Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/0WGwBsyR9vNCu8RZW4upmYdsnn8.roa
File: 0WGwBsyR9vNCu8RZW4upmYdsnn8.roa (raw, json)
Hash identifier: pYjodJlIbWjPC25pLWbBlsYo7Z2vS/peelQg8PxBeBM=
Subject key identifier: D1:61:B0:06:CC:91:F6:F3:42:BB:C4:59:5B:8B:A9:99:87:6C:9E:7F
Certificate issuer: /CN=32d44919fdd08afb9a4d0a8778923011251dd7f0
Certificate serial: 019DD336078833C6680A0262FF34211CCAA0
Authority key identifier: 32:D4:49:19:FD:D0:8A:FB:9A:4D:0A:87:78:92:30:11:25:1D:D7:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/0WGwBsyR9vNCu8RZW4upmYdsnn8.roa
Signing time: Tue 28 Apr 2026 08:30:26 +0000
ROA not before: Tue 28 Apr 2026 08:30:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203020
IP address blocks: 65.38.102.0/23 maxlen: 32
65.38.104.0/23 maxlen: 32
66.45.17.0/24 maxlen: 32
66.45.18.0/23 maxlen: 32
66.45.38.0/23 maxlen: 32
66.45.61.0/24 maxlen: 32
66.45.63.0/24 maxlen: 32
66.45.114.0/23 maxlen: 32
66.179.36.0/23 maxlen: 32
66.179.88.0/23 maxlen: 32
66.179.99.0/24 maxlen: 32
66.179.106.0/23 maxlen: 32
66.179.161.0/24 maxlen: 32
66.179.204.0/23 maxlen: 32
66.179.207.0/24 maxlen: 32
66.179.213.0/24 maxlen: 32
66.179.247.0/24 maxlen: 32
67.202.232.0/24 maxlen: 32
69.48.213.0/24 maxlen: 32
69.71.220.0/24 maxlen: 32
69.161.128.0/20 maxlen: 32
69.161.144.0/20 maxlen: 32
69.161.144.0/24 maxlen: 24
69.161.145.0/24 maxlen: 24
69.161.146.0/24 maxlen: 32
69.161.147.0/24 maxlen: 32
69.161.148.0/23 maxlen: 23
69.161.150.0/24 maxlen: 24
69.161.151.0/24 maxlen: 24
69.161.152.0/24 maxlen: 24
69.161.153.0/24 maxlen: 24
69.161.154.0/23 maxlen: 23
69.161.156.0/24 maxlen: 24
69.161.157.0/24 maxlen: 24
69.161.158.0/24 maxlen: 32
69.161.159.0/24 maxlen: 24
69.164.84.0/23 maxlen: 32
69.164.87.0/24 maxlen: 32
69.164.88.0/23 maxlen: 32
69.164.96.0/24 maxlen: 32
74.205.245.0/24 maxlen: 32
108.60.0.0/20 maxlen: 32
173.209.230.0/23 maxlen: 32
209.46.56.0/23 maxlen: 32
216.177.153.0/24 maxlen: 32
216.177.154.0/24 maxlen: 32
216.183.118.0/23 maxlen: 32
216.183.126.0/23 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.crl
rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.mft
rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d3:36:07:88:33:c6:68:0a:02:62:ff:34:21:1c:ca:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32d44919fdd08afb9a4d0a8778923011251dd7f0
Validity
Not Before: Apr 28 08:30:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d161b006cc91f6f342bbc4595b8ba999876c9e7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fa:31:c8:9c:34:ac:e1:bb:1b:0b:0e:2f:ac:
48:99:c5:ce:e9:63:69:49:d9:94:86:01:0c:ab:76:
d1:83:48:bb:be:60:a2:86:e5:30:7a:be:db:d0:49:
b3:04:f5:fb:56:91:43:1d:e4:c2:7b:89:03:78:ad:
2d:06:2a:ef:21:e7:de:d5:4d:db:53:f9:29:58:77:
6a:4d:f7:63:10:4b:9a:27:92:01:60:43:41:59:5e:
84:e3:22:d0:91:15:a8:00:75:89:3f:75:11:02:2a:
25:7a:b1:11:68:cc:f4:1a:24:0f:b7:d3:4e:95:94:
88:df:d1:68:ec:fe:ac:7a:69:21:b5:ff:c2:6c:d4:
85:60:e0:93:81:8c:78:49:ec:0d:25:c7:0d:ab:33:
8a:07:36:68:3b:a3:77:0c:f5:45:28:0e:8d:3a:cc:
fe:ac:a3:01:3b:08:11:69:f3:ba:31:c8:36:21:f9:
60:5c:2e:40:48:86:87:a3:87:62:51:36:07:07:b3:
cf:b2:04:b0:4f:24:0a:27:7d:69:37:c7:be:5d:55:
78:a1:30:ac:2c:80:fa:19:40:3f:1e:c2:58:1b:42:
fb:a8:26:b8:e7:d2:06:1b:1f:35:2f:61:58:f2:78:
66:7e:79:05:03:ef:d2:65:88:a3:ce:bd:1b:5d:41:
e3:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:61:B0:06:CC:91:F6:F3:42:BB:C4:59:5B:8B:A9:99:87:6C:9E:7F
X509v3 Authority Key Identifier:
keyid:32:D4:49:19:FD:D0:8A:FB:9A:4D:0A:87:78:92:30:11:25:1D:D7:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MtRJGf3QivuaTQqHeJIwESUd1_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/0WGwBsyR9vNCu8RZW4upmYdsnn8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/fd2294-cf37-4fc9-9edd-a4f7b088bc1a/1/MtRJGf3QivuaTQqHeJIwESUd1_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.38.102.0-65.38.105.255
66.45.17.0-66.45.19.255
66.45.38.0/23
66.45.61.0/24
66.45.63.0/24
66.45.114.0/23
66.179.36.0/23
66.179.88.0/23
66.179.99.0/24
66.179.106.0/23
66.179.161.0/24
66.179.204.0/23
66.179.207.0/24
66.179.213.0/24
66.179.247.0/24
67.202.232.0/24
69.48.213.0/24
69.71.220.0/24
69.161.128.0/19
69.164.84.0/23
69.164.87.0-69.164.89.255
69.164.96.0/24
74.205.245.0/24
108.60.0.0/20
173.209.230.0/23
209.46.56.0/23
216.177.153.0-216.177.154.255
216.183.118.0/23
216.183.126.0/23
Signature Algorithm: sha256WithRSAEncryption
99:87:22:ad:c6:76:5b:db:76:3a:0e:57:a8:67:d2:85:cc:8b:
bb:fd:a5:f1:42:fe:e2:b3:4b:ff:0c:62:e7:ab:e4:09:53:24:
f1:a3:33:24:8f:43:70:44:fd:7a:de:c9:76:bb:a2:a3:cb:0e:
97:2d:78:d8:5a:7c:b9:1c:83:ea:7a:6c:3f:5e:c0:87:21:29:
58:39:e2:08:fb:ed:63:83:ce:ab:5f:ea:09:16:35:de:e1:36:
33:d3:ff:eb:7d:af:46:03:19:e8:be:3c:71:59:e8:1c:ee:7d:
f2:a4:31:e4:26:a2:8b:85:74:32:f3:3a:ac:9f:31:03:05:57:
90:7e:19:a8:3f:e0:25:3d:f5:31:5e:77:06:e5:e7:83:d5:18:
f6:f3:64:06:04:60:bf:f5:bf:9d:c6:11:57:05:c4:72:fc:16:
f0:a3:43:d7:bc:64:bd:b0:83:d7:7b:49:63:ba:a2:58:a6:04:
36:7e:6e:32:2a:0b:35:99:ed:2a:54:14:41:43:d7:6e:2b:f9:
46:d7:3c:88:96:36:33:6f:ce:2b:0b:4d:bf:8a:aa:9c:95:8a:
dc:21:da:6b:8d:fb:d9:5b:36:ac:93:35:67:3a:25:8f:ca:81:
5b:56:c3:36:5f:40:f2:23:e5:cb:63:a9:45:57:26:ac:b3:f9:
41:09:0d:b9
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZ3TNgeIM8ZoCgJi/zQhHMqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZDQ0OTE5ZmRkMDhhZmI5YTRkMGE4Nzc4OTIzMDExMjUx
ZGQ3ZjAwHhcNMjYwNDI4MDgzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTYxYjAwNmNjOTFmNmYzNDJiYmM0NTk1YjhiYTk5OTg3NmM5ZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvoxyJw0rOG7GwsOL6xImcXO6WNp
SdmUhgEMq3bRg0i7vmCihuUwer7b0EmzBPX7VpFDHeTCe4kDeK0tBirvIefe1U3b
U/kpWHdqTfdjEEuaJ5IBYENBWV6E4yLQkRWoAHWJP3URAiolerERaMz0GiQPt9NO
lZSI39Fo7P6semkhtf/CbNSFYOCTgYx4SewNJccNqzOKBzZoO6N3DPVFKA6NOsz+
rKMBOwgRafO6Mcg2IflgXC5ASIaHo4diUTYHB7PPsgSwTyQKJ31pN8e+XVV4oTCs
LID6GUA/HsJYG0L7qCa459IGGx81L2FY8nhmfnkFA+/SZYijzr0bXUHj5wIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFNFhsAbMkfbzQrvEWVuLqZmHbJ5/MB8GA1UdIwQY
MBaAFDLUSRn90Ir7mk0Kh3iSMBElHdfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXRSSkdmM1FpdnVhVFFxSGVKSXdFU1VkMV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9mZDIyOTQtY2YzNy00ZmM5LTllZGQt
YTRmN2IwODhiYzFhLzEvMFdHd0JzeVI5dk5DdThSWlc0dXBtWWRzbm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9mZDIyOTQtY2YzNy00ZmM5LTllZGQtYTRmN2IwODhiYzFh
LzEvTXRSSkdmM1FpdnVhVFFxSGVKSXdFU1VkMV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4wDAME
AUEmZgMEAUEmaDAMAwQAQi0RAwQCQi0QAwQBQi0mAwQAQi09AwQAQi0/AwQBQi1y
AwQBQrMkAwQBQrNYAwQAQrNjAwQBQrNqAwQAQrOhAwQBQrPMAwQAQrPPAwQAQrPV
AwQAQrP3AwQAQ8roAwQARTDVAwQARUfcAwQFRaGAAwQBRaRUMAwDBABFpFcDBAFF
pFgDBABFpGADBABKzfUDBARsPAADBAGt0eYDBAHRLjgwDAMEANixmQMEANixmgME
Adi3dgMEAdi3fjANBgkqhkiG9w0BAQsFAAOCAQEAmYcircZ2W9t2Og5XqGfShcyL
u/2l8UL+4rNL/wxi56vkCVMk8aMzJI9DcET9et7Jdruio8sOly142Fp8uRyD6nps
P17AhyEpWDniCPvtY4POq1/qCRY13uE2M9P/632vRgMZ6L48cVnoHO598qQx5Cai
i4V0MvM6rJ8xAwVXkH4ZqD/gJT31MV53BuXng9UY9vNkBgRgv/W/ncYRVwXEcvwW
8KND17xkvbCD13tJY7qiWKYENn5uMioLNZntKlQUQUPXbiv5Rtc8iJY2M2/OKwtN
v4qqnJWK3CHaa4372Vs2rJM1Zzolj8qBW1bDNl9A8iPly2OpRVcmrLP5QQkNuQ==
-----END CERTIFICATE-----
Generated at Wed May 13 04:08:38 2026 by rpki-client