Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/0qRIj8FpE8X1N6x5GSHkeAwZpXQ.roa
File: 0qRIj8FpE8X1N6x5GSHkeAwZpXQ.roa (raw, json)
Hash identifier: S2EFxoimo0CCE2MEzDNtzpx1Z0cgiW5Og80JDexN1gg=
Subject key identifier: D2:A4:48:8F:C1:69:13:C5:F5:37:AC:79:19:21:E4:78:0C:19:A5:74
Certificate issuer: /CN=cfb75191978866f1fc97f523c7dda40a88f7e777
Certificate serial: 019CDE80D46E65CAC1C3EB7CADB9B22A4F1B
Authority key identifier: CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/0qRIj8FpE8X1N6x5GSHkeAwZpXQ.roa
Signing time: Wed 11 Mar 2026 20:05:10 +0000
ROA not before: Wed 11 Mar 2026 20:05:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13150
IP address blocks: 85.255.16.0/24 maxlen: 24
85.255.17.0/24 maxlen: 24
85.255.19.0/24 maxlen: 24
85.255.20.0/24 maxlen: 24
85.255.21.0/24 maxlen: 24
85.255.22.0/24 maxlen: 24
85.255.23.0/24 maxlen: 24
85.255.24.0/24 maxlen: 24
85.255.25.0/24 maxlen: 24
85.255.26.0/24 maxlen: 24
85.255.27.0/24 maxlen: 24
85.255.28.0/24 maxlen: 24
85.255.29.0/24 maxlen: 24
85.255.30.0/24 maxlen: 24
85.255.31.0/24 maxlen: 24
159.117.224.0/24 maxlen: 24
159.117.225.0/24 maxlen: 24
159.117.226.0/24 maxlen: 24
159.117.227.0/24 maxlen: 24
159.117.228.0/24 maxlen: 24
159.117.229.0/24 maxlen: 24
159.117.230.0/24 maxlen: 24
159.117.231.0/24 maxlen: 24
159.117.232.0/24 maxlen: 24
159.117.233.0/24 maxlen: 24
159.117.234.0/24 maxlen: 24
159.117.235.0/24 maxlen: 24
159.117.236.0/24 maxlen: 24
159.117.237.0/24 maxlen: 24
159.117.238.0/24 maxlen: 24
159.117.239.0/24 maxlen: 24
159.117.240.0/24 maxlen: 24
159.117.241.0/24 maxlen: 24
185.114.120.0/24 maxlen: 24
185.114.121.0/24 maxlen: 24
185.114.122.0/24 maxlen: 24
185.114.123.0/24 maxlen: 24
209.206.0.0/24 maxlen: 24
209.206.1.0/24 maxlen: 24
209.206.2.0/24 maxlen: 24
209.206.3.0/24 maxlen: 24
209.206.4.0/24 maxlen: 24
209.206.5.0/24 maxlen: 24
209.206.6.0/24 maxlen: 24
209.206.7.0/24 maxlen: 24
209.206.8.0/24 maxlen: 24
209.206.9.0/24 maxlen: 24
209.206.10.0/24 maxlen: 24
209.206.11.0/24 maxlen: 24
209.206.12.0/24 maxlen: 24
209.206.13.0/24 maxlen: 24
209.206.14.0/24 maxlen: 24
209.206.15.0/24 maxlen: 24
209.206.16.0/24 maxlen: 24
209.206.17.0/24 maxlen: 24
209.206.18.0/24 maxlen: 24
209.206.19.0/24 maxlen: 24
209.206.20.0/24 maxlen: 24
209.206.21.0/24 maxlen: 24
209.206.22.0/24 maxlen: 24
209.206.23.0/24 maxlen: 24
209.206.24.0/24 maxlen: 24
209.206.25.0/24 maxlen: 24
209.206.26.0/24 maxlen: 24
209.206.27.0/24 maxlen: 24
209.206.28.0/24 maxlen: 24
209.206.29.0/24 maxlen: 24
209.206.30.0/24 maxlen: 24
209.206.31.0/24 maxlen: 24
216.252.176.0/24 maxlen: 24
216.252.177.0/24 maxlen: 24
216.252.178.0/24 maxlen: 24
216.252.179.0/24 maxlen: 24
216.252.180.0/24 maxlen: 24
216.252.181.0/24 maxlen: 24
216.252.182.0/24 maxlen: 24
216.252.183.0/24 maxlen: 24
216.252.184.0/24 maxlen: 24
216.252.185.0/24 maxlen: 24
216.252.186.0/24 maxlen: 24
216.252.187.0/24 maxlen: 24
216.252.189.0/24 maxlen: 24
216.252.190.0/24 maxlen: 24
216.252.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.mft
rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:de:80:d4:6e:65:ca:c1:c3:eb:7c:ad:b9:b2:2a:4f:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfb75191978866f1fc97f523c7dda40a88f7e777
Validity
Not Before: Mar 11 20:05:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d2a4488fc16913c5f537ac791921e4780c19a574
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:bb:bd:6d:91:ae:c4:5b:26:9f:0c:43:74:fe:
32:b3:b7:77:38:12:b6:83:68:ca:c9:24:b2:65:d3:
f5:91:a2:04:9a:88:be:15:0f:51:3a:ae:85:b6:a4:
75:c5:69:80:06:c7:30:83:9a:ec:a6:e3:74:80:75:
58:d5:72:7b:73:64:d2:16:08:97:ba:ef:67:89:9f:
f8:72:27:7c:e8:6d:7d:57:19:80:e7:37:38:b0:09:
b0:d1:7b:92:07:4b:7b:4e:bb:06:ee:28:93:c7:ab:
5d:ea:85:70:ea:d1:d5:2b:ce:04:39:e0:ac:a0:b3:
31:60:e4:d0:bf:41:e4:5e:40:4d:e3:20:ef:a1:be:
ad:3b:80:f6:2b:58:fb:0c:96:c7:24:47:05:6c:cd:
3e:a9:4e:bd:23:75:cb:31:18:4b:1f:2f:56:67:78:
27:21:0f:07:6d:51:f8:8d:36:09:5a:77:2a:14:a5:
03:b5:e6:ea:6d:fc:6c:87:6d:ee:ee:fe:34:e7:87:
f3:f8:1b:c6:df:3b:cc:2c:ab:7e:8b:38:97:1c:d7:
24:af:cc:98:69:32:f2:1d:b7:d1:e0:3f:bd:cb:9d:
29:3a:17:7a:9c:2a:de:6f:ee:ed:0f:75:3d:e6:4f:
c6:f0:ae:34:43:13:e6:51:6a:5c:99:af:c0:41:b4:
2e:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:A4:48:8F:C1:69:13:C5:F5:37:AC:79:19:21:E4:78:0C:19:A5:74
X509v3 Authority Key Identifier:
keyid:CF:B7:51:91:97:88:66:F1:FC:97:F5:23:C7:DD:A4:0A:88:F7:E7:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z7dRkZeIZvH8l_Ujx92kCoj353c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/0qRIj8FpE8X1N6x5GSHkeAwZpXQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b9575b-b7c1-4c5c-9dab-c199c7b4cac2/1/z7dRkZeIZvH8l_Ujx92kCoj353c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.255.16.0/23
85.255.19.0-85.255.31.255
159.117.224.0-159.117.241.255
185.114.120.0/22
209.206.0.0/19
216.252.176.0-216.252.187.255
216.252.189.0-216.252.191.255
Signature Algorithm: sha256WithRSAEncryption
b9:bd:9e:31:1d:a1:ff:85:43:0b:ab:93:f9:90:ec:07:f5:ae:
69:0d:8e:53:e5:1e:33:32:36:aa:f4:c8:e0:44:08:dd:a0:67:
c0:5d:e7:5e:7e:b1:df:28:84:f7:91:50:31:92:72:a6:23:52:
e7:5b:dc:d2:0b:2c:42:c3:b4:a8:dc:58:cd:f3:d9:9d:73:bb:
25:94:47:92:b4:85:c6:5e:d1:cb:e5:54:e4:e4:29:e9:b6:25:
c6:9f:e9:46:83:0a:e6:6e:55:8f:1d:30:7b:e5:4d:09:2a:a8:
f6:ff:66:33:13:8b:56:6a:53:5a:2f:79:c7:b4:3a:a8:a8:d5:
65:b0:e2:78:a5:9b:e7:57:aa:71:f3:01:78:aa:ed:5c:0d:3f:
7b:af:d5:3b:6c:f3:dc:0b:4c:76:97:d7:32:dc:95:b8:9b:e0:
c4:f8:22:aa:06:4d:a7:af:24:e5:39:47:f1:b4:ad:c2:db:05:
c5:28:f9:20:c6:46:dd:05:7e:28:34:52:db:d0:e1:5d:eb:fd:
b1:b8:52:7f:ca:37:eb:1c:72:a8:29:57:e4:29:60:61:5e:68:
b6:71:1c:63:34:70:a8:c5:b8:75:15:67:92:8a:a1:07:1a:e9:
aa:1a:47:ff:5f:b8:01:d5:32:2e:02:27:93:74:23:93:6a:1b:
87:54:03:d7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZzegNRuZcrBw+t8rbmyKk8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYjc1MTkxOTc4ODY2ZjFmYzk3ZjUyM2M3ZGRhNDBhODhm
N2U3NzcwHhcNMjYwMzExMjAwNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmE0NDg4ZmMxNjkxM2M1ZjUzN2FjNzkxOTIxZTQ3ODBjMTlhNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxru9bZGuxFsmnwxDdP4ys7d3OBK2
g2jKySSyZdP1kaIEmoi+FQ9ROq6FtqR1xWmABscwg5rspuN0gHVY1XJ7c2TSFgiX
uu9niZ/4cid86G19VxmA5zc4sAmw0XuSB0t7TrsG7iiTx6td6oVw6tHVK84EOeCs
oLMxYOTQv0HkXkBN4yDvob6tO4D2K1j7DJbHJEcFbM0+qU69I3XLMRhLHy9WZ3gn
IQ8HbVH4jTYJWncqFKUDtebqbfxsh23u7v4054fz+BvG3zvMLKt+iziXHNckr8yY
aTLyHbfR4D+9y50pOhd6nCreb+7tD3U95k/G8K40QxPmUWpcma/AQbQuwQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNKkSI/BaRPF9TeseRkh5HgMGaV0MB8GA1UdIwQY
MBaAFM+3UZGXiGbx/Jf1I8fdpAqI9+d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejdkUmtaZUladkg4bF9Vang5MmtDb2ozNTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iOTU3NWItYjdjMS00YzVjLTlkYWIt
YzE5OWM3YjRjYWMyLzEvMHFSSWo4RnBFOFgxTjZ4NUdTSGtlQXdacFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iOTU3NWItYjdjMS00YzVjLTlkYWItYzE5OWM3YjRjYWMy
LzEvejdkUmtaZUladkg4bF9Vang5MmtDb2ozNTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBVf8QMAwD
BABV/xMDBAVV/wAwDAMEBZ914AMEAZ918AMEArlyeAMEBdHOADAMAwQE2PywAwQC
2Py4MAwDBADY/L0DBAbY/IAwDQYJKoZIhvcNAQELBQADggEBALm9njEdof+FQwur
k/mQ7Af1rmkNjlPlHjMyNqr0yOBECN2gZ8Bd515+sd8ohPeRUDGScqYjUudb3NIL
LELDtKjcWM3z2Z1zuyWUR5K0hcZe0cvlVOTkKem2Jcaf6UaDCuZuVY8dMHvlTQkq
qPb/ZjMTi1ZqU1ovece0Oqio1WWw4nilm+dXqnHzAXiq7VwNP3uv1Tts89wLTHaX
1zLclbib4MT4IqoGTaevJOU5R/G0rcLbBcUo+SDGRt0Ffig0UtvQ4V3r/bG4Un/K
N+sccqgpV+QpYGFeaLZxHGM0cKjFuHUVZ5KKoQca6aoaR/9fuAHVMi4CJ5N0I5Nq
G4dUA9c=
-----END CERTIFICATE-----
Generated at Fri Mar 27 02:10:49 2026 by rpki-client