Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TdMbLOSHOW5Od2MPBqFS6Pw8TSY.roa
File: TdMbLOSHOW5Od2MPBqFS6Pw8TSY.roa (raw, json)
Hash identifier: wSA7n34Q3CSKY3OiMDAvE3mXUvYqFJEZqY3Hqxwarms=
Subject key identifier: 4D:D3:1B:2C:E4:87:39:6E:4E:77:63:0F:06:A1:52:E8:FC:3C:4D:26
Certificate issuer: /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial: 019CFB527086A75E44A448C41F8D17E4ED82
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TdMbLOSHOW5Od2MPBqFS6Pw8TSY.roa
Signing time: Tue 17 Mar 2026 10:23:29 +0000
ROA not before: Tue 17 Mar 2026 10:23:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9119
IP address blocks: 2.58.48.0/22 maxlen: 22
45.8.0.0/22 maxlen: 22
45.15.44.0/22 maxlen: 22
45.15.44.0/23 maxlen: 23
45.15.46.0/24 maxlen: 24
45.156.140.0/23 maxlen: 23
45.156.140.0/24 maxlen: 24
46.163.0.0/19 maxlen: 19
46.163.32.0/20 maxlen: 20
46.163.48.0/21 maxlen: 21
46.163.56.0/23 maxlen: 23
46.163.56.0/24 maxlen: 24
46.163.58.0/23 maxlen: 23
46.163.58.0/24 maxlen: 24
46.163.59.0/24 maxlen: 24
46.163.60.0/22 maxlen: 22
80.65.160.0/20 maxlen: 20
80.65.160.0/24 maxlen: 24
80.65.161.0/24 maxlen: 24
80.65.162.0/24 maxlen: 24
80.65.163.0/24 maxlen: 24
80.65.164.0/24 maxlen: 24
80.65.165.0/24 maxlen: 24
80.65.166.0/24 maxlen: 24
80.65.167.0/24 maxlen: 24
80.65.168.0/24 maxlen: 24
80.65.169.0/24 maxlen: 24
80.65.170.0/24 maxlen: 24
80.65.171.0/24 maxlen: 24
80.65.172.0/22 maxlen: 22
80.65.172.0/24 maxlen: 24
80.65.173.0/24 maxlen: 24
80.65.174.0/24 maxlen: 24
80.65.175.0/24 maxlen: 24
84.41.0.0/18 maxlen: 18
84.41.0.0/19 maxlen: 19
84.41.0.0/21 maxlen: 21
84.41.32.0/19 maxlen: 19
84.41.64.0/19 maxlen: 19
84.41.96.0/21 maxlen: 21
84.41.104.0/22 maxlen: 22
84.41.108.0/23 maxlen: 23
84.41.110.0/24 maxlen: 24
84.41.111.0/24 maxlen: 24
84.41.112.0/23 maxlen: 23
84.41.114.0/24 maxlen: 24
84.41.115.0/24 maxlen: 24
84.41.116.0/22 maxlen: 22
84.41.120.0/23 maxlen: 23
84.41.122.0/23 maxlen: 23
84.41.124.0/22 maxlen: 22
85.208.172.0/24 maxlen: 24
85.208.173.0/24 maxlen: 24
85.208.175.0/24 maxlen: 24
91.132.74.0/23 maxlen: 23
147.78.216.0/22 maxlen: 22
147.78.216.0/24 maxlen: 24
147.78.217.0/24 maxlen: 24
147.78.218.0/24 maxlen: 24
185.54.128.0/23 maxlen: 23
185.54.128.0/24 maxlen: 24
185.54.130.0/24 maxlen: 24
185.54.131.0/24 maxlen: 24
185.175.0.0/22 maxlen: 22
212.13.224.0/19 maxlen: 19
212.103.128.0/19 maxlen: 19
213.253.64.0/19 maxlen: 19
213.253.96.0/20 maxlen: 20
213.253.96.0/21 maxlen: 21
213.253.104.0/22 maxlen: 22
213.253.108.0/22 maxlen: 22
213.253.108.0/24 maxlen: 24
213.253.109.0/24 maxlen: 24
213.253.110.0/24 maxlen: 24
213.253.111.0/24 maxlen: 24
213.253.112.0/22 maxlen: 22
213.253.116.0/22 maxlen: 22
213.253.120.0/22 maxlen: 22
213.253.124.0/22 maxlen: 22
217.199.128.0/20 maxlen: 24
217.199.128.0/24 maxlen: 24
217.199.129.0/24 maxlen: 24
217.199.130.0/24 maxlen: 24
217.199.131.0/24 maxlen: 24
217.199.132.0/24 maxlen: 24
217.199.133.0/24 maxlen: 24
217.199.134.0/24 maxlen: 24
217.199.135.0/24 maxlen: 24
217.199.136.0/24 maxlen: 24
217.199.137.0/24 maxlen: 24
217.199.138.0/24 maxlen: 24
217.199.139.0/24 maxlen: 24
217.199.140.0/24 maxlen: 24
217.199.141.0/24 maxlen: 24
217.199.142.0/24 maxlen: 24
217.199.143.0/24 maxlen: 24
2a02:800::/32 maxlen: 32
2a02:801::/32 maxlen: 32
2a02:801::/33 maxlen: 33
2a02:805::/33 maxlen: 33
2a09:e140::/29 maxlen: 29
2a0b:c300::/29 maxlen: 29
2a0b:c306::/32 maxlen: 32
2a0b:c307::/32 maxlen: 32
2a0e:1e80::/29 maxlen: 29
2a0e:2e00::/29 maxlen: 29
2a0f:2180::/29 maxlen: 29
2a0f:a6c0::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fb:52:70:86:a7:5e:44:a4:48:c4:1f:8d:17:e4:ed:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Validity
Not Before: Mar 17 10:23:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4dd31b2ce487396e4e77630f06a152e8fc3c4d26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:4f:39:41:c7:68:6b:2d:e3:59:79:8f:9a:9a:
4f:4d:c2:04:02:13:34:34:66:d5:f1:df:90:3c:35:
1a:9e:98:70:59:23:a4:fa:a7:f3:d6:08:0b:1e:b4:
72:9e:25:5f:ab:77:2d:48:ac:36:2e:fb:59:45:8a:
6f:9c:2d:9c:24:38:b5:53:65:63:ed:60:2d:09:92:
91:8d:e6:a6:9e:b5:eb:ab:f7:72:7a:10:ad:11:f9:
c1:8a:cf:10:82:19:0c:06:c1:6e:58:da:de:c7:53:
5e:ff:33:f4:14:81:07:fb:72:53:f8:4c:ba:4a:64:
96:10:59:08:57:78:5a:ee:08:6f:70:57:8b:66:59:
38:ef:a5:e4:8c:1b:2e:66:50:b4:4e:03:41:74:d9:
0f:bc:82:59:5b:5e:3b:45:eb:8e:66:88:ee:27:59:
8c:25:fe:c5:e5:b1:d8:80:28:95:62:53:6a:cc:74:
88:da:57:3e:f4:92:91:a4:77:e1:3b:0b:38:13:5a:
6c:b6:f8:ea:0d:a8:dd:bc:94:1f:9e:43:d0:c3:7c:
f2:d4:fc:0d:d0:1b:65:80:f1:71:f5:f7:4c:54:ed:
1b:e9:8e:bc:a4:36:60:45:ab:55:95:0b:a5:89:25:
16:2b:d7:1c:e8:34:86:12:6f:73:9a:28:5a:17:75:
ab:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:D3:1B:2C:E4:87:39:6E:4E:77:63:0F:06:A1:52:E8:FC:3C:4D:26
X509v3 Authority Key Identifier:
keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TdMbLOSHOW5Od2MPBqFS6Pw8TSY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.48.0/22
45.8.0.0/22
45.15.44.0/22
45.156.140.0/23
46.163.0.0/18
80.65.160.0/20
84.41.0.0/17
85.208.172.0/23
85.208.175.0/24
91.132.74.0/23
147.78.216.0/22
185.54.128.0/22
185.175.0.0/22
212.13.224.0/19
212.103.128.0/19
213.253.64.0/18
217.199.128.0/20
IPv6:
2a02:800::/31
2a02:805::/33
2a09:e140::/29
2a0b:c300::/29
2a0e:1e80::/29
2a0e:2e00::/29
2a0f:2180::/29
2a0f:a6c0::/36
Signature Algorithm: sha256WithRSAEncryption
06:8b:81:bc:c8:b4:39:a1:dd:88:61:42:d7:5e:ed:9c:3c:21:
8a:20:56:ba:93:09:66:96:98:e3:24:7c:aa:b5:15:af:a0:c7:
b9:9c:4c:bb:b9:d2:1b:5e:72:68:3e:83:66:b1:65:5f:62:cd:
30:90:fc:77:21:c1:32:d0:f0:4c:31:91:b2:ab:41:8e:e6:21:
d8:bc:4e:33:a5:95:b4:ac:42:df:be:c9:90:d5:14:15:0d:fb:
49:c5:fd:e1:e6:a7:e6:22:18:cf:0f:8c:1d:d6:29:a6:d9:0d:
3e:19:62:08:26:c2:6b:6d:f4:cc:e8:26:79:64:6e:5d:ae:06:
34:24:74:b9:a1:a9:80:be:c2:61:8c:ef:4a:a8:c5:63:33:c6:
3c:6d:9f:9f:ec:18:bb:9c:f1:72:25:10:f9:58:94:61:e7:e0:
9a:89:26:e7:ae:b7:04:57:62:37:7f:f7:c7:d2:ef:b0:54:e0:
8a:bb:b0:ee:50:29:45:7a:f4:4c:17:de:9a:d6:3d:35:c1:4f:
1a:ab:3c:89:bd:b6:82:c7:aa:c4:25:2c:15:70:0b:ea:60:2e:
54:33:24:5b:fc:26:07:73:15:f5:ef:07:c0:47:cb:cc:4c:f8:
a7:79:01:d6:80:4c:d1:56:f3:9e:ac:6b:1d:84:8c:0a:ad:15:
f6:a4:c5:45
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgISAZz7UnCGp15EpEjEH40X5O2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjYwMzE3MTAyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQzMWIyY2U0ODczOTZlNGU3NzYzMGYwNmExNTJlOGZjM2M0ZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk85Qcdoay3jWXmPmppPTcIEAhM0
NGbV8d+QPDUanphwWSOk+qfz1ggLHrRyniVfq3ctSKw2LvtZRYpvnC2cJDi1U2Vj
7WAtCZKRjeamnrXrq/dyehCtEfnBis8QghkMBsFuWNrex1Ne/zP0FIEH+3JT+Ey6
SmSWEFkIV3ha7ghvcFeLZlk476XkjBsuZlC0TgNBdNkPvIJZW147ReuOZojuJ1mM
Jf7F5bHYgCiVYlNqzHSI2lc+9JKRpHfhOws4E1pstvjqDajdvJQfnkPQw3zy1PwN
0BtlgPFx9fdMVO0b6Y68pDZgRatVlQuliSUWK9cc6DSGEm9zmihaF3Wr+QIDAQAB
o4ICrjCCAqowHQYDVR0OBBYEFE3TGyzkhzluTndjDwahUuj8PE0mMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvVGRNYkxPU0hPVzVPZDJNUEJxRlM2UHc4VFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHDBggrBgEFBQcBBwEB/wSBszCBsDBsBAIAATBmAwQCAjow
AwQCLQgAAwQCLQ8sAwQBLZyMAwQGLqMAAwQEUEGgAwQHVCkAAwQBVdCsAwQAVdCv
AwQBW4RKAwQCk07YAwQCuTaAAwQCua8AAwQF1A3gAwQF1GeAAwQG1f1AAwQE2ceA
MEAEAgACMDoDBQEqAggAAwYHKgIIBQADBQMqCeFAAwUDKgvDAAMFAyoOHoADBQMq
Di4AAwUDKg8hgAMGBCoPpsAAMA0GCSqGSIb3DQEBCwUAA4IBAQAGi4G8yLQ5od2I
YULXXu2cPCGKIFa6kwlmlpjjJHyqtRWvoMe5nEy7udIbXnJoPoNmsWVfYs0wkPx3
IcEy0PBMMZGyq0GO5iHYvE4zpZW0rELfvsmQ1RQVDftJxf3h5qfmIhjPD4wd1imm
2Q0+GWIIJsJrbfTM6CZ5ZG5drgY0JHS5oamAvsJhjO9KqMVjM8Y8bZ+f7Bi7nPFy
JRD5WJRh5+CaiSbnrrcEV2I3f/fH0u+wVOCKu7DuUClFevRMF96a1j01wU8aqzyJ
vbaCx6rEJSwVcAvqYC5UMyRb/CYHcxX17wfAR8vMTPineQHWgEzRVvOerGsdhIwK
rRX2pMVF
-----END CERTIFICATE-----
Generated at Thu Mar 26 14:04:26 2026 by rpki-client