Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/OIeDUqwKxJ57Hp4z0SriVjqHOa0.roa
File: OIeDUqwKxJ57Hp4z0SriVjqHOa0.roa (raw, json)
Hash identifier: zgCtWjL78//MuJt8PD5olXX7a8O1W8EOEEdN7zziB7Q=
Subject key identifier: 38:87:83:52:AC:0A:C4:9E:7B:1E:9E:33:D1:2A:E2:56:3A:87:39:AD
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 019D053F07CE13D9C2C496450BE186CCCFF7
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/OIeDUqwKxJ57Hp4z0SriVjqHOa0.roa
Signing time: Thu 19 Mar 2026 08:38:29 +0000
ROA not before: Thu 19 Mar 2026 08:38:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1136
IP address blocks: 37.251.0.0/17 maxlen: 17
46.227.232.0/21 maxlen: 21
62.131.0.0/16 maxlen: 16
62.216.0.0/19 maxlen: 19
62.251.0.0/17 maxlen: 17
77.160.0.0/13 maxlen: 13
77.168.0.0/14 maxlen: 14
77.172.0.0/16 maxlen: 16
77.173.0.0/16 maxlen: 16
77.174.0.0/16 maxlen: 16
77.175.0.0/16 maxlen: 16
77.175.0.0/17 maxlen: 17
77.175.128.0/17 maxlen: 17
80.60.0.0/15 maxlen: 15
80.100.0.0/15 maxlen: 15
81.204.0.0/14 maxlen: 14
82.92.0.0/14 maxlen: 14
82.136.192.0/18 maxlen: 18
82.161.0.0/16 maxlen: 16
82.168.0.0/15 maxlen: 15
82.170.0.0/16 maxlen: 16
83.68.0.0/19 maxlen: 19
84.39.0.0/19 maxlen: 19
84.80.0.0/16 maxlen: 16
84.82.0.0/15 maxlen: 15
84.84.0.0/14 maxlen: 14
85.113.224.0/19 maxlen: 19
86.80.0.0/13 maxlen: 13
86.88.0.0/15 maxlen: 15
86.90.0.0/16 maxlen: 16
86.92.0.0/14 maxlen: 14
88.159.0.0/16 maxlen: 16
188.142.0.0/17 maxlen: 17
194.109.0.0/16 maxlen: 16
195.240.0.0/16 maxlen: 16
195.240.0.0/17 maxlen: 17
195.240.128.0/18 maxlen: 18
195.240.192.0/18 maxlen: 18
195.241.0.0/16 maxlen: 16
212.123.128.0/18 maxlen: 18
212.182.128.0/18 maxlen: 18
212.238.0.0/16 maxlen: 16
213.10.0.0/16 maxlen: 16
213.84.0.0/16 maxlen: 16
213.148.224.0/19 maxlen: 19
213.197.0.0/18 maxlen: 18
213.222.0.0/19 maxlen: 19
2001:888::/29 maxlen: 29
2001:980::/29 maxlen: 29
2a02:a400::/25 maxlen: 25
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:05:3f:07:ce:13:d9:c2:c4:96:45:0b:e1:86:cc:cf:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Mar 19 08:38:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=38878352ac0ac49e7b1e9e33d12ae2563a8739ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:84:60:d3:b6:c3:e1:83:f3:f2:ab:3c:85:ba:
9e:b2:ec:b8:c2:ab:95:71:85:ae:ed:cd:74:11:74:
75:4e:cf:d2:51:32:86:87:77:92:08:1c:f1:e6:8d:
be:92:ef:d9:91:2b:d3:1a:ea:ff:20:7a:07:e8:5e:
23:fc:fc:b3:69:f0:ef:09:c0:f3:ab:17:4c:2f:84:
d8:a6:94:d0:db:a0:2a:10:70:b7:ee:58:54:b6:09:
60:86:ec:5d:53:26:3d:1c:24:52:a8:98:7d:ec:11:
bc:b9:2c:51:79:c7:71:82:56:f3:a3:0d:50:e8:87:
dd:95:5d:88:02:73:79:88:26:fe:5a:17:61:3c:98:
d8:81:de:ab:67:f9:3b:ed:5b:cd:02:cf:78:57:65:
7d:d6:fd:9d:9f:11:77:b8:56:70:cf:88:0d:9c:04:
c2:56:6e:6e:b0:02:6a:b0:18:a5:46:29:48:8c:de:
78:c7:ae:80:e6:08:db:46:6c:96:9c:63:79:7c:e2:
42:18:15:49:58:cb:58:fe:a4:41:f0:83:c2:fd:33:
80:b4:5a:47:ff:66:62:53:fd:15:48:d5:28:ff:09:
a9:76:ab:46:2d:9f:86:54:9d:d3:31:96:94:3c:2c:
6a:91:cd:61:41:3f:68:8a:7c:46:ab:3a:d4:38:42:
1d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:87:83:52:AC:0A:C4:9E:7B:1E:9E:33:D1:2A:E2:56:3A:87:39:AD
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/OIeDUqwKxJ57Hp4z0SriVjqHOa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.0.0/17
46.227.232.0/21
62.131.0.0/16
62.216.0.0/19
62.251.0.0/17
77.160.0.0/12
80.60.0.0/15
80.100.0.0/15
81.204.0.0/14
82.92.0.0/14
82.136.192.0/18
82.161.0.0/16
82.168.0.0-82.170.255.255
83.68.0.0/19
84.39.0.0/19
84.80.0.0/16
84.82.0.0-84.87.255.255
85.113.224.0/19
86.80.0.0-86.90.255.255
86.92.0.0/14
88.159.0.0/16
188.142.0.0/17
194.109.0.0/16
195.240.0.0/15
212.123.128.0/18
212.182.128.0/18
212.238.0.0/16
213.10.0.0/16
213.84.0.0/16
213.148.224.0/19
213.197.0.0/18
213.222.0.0/19
IPv6:
2001:888::/29
2001:980::/29
2a02:a400::/25
Signature Algorithm: sha256WithRSAEncryption
46:f6:d8:02:04:3b:ae:9c:61:ae:42:9d:ae:a6:3b:82:eb:9a:
a9:c3:64:f2:fc:e2:15:27:32:79:33:c4:3c:a9:f3:c5:fe:20:
d5:5f:66:65:9c:ad:b7:ac:85:94:79:cf:ad:42:dc:6c:bd:50:
58:23:2f:c6:83:ca:b9:98:44:4d:5a:60:39:8a:09:c4:e5:3d:
d2:e8:2f:84:11:8a:c0:a9:92:ae:95:62:02:2a:95:bf:78:b8:
4b:25:59:9a:14:b9:be:68:f4:31:20:c9:e7:6d:92:8f:00:6b:
83:8f:92:38:b0:d9:e0:14:2f:5c:34:42:59:e7:db:8b:29:85:
b1:60:54:cc:5d:04:05:fc:fc:6d:6f:60:d2:17:56:68:b1:92:
51:b7:15:1c:66:27:02:de:ff:e5:06:7a:08:dc:04:56:cf:be:
e3:c7:ef:c4:0f:8f:58:bc:56:66:64:d3:ca:6f:67:e6:f6:b3:
f4:25:11:e0:f3:45:67:80:93:e7:e4:20:4a:82:c5:e0:6b:13:
07:92:ec:86:ba:5f:fa:eb:9b:34:05:ef:c4:10:9c:b2:41:c8:
d0:53:2e:c0:e5:b2:13:9a:e0:61:b4:f5:2f:ec:3c:a9:47:97:
a5:57:1f:ba:89:24:af:17:0a:88:be:e7:75:5a:2a:6b:c6:c8:
0a:c3:e0:88
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAZ0FPwfOE9nCxJZFC+GGzM/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjYwMzE5MDgzODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODg3ODM1MmFjMGFjNDllN2IxZTllMzNkMTJhZTI1NjNhODczOWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4Rg07bD4YPz8qs8hbqesuy4wquV
cYWu7c10EXR1Ts/SUTKGh3eSCBzx5o2+ku/ZkSvTGur/IHoH6F4j/PyzafDvCcDz
qxdML4TYppTQ26AqEHC37lhUtglghuxdUyY9HCRSqJh97BG8uSxRecdxglbzow1Q
6IfdlV2IAnN5iCb+WhdhPJjYgd6rZ/k77VvNAs94V2V91v2dnxF3uFZwz4gNnATC
Vm5usAJqsBilRilIjN54x66A5gjbRmyWnGN5fOJCGBVJWMtY/qRB8IPC/TOAtFpH
/2ZiU/0VSNUo/wmpdqtGLZ+GVJ3TMZaUPCxqkc1hQT9oinxGqzrUOEIdPQIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFDiHg1KsCsSeex6eM9Eq4lY6hzmtMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvT0llRFVxd0t4SjU3SHA0ejBTcmlWanFIT2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCBygQCAAEwgcMDBAcl
+wADBAMu4+gDAwA+gwMEBT7YAAMEBz77AAMDBE2gAwMBUDwDAwFQZAMDAlHMAwMC
UlwDBAZSiMADAwBSoTAKAwMDUqgDAwBSqgMEBVNEAAMEBVQnAAMDAFRQMAoDAwFU
UgMDA1RQAwQFVXHgMAoDAwRWUAMDAFZaAwMCVlwDAwBYnwMEB7yOAAMDAMJtAwMB
w/ADBAbUe4ADBAbUtoADAwDU7gMDANUKAwMA1VQDBAXVlOADBAbVxQADBAXV3gAw
GwQCAAIwFQMFAyABCIgDBQMgAQmAAwUHKgKkADANBgkqhkiG9w0BAQsFAAOCAQEA
RvbYAgQ7rpxhrkKdrqY7guuaqcNk8vziFScyeTPEPKnzxf4g1V9mZZytt6yFlHnP
rULcbL1QWCMvxoPKuZhETVpgOYoJxOU90ugvhBGKwKmSrpViAiqVv3i4SyVZmhS5
vmj0MSDJ522SjwBrg4+SOLDZ4BQvXDRCWefbiymFsWBUzF0EBfz8bW9g0hdWaLGS
UbcVHGYnAt7/5QZ6CNwEVs++48fvxA+PWLxWZmTTym9n5vaz9CUR4PNFZ4CT5+Qg
SoLF4GsTB5Lshrpf+uubNAXvxBCcskHI0FMuwOWyE5rgYbT1L+w8qUeXpVcfuokk
rxcKiL7ndVoqa8bICsPgiA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:38:41 2026 by rpki-client