Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/RY6d2War7s_bXguR2iy9IN9YcRc.roa
File: RY6d2War7s_bXguR2iy9IN9YcRc.roa (raw, json)
Hash identifier: 5KpHenlSj0FRQpLdtAUp1FNTXJS4qFPZ/fpqZIMZBCA=
Subject key identifier: 45:8E:9D:D9:66:AB:EE:CF:DB:5E:0B:91:DA:2C:BD:20:DF:58:71:17
Certificate issuer: /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial: 019CB321D96D0590D0600F0F5EF0ED88FB07
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/RY6d2War7s_bXguR2iy9IN9YcRc.roa
Signing time: Tue 03 Mar 2026 09:57:45 +0000
ROA not before: Tue 03 Mar 2026 09:57:45 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213176
IP address blocks: 85.155.128.0/24 maxlen: 24
209.35.224.0/24 maxlen: 24
209.35.225.0/24 maxlen: 24
209.35.226.0/24 maxlen: 24
209.35.227.0/24 maxlen: 24
209.35.228.0/24 maxlen: 24
209.35.229.0/24 maxlen: 24
209.35.230.0/24 maxlen: 24
209.35.231.0/24 maxlen: 24
209.35.233.0/24 maxlen: 24
209.35.234.0/24 maxlen: 24
209.35.235.0/24 maxlen: 24
209.35.236.0/24 maxlen: 24
209.35.237.0/24 maxlen: 24
209.35.238.0/24 maxlen: 24
209.35.239.0/24 maxlen: 24
209.35.240.0/24 maxlen: 24
209.35.241.0/24 maxlen: 24
209.35.242.0/24 maxlen: 24
209.35.243.0/24 maxlen: 24
209.35.244.0/24 maxlen: 24
209.35.245.0/24 maxlen: 24
209.35.246.0/24 maxlen: 24
209.35.247.0/24 maxlen: 24
209.35.248.0/24 maxlen: 24
209.35.249.0/24 maxlen: 24
209.35.250.0/24 maxlen: 24
209.35.251.0/24 maxlen: 24
209.35.252.0/24 maxlen: 24
209.35.253.0/24 maxlen: 24
209.35.254.0/24 maxlen: 24
209.35.255.0/24 maxlen: 24
212.59.64.0/24 maxlen: 24
212.59.65.0/24 maxlen: 24
212.59.66.0/24 maxlen: 24
212.59.67.0/24 maxlen: 24
212.59.68.0/24 maxlen: 24
212.59.69.0/24 maxlen: 24
212.59.70.0/24 maxlen: 24
212.59.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 15:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b3:21:d9:6d:05:90:d0:60:0f:0f:5e:f0:ed:88:fb:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Validity
Not Before: Mar 3 09:57:45 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=458e9dd966abeecfdb5e0b91da2cbd20df587117
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:ab:54:66:0c:4b:a8:08:3d:85:c6:1d:68:d4:
ad:33:55:cc:d1:db:28:27:b3:62:8c:09:4f:b1:4d:
c2:13:c5:2f:d5:fe:b6:b9:57:8a:2a:d9:ca:c8:19:
3d:d7:01:4f:dc:a2:68:e4:91:61:c8:0d:8f:13:2f:
00:49:f4:bd:48:22:cc:d2:9a:57:f8:ce:69:ac:a5:
50:88:1f:d8:ac:6d:82:1c:b2:b2:1e:7e:12:a7:93:
35:58:3f:f2:60:ec:59:7d:13:30:83:90:ef:25:12:
4d:d1:47:a5:bc:36:2f:7e:17:ec:bd:a5:42:3c:b9:
46:b9:3f:10:f3:11:d4:24:c5:d9:83:f3:ee:6f:ce:
e2:50:a8:0a:23:e7:61:0c:e4:0c:86:69:66:7c:b1:
8f:f7:64:a8:5e:f7:db:bf:5d:8d:0c:d4:6b:cb:64:
1b:57:bc:61:6f:45:e2:85:95:57:81:44:bc:f8:88:
42:c9:52:bf:e8:48:8b:01:34:1c:95:22:1b:a4:dd:
4b:82:1f:62:f8:29:43:f1:cf:1c:7c:6e:b6:a1:4f:
e8:60:56:bd:42:de:af:92:ee:0e:81:20:0e:78:8a:
6b:b3:30:7b:d7:b8:08:2d:68:9e:89:d5:f9:17:01:
2e:46:fd:b6:3d:61:d5:ef:82:67:cb:9b:da:7a:d0:
56:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:8E:9D:D9:66:AB:EE:CF:DB:5E:0B:91:DA:2C:BD:20:DF:58:71:17
X509v3 Authority Key Identifier:
keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/RY6d2War7s_bXguR2iy9IN9YcRc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.155.128.0/24
209.35.224.0/21
209.35.233.0-209.35.255.255
212.59.64.0/21
Signature Algorithm: sha256WithRSAEncryption
30:0c:ee:d8:67:0c:2b:13:35:6c:7b:85:c2:33:a1:38:bc:4e:
a9:b5:28:fb:0d:ca:91:c1:9c:51:80:d4:cf:75:c1:ce:ae:34:
77:31:5b:2c:59:57:b8:5d:f0:d1:65:ae:89:06:a4:be:77:7f:
80:9b:ee:a2:65:74:74:0b:d6:a0:3b:51:7b:c5:3f:43:8f:22:
74:b1:94:f1:c4:16:fa:e3:5e:d1:b6:f3:46:05:0c:84:9a:1c:
b0:a1:b3:b4:ef:b7:99:2f:68:c0:a0:dc:e4:89:e4:56:b7:9a:
a2:f9:95:7c:42:6e:48:87:b5:e7:5f:7b:8b:66:80:4a:e4:49:
56:d1:90:03:94:2e:21:6f:7a:39:67:c4:ed:df:fa:ec:50:84:
42:82:dc:7b:15:9f:2d:1d:df:3a:d9:bd:fe:49:cc:f6:23:f0:
98:d2:14:ff:fb:f0:0a:7c:ec:d0:7d:98:b9:a4:f3:20:6a:af:
3f:27:95:97:2e:80:65:e0:c3:51:f9:a8:5a:59:5b:ea:5b:59:
8c:db:35:6f:1a:96:be:e0:50:eb:a4:b3:77:a6:1b:2b:dd:78:
58:ef:a1:05:ac:e2:b3:d2:cd:94:02:53:51:00:48:25:06:88:
86:c1:d3:b5:cf:0c:66:70:5c:26:bc:1b:b3:23:0c:5c:63:5c:
6a:09:f6:e3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZyzIdltBZDQYA8PXvDtiPsHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjYwMzAzMDk1NzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NThlOWRkOTY2YWJlZWNmZGI1ZTBiOTFkYTJjYmQyMGRmNTg3MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6tUZgxLqAg9hcYdaNStM1XM0dso
J7NijAlPsU3CE8Uv1f62uVeKKtnKyBk91wFP3KJo5JFhyA2PEy8ASfS9SCLM0ppX
+M5prKVQiB/YrG2CHLKyHn4Sp5M1WD/yYOxZfRMwg5DvJRJN0UelvDYvfhfsvaVC
PLlGuT8Q8xHUJMXZg/Pub87iUKgKI+dhDOQMhmlmfLGP92SoXvfbv12NDNRry2Qb
V7xhb0XihZVXgUS8+IhCyVK/6EiLATQclSIbpN1Lgh9i+ClD8c8cfG62oU/oYFa9
Qt6vku4OgSAOeIprszB717gILWieidX5FwEuRv22PWHV74Jny5vaetBWywIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEWOndlmq+7P214LkdosvSDfWHEXMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvUlk2ZDJXYXI3c19iWGd1UjJpeTlJTjlZY1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfAwQAVZuAAwQD
0SPgMAsDBADRI+kDAwLRIAMEA9Q7QDANBgkqhkiG9w0BAQsFAAOCAQEAMAzu2GcM
KxM1bHuFwjOhOLxOqbUo+w3KkcGcUYDUz3XBzq40dzFbLFlXuF3w0WWuiQakvnd/
gJvuomV0dAvWoDtRe8U/Q48idLGU8cQW+uNe0bbzRgUMhJocsKGztO+3mS9owKDc
5InkVreaovmVfEJuSIe15197i2aASuRJVtGQA5QuIW96OWfE7d/67FCEQoLcexWf
LR3fOtm9/knM9iPwmNIU//vwCnzs0H2YuaTzIGqvPyeVly6AZeDDUfmoWllb6ltZ
jNs1bxqWvuBQ66Szd6YbK914WO+hBazis9LNlAJTUQBIJQaIhsHTtc8MZnBcJrwb
syMMXGNcagn24w==
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:52:06 2026 by rpki-client