Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/oiLwHfervifT9Sm9PdiASea6pcg.roa
File: oiLwHfervifT9Sm9PdiASea6pcg.roa (raw, json)
Hash identifier: r+wvISQUd81SjTW6b8Q4lygsEI9jtVQ/lgkqjwdt+h8=
Subject key identifier: A2:22:F0:1D:F7:AB:BE:27:D3:F5:29:BD:3D:D8:80:49:E6:BA:A5:C8
Certificate issuer: /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial: 019D035BA155D7BD1F2BC3439A03A766AA72
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/oiLwHfervifT9Sm9PdiASea6pcg.roa
Signing time: Wed 18 Mar 2026 23:50:29 +0000
ROA not before: Wed 18 Mar 2026 23:50:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 21100
IP address blocks: 5.34.180.0/23 maxlen: 23
46.28.65.0/24 maxlen: 24
46.28.66.0/24 maxlen: 24
46.28.68.0/24 maxlen: 24
46.28.69.0/24 maxlen: 24
82.118.16.0/24 maxlen: 24
82.118.19.0/24 maxlen: 24
185.14.28.0/22 maxlen: 22
195.123.216.0/21 maxlen: 21
217.12.200.0/23 maxlen: 23
217.12.208.0/23 maxlen: 23
217.12.215.0/24 maxlen: 24
217.12.218.0/24 maxlen: 24
217.12.219.0/24 maxlen: 24
217.12.220.0/24 maxlen: 24
2a02:27a9::/32 maxlen: 32
2a02:27ab::/32 maxlen: 32
2a02:27ae::/32 maxlen: 32
2a02:27af::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.mft
rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:03:5b:a1:55:d7:bd:1f:2b:c3:43:9a:03:a7:66:aa:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Validity
Not Before: Mar 18 23:50:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a222f01df7abbe27d3f529bd3dd88049e6baa5c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0f:c7:f1:63:fb:b4:7a:ce:69:c7:f3:85:99:
70:e5:78:9b:79:cd:0a:07:49:e4:d8:8c:60:7c:ec:
be:74:3a:2d:ab:48:e2:19:28:72:6c:ea:4e:d8:dd:
27:d0:0d:08:59:4a:2c:a0:cf:87:8b:a8:6a:0e:dc:
e6:b0:37:f9:c0:e1:f6:b1:80:a0:9e:02:11:d2:a0:
0b:cd:7a:65:d8:3e:02:9c:b9:4b:72:05:4d:1d:e3:
36:f8:7c:bf:ec:b9:c0:70:a6:89:98:83:9a:4d:b8:
52:ff:77:5e:0a:46:c5:50:ce:dc:28:3e:5d:d9:f3:
ab:e6:3f:f7:cc:cc:6c:aa:d4:13:c1:68:1e:c8:c2:
fe:1b:fe:fb:31:6a:0a:bb:6f:6e:2d:17:7b:b2:96:
36:18:d2:51:44:60:ee:26:d6:9b:18:35:44:77:8c:
28:f5:67:fb:8e:43:56:59:79:42:8e:ae:7d:0d:4b:
99:0c:45:65:5d:ce:2d:9b:f3:2f:fe:8b:01:c9:60:
00:c1:8c:cb:23:2a:39:cf:c9:f1:03:3d:09:94:af:
3f:b8:7b:9f:16:1e:72:95:06:8f:56:c0:c2:90:a4:
b0:8d:c6:41:6c:8c:e5:00:5b:ef:d3:04:fa:b0:a7:
e7:72:0a:01:0f:b8:fc:58:97:9d:a7:31:2e:eb:0a:
58:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:22:F0:1D:F7:AB:BE:27:D3:F5:29:BD:3D:D8:80:49:E6:BA:A5:C8
X509v3 Authority Key Identifier:
keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/oiLwHfervifT9Sm9PdiASea6pcg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.180.0/23
46.28.65.0-46.28.66.255
46.28.68.0/23
82.118.16.0/24
82.118.19.0/24
185.14.28.0/22
195.123.216.0/21
217.12.200.0/23
217.12.208.0/23
217.12.215.0/24
217.12.218.0-217.12.220.255
IPv6:
2a02:27a9::/32
2a02:27ab::/32
2a02:27ae::/31
Signature Algorithm: sha256WithRSAEncryption
2e:7b:82:b3:23:4a:b8:a3:71:1f:d0:15:75:d6:b2:3e:0a:97:
f1:87:f1:eb:f4:1a:22:1f:66:a7:ce:6d:54:6a:89:ae:a5:89:
79:b6:b2:07:66:15:84:ee:8e:e5:06:e6:95:6f:cf:2f:38:b9:
4d:6d:07:af:a6:c3:f1:d0:88:81:5b:4e:ef:f9:59:a4:a5:6c:
2f:51:82:96:74:c7:a1:81:e5:06:30:52:00:c5:0c:91:49:a9:
58:42:75:f7:d7:e8:76:92:c7:e6:79:c1:02:24:98:7c:29:a4:
3f:4b:0a:4a:a1:eb:1b:f3:d7:5b:94:ce:93:63:9e:97:a8:62:
96:8b:79:a1:c3:d5:5c:23:6d:ca:2d:96:98:ea:04:53:1f:ba:
78:2a:fa:20:f2:34:6f:43:fd:66:96:ab:c9:b7:5f:84:af:49:
dc:12:7e:a3:60:93:24:b4:c3:34:cc:ba:39:4f:47:2d:7f:19:
2c:d9:9c:7c:04:d2:94:94:96:08:3c:37:a5:5b:8a:60:c0:0f:
a3:1c:95:47:72:77:56:7e:f2:e4:47:49:47:e0:b5:91:e6:15:
92:b8:b7:9c:79:d3:b3:bd:1b:d2:32:bc:33:bb:dc:8d:25:7b:
d2:1b:48:27:46:18:a2:27:f5:06:a0:50:b8:c7:8c:58:68:3f:
20:9d:af:32
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAZ0DW6FV170fK8NDmgOnZqpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjYwMzE4MjM1MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjIyZjAxZGY3YWJiZTI3ZDNmNTI5YmQzZGQ4ODA0OWU2YmFhNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw/H8WP7tHrOacfzhZlw5Xibec0K
B0nk2IxgfOy+dDotq0jiGShybOpO2N0n0A0IWUosoM+Hi6hqDtzmsDf5wOH2sYCg
ngIR0qALzXpl2D4CnLlLcgVNHeM2+Hy/7LnAcKaJmIOaTbhS/3deCkbFUM7cKD5d
2fOr5j/3zMxsqtQTwWgeyML+G/77MWoKu29uLRd7spY2GNJRRGDuJtabGDVEd4wo
9Wf7jkNWWXlCjq59DUuZDEVlXc4tm/Mv/osByWAAwYzLIyo5z8nxAz0JlK8/uHuf
Fh5ylQaPVsDCkKSwjcZBbIzlAFvv0wT6sKfncgoBD7j8WJedpzEu6wpYPQIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFKIi8B33q74n0/UpvT3YgEnmuqXIMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvb2lMd0hmZXJ2aWZUOVNtOVBkaUFTZWE2cGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwWAQCAAEwUgMEAQUitDAM
AwQALhxBAwQALhxCAwQBLhxEAwQAUnYQAwQAUnYTAwQCuQ4cAwQDw3vYAwQB2QzI
AwQB2QzQAwQA2QzXMAwDBAHZDNoDBADZDNwwGwQCAAIwFQMFACoCJ6kDBQAqAier
AwUBKgInrjANBgkqhkiG9w0BAQsFAAOCAQEALnuCsyNKuKNxH9AVddayPgqX8Yfx
6/QaIh9mp85tVGqJrqWJebayB2YVhO6O5QbmlW/PLzi5TW0Hr6bD8dCIgVtO7/lZ
pKVsL1GClnTHoYHlBjBSAMUMkUmpWEJ199fodpLH5nnBAiSYfCmkP0sKSqHrG/PX
W5TOk2Oel6hilot5ocPVXCNtyi2WmOoEUx+6eCr6IPI0b0P9ZparybdfhK9J3BJ+
o2CTJLTDNMy6OU9HLX8ZLNmcfATSlJSWCDw3pVuKYMAPoxyVR3J3Vn7y5EdJR+C1
keYVkri3nHnTs70b0jK8M7vcjSV70htIJ0YYoif1BqBQuMeMWGg/IJ2vMg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 07:46:58 2026 by rpki-client