Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/Mb2H6Ug3zZRuUy4HD5HKTlCgQpk.roa
File: Mb2H6Ug3zZRuUy4HD5HKTlCgQpk.roa (raw, json)
Hash identifier: 2FyjL/+NubVKYAHD5VEPxPVrfNsqmWkKBysl94cZ2Dc=
Subject key identifier: 31:BD:87:E9:48:37:CD:94:6E:53:2E:07:0F:91:CA:4E:50:A0:42:99
Certificate issuer: /CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Certificate serial: 019E011B3CAAD28BB1E453BC3F52C89A32E7
Authority key identifier: BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/Mb2H6Ug3zZRuUy4HD5HKTlCgQpk.roa
Signing time: Thu 07 May 2026 06:23:42 +0000
ROA not before: Thu 07 May 2026 06:23:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 30815
IP address blocks: 88.209.128.0/22 maxlen: 22
88.209.128.0/24 maxlen: 24
88.209.129.0/24 maxlen: 24
88.209.130.0/24 maxlen: 24
88.209.132.0/22 maxlen: 22
88.209.132.0/24 maxlen: 24
88.209.133.0/24 maxlen: 24
88.209.135.0/24 maxlen: 24
88.209.136.0/24 maxlen: 24
88.209.137.0/24 maxlen: 24
88.209.138.0/24 maxlen: 24
88.209.139.0/24 maxlen: 24
88.209.140.0/24 maxlen: 24
88.209.142.0/24 maxlen: 24
88.209.160.0/21 maxlen: 21
88.209.160.0/22 maxlen: 22
88.209.160.0/24 maxlen: 24
88.209.161.0/24 maxlen: 24
88.209.162.0/24 maxlen: 24
88.209.163.0/24 maxlen: 24
88.209.164.0/22 maxlen: 22
88.209.164.0/23 maxlen: 23
88.209.164.0/24 maxlen: 24
88.209.165.0/24 maxlen: 24
88.209.166.0/24 maxlen: 24
88.209.167.0/24 maxlen: 24
88.209.190.0/24 maxlen: 24
88.209.191.0/24 maxlen: 24
93.189.96.0/21 maxlen: 21
93.189.96.0/23 maxlen: 23
93.189.96.0/24 maxlen: 24
93.189.97.0/24 maxlen: 24
93.189.98.0/23 maxlen: 23
93.189.98.0/24 maxlen: 24
93.189.99.0/24 maxlen: 24
93.189.100.0/23 maxlen: 23
93.189.100.0/24 maxlen: 24
93.189.101.0/24 maxlen: 24
93.189.102.0/23 maxlen: 23
93.189.102.0/24 maxlen: 24
93.189.103.0/24 maxlen: 24
185.63.232.0/22 maxlen: 22
185.63.232.0/23 maxlen: 23
185.63.232.0/24 maxlen: 24
185.63.233.0/24 maxlen: 24
185.63.234.0/24 maxlen: 24
185.63.235.0/24 maxlen: 24
2a03:11e0::/32 maxlen: 32
2a03:11e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:01:1b:3c:aa:d2:8b:b1:e4:53:bc:3f:52:c8:9a:32:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Validity
Not Before: May 7 06:23:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=31bd87e94837cd946e532e070f91ca4e50a04299
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:0c:73:14:dc:46:5c:51:6a:02:b5:17:ff:98:
88:8a:85:06:6d:85:1a:33:db:3a:23:22:a5:a8:6a:
06:37:04:75:5c:34:4a:25:b4:57:cc:0b:f2:dc:83:
31:11:1f:d4:25:00:9c:b7:84:00:35:89:33:ca:20:
4f:57:5c:19:8d:fc:e5:2a:02:9b:74:e1:1a:3c:b7:
3b:48:8a:b0:0c:27:c2:de:09:96:73:98:89:a6:33:
57:fe:ec:67:24:fc:f7:45:2b:83:bd:62:2b:51:b9:
5e:78:70:c5:91:de:27:ee:28:20:d0:b5:65:a4:e7:
04:b3:fc:3e:d8:35:b2:c6:64:1b:7b:f0:73:30:cf:
4c:24:cc:0a:3d:ca:aa:d1:00:98:b6:8b:b0:ef:77:
c6:31:1a:02:8b:ce:4e:52:91:79:44:49:67:cc:d4:
ad:52:92:bd:a2:0e:8c:49:a6:85:a7:d3:9c:c7:46:
e4:cb:31:18:c7:d6:12:cd:e5:f9:ed:9c:4c:ec:21:
24:d1:dd:51:92:0b:51:28:a9:2f:e3:2e:d0:80:53:
fe:e7:04:8c:b7:cd:1e:b3:7b:61:f4:41:cc:dc:7e:
55:80:98:64:a6:10:12:57:03:58:63:e5:a3:f0:a0:
bc:bc:cb:46:bf:a2:33:7d:b2:a8:18:11:2b:27:ea:
b4:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:BD:87:E9:48:37:CD:94:6E:53:2E:07:0F:91:CA:4E:50:A0:42:99
X509v3 Authority Key Identifier:
keyid:BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/Mb2H6Ug3zZRuUy4HD5HKTlCgQpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.128.0-88.209.140.255
88.209.142.0/24
88.209.160.0/21
88.209.190.0/23
93.189.96.0/21
185.63.232.0/22
IPv6:
2a03:11e0::/32
Signature Algorithm: sha256WithRSAEncryption
6a:02:79:15:a6:79:bd:8d:a9:49:49:44:f7:dc:87:35:c5:ba:
1e:12:f6:b8:3d:3d:7c:39:48:2b:fd:da:90:67:56:f4:1d:cc:
4a:a6:82:4e:cb:73:8d:9b:3a:7b:37:31:50:31:2a:18:48:0a:
72:00:d2:2c:82:8e:2d:31:34:59:b2:69:ea:43:27:bb:8a:49:
95:af:0c:df:a1:0a:69:ae:ef:6d:ba:aa:f8:9c:36:d7:0d:d5:
39:ee:33:28:cb:ae:9a:db:30:f1:fc:3b:e9:96:8d:4a:f7:d0:
30:3c:13:66:4d:3b:23:5d:bd:05:d8:3b:ce:ca:f5:b0:e3:2e:
e2:a4:1f:45:6f:2d:25:75:6e:31:69:e2:1e:27:ee:54:55:bf:
49:77:33:f1:16:55:ad:5e:b8:18:73:06:da:ac:8d:f6:91:f1:
ba:ea:b8:ef:e8:d2:de:b0:19:4e:6d:33:c0:7f:98:31:a1:4c:
96:fa:03:95:f8:0f:a6:45:88:a8:d4:05:c0:af:86:9d:5b:90:
41:5c:96:87:9f:45:7b:09:6c:59:5e:51:ec:2f:20:37:8a:3f:
b7:17:c8:86:c9:34:76:79:cb:29:5c:68:14:c1:fd:f0:81:85:
83:56:13:b6:82:ae:e4:76:ef:87:15:7a:07:85:db:e5:c7:1f:
d4:70:fd:73
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZ4BGzyq0oux5FO8P1LImjLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE2NGNkMjljOTRjY2RlMTQ0NDhmNjFhMTcyYzc2M2Ix
ZTQwNTAwHhcNMjYwNTA3MDYyMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJkODdlOTQ4MzdjZDk0NmU1MzJlMDcwZjkxY2E0ZTUwYTA0Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQxzFNxGXFFqArUX/5iIioUGbYUa
M9s6IyKlqGoGNwR1XDRKJbRXzAvy3IMxER/UJQCct4QANYkzyiBPV1wZjfzlKgKb
dOEaPLc7SIqwDCfC3gmWc5iJpjNX/uxnJPz3RSuDvWIrUbleeHDFkd4n7igg0LVl
pOcEs/w+2DWyxmQbe/BzMM9MJMwKPcqq0QCYtouw73fGMRoCi85OUpF5RElnzNSt
UpK9og6MSaaFp9Ocx0bkyzEYx9YSzeX57ZxM7CEk0d1RkgtRKKkv4y7QgFP+5wSM
t80es3th9EHM3H5VgJhkphASVwNYY+Wj8KC8vMtGv6IzfbKoGBErJ+q0dwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDG9h+lIN82UblMuBw+Ryk5QoEKZMB8GA1UdIwQY
MBaAFLqqZM0pyUzN4URI9hoXLHY7HkBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUt
OGZjYWE2OTM2YzZjLzEvTWIySDZVZzN6WlJ1VXk0SEQ1SEtUbENnUXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUtOGZjYWE2OTM2YzZj
LzEvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsMAwDBAdY0YAD
BABY0YwDBABY0Y4DBANY0aADBAFY0b4DBANdvWADBAK5P+gwDQQCAAIwBwMFACoD
EeAwDQYJKoZIhvcNAQELBQADggEBAGoCeRWmeb2NqUlJRPfchzXFuh4S9rg9PXw5
SCv92pBnVvQdzEqmgk7Lc42bOns3MVAxKhhICnIA0iyCji0xNFmyaepDJ7uKSZWv
DN+hCmmu7226qvicNtcN1TnuMyjLrprbMPH8O+mWjUr30DA8E2ZNOyNdvQXYO87K
9bDjLuKkH0VvLSV1bjFp4h4n7lRVv0l3M/EWVa1euBhzBtqsjfaR8brquO/o0t6w
GU5tM8B/mDGhTJb6A5X4D6ZFiKjUBcCvhp1bkEFcloefRXsJbFleUewvIDeKP7cX
yIbJNHZ5yylcaBTB/fCBhYNWE7aCruR274cVegeF2+XHH9Rw/XM=
-----END CERTIFICATE-----
Generated at Wed May 13 05:55:32 2026 by rpki-client