Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/2HVbjY7XH7qHKeZZFQnD-Dqb1TQ.roa
File: 2HVbjY7XH7qHKeZZFQnD-Dqb1TQ.roa (raw, json)
Hash identifier: L4uIKMCJpumyCtgkJ2Nq73fboi9X5qQpVMHCHCUSm5E=
Subject key identifier: D8:75:5B:8D:8E:D7:1F:BA:87:29:E6:59:15:09:C3:F8:3A:9B:D5:34
Certificate issuer: /CN=204a096504cdbb9f2fb7fd0e66406d526fe10b5a
Certificate serial: 019E1B52E035F1C7BD618E4CF5E56499A585
Authority key identifier: 20:4A:09:65:04:CD:BB:9F:2F:B7:FD:0E:66:40:6D:52:6F:E1:0B:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IEoJZQTNu58vt_0OZkBtUm_hC1o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/2HVbjY7XH7qHKeZZFQnD-Dqb1TQ.roa
Signing time: Tue 12 May 2026 08:34:36 +0000
ROA not before: Tue 12 May 2026 08:34:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41998
IP address blocks: 5.42.136.0/22 maxlen: 22
5.42.140.0/22 maxlen: 22
31.25.40.0/21 maxlen: 21
31.25.46.0/23 maxlen: 23
37.25.48.0/21 maxlen: 21
37.60.168.0/21 maxlen: 21
37.228.176.0/20 maxlen: 20
46.182.136.0/21 maxlen: 21
62.152.160.0/19 maxlen: 19
83.242.36.0/22 maxlen: 22
83.242.40.0/21 maxlen: 21
83.242.48.0/20 maxlen: 20
91.103.112.0/21 maxlen: 21
93.118.0.0/21 maxlen: 21
93.118.8.0/21 maxlen: 21
93.118.16.0/21 maxlen: 21
93.118.24.0/21 maxlen: 21
93.184.176.0/20 maxlen: 20
94.124.208.0/21 maxlen: 21
94.176.240.0/20 maxlen: 20
145.14.192.0/20 maxlen: 20
149.249.56.0/21 maxlen: 21
153.92.80.0/20 maxlen: 20
171.33.176.0/22 maxlen: 22
171.33.180.0/22 maxlen: 22
185.3.80.0/22 maxlen: 22
185.6.96.0/22 maxlen: 22
185.36.120.0/22 maxlen: 22
185.61.28.0/22 maxlen: 22
185.107.4.0/22 maxlen: 22
185.108.230.0/23 maxlen: 23
188.93.216.0/21 maxlen: 21
188.244.100.0/22 maxlen: 22
193.151.4.0/22 maxlen: 22
193.238.104.0/22 maxlen: 24
194.140.112.0/20 maxlen: 20
212.86.176.0/22 maxlen: 22
212.86.184.0/22 maxlen: 22
213.153.68.0/22 maxlen: 22
213.153.76.0/22 maxlen: 22
213.153.80.0/22 maxlen: 22
213.153.84.0/22 maxlen: 22
213.153.88.0/22 maxlen: 22
213.153.92.0/22 maxlen: 22
217.66.136.0/21 maxlen: 21
217.78.160.0/20 maxlen: 20
2a00:79c0::/32 maxlen: 32
2a02:17b0::/32 maxlen: 32
2a03:b880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/IEoJZQTNu58vt_0OZkBtUm_hC1o.crl
rsync://rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/IEoJZQTNu58vt_0OZkBtUm_hC1o.mft
rsync://rpki.ripe.net/repository/DEFAULT/IEoJZQTNu58vt_0OZkBtUm_hC1o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 02:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:1b:52:e0:35:f1:c7:bd:61:8e:4c:f5:e5:64:99:a5:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=204a096504cdbb9f2fb7fd0e66406d526fe10b5a
Validity
Not Before: May 12 08:34:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d8755b8d8ed71fba8729e6591509c3f83a9bd534
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:de:d5:a8:60:67:c8:3f:2a:4b:80:95:58:d4:
e7:bf:83:fc:1b:97:75:36:d3:ab:41:17:7e:ed:c2:
6f:7f:6f:4c:ee:32:79:b7:c2:64:76:1a:e4:69:e5:
50:00:3d:96:02:4b:54:84:be:c9:b1:2c:c7:bd:0e:
b6:ee:dd:d6:a7:10:fa:3e:d2:7d:03:9f:1c:d1:ef:
cd:b4:a3:c1:d1:40:41:4d:bc:6e:c6:e7:b0:d3:93:
be:b0:4e:60:f9:d9:eb:da:50:e3:5f:f6:7f:4b:5c:
1e:25:38:73:32:dd:26:f7:8f:97:1c:e9:5d:5c:88:
0c:82:fe:f5:3c:02:94:45:0b:9c:a9:ad:cd:b9:40:
77:2d:cc:76:81:d3:3f:56:e0:06:66:22:da:d5:19:
64:da:a9:6a:80:c4:7d:35:03:a8:12:01:36:27:0b:
19:6c:2e:49:36:83:85:5e:83:87:08:47:4b:0d:f1:
78:19:8c:86:cc:0d:40:ae:c2:87:fe:a3:71:14:54:
dd:55:08:16:26:c1:44:70:68:1b:06:3f:93:04:07:
f8:7d:ca:f6:f6:8f:77:15:e1:a0:ee:e4:b2:a1:92:
db:fd:eb:0c:40:13:86:0f:d9:23:22:21:dd:cb:e4:
4a:21:e5:34:aa:3e:e3:36:9a:3d:4f:0e:28:be:6b:
e3:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:75:5B:8D:8E:D7:1F:BA:87:29:E6:59:15:09:C3:F8:3A:9B:D5:34
X509v3 Authority Key Identifier:
keyid:20:4A:09:65:04:CD:BB:9F:2F:B7:FD:0E:66:40:6D:52:6F:E1:0B:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IEoJZQTNu58vt_0OZkBtUm_hC1o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/2HVbjY7XH7qHKeZZFQnD-Dqb1TQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e251dc-8b2b-4f3d-b636-15422478800b/1/IEoJZQTNu58vt_0OZkBtUm_hC1o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.136.0/21
31.25.40.0/21
37.25.48.0/21
37.60.168.0/21
37.228.176.0/20
46.182.136.0/21
62.152.160.0/19
83.242.36.0-83.242.63.255
91.103.112.0/21
93.118.0.0/19
93.184.176.0/20
94.124.208.0/21
94.176.240.0/20
145.14.192.0/20
149.249.56.0/21
153.92.80.0/20
171.33.176.0/21
185.3.80.0/22
185.6.96.0/22
185.36.120.0/22
185.61.28.0/22
185.107.4.0/22
185.108.230.0/23
188.93.216.0/21
188.244.100.0/22
193.151.4.0/22
193.238.104.0/22
194.140.112.0/20
212.86.176.0/22
212.86.184.0/22
213.153.68.0/22
213.153.76.0-213.153.95.255
217.66.136.0/21
217.78.160.0/20
IPv6:
2a00:79c0::/32
2a02:17b0::/32
2a03:b880::/29
Signature Algorithm: sha256WithRSAEncryption
1c:d2:d9:56:9b:7b:fb:d6:37:6a:f1:fd:12:5d:d6:fb:a2:4a:
cf:36:31:8b:cc:ea:51:98:6b:da:dd:e1:e3:89:22:05:4a:25:
0f:dc:db:8c:c3:4b:4a:51:7e:37:cd:df:3e:b0:ec:92:46:2d:
7f:2a:88:52:64:ec:cc:86:2d:75:a9:5d:aa:c1:4a:8c:f8:ed:
3d:c8:d1:bf:b1:a9:84:69:ca:fb:d7:a9:c7:b6:bb:42:53:5c:
63:d5:8a:98:b3:c4:85:5f:f7:87:14:b2:df:49:f8:e1:c7:a1:
0c:28:8a:d0:f7:32:c5:0b:5f:56:43:44:5c:34:8f:64:2e:c9:
15:5d:17:51:f2:07:d2:af:62:be:f6:35:21:99:f3:9c:fa:61:
d2:e4:49:d9:93:7a:33:8f:09:9d:e4:4e:d0:20:08:59:ad:33:
f2:2d:ec:4b:d2:51:5b:85:6e:04:38:87:1b:84:c8:a6:cc:fc:
0e:4b:e7:4f:28:d0:47:97:a0:ca:70:b1:ba:73:7a:a8:e1:35:
1c:69:8f:9a:db:be:33:a7:20:d3:b4:dd:a0:84:26:a1:d4:cb:
57:0a:13:b2:29:1b:d9:d6:18:a8:f5:29:a1:0c:64:9a:20:72:
bb:e7:33:ae:2d:e9:8b:64:21:7f:9b:c5:aa:8a:c8:a0:13:03:
3f:36:b9:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgISAZ4bUuA18ce9YY5M9eVkmaWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNGEwOTY1MDRjZGJiOWYyZmI3ZmQwZTY2NDA2ZDUyNmZl
MTBiNWEwHhcNMjYwNTEyMDgzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc1NWI4ZDhlZDcxZmJhODcyOWU2NTkxNTA5YzNmODNhOWJkNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2d7VqGBnyD8qS4CVWNTnv4P8G5d1
NtOrQRd+7cJvf29M7jJ5t8JkdhrkaeVQAD2WAktUhL7JsSzHvQ627t3WpxD6PtJ9
A58c0e/NtKPB0UBBTbxuxuew05O+sE5g+dnr2lDjX/Z/S1weJThzMt0m94+XHOld
XIgMgv71PAKURQucqa3NuUB3Lcx2gdM/VuAGZiLa1Rlk2qlqgMR9NQOoEgE2JwsZ
bC5JNoOFXoOHCEdLDfF4GYyGzA1ArsKH/qNxFFTdVQgWJsFEcGgbBj+TBAf4fcr2
9o93FeGg7uSyoZLb/esMQBOGD9kjIiHdy+RKIeU0qj7jNpo9Tw4ovmvjKwIDAQAB
o4IDBDCCAwAwHQYDVR0OBBYEFNh1W42O1x+6hynmWRUJw/g6m9U0MB8GA1UdIwQY
MBaAFCBKCWUEzbufL7f9DmZAbVJv4QtaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUVvSlpRVE51NTh2dF8wT1prQnRVbV9oQzFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9lMjUxZGMtOGIyYi00ZjNkLWI2MzYt
MTU0MjI0Nzg4MDBiLzEvMkhWYmpZN1hIN3FIS2VaWkZRbkQtRHFiMVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9lMjUxZGMtOGIyYi00ZjNkLWI2MzYtMTU0MjI0Nzg4MDBi
LzEvSUVvSlpRVE51NTh2dF8wT1prQnRVbV9oQzFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBGAYIKwYBBQUHAQcBAf8EggEHMIIBAzCB4wQCAAEwgdwD
BAMFKogDBAMfGSgDBAMlGTADBAMlPKgDBAQl5LADBAMutogDBAU+mKAwDAMEAlPy
JAMEBlPyAAMEA1tncAMEBV12AAMEBF24sAMEA1580AMEBF6w8AMEBJEOwAMEA5X5
OAMEBJlcUAMEA6shsAMEArkDUAMEArkGYAMEArkkeAMEArk9HAMEArlrBAMEAbls
5gMEA7xd2AMEArz0ZAMEAsGXBAMEAsHuaAMEBMKMcAMEAtRWsAMEAtRWuAMEAtWZ
RDAMAwQC1ZlMAwQF1ZlAAwQD2UKIAwQE2U6gMBsEAgACMBUDBQAqAHnAAwUAKgIX
sAMFAyoDuIAwDQYJKoZIhvcNAQELBQADggEBABzS2Vabe/vWN2rx/RJd1vuiSs82
MYvM6lGYa9rd4eOJIgVKJQ/c24zDS0pRfjfN3z6w7JJGLX8qiFJk7MyGLXWpXarB
Soz47T3I0b+xqYRpyvvXqce2u0JTXGPVipizxIVf94cUst9J+OHHoQwoitD3MsUL
X1ZDRFw0j2QuyRVdF1HyB9KvYr72NSGZ85z6YdLkSdmTejOPCZ3kTtAgCFmtM/It
7EvSUVuFbgQ4hxuEyKbM/A5L508o0EeXoMpwsbpzeqjhNRxpj5rbvjOnINO03aCE
JqHUy1cKE7IpG9nWGKj1KaEMZJogcrvnM64t6YtkIX+bxaqKyKATAz82ufw=
-----END CERTIFICATE-----
Generated at Wed May 13 12:25:28 2026 by rpki-client