Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/sf2AUkxMphordGbZ3YZieGPTsCc.roa
File: sf2AUkxMphordGbZ3YZieGPTsCc.roa (raw, json)
Hash identifier: Mug8Np9415LBH+oOr+F8Q3MZzW+UFUq4lggni46fyqQ=
Subject key identifier: B1:FD:80:52:4C:4C:A6:1A:2B:74:66:D9:DD:86:62:78:63:D3:B0:27
Certificate issuer: /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial: 019DD4654165B8F0F30FF297421E8D51BAE9
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/sf2AUkxMphordGbZ3YZieGPTsCc.roa
Signing time: Tue 28 Apr 2026 14:01:38 +0000
ROA not before: Tue 28 Apr 2026 14:01:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 46261
IP address blocks: 5.44.255.0/24 maxlen: 24
46.253.130.0/24 maxlen: 24
61.14.224.0/22 maxlen: 24
62.106.64.0/24 maxlen: 24
79.110.176.0/21 maxlen: 24
79.110.181.0/24 maxlen: 24
85.8.148.0/24 maxlen: 24
85.8.150.0/24 maxlen: 24
85.202.172.0/22 maxlen: 24
85.202.173.0/24 maxlen: 24
91.132.84.0/22 maxlen: 24
103.203.40.0/22 maxlen: 24
103.205.84.0/22 maxlen: 24
103.207.160.0/22 maxlen: 24
103.207.163.0/24 maxlen: 24
121.46.124.0/22 maxlen: 24
146.19.82.0/24 maxlen: 24
160.238.96.0/22 maxlen: 24
185.93.4.0/24 maxlen: 24
185.105.10.0/24 maxlen: 24
185.118.132.0/24 maxlen: 24
185.118.135.0/24 maxlen: 24
185.145.44.0/22 maxlen: 24
185.147.157.0/24 maxlen: 24
185.147.159.0/24 maxlen: 24
185.157.232.0/22 maxlen: 24
185.176.88.0/22 maxlen: 24
185.176.90.0/24 maxlen: 24
185.190.58.0/23 maxlen: 24
185.196.24.0/24 maxlen: 24
185.196.26.0/23 maxlen: 24
185.202.44.0/23 maxlen: 24
185.202.46.0/23 maxlen: 24
185.206.20.0/23 maxlen: 24
185.209.128.0/23 maxlen: 24
185.209.128.0/24 maxlen: 24
185.209.130.0/23 maxlen: 24
185.213.16.0/24 maxlen: 24
185.214.140.0/23 maxlen: 24
185.214.142.0/24 maxlen: 24
185.214.240.0/24 maxlen: 24
185.214.243.0/24 maxlen: 24
185.218.185.0/24 maxlen: 24
185.219.20.0/22 maxlen: 24
185.219.23.0/24 maxlen: 24
185.225.12.0/23 maxlen: 24
185.225.14.0/23 maxlen: 24
185.227.254.0/23 maxlen: 24
185.228.44.0/22 maxlen: 24
185.232.42.0/24 maxlen: 24
185.235.120.0/22 maxlen: 24
185.235.122.0/24 maxlen: 24
185.235.123.0/24 maxlen: 24
185.242.185.0/24 maxlen: 24
193.3.16.0/24 maxlen: 24
193.31.112.0/22 maxlen: 24
193.31.114.0/24 maxlen: 24
193.163.35.0/24 maxlen: 24
193.176.116.0/22 maxlen: 24
193.187.180.0/22 maxlen: 24
194.8.134.0/24 maxlen: 24
194.50.192.0/22 maxlen: 24
194.69.161.0/24 maxlen: 24
195.216.148.0/22 maxlen: 24
195.245.74.0/23 maxlen: 24
213.109.157.0/24 maxlen: 24
217.18.56.0/22 maxlen: 24
2a07:4580::/29 maxlen: 29
2a07:4580::/32 maxlen: 48
2a07:4580:b0d::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.mft
rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 04:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d4:65:41:65:b8:f0:f3:0f:f2:97:42:1e:8d:51:ba:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
Validity
Not Before: Apr 28 14:01:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b1fd80524c4ca61a2b7466d9dd86627863d3b027
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:20:45:df:bd:c6:26:15:b6:44:e9:cc:b8:82:
e1:be:bc:fb:47:d3:cd:d3:fc:f0:f0:6c:1c:95:a6:
11:ae:77:05:87:08:37:31:da:0b:d3:91:b8:cc:41:
e3:d9:2c:0c:d0:20:35:da:c0:f7:3c:73:97:e3:f3:
75:66:c6:66:b4:b6:66:c6:c2:76:69:8f:cf:85:90:
1c:a2:24:e7:32:2f:be:62:3d:a6:ba:46:aa:e5:e6:
58:cb:3d:9d:ba:fe:57:e0:92:fe:1f:7b:29:01:cf:
f0:fe:ba:6c:5b:a5:27:a1:5e:3a:10:b1:38:26:20:
43:01:70:34:08:5d:a6:35:7d:af:6e:a9:b8:70:b7:
46:1e:2f:67:f5:cb:33:c3:ed:e4:0d:07:c3:39:13:
56:f5:e8:db:d9:67:f5:1e:37:cb:f9:a3:85:39:61:
84:30:36:0d:01:71:d8:57:3d:e2:52:88:46:4e:9a:
92:7c:61:46:6d:66:0c:cf:b9:cd:b3:4c:a4:cc:bf:
b2:3e:02:c4:bc:c2:d7:28:d1:64:e5:9a:f3:26:18:
67:d5:e5:19:85:4e:90:31:d1:f8:53:ef:74:e0:95:
29:79:15:ec:1b:a9:f5:6c:08:1d:13:2a:74:ec:3f:
b5:4d:7d:ad:77:b8:d8:3b:57:0c:24:5b:15:20:e6:
26:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:FD:80:52:4C:4C:A6:1A:2B:74:66:D9:DD:86:62:78:63:D3:B0:27
X509v3 Authority Key Identifier:
keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/sf2AUkxMphordGbZ3YZieGPTsCc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.255.0/24
46.253.130.0/24
61.14.224.0/22
62.106.64.0/24
79.110.176.0/21
85.8.148.0/24
85.8.150.0/24
85.202.172.0/22
91.132.84.0/22
103.203.40.0/22
103.205.84.0/22
103.207.160.0/22
121.46.124.0/22
146.19.82.0/24
160.238.96.0/22
185.93.4.0/24
185.105.10.0/24
185.118.132.0/24
185.118.135.0/24
185.145.44.0/22
185.147.157.0/24
185.147.159.0/24
185.157.232.0/22
185.176.88.0/22
185.190.58.0/23
185.196.24.0/24
185.196.26.0/23
185.202.44.0/22
185.206.20.0/23
185.209.128.0/22
185.213.16.0/24
185.214.140.0-185.214.142.255
185.214.240.0/24
185.214.243.0/24
185.218.185.0/24
185.219.20.0/22
185.225.12.0/22
185.227.254.0/23
185.228.44.0/22
185.232.42.0/24
185.235.120.0/22
185.242.185.0/24
193.3.16.0/24
193.31.112.0/22
193.163.35.0/24
193.176.116.0/22
193.187.180.0/22
194.8.134.0/24
194.50.192.0/22
194.69.161.0/24
195.216.148.0/22
195.245.74.0/23
213.109.157.0/24
217.18.56.0/22
IPv6:
2a07:4580::/29
Signature Algorithm: sha256WithRSAEncryption
a4:7f:82:19:57:b0:1c:bb:d1:a5:53:f6:fa:ec:c8:34:34:0f:
0e:78:88:95:43:a2:33:53:8c:d1:a2:b2:48:52:17:89:f0:66:
d8:12:ae:71:d9:e1:74:7d:ee:62:6b:43:e4:f4:b6:6f:35:1b:
fd:56:17:4f:00:d7:27:7d:b1:2b:99:67:2d:0c:c9:44:39:0b:
c5:59:24:9b:de:80:15:bb:e9:b1:a2:44:78:dc:52:d3:69:1a:
3d:31:84:8e:a1:0c:43:7e:9f:25:bb:cc:86:69:14:35:cc:58:
3e:29:ee:1b:70:be:76:f7:52:1d:eb:7c:b4:1a:36:7a:37:a5:
e6:e7:0a:5e:b8:a8:ef:f2:a3:5c:fd:57:66:5d:49:9f:7f:eb:
c6:bd:50:b0:e5:18:a8:e3:36:11:38:7c:98:94:3b:ea:4a:80:
10:2f:f0:91:c1:af:2b:c3:f2:b9:d1:3e:3b:98:f0:0d:4b:4d:
90:37:ca:bf:be:94:1b:06:96:24:d1:a9:05:93:36:c5:11:f6:
ca:8a:ff:c3:b1:ac:a3:c2:9c:42:57:d1:34:0d:46:25:31:67:
c3:cb:8b:8e:95:e3:6f:a1:b5:1b:27:b9:10:8a:37:03:6d:e1:
b4:db:aa:06:19:95:f9:fe:df:24:e4:4f:47:9b:c7:83:3e:7b:
6e:f5:6b:de
-----BEGIN CERTIFICATE-----
MIIGXDCCBUSgAwIBAgISAZ3UZUFluPDzD/KXQh6NUbrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTEyNzcyM2VhMGNmZDA3MjQ3MTNiMjkxNzM0Y2FhMzUz
ZTIwZWEwHhcNMjYwNDI4MTQwMTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWZkODA1MjRjNGNhNjFhMmI3NDY2ZDlkZDg2NjI3ODYzZDNiMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliBF373GJhW2ROnMuILhvrz7R9PN
0/zw8GwclaYRrncFhwg3MdoL05G4zEHj2SwM0CA12sD3PHOX4/N1ZsZmtLZmxsJ2
aY/PhZAcoiTnMi++Yj2mukaq5eZYyz2duv5X4JL+H3spAc/w/rpsW6UnoV46ELE4
JiBDAXA0CF2mNX2vbqm4cLdGHi9n9cszw+3kDQfDORNW9ejb2Wf1HjfL+aOFOWGE
MDYNAXHYVz3iUohGTpqSfGFGbWYMz7nNs0ykzL+yPgLEvMLXKNFk5ZrzJhhn1eUZ
hU6QMdH4U+904JUpeRXsG6n1bAgdEyp07D+1TX2td7jYO1cMJFsVIOYmHwIDAQAB
o4IDaDCCA2QwHQYDVR0OBBYEFLH9gFJMTKYaK3Rm2d2GYnhj07AnMB8GA1UdIwQY
MBaAFFBRJ3I+oM/QckcTspFzTKo1PiDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYt
NTU2MDhiNjk0NDU2LzEvc2YyQVVreE1waG9yZEdiWjNZWmllR1BUc0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYtNTU2MDhiNjk0NDU2
LzEvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfAYIKwYBBQUHAQcBAf8EggFrMIIBZzCCAVQEAgABMIIB
TAMEAAUs/wMEAC79ggMEAj0O4AMEAD5qQAMEA09usAMEAFUIlAMEAFUIlgMEAlXK
rAMEAluEVAMEAmfLKAMEAmfNVAMEAmfPoAMEAnkufAMEAJITUgMEAqDuYAMEALld
BAMEALlpCgMEALl2hAMEALl2hwMEArmRLAMEALmTnQMEALmTnwMEArmd6AMEArmw
WAMEAbm+OgMEALnEGAMEAbnEGgMEArnKLAMEAbnOFAMEArnRgAMEALnVEDAMAwQC
udaMAwQAudaOAwQAudbwAwQAudbzAwQAudq5AwQCudsUAwQCueEMAwQBueP+AwQC
ueQsAwQAuegqAwQCuet4AwQAufK5AwQAwQMQAwQCwR9wAwQAwaMjAwQCwbB0AwQC
wbu0AwQAwgiGAwQCwjLAAwQAwkWhAwQCw9iUAwQBw/VKAwQA1W2dAwQC2RI4MA0E
AgACMAcDBQMqB0WAMA0GCSqGSIb3DQEBCwUAA4IBAQCkf4IZV7Acu9GlU/b67Mg0
NA8OeIiVQ6IzU4zRorJIUheJ8GbYEq5x2eF0fe5ia0Pk9LZvNRv9VhdPANcnfbEr
mWctDMlEOQvFWSSb3oAVu+mxokR43FLTaRo9MYSOoQxDfp8lu8yGaRQ1zFg+Ke4b
cL5291Id63y0GjZ6N6Xm5wpeuKjv8qNc/VdmXUmff+vGvVCw5Rio4zYROHyYlDvq
SoAQL/CRwa8rw/K50T47mPANS02QN8q/vpQbBpYk0akFkzbFEfbKiv/DsayjwpxC
V9E0DUYlMWfDy4uOleNvobUbJ7kQijcDbeG026oGGZX5/t8k5E9Hm8eDPntu9Wve
-----END CERTIFICATE-----
Generated at Wed May 13 12:51:12 2026 by rpki-client