84:
a6:1a:f9:15:a7:01:d4:dc:28:50:0a:d2:07:2b:51:c8:b7:71:
f7:35:b0:73:69:8e:ed:93:d0:8d:df:ac:0e:3c:be:f1:52:10:
a8:7d:aa:63:c7:3e:d1:a9:a7:ad:76:44:47:84:0e:cc:3e:97:
c5:5b:99:17:94:c0:7b:29:a5:22:29:c0:81:c5:7b:fc:bc:2c:
f1:66:1b:ec
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ3KsxN5cTr1ISvZyd/EE7YxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTEzNmZlZmYzNTc0ZWY5YjIyNjJkZTU5YjA2YTIxOTA4
ZmFiM2UwHhcNMjYwNDI2MTY1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE1MTNmNjE1NzY4ODA1NmEwNWVhZDU2MzUwNjAzOWY3ZjM3MTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXF6HTmaZlpdhm3quh5jQTeC1rBO
HYe+dvWckS0diUr1l0L47fYhoiQg4Ta+WleMw3tsfbbT8+OeuR93GKaAGAa8hyr9
/a4W7R22SlDORlFcoMK77WEzceqH7rWMLFY9yZkxJS1JLf1v+hUdB3IX4oH4pJ0G
eNdX21tgz+9Q5/dyGJ0XqqKYbmbGbKAxLRnF5YHI6kyf1EPOurxxxgZ4qAPU6ndh
1ujdARLTxznBANyeploWzGHhu7lDXpc0pKXLFk7xmMd6sBBbIDPmZI/hzYbs8k1G
tb6eNq3r1wtDx0sjs8iFJdEOcnqNTmoC1T9fW4V2QjjGrn6+drNk8EyJhQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFMulE/YVdogFagXq1WNQYDn383FqMB8GA1UdIwQY
MBaAFOFRNv7/NXTvmyJi3lmwaiGQj6s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMt
MDQxMzEyMjQyZmYzLzEveTZVVDloVjJpQVZxQmVyVlkxQmdPZmZ6Y1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMtMDQxMzEyMjQyZmYz
LzEvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCV/eoAwQB
V/euAwQAV/eyAwQDV/e4AwQAufggMAwDBAXCIqADBADCIqIwDQYJKoZIhvcNAQEL
BQADggEBAEWOsCkc/DJ43W04KjG06AjrsJjrM4fgpgcuC9X4R5fIPQCzPHhkxdxI
c7sDHrSTevoyGR7Z+a4Lpb5ES3HYSmVBpYHA2RSH0dY59kEq+wmVW5roNI5P8jNk
R3YtpMGkyXJoU8owkfa3kH8x7HTaBzo+BQgpA6Hm+QNoLrhJD4AF75sjBGWIh9HX
KxvV+yR+s8ejQbbjeSCcEF4MLBPwj9WzFaOaZHXrxUIE5k/eoPGm3N8nhKYa+RWn
AdTcKFAK0gcrUci3cfc1sHNpju2T0I3frA48vvFSEKh9qmPHPtGpp612REeEDsw+
l8VbmReUwHsppSIpwIHFe/y8LPFmG+w=
-----END CERTIFICATE-----
Generated at Wed May 13 04:26:03 2026 by rpki-client