Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/u4MfB0FzEGLg1UXIDojy5l8TPPI.roa
File: u4MfB0FzEGLg1UXIDojy5l8TPPI.roa (raw, json)
Hash identifier: mRj201zAEWa5mXAWWYiIGYO3HFLB2y1Mo5UNDn8OAiI=
Subject key identifier: BB:83:1F:07:41:73:10:62:E0:D5:45:C8:0E:88:F2:E6:5F:13:3C:F2
Certificate issuer: /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial: 019D260B77189229F1DEEA4948E92A2EE197
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/u4MfB0FzEGLg1UXIDojy5l8TPPI.roa
Signing time: Wed 25 Mar 2026 17:29:38 +0000
ROA not before: Wed 25 Mar 2026 17:29:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211183
IP address blocks: 5.35.124.0/24 maxlen: 24
5.35.125.0/24 maxlen: 24
5.35.126.0/24 maxlen: 24
5.35.127.0/24 maxlen: 24
5.253.62.0/24 maxlen: 24
37.140.241.0/24 maxlen: 24
45.128.204.0/24 maxlen: 24
79.133.181.0/24 maxlen: 24
79.133.182.0/24 maxlen: 24
79.133.183.0/24 maxlen: 24
89.191.225.0/24 maxlen: 24
91.200.84.0/24 maxlen: 24
94.154.11.0/24 maxlen: 24
130.49.143.0/24 maxlen: 24
130.49.146.0/24 maxlen: 24
130.49.153.0/24 maxlen: 24
153.80.250.0/24 maxlen: 24
153.80.251.0/24 maxlen: 24
155.212.245.0/24 maxlen: 24
155.212.246.0/24 maxlen: 24
155.212.247.0/24 maxlen: 24
157.22.172.0/24 maxlen: 24
157.22.173.0/24 maxlen: 24
157.22.174.0/24 maxlen: 24
157.22.175.0/24 maxlen: 24
157.22.230.0/24 maxlen: 24
157.22.231.0/24 maxlen: 24
185.198.152.0/24 maxlen: 24
185.233.185.0/24 maxlen: 24
185.239.50.0/24 maxlen: 24
185.239.51.0/24 maxlen: 24
185.240.103.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
185.250.44.0/24 maxlen: 24
185.250.46.0/24 maxlen: 24
185.250.47.0/24 maxlen: 24
193.187.96.0/24 maxlen: 24
194.5.78.0/24 maxlen: 24
194.5.79.0/24 maxlen: 24
195.93.252.0/24 maxlen: 24
217.171.146.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:26:0b:77:18:92:29:f1:de:ea:49:48:e9:2a:2e:e1:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
Validity
Not Before: Mar 25 17:29:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=bb831f0741731062e0d545c80e88f2e65f133cf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:cd:9c:61:2d:e9:2d:ba:b8:5f:49:df:3c:51:
41:6e:ff:ac:6c:fe:e9:ad:ef:27:81:20:76:fa:b4:
88:d6:23:d4:73:60:f7:f7:08:e3:17:c9:54:f2:84:
ee:4a:3b:bd:91:da:c4:15:53:34:32:28:55:77:59:
0e:a6:83:10:45:56:fa:e4:e7:06:9f:f7:7e:9b:74:
b8:d5:b6:d8:17:da:ff:64:99:fa:bd:c3:0e:87:28:
ca:2c:9a:8a:a9:03:c0:f8:3e:91:9a:e1:e9:76:43:
2b:e3:25:cb:de:3a:85:b0:a2:52:57:37:51:b4:7c:
73:22:22:28:1c:41:10:1b:21:79:dc:59:60:15:aa:
c6:79:8c:10:85:93:f4:54:0d:aa:95:b4:36:3d:8f:
a6:53:51:c0:4d:fd:72:b3:9b:fd:79:5c:92:45:8a:
3a:5a:10:71:3c:88:ed:fe:0d:2a:6a:f5:5a:a5:ee:
58:3c:11:dc:41:c6:39:93:7b:3f:3a:a2:75:6a:62:
14:87:c0:57:24:d4:f9:2a:72:2d:86:e4:76:91:0e:
ef:25:50:ab:f6:ae:6c:ec:b4:fe:be:de:8a:2e:34:
d0:05:19:fe:3f:08:c8:d1:45:c5:c1:d2:d9:56:0b:
e3:15:5b:ac:f6:19:5d:24:36:91:02:87:58:b7:82:
ad:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:83:1F:07:41:73:10:62:E0:D5:45:C8:0E:88:F2:E6:5F:13:3C:F2
X509v3 Authority Key Identifier:
keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/u4MfB0FzEGLg1UXIDojy5l8TPPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.124.0/22
5.253.62.0/24
37.140.241.0/24
45.128.204.0/24
79.133.181.0-79.133.183.255
89.191.225.0/24
91.200.84.0/24
94.154.11.0/24
130.49.143.0/24
130.49.146.0/24
130.49.153.0/24
153.80.250.0/23
155.212.245.0-155.212.247.255
157.22.172.0/22
157.22.230.0/23
185.198.152.0/24
185.233.185.0/24
185.239.50.0/23
185.240.103.0/24
185.244.51.0/24
185.250.44.0/24
185.250.46.0/23
193.187.96.0/24
194.5.78.0/23
195.93.252.0/24
217.171.146.0/24
Signature Algorithm: sha256WithRSAEncryption
56:4f:11:64:06:a8:b3:78:12:a3:be:bf:7f:0c:d2:0f:49:93:
4f:c1:8e:cd:ee:1f:f1:0f:32:ad:d5:59:6a:dd:60:e6:f1:f5:
8f:4f:a2:ca:74:10:c6:73:0c:18:08:24:35:86:cc:c6:88:78:
17:81:f7:9e:00:fa:71:28:7c:fe:56:c0:cb:31:1c:f6:4b:ab:
48:e7:d9:ba:0b:ca:0c:b3:b2:df:42:87:7b:f8:77:d3:b4:d4:
07:78:b8:62:3a:29:92:72:52:72:52:2c:61:60:ab:d0:4f:7c:
bb:ba:fd:b8:8e:74:17:44:7a:70:09:a4:e3:62:11:52:8a:90:
e1:8d:f5:d0:9c:49:7d:6b:a1:11:1f:08:70:ef:ea:c7:f5:6b:
f9:2d:c9:48:c0:3b:a7:17:b1:d6:dc:10:4f:79:06:76:f6:8c:
72:1c:87:68:1e:24:9d:a9:62:f8:62:8b:af:c1:40:ba:8a:3a:
c4:ad:50:d5:10:f9:ef:b7:c6:f1:be:e4:cf:a7:2d:a3:bc:2f:
82:da:e6:70:90:91:50:04:83:cf:47:12:7d:9d:8c:f6:d3:cb:
b2:40:06:32:5f:63:48:1a:74:4e:a3:54:9a:7d:0e:7f:c8:d5:
5d:f0:47:4c:cf:92:27:d9:91:45:4f:ad:cb:0a:ea:7a:88:77:
65:cf:4a:9e
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZ0mC3cYkinx3upJSOkqLuGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjYwMzI1MTcyOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjgzMWYwNzQxNzMxMDYyZTBkNTQ1YzgwZTg4ZjJlNjVmMTMzY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM2cYS3pLbq4X0nfPFFBbv+sbP7p
re8ngSB2+rSI1iPUc2D39wjjF8lU8oTuSju9kdrEFVM0MihVd1kOpoMQRVb65OcG
n/d+m3S41bbYF9r/ZJn6vcMOhyjKLJqKqQPA+D6RmuHpdkMr4yXL3jqFsKJSVzdR
tHxzIiIoHEEQGyF53FlgFarGeYwQhZP0VA2qlbQ2PY+mU1HATf1ys5v9eVySRYo6
WhBxPIjt/g0qavVape5YPBHcQcY5k3s/OqJ1amIUh8BXJNT5KnIthuR2kQ7vJVCr
9q5s7LT+vt6KLjTQBRn+PwjI0UXFwdLZVgvjFVus9hldJDaRAodYt4KtLQIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFLuDHwdBcxBi4NVFyA6I8uZfEzzyMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvdTRNZkIwRnpFR0xnMVVYSURvank1bDhUUFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBswQCAAEwgawDBAIF
I3wDBAAF/T4DBAAljPEDBAAtgMwwDAMEAE+FtQMEA0+FsAMEAFm/4QMEAFvIVAME
AF6aCwMEAIIxjwMEAIIxkgMEAIIxmQMEAZlQ+jAMAwQAm9T1AwQDm9TwAwQCnRas
AwQBnRbmAwQAucaYAwQAuem5AwQBue8yAwQAufBnAwQAufQzAwQAufosAwQBufou
AwQAwbtgAwQBwgVOAwQAw138AwQA2auSMA0GCSqGSIb3DQEBCwUAA4IBAQBWTxFk
BqizeBKjvr9/DNIPSZNPwY7N7h/xDzKt1Vlq3WDm8fWPT6LKdBDGcwwYCCQ1hszG
iHgXgfeeAPpxKHz+VsDLMRz2S6tI59m6C8oMs7LfQod7+HfTtNQHeLhiOimSclJy
UixhYKvQT3y7uv24jnQXRHpwCaTjYhFSipDhjfXQnEl9a6ERHwhw7+rH9Wv5LclI
wDunF7HW3BBPeQZ29oxyHIdoHiSdqWL4YouvwUC6ijrErVDVEPnvt8bxvuTPpy2j
vC+C2uZwkJFQBIPPRxJ9nYz208uyQAYyX2NIGnROo1SafQ5/yNVd8EdMz5In2ZFF
T63LCup6iHdlz0qe
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:36:51 2026 by rpki-client