Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/xbOkjht5hqTWU1zF3gIqJ_JDXW4.roa
File: xbOkjht5hqTWU1zF3gIqJ_JDXW4.roa (raw, json)
Hash identifier: z9C49AmDbsvtvIoy5XzWirXENyA2RyKapS/mK0EAJ58=
Subject key identifier: C5:B3:A4:8E:1B:79:86:A4:D6:53:5C:C5:DE:02:2A:27:F2:43:5D:6E
Certificate issuer: /CN=9e95a119d9c1a5d6e3f3e21f6fa863d87a2e4b0d
Certificate serial: 019D0B58EA36A9CF5A484EC02DB1100820A6
Authority key identifier: 9E:95:A1:19:D9:C1:A5:D6:E3:F3:E2:1F:6F:A8:63:D8:7A:2E:4B:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/npWhGdnBpdbj8-Ifb6hj2HouSw0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/xbOkjht5hqTWU1zF3gIqJ_JDXW4.roa
Signing time: Fri 20 Mar 2026 13:04:29 +0000
ROA not before: Fri 20 Mar 2026 13:04:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 56478
IP address blocks: 31.14.248.0/22 maxlen: 22
37.156.72.0/22 maxlen: 22
68.168.32.0/19 maxlen: 19
68.168.32.0/22 maxlen: 22
68.168.40.0/22 maxlen: 22
68.168.44.0/22 maxlen: 22
88.98.192.0/18 maxlen: 18
88.98.200.0/22 maxlen: 22
88.98.204.0/22 maxlen: 22
88.98.216.0/23 maxlen: 23
88.98.218.0/23 maxlen: 23
88.98.240.0/20 maxlen: 20
88.98.240.0/22 maxlen: 22
89.32.120.0/22 maxlen: 22
89.34.164.0/22 maxlen: 22
89.35.196.0/22 maxlen: 22
89.36.64.0/21 maxlen: 21
89.39.136.0/21 maxlen: 21
89.44.40.0/22 maxlen: 22
93.115.192.0/22 maxlen: 22
137.220.64.0/18 maxlen: 18
137.220.68.0/22 maxlen: 22
137.220.72.0/21 maxlen: 21
137.220.80.0/22 maxlen: 22
137.220.84.0/22 maxlen: 22
137.220.88.0/22 maxlen: 22
137.220.92.0/22 maxlen: 22
137.220.96.0/22 maxlen: 22
137.220.100.0/22 maxlen: 22
137.220.104.0/22 maxlen: 22
137.220.108.0/22 maxlen: 22
137.220.112.0/23 maxlen: 23
137.220.114.0/23 maxlen: 23
137.220.116.0/23 maxlen: 23
137.220.118.0/23 maxlen: 23
137.220.120.0/23 maxlen: 23
137.220.122.0/23 maxlen: 23
137.220.124.0/22 maxlen: 22
140.228.32.0/19 maxlen: 19
140.228.40.0/22 maxlen: 22
140.228.44.0/22 maxlen: 22
140.228.48.0/22 maxlen: 22
140.228.52.0/22 maxlen: 22
140.228.56.0/22 maxlen: 22
140.228.64.0/19 maxlen: 19
140.228.80.0/21 maxlen: 21
140.228.88.0/22 maxlen: 22
140.228.92.0/22 maxlen: 22
141.0.144.0/21 maxlen: 21
141.0.152.0/21 maxlen: 21
143.58.128.0/18 maxlen: 18
143.58.128.0/21 maxlen: 21
143.58.136.0/21 maxlen: 21
143.58.144.0/22 maxlen: 22
143.58.148.0/22 maxlen: 22
143.58.152.0/21 maxlen: 21
143.58.160.0/21 maxlen: 21
143.58.168.0/21 maxlen: 21
143.58.176.0/21 maxlen: 21
143.58.184.0/21 maxlen: 21
143.58.192.0/18 maxlen: 18
143.58.192.0/21 maxlen: 21
143.58.200.0/21 maxlen: 21
143.58.212.0/22 maxlen: 22
143.58.216.0/21 maxlen: 21
143.58.216.0/22 maxlen: 22
143.58.220.0/22 maxlen: 22
143.58.224.0/21 maxlen: 21
143.58.224.0/22 maxlen: 22
143.58.228.0/22 maxlen: 22
143.58.232.0/22 maxlen: 22
143.58.236.0/22 maxlen: 22
143.58.240.0/21 maxlen: 21
143.58.248.0/21 maxlen: 21
152.37.64.0/18 maxlen: 18
152.37.64.0/22 maxlen: 22
152.37.68.0/22 maxlen: 22
152.37.72.0/22 maxlen: 22
152.37.76.0/22 maxlen: 22
152.37.80.0/22 maxlen: 22
152.37.84.0/22 maxlen: 22
152.37.88.0/22 maxlen: 22
152.37.92.0/22 maxlen: 22
152.37.96.0/22 maxlen: 22
152.37.100.0/23 maxlen: 23
152.37.102.0/23 maxlen: 23
152.37.104.0/22 maxlen: 22
152.37.108.0/22 maxlen: 22
152.37.114.0/23 maxlen: 23
152.37.116.0/22 maxlen: 22
152.37.120.0/22 maxlen: 22
152.37.124.0/23 maxlen: 23
152.37.126.0/23 maxlen: 23
185.24.120.0/22 maxlen: 22
188.172.144.0/20 maxlen: 20
188.210.208.0/21 maxlen: 21
188.210.208.0/22 maxlen: 22
188.210.212.0/22 maxlen: 22
188.210.212.0/23 maxlen: 23
188.210.214.0/23 maxlen: 23
188.211.160.0/22 maxlen: 22
188.213.136.0/22 maxlen: 22
188.214.8.0/21 maxlen: 21
209.35.64.0/19 maxlen: 19
209.35.64.0/21 maxlen: 21
209.35.72.0/22 maxlen: 22
209.35.76.0/22 maxlen: 22
209.35.78.0/23 maxlen: 23
209.35.80.0/21 maxlen: 21
209.35.80.0/22 maxlen: 22
209.35.84.0/22 maxlen: 22
209.35.88.0/21 maxlen: 21
209.35.88.0/22 maxlen: 22
209.35.92.0/22 maxlen: 22
2a01:4b00::/32 maxlen: 32
2a01:4b00:d000::/36 maxlen: 36
2a01:4b00:e000::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/npWhGdnBpdbj8-Ifb6hj2HouSw0.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/npWhGdnBpdbj8-Ifb6hj2HouSw0.mft
rsync://rpki.ripe.net/repository/DEFAULT/npWhGdnBpdbj8-Ifb6hj2HouSw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 13:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:58:ea:36:a9:cf:5a:48:4e:c0:2d:b1:10:08:20:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e95a119d9c1a5d6e3f3e21f6fa863d87a2e4b0d
Validity
Not Before: Mar 20 13:04:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c5b3a48e1b7986a4d6535cc5de022a27f2435d6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:19:7a:36:f0:a5:96:0e:2a:06:bc:a9:62:61:
b3:64:f9:2a:6d:6e:9a:85:f4:dd:18:77:fd:eb:0a:
3b:17:27:51:c9:b9:1e:f1:a4:c4:2d:01:05:84:64:
6f:73:63:ff:a6:4a:52:41:dc:fa:6f:d7:93:39:3b:
61:88:d4:c8:ac:5e:74:25:4e:0b:38:df:e3:d1:46:
74:cf:a9:c9:1f:be:f5:82:1a:c1:12:5e:32:55:5d:
19:87:a1:b5:45:99:d4:49:4a:a6:5c:09:75:24:17:
09:ff:b0:f1:d5:82:d7:67:16:d5:0f:42:cd:eb:f7:
1e:41:f9:16:88:22:d1:65:de:23:4e:cf:87:84:e1:
82:1c:90:fb:7f:fe:b6:8f:ad:91:07:7e:0d:7a:39:
aa:bd:f7:b4:39:e3:cb:ae:e9:c1:82:f7:4f:66:23:
18:69:50:b2:4b:af:9b:01:4c:25:33:fe:c4:55:d4:
14:ef:87:86:0f:16:fd:4d:a6:16:e3:b8:a8:95:31:
30:8a:0c:36:2c:c1:f7:1b:dd:8c:1d:0d:e8:e8:f9:
8d:2e:10:13:43:2d:8c:4d:87:9e:ea:a2:4b:89:e7:
ab:d8:d4:11:ab:cf:e4:72:69:6a:8f:d3:5f:63:54:
87:e8:ad:a8:89:9b:d5:e7:65:ee:27:f4:e8:73:ef:
4a:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B3:A4:8E:1B:79:86:A4:D6:53:5C:C5:DE:02:2A:27:F2:43:5D:6E
X509v3 Authority Key Identifier:
keyid:9E:95:A1:19:D9:C1:A5:D6:E3:F3:E2:1F:6F:A8:63:D8:7A:2E:4B:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWhGdnBpdbj8-Ifb6hj2HouSw0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/xbOkjht5hqTWU1zF3gIqJ_JDXW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a9352e-9a3a-49aa-ad77-7be6eb6bce87/1/npWhGdnBpdbj8-Ifb6hj2HouSw0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.248.0/22
37.156.72.0/22
68.168.32.0/19
88.98.192.0/18
89.32.120.0/22
89.34.164.0/22
89.35.196.0/22
89.36.64.0/21
89.39.136.0/21
89.44.40.0/22
93.115.192.0/22
137.220.64.0/18
140.228.32.0-140.228.95.255
141.0.144.0/20
143.58.128.0/17
152.37.64.0/18
185.24.120.0/22
188.172.144.0/20
188.210.208.0/21
188.211.160.0/22
188.213.136.0/22
188.214.8.0/21
209.35.64.0/19
IPv6:
2a01:4b00::/32
Signature Algorithm: sha256WithRSAEncryption
6d:07:68:12:cb:b1:65:a3:fd:c4:26:09:fd:b6:8b:7e:f1:81:
26:a5:39:73:a4:ec:21:ff:9b:9f:08:ce:6b:bb:6b:f9:f1:e6:
37:f9:e3:d1:b6:bc:7b:03:4b:91:9d:38:4d:20:3b:e6:43:3c:
b8:fc:20:27:b9:6e:05:5c:7f:3e:df:ce:39:87:f5:10:8e:0c:
31:2b:89:b8:43:ed:2d:06:26:67:02:35:96:0e:a7:cb:7a:4d:
11:25:59:83:9f:f2:b5:31:3e:96:b9:ac:47:0b:36:60:cd:eb:
6d:99:bc:de:83:51:da:99:04:ed:b0:93:e6:11:33:57:6b:0b:
ae:68:ba:bd:ab:69:96:3e:1a:6e:b7:ac:06:37:84:a4:60:b5:
55:ce:fd:da:12:15:55:22:bb:39:41:4c:87:94:ec:06:02:8e:
5d:fb:2c:46:70:78:d4:ad:f5:fd:bb:ed:2c:6b:32:2c:09:0c:
52:50:56:09:b5:ff:6e:65:e4:e1:c3:ce:df:50:ba:cc:09:c2:
58:81:54:6d:bd:9f:8a:d9:28:14:08:59:cd:6e:07:87:1a:60:
c6:52:0d:93:cd:d4:ed:95:a6:c1:b7:09:49:11:4f:2b:26:99:
1b:09:ff:3b:c0:20:a1:e6:c8:b0:40:8e:0e:49:ad:e9:ac:8e:
a8:80:4e:6e
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgISAZ0LWOo2qc9aSE7ALbEQCCCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMTE5ZDljMWE1ZDZlM2YzZTIxZjZmYTg2M2Q4N2Ey
ZTRiMGQwHhcNMjYwMzIwMTMwNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIzYTQ4ZTFiNzk4NmE0ZDY1MzVjYzVkZTAyMmEyN2YyNDM1ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBl6NvCllg4qBrypYmGzZPkqbW6a
hfTdGHf96wo7FydRybke8aTELQEFhGRvc2P/pkpSQdz6b9eTOTthiNTIrF50JU4L
ON/j0UZ0z6nJH771ghrBEl4yVV0Zh6G1RZnUSUqmXAl1JBcJ/7Dx1YLXZxbVD0LN
6/ceQfkWiCLRZd4jTs+HhOGCHJD7f/62j62RB34Nejmqvfe0OePLrunBgvdPZiMY
aVCyS6+bAUwlM/7EVdQU74eGDxb9TaYW47iolTEwigw2LMH3G92MHQ3o6PmNLhAT
Qy2MTYee6qJLieer2NQRq8/kcmlqj9NfY1SH6K2oiZvV52XuJ/Toc+9KVwIDAQAB
o4ICqTCCAqUwHQYDVR0OBBYEFMWzpI4beYak1lNcxd4CKifyQ11uMB8GA1UdIwQY
MBaAFJ6VoRnZwaXW4/PiH2+oY9h6LksNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXaEdkbkJwZGJqOC1JZmI2aGoySG91U3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9hOTM1MmUtOWEzYS00OWFhLWFkNzct
N2JlNmViNmJjZTg3LzEveGJPa2podDVocVRXVTF6RjNnSXFKX0pEWFc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9hOTM1MmUtOWEzYS00OWFhLWFkNzctN2JlNmViNmJjZTg3
LzEvbnBXaEdkbkJwZGJqOC1JZmI2aGoySG91U3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG+BggrBgEFBQcBBwEB/wSBrjCBqzCBmQQCAAEwgZIDBAIf
DvgDBAIlnEgDBAVEqCADBAZYYsADBAJZIHgDBAJZIqQDBAJZI8QDBANZJEADBANZ
J4gDBAJZLCgDBAJdc8ADBAaJ3EAwDAMEBYzkIAMEBYzkQAMEBI0AkAMEB486gAME
BpglQAMEArkYeAMEBLyskAMEA7zS0AMEArzToAMEArzViAMEA7zWCAMEBdEjQDAN
BAIAAjAHAwUAKgFLADANBgkqhkiG9w0BAQsFAAOCAQEAbQdoEsuxZaP9xCYJ/baL
fvGBJqU5c6TsIf+bnwjOa7tr+fHmN/nj0ba8ewNLkZ04TSA75kM8uPwgJ7luBVx/
Pt/OOYf1EI4MMSuJuEPtLQYmZwI1lg6ny3pNESVZg5/ytTE+lrmsRws2YM3rbZm8
3oNR2pkE7bCT5hEzV2sLrmi6vatplj4abresBjeEpGC1Vc792hIVVSK7OUFMh5Ts
BgKOXfssRnB41K31/bvtLGsyLAkMUlBWCbX/bmXk4cPO31C6zAnCWIFUbb2fitko
FAhZzW4HhxpgxlINk83U7ZWmwbcJSRFPKyaZGwn/O8AgoebIsECODkmt6ayOqIBO
bg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 21:31:32 2026 by rpki-client