Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/M32l6QcCzjNP1ZvVCiymNlZeu5M.roa
File: M32l6QcCzjNP1ZvVCiymNlZeu5M.roa (raw, json)
Hash identifier: 7yhUf6JrLXmGYFGl+/grMfR3bznSq0e/XMOFiemHb1Y=
Subject key identifier: 33:7D:A5:E9:07:02:CE:33:4F:D5:9B:D5:0A:2C:A6:36:56:5E:BB:93
Certificate issuer: /CN=1795ac843cd8ba90188f7313652bb561299b296f
Certificate serial: 019CDBF23BF2DF1AEE60F3C0391125FB139A
Authority key identifier: 17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/M32l6QcCzjNP1ZvVCiymNlZeu5M.roa
Signing time: Wed 11 Mar 2026 08:10:11 +0000
ROA not before: Wed 11 Mar 2026 08:10:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31313
IP address blocks: 85.136.116.0/22 maxlen: 24
85.137.84.0/22 maxlen: 24
86.105.108.0/22 maxlen: 24
86.105.216.0/22 maxlen: 24
89.35.192.0/24 maxlen: 24
89.41.56.0/23 maxlen: 24
89.42.116.0/23 maxlen: 24
89.43.190.0/23 maxlen: 24
89.124.128.0/18 maxlen: 24
89.124.192.0/19 maxlen: 19
89.200.247.0/24 maxlen: 24
91.235.4.0/23 maxlen: 24
93.113.29.0/24 maxlen: 24
130.195.57.0/24 maxlen: 24
176.126.252.0/22 maxlen: 24
176.126.252.0/24 maxlen: 24
176.126.253.0/24 maxlen: 24
176.126.254.0/24 maxlen: 24
176.126.255.0/24 maxlen: 24
185.57.80.0/22 maxlen: 24
185.57.80.0/24 maxlen: 24
185.57.81.0/24 maxlen: 24
185.57.82.0/24 maxlen: 24
185.57.83.0/24 maxlen: 24
185.233.148.0/22 maxlen: 24
185.233.148.0/24 maxlen: 24
185.233.149.0/24 maxlen: 24
185.233.150.0/24 maxlen: 24
185.233.151.0/24 maxlen: 24
193.151.28.0/22 maxlen: 24
193.169.21.0/24 maxlen: 24
195.242.244.0/22 maxlen: 24
203.25.143.0/24 maxlen: 24
213.177.0.0/19 maxlen: 24
213.177.0.0/21 maxlen: 21
213.177.8.0/21 maxlen: 21
213.177.16.0/21 maxlen: 21
213.177.24.0/21 maxlen: 21
2a00:5dc0::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.mft
rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 08:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:db:f2:3b:f2:df:1a:ee:60:f3:c0:39:11:25:fb:13:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1795ac843cd8ba90188f7313652bb561299b296f
Validity
Not Before: Mar 11 08:10:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=337da5e90702ce334fd59bd50a2ca636565ebb93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:38:c6:16:e4:e4:c1:5a:52:81:68:46:23:6d:
24:df:45:53:97:82:26:14:2c:90:dc:c3:53:06:6f:
27:97:48:97:e8:66:6a:a6:57:6c:3a:1d:3d:90:f6:
b3:da:dd:5f:11:ca:69:23:7f:bc:b7:a0:7f:8d:19:
9f:3a:a0:fb:7b:e1:ad:a7:3c:0f:0b:32:45:01:43:
57:ef:cf:01:1f:40:ac:b8:32:96:25:6e:53:ad:a9:
b6:16:21:6a:5f:c4:be:3b:2f:10:cf:b2:c4:db:4e:
ce:cb:c4:af:43:12:92:c2:f3:07:4e:de:00:c7:fa:
42:42:ca:c8:84:8e:4d:54:86:7c:9e:51:6b:9c:86:
c7:d3:89:54:14:aa:7f:e0:8b:ad:39:8c:33:ce:f6:
15:ab:3f:ae:55:dd:ec:63:a0:58:80:1e:7c:57:f1:
b3:59:82:58:f0:7d:79:d4:f4:4b:5e:82:d8:10:67:
29:28:1e:d8:c2:e9:7f:d7:1e:5c:c4:21:9b:70:fb:
82:38:30:3e:1f:ab:1a:10:47:9f:21:38:99:0e:e8:
88:f6:97:2a:92:22:67:bc:39:17:ba:da:03:97:18:
a9:92:c0:51:1e:fd:5a:ec:a4:ce:b6:97:3e:8e:52:
1e:80:8c:36:4c:f0:b4:aa:de:c4:99:56:11:0f:d4:
8d:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:7D:A5:E9:07:02:CE:33:4F:D5:9B:D5:0A:2C:A6:36:56:5E:BB:93
X509v3 Authority Key Identifier:
keyid:17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/M32l6QcCzjNP1ZvVCiymNlZeu5M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.136.116.0/22
85.137.84.0/22
86.105.108.0/22
86.105.216.0/22
89.35.192.0/24
89.41.56.0/23
89.42.116.0/23
89.43.190.0/23
89.124.128.0-89.124.223.255
89.200.247.0/24
91.235.4.0/23
93.113.29.0/24
130.195.57.0/24
176.126.252.0/22
185.57.80.0/22
185.233.148.0/22
193.151.28.0/22
193.169.21.0/24
195.242.244.0/22
203.25.143.0/24
213.177.0.0/19
IPv6:
2a00:5dc0::/29
Signature Algorithm: sha256WithRSAEncryption
9d:a4:f4:d1:61:4b:1f:50:14:7b:bd:b1:88:90:ce:e2:e6:17:
c1:f0:1c:bf:a6:c0:41:f2:0a:ba:52:ec:17:34:03:51:01:c5:
9b:8f:58:c2:3a:39:ec:1a:13:33:47:4f:96:ee:6a:0f:55:89:
5d:25:26:ce:bf:3a:c3:e4:05:da:17:36:23:8c:82:7d:68:18:
ab:7f:86:3a:ca:7c:8a:e9:89:e3:ec:a2:d8:0a:9a:6f:5d:75:
7b:d5:b9:60:27:b3:38:4f:a2:7b:d2:9c:00:3c:a7:52:1d:13:
b1:a5:57:dd:ae:ff:65:d9:c3:25:f8:57:93:e7:bd:e3:87:2c:
63:d4:63:17:a3:af:bf:b0:cd:27:a7:b1:bc:c8:3c:20:3e:42:
1d:ba:c1:e8:0a:81:45:03:ba:47:59:71:11:42:d0:99:35:78:
96:a4:e2:7e:7f:ce:d3:97:ea:be:15:6d:24:69:1f:23:c5:32:
d4:4d:d3:a2:0b:0c:ff:39:5e:14:8b:8a:0e:a0:ba:3f:b7:26:
5a:59:88:75:18:28:e9:21:9d:96:86:a3:e7:3e:6b:4b:96:d2:
3f:19:45:7d:7c:93:66:02:be:8c:16:6a:74:5f:00:ed:c2:40:
f7:06:f5:b8:61:7b:63:e9:bc:b6:38:54:16:dc:c5:04:18:4f:
ef:bc:79:4c
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAZzb8jvy3xruYPPAOREl+xOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTVhYzg0M2NkOGJhOTAxODhmNzMxMzY1MmJiNTYxMjk5
YjI5NmYwHhcNMjYwMzExMDgxMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdkYTVlOTA3MDJjZTMzNGZkNTliZDUwYTJjYTYzNjU2NWViYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DjGFuTkwVpSgWhGI20k30VTl4Im
FCyQ3MNTBm8nl0iX6GZqpldsOh09kPaz2t1fEcppI3+8t6B/jRmfOqD7e+GtpzwP
CzJFAUNX788BH0CsuDKWJW5Tram2FiFqX8S+Oy8Qz7LE207Oy8SvQxKSwvMHTt4A
x/pCQsrIhI5NVIZ8nlFrnIbH04lUFKp/4IutOYwzzvYVqz+uVd3sY6BYgB58V/Gz
WYJY8H151PRLXoLYEGcpKB7Ywul/1x5cxCGbcPuCODA+H6saEEefITiZDuiI9pcq
kiJnvDkXutoDlxipksBRHv1a7KTOtpc+jlIegIw2TPC0qt7EmVYRD9SNrQIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFDN9pekHAs4zT9Wb1QospjZWXruTMB8GA1UdIwQY
MBaAFBeVrIQ82LqQGI9zE2UrtWEpmylvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODct
NzMxYWJjNmY3NWNhLzEvTTMybDZRY0N6ak5QMVp2VkNpeW1ObFpldTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODctNzMxYWJjNmY3NWNh
LzEvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGyBggrBgEFBQcBBwEB/wSBojCBnzCBjQQCAAEwgYYDBAJV
iHQDBAJViVQDBAJWaWwDBAJWadgDBABZI8ADBAFZKTgDBAFZKnQDBAFZK74wDAME
B1l8gAMEBVl8wAMEAFnI9wMEAVvrBAMEAF1xHQMEAILDOQMEArB+/AMEArk5UAME
ArnplAMEAsGXHAMEAMGpFQMEAsPy9AMEAMsZjwMEBdWxADANBAIAAjAHAwUDKgBd
wDANBgkqhkiG9w0BAQsFAAOCAQEAnaT00WFLH1AUe72xiJDO4uYXwfAcv6bAQfIK
ulLsFzQDUQHFm49Ywjo57BoTM0dPlu5qD1WJXSUmzr86w+QF2hc2I4yCfWgYq3+G
Osp8iumJ4+yi2Aqab111e9W5YCezOE+ie9KcADynUh0TsaVX3a7/ZdnDJfhXk+e9
44csY9RjF6Ovv7DNJ6exvMg8ID5CHbrB6AqBRQO6R1lxEULQmTV4lqTifn/O05fq
vhVtJGkfI8Uy1E3TogsM/zleFIuKDqC6P7cmWlmIdRgo6SGdloaj5z5rS5bSPxlF
fXyTZgK+jBZqdF8A7cJA9wb1uGF7Y+m8tjhUFtzFBBhP77x5TA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 12:33:23 2026 by rpki-client