Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7n21j0arkV0i_T2sVOrocRSEjSQ.roa
File: 7n21j0arkV0i_T2sVOrocRSEjSQ.roa (raw, json)
Hash identifier: 4uQJyIy3PMd9RTNB8+vJy+PcEdAqthYjAtrKR+jgLzI=
Subject key identifier: EE:7D:B5:8F:46:AB:91:5D:22:FD:3D:AC:54:EA:E8:71:14:84:8D:24
Certificate issuer: /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial: 019CF68EF4A46EDC6C18EF07C4034CA478B2
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7n21j0arkV0i_T2sVOrocRSEjSQ.roa
Signing time: Mon 16 Mar 2026 12:11:29 +0000
ROA not before: Mon 16 Mar 2026 12:11:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31034
IP address blocks: 5.249.128.0/19 maxlen: 24
31.11.32.0/21 maxlen: 24
31.14.128.0/20 maxlen: 24
46.37.0.0/19 maxlen: 24
62.149.128.0/17 maxlen: 24
66.71.128.0/18 maxlen: 24
66.71.128.0/19 maxlen: 24
77.81.224.0/20 maxlen: 24
80.73.224.0/21 maxlen: 24
80.88.80.0/20 maxlen: 24
80.211.0.0/16 maxlen: 24
85.235.128.0/19 maxlen: 24
89.36.208.0/22 maxlen: 24
89.46.64.0/20 maxlen: 24
89.46.104.0/21 maxlen: 24
89.46.192.0/21 maxlen: 24
93.186.240.0/21 maxlen: 24
93.186.248.0/21 maxlen: 24
94.177.160.0/19 maxlen: 24
94.177.192.0/18 maxlen: 24
95.110.128.0/17 maxlen: 24
109.70.240.0/22 maxlen: 24
109.70.244.0/22 maxlen: 24
176.107.144.0/21 maxlen: 24
185.56.8.0/22 maxlen: 24
185.58.116.0/22 maxlen: 24
185.58.192.0/22 maxlen: 24
188.213.160.0/20 maxlen: 24
193.254.240.0/23 maxlen: 24
194.182.110.0/23 maxlen: 24
195.128.234.0/23 maxlen: 24
195.225.168.0/22 maxlen: 24
195.231.0.0/17 maxlen: 24
195.231.64.0/20 maxlen: 24
195.231.80.0/21 maxlen: 24
195.231.88.0/21 maxlen: 24
195.234.171.0/24 maxlen: 24
195.250.34.0/24 maxlen: 24
209.227.224.0/20 maxlen: 24
212.237.0.0/18 maxlen: 24
217.61.0.0/18 maxlen: 24
217.61.56.0/21 maxlen: 24
217.61.120.0/21 maxlen: 24
217.73.224.0/20 maxlen: 24
2a00:6d40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f6:8e:f4:a4:6e:dc:6c:18:ef:07:c4:03:4c:a4:78:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Validity
Not Before: Mar 16 12:11:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ee7db58f46ab915d22fd3dac54eae87114848d24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:ab:47:c0:27:89:c1:b6:c1:7e:03:f7:3c:70:
87:7b:d1:77:58:0f:93:a8:db:b8:56:68:71:b6:3c:
2d:85:23:c1:1c:06:d1:e5:cd:1d:65:e3:e4:63:d4:
b4:2b:0c:d3:d5:63:ff:be:82:d2:4f:ce:de:db:b0:
2b:8e:04:5d:3a:10:32:36:3d:a7:b8:d4:27:bd:2a:
f2:fb:6d:00:62:3b:16:d0:55:0b:d2:26:2b:c5:26:
02:c8:25:e8:b7:cc:f8:b8:39:5e:96:00:07:34:60:
41:b1:c8:bd:06:24:1b:20:5c:fe:76:02:1d:02:4a:
49:8a:30:21:bf:84:37:77:de:53:fc:5c:cf:60:ab:
cf:2d:5c:46:2c:ff:ea:7b:8e:a0:ff:2c:8b:41:3a:
28:21:17:60:4c:12:f4:5d:ec:a5:a9:6f:3a:fd:0c:
b7:87:6b:28:d0:1a:01:9d:e7:df:16:a4:fb:3d:90:
af:8c:1d:dc:e1:0a:a3:42:cb:bd:27:31:81:d7:e3:
22:ee:45:7f:34:f4:71:63:3a:15:2b:3d:cf:33:e1:
63:31:22:a9:7f:81:47:7e:ed:1a:fb:c9:8b:0f:cb:
c1:98:6c:a0:bb:78:87:22:21:55:ef:92:79:91:b5:
c1:2f:db:25:ec:14:7d:25:e6:b4:da:15:e3:ee:26:
10:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:7D:B5:8F:46:AB:91:5D:22:FD:3D:AC:54:EA:E8:71:14:84:8D:24
X509v3 Authority Key Identifier:
keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7n21j0arkV0i_T2sVOrocRSEjSQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.249.128.0/19
31.11.32.0/21
31.14.128.0/20
46.37.0.0/19
62.149.128.0/17
66.71.128.0/18
77.81.224.0/20
80.73.224.0/21
80.88.80.0/20
80.211.0.0/16
85.235.128.0/19
89.36.208.0/22
89.46.64.0/20
89.46.104.0/21
89.46.192.0/21
93.186.240.0/20
94.177.160.0-94.177.255.255
95.110.128.0/17
109.70.240.0/21
176.107.144.0/21
185.56.8.0/22
185.58.116.0/22
185.58.192.0/22
188.213.160.0/20
193.254.240.0/23
194.182.110.0/23
195.128.234.0/23
195.225.168.0/22
195.231.0.0/17
195.234.171.0/24
195.250.34.0/24
209.227.224.0/20
212.237.0.0/18
217.61.0.0/18
217.61.120.0/21
217.73.224.0/20
IPv6:
2a00:6d40::/29
Signature Algorithm: sha256WithRSAEncryption
6b:74:8d:19:88:43:fc:52:14:8d:af:fa:ab:81:2c:4a:1d:b4:
6f:d1:d1:62:b9:af:c4:b3:94:a6:74:72:39:77:13:a5:c1:e8:
20:88:d3:cd:db:d0:3b:0f:0f:8e:e6:2f:29:94:10:89:cf:27:
a3:f8:cf:8d:75:6f:6f:d9:e0:b2:d4:54:39:a9:30:f6:b8:67:
78:35:d2:79:a4:2b:b5:5f:a1:0d:91:e9:7d:e7:b2:a5:71:69:
60:e3:80:03:82:40:4a:32:a9:75:eb:b3:a2:23:f4:88:d7:77:
14:00:8f:36:30:6a:b3:89:3b:34:01:2e:a6:33:b3:2d:26:6c:
83:b3:1a:e4:9b:d9:bb:94:c1:d2:2a:64:ba:ea:d3:ff:1a:cf:
52:6e:8f:5f:16:98:17:d2:1d:d5:c9:53:5b:f4:79:28:c7:2a:
37:17:88:94:7f:bc:f9:2b:4c:1e:27:55:e9:c8:27:bb:fd:b7:
20:1b:21:22:01:4b:40:88:a2:fa:1d:c4:55:39:31:ad:76:66:
54:ef:63:1f:de:29:1c:d1:52:3c:e2:93:3c:f8:3b:7e:ed:a4:
d1:24:64:6f:ae:bf:32:86:1d:3b:1b:ee:5d:44:09:f2:e5:20:
39:12:d7:75:d1:cd:47:4b:33:cc:63:56:18:13:99:6b:27:ba:
87:61:8b:02
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgISAZz2jvSkbtxsGO8HxANMpHiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjYwMzE2MTIxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTdkYjU4ZjQ2YWI5MTVkMjJmZDNkYWM1NGVhZTg3MTE0ODQ4ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKtHwCeJwbbBfgP3PHCHe9F3WA+T
qNu4VmhxtjwthSPBHAbR5c0dZePkY9S0KwzT1WP/voLST87e27ArjgRdOhAyNj2n
uNQnvSry+20AYjsW0FUL0iYrxSYCyCXot8z4uDlelgAHNGBBsci9BiQbIFz+dgId
AkpJijAhv4Q3d95T/FzPYKvPLVxGLP/qe46g/yyLQTooIRdgTBL0XeylqW86/Qy3
h2so0BoBneffFqT7PZCvjB3c4QqjQsu9JzGB1+Mi7kV/NPRxYzoVKz3PM+FjMSKp
f4FHfu0a+8mLD8vBmGygu3iHIiFV75J5kbXBL9sl7BR9Jea02hXj7iYQ3QIDAQAB
o4IC9jCCAvIwHQYDVR0OBBYEFO59tY9Gq5FdIv09rFTq6HEUhI0kMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvN24yMWowYXJrVjBpX1Qyc1ZPcm9jUlNFalNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCgYIKwYBBQUHAQcBAf8EgfowgfcwgeUEAgABMIHeAwQF
BfmAAwQDHwsgAwQEHw6AAwQFLiUAAwQHPpWAAwQGQkeAAwQETVHgAwQDUEngAwQE
UFhQAwMAUNMDBAVV64ADBAJZJNADBARZLkADBANZLmgDBANZLsADBARduvAwCwME
BV6xoAMDAV6wAwQHX26AAwQDbUbwAwQDsGuQAwQCuTgIAwQCuTp0AwQCuTrAAwQE
vNWgAwQBwf7wAwQBwrZuAwQBw4DqAwQCw+GoAwQHw+cAAwQAw+qrAwQAw/oiAwQE
0ePgAwQG1O0AAwQG2T0AAwQD2T14AwQE2UngMA0EAgACMAcDBQMqAG1AMA0GCSqG
SIb3DQEBCwUAA4IBAQBrdI0ZiEP8UhSNr/qrgSxKHbRv0dFiua/Es5SmdHI5dxOl
weggiNPN29A7Dw+O5i8plBCJzyej+M+NdW9v2eCy1FQ5qTD2uGd4NdJ5pCu1X6EN
kel957KlcWlg44ADgkBKMql167OiI/SI13cUAI82MGqziTs0AS6mM7MtJmyDsxrk
m9m7lMHSKmS66tP/Gs9Sbo9fFpgX0h3VyVNb9Hkoxyo3F4iUf7z5K0weJ1XpyCe7
/bcgGyEiAUtAiKL6HcRVOTGtdmZU72Mf3ikc0VI84pM8+Dt+7aTRJGRvrr8yhh07
G+5dRAny5SA5Etd10c1HSzPMY1YYE5lrJ7qHYYsC
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:01:38 2026 by rpki-client