Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/iVOoUf02lKRXL3oJbi3T9vnGKdg.roa
File: iVOoUf02lKRXL3oJbi3T9vnGKdg.roa (raw, json)
Hash identifier: bjpJoRMAUvfcj1BV5tTIYSFfF/2t/Mkxs7m+u3Yuu/o=
Subject key identifier: 89:53:A8:51:FD:36:94:A4:57:2F:7A:09:6E:2D:D3:F6:F9:C6:29:D8
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019CDA46AD3F079E2C0587AADD4CD2E064B4
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/iVOoUf02lKRXL3oJbi3T9vnGKdg.roa
Signing time: Wed 11 Mar 2026 00:23:10 +0000
ROA not before: Wed 11 Mar 2026 00:23:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 22616
IP address blocks: 137.31.15.0/24 maxlen: 24
147.161.128.0/23 maxlen: 24
159.254.58.0/23 maxlen: 24
159.254.60.0/23 maxlen: 24
159.254.64.0/23 maxlen: 24
159.254.66.0/23 maxlen: 24
159.254.69.0/24 maxlen: 24
159.254.84.0/24 maxlen: 24
159.254.85.0/24 maxlen: 24
159.254.86.0/24 maxlen: 24
159.254.92.0/24 maxlen: 24
159.254.93.0/24 maxlen: 24
159.254.94.0/24 maxlen: 24
159.254.95.0/24 maxlen: 24
159.254.96.0/24 maxlen: 24
159.254.97.0/24 maxlen: 24
159.254.99.0/24 maxlen: 24
159.254.100.0/24 maxlen: 24
159.254.182.0/23 maxlen: 24
159.254.184.0/23 maxlen: 24
159.254.202.0/24 maxlen: 24
159.254.209.0/24 maxlen: 24
159.254.217.0/24 maxlen: 24
159.254.220.0/24 maxlen: 24
159.254.221.0/24 maxlen: 24
159.254.240.0/24 maxlen: 24
159.254.241.0/24 maxlen: 24
164.137.4.0/24 maxlen: 24
164.137.5.0/24 maxlen: 24
164.137.6.0/24 maxlen: 24
164.137.7.0/24 maxlen: 24
164.137.8.0/24 maxlen: 24
164.137.9.0/24 maxlen: 24
164.137.10.0/24 maxlen: 24
164.137.11.0/24 maxlen: 24
164.137.12.0/24 maxlen: 24
164.137.13.0/24 maxlen: 24
164.137.14.0/24 maxlen: 24
164.137.15.0/24 maxlen: 24
164.137.16.0/24 maxlen: 24
164.137.17.0/24 maxlen: 24
164.137.18.0/24 maxlen: 24
164.137.19.0/24 maxlen: 24
164.137.20.0/24 maxlen: 24
164.137.21.0/24 maxlen: 24
164.137.22.0/24 maxlen: 24
164.137.23.0/24 maxlen: 24
164.137.24.0/24 maxlen: 24
164.137.25.0/24 maxlen: 24
164.137.26.0/24 maxlen: 24
164.137.27.0/24 maxlen: 24
164.137.28.0/24 maxlen: 24
164.137.29.0/24 maxlen: 24
164.137.30.0/24 maxlen: 24
164.137.31.0/24 maxlen: 24
164.137.32.0/24 maxlen: 24
164.137.33.0/24 maxlen: 24
164.137.34.0/24 maxlen: 24
164.137.35.0/24 maxlen: 24
164.137.36.0/24 maxlen: 24
164.137.37.0/24 maxlen: 24
164.137.38.0/24 maxlen: 24
164.137.39.0/24 maxlen: 24
164.137.40.0/24 maxlen: 24
164.137.41.0/24 maxlen: 24
164.137.42.0/24 maxlen: 24
164.137.43.0/24 maxlen: 24
164.137.44.0/24 maxlen: 24
164.137.45.0/24 maxlen: 24
164.137.46.0/24 maxlen: 24
164.137.47.0/24 maxlen: 24
164.137.48.0/24 maxlen: 24
164.137.49.0/24 maxlen: 24
164.137.50.0/24 maxlen: 24
164.137.51.0/24 maxlen: 24
164.137.52.0/24 maxlen: 24
164.137.53.0/24 maxlen: 24
2a03:eec0:3212::/48 maxlen: 48
2a03:eec0:321b::/48 maxlen: 48
2a03:eec0:322b::/48 maxlen: 48
2a03:eec0:322c::/48 maxlen: 48
2a03:eec0:322d::/48 maxlen: 48
2a03:eec0:322e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:da:46:ad:3f:07:9e:2c:05:87:aa:dd:4c:d2:e0:64:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Mar 11 00:23:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8953a851fd3694a4572f7a096e2dd3f6f9c629d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:52:9d:d6:1c:21:f8:53:af:db:6d:e6:26:94:
34:bf:87:c7:64:62:fd:27:fc:3b:ce:03:cb:0b:36:
39:e2:f1:25:c3:d5:f7:72:47:b2:4f:a2:03:f8:71:
cf:09:53:d1:c5:ed:aa:eb:d1:cd:ae:b7:2d:6e:6f:
75:cc:fb:02:8a:ec:aa:ee:26:ad:df:22:5f:00:07:
7c:7c:7d:c4:a2:77:6e:6d:1b:56:6d:5b:64:0d:7d:
e7:ca:eb:77:6c:c9:b8:91:4e:87:c7:f1:d8:f9:ec:
66:83:d7:47:cb:86:6c:cd:70:de:2b:ff:b5:d4:7d:
34:82:6c:61:c0:eb:31:68:7e:08:b7:ce:bf:26:1a:
ed:35:ae:41:6b:62:ef:6d:3d:cb:5a:07:fb:04:07:
e8:d9:33:2d:a8:12:85:14:3d:e2:9e:73:ea:de:71:
da:e3:df:bd:e2:82:5a:d3:84:2e:0b:94:eb:24:6f:
91:ad:7a:6f:c1:d9:34:df:0c:78:93:43:5e:65:12:
11:f6:ac:6a:d4:b4:ed:1f:1b:3d:16:dc:dd:a1:91:
67:fe:de:be:b9:83:c7:c8:8b:ea:0c:92:10:6a:1b:
41:03:f5:9d:f3:33:a2:e9:bc:b7:d6:5f:99:f7:f4:
37:2b:04:82:44:52:71:fc:e0:ee:15:6c:3d:15:05:
f3:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:53:A8:51:FD:36:94:A4:57:2F:7A:09:6E:2D:D3:F6:F9:C6:29:D8
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/iVOoUf02lKRXL3oJbi3T9vnGKdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.31.15.0/24
147.161.128.0/23
159.254.58.0-159.254.61.255
159.254.64.0/22
159.254.69.0/24
159.254.84.0-159.254.86.255
159.254.92.0-159.254.97.255
159.254.99.0-159.254.100.255
159.254.182.0-159.254.185.255
159.254.202.0/24
159.254.209.0/24
159.254.217.0/24
159.254.220.0/23
159.254.240.0/23
164.137.4.0-164.137.53.255
IPv6:
2a03:eec0:3212::/48
2a03:eec0:321b::/48
2a03:eec0:322b::-2a03:eec0:322e:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
aa:e6:b0:d2:4b:d9:6e:78:bf:c2:a5:3c:03:08:a9:89:26:86:
6d:9f:91:34:6f:53:ba:05:40:8a:d3:ae:05:6b:2f:49:53:ad:
02:f4:ff:0e:47:ce:62:ef:dd:51:8e:05:fe:a2:09:88:79:c1:
77:32:5b:6a:c0:f3:17:f5:6a:07:79:bc:f2:2d:a7:86:29:41:
88:67:51:82:d4:37:73:3f:61:70:e0:8e:f7:f3:49:f9:29:34:
7a:36:54:e8:ea:fd:e0:fd:da:38:ec:53:ff:66:72:95:d8:72:
22:c9:50:f6:b4:d8:9f:50:6d:6b:e7:43:b0:e6:08:a2:27:a2:
2d:9c:42:5d:04:7a:fa:09:71:32:ab:67:92:b5:93:63:50:ac:
aa:d8:15:71:19:70:d1:7a:dc:e6:fb:27:a6:00:35:10:e5:7e:
8c:a0:7d:ba:44:9e:c6:b4:64:d3:63:85:a1:e7:94:c2:2d:97:
17:10:fe:52:1c:d4:b0:38:41:05:1a:aa:d7:ac:a2:b7:b4:41:
d0:e7:be:23:88:80:9b:5d:f9:02:df:78:ad:68:58:82:d7:45:
f6:64:a1:eb:9e:17:6f:0b:61:1c:f7:65:44:8a:2e:40:1a:67:
4f:6c:55:82:9a:49:08:4e:58:fc:6a:5c:ed:da:a3:3e:2c:69:
d4:23:d1:b5
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZzaRq0/B54sBYeq3UzS4GS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMzExMDAyMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTUzYTg1MWZkMzY5NGE0NTcyZjdhMDk2ZTJkZDNmNmY5YzYyOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlKd1hwh+FOv223mJpQ0v4fHZGL9
J/w7zgPLCzY54vElw9X3ckeyT6ID+HHPCVPRxe2q69HNrrctbm91zPsCiuyq7iat
3yJfAAd8fH3EondubRtWbVtkDX3nyut3bMm4kU6Hx/HY+exmg9dHy4ZszXDeK/+1
1H00gmxhwOsxaH4It86/JhrtNa5Ba2LvbT3LWgf7BAfo2TMtqBKFFD3innPq3nHa
49+94oJa04QuC5TrJG+RrXpvwdk03wx4k0NeZRIR9qxq1LTtHxs9FtzdoZFn/t6+
uYPHyIvqDJIQahtBA/Wd8zOi6by31l+Z9/Q3KwSCRFJx/ODuFWw9FQXzDQIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFIlTqFH9NpSkVy96CW4t0/b5xinYMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvaVZPb1VmMDJsS1JYTDNvSmJpM1Q5dm5HS2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHVBggrBgEFBQcBBwEB/wSBxTCBwjCBkQQCAAEwgYoDBACJ
Hw8DBAGToYAwDAMEAZ/+OgMEAZ/+PAMEAp/+QAMEAJ/+RTAMAwQCn/5UAwQAn/5W
MAwDBAKf/lwDBAGf/mAwDAMEAJ/+YwMEAJ/+ZDAMAwQBn/62AwQBn/64AwQAn/7K
AwQAn/7RAwQAn/7ZAwQBn/7cAwQBn/7wMAwDBAKkiQQDBAGkiTQwLAQCAAIwJgMH
ACoD7sAyEgMHACoD7sAyGzASAwcAKgPuwDIrAwcAKgPuwDIuMA0GCSqGSIb3DQEB
CwUAA4IBAQCq5rDSS9lueL/CpTwDCKmJJoZtn5E0b1O6BUCK064Fay9JU60C9P8O
R85i791RjgX+ogmIecF3MltqwPMX9WoHebzyLaeGKUGIZ1GC1DdzP2Fw4I7380n5
KTR6NlTo6v3g/do47FP/ZnKV2HIiyVD2tNifUG1r50Ow5giiJ6ItnEJdBHr6CXEy
q2eStZNjUKyq2BVxGXDRetzm+yemADUQ5X6MoH26RJ7GtGTTY4Wh55TCLZcXEP5S
HNSwOEEFGqrXrKK3tEHQ574jiICbXfkC33itaFiC10X2ZKHrnhdvC2Ec92VEii5A
GmdPbFWCmkkITlj8alzt2qM+LGnUI9G1
-----END CERTIFICATE-----
Generated at Fri Mar 27 00:17:00 2026 by rpki-client