Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/Wv3jBQDz94jp90n3YXOm7UR7OY0.roa
File: Wv3jBQDz94jp90n3YXOm7UR7OY0.roa (raw, json)
Hash identifier: nZAkejw3a0YAsJYA9xPdYx6NPiHL+D888pdSk5f6Jys=
Subject key identifier: 5A:FD:E3:05:00:F3:F7:88:E9:F7:49:F7:61:73:A6:ED:44:7B:39:8D
Certificate issuer: /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial: 019E0805C691CAD0A03450CC9CB0E7371423
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/Wv3jBQDz94jp90n3YXOm7UR7OY0.roa
Signing time: Fri 08 May 2026 14:37:36 +0000
ROA not before: Fri 08 May 2026 14:37:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210656
IP address blocks: 89.223.20.0/24 maxlen: 32
92.255.58.0/23 maxlen: 32
94.126.204.0/22 maxlen: 32
94.139.248.0/22 maxlen: 32
185.184.128.0/22 maxlen: 32
185.216.194.0/23 maxlen: 32
2a0d:d6c2::/48 maxlen: 48
2a0d:d6c7:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 17:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:08:05:c6:91:ca:d0:a0:34:50:cc:9c:b0:e7:37:14:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Validity
Not Before: May 8 14:37:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5afde30500f3f788e9f749f76173a6ed447b398d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:59:f7:a5:b3:a3:77:88:50:59:70:a2:1f:03:
2c:ef:1a:9d:a3:93:32:71:60:fd:ab:ef:23:9a:ec:
f8:aa:f5:7e:96:1b:79:cb:10:ae:66:9f:b8:9f:31:
cc:f6:78:e9:13:11:a0:00:74:05:d3:06:20:1d:cb:
5c:6f:1f:b9:f3:1b:27:be:08:d6:92:ee:3d:16:f1:
76:be:40:c9:ef:72:8c:99:d3:0a:67:8c:e1:9e:82:
f7:46:e5:db:d7:b0:82:8d:2b:3a:a7:de:92:81:1f:
cd:37:4f:20:28:b3:e2:00:b2:42:28:eb:ee:d4:0a:
ef:42:e7:ab:67:a7:b7:86:43:c3:45:c4:18:33:18:
f7:fa:14:35:87:7c:3c:aa:71:bd:7a:99:96:45:82:
40:da:36:6f:18:9b:c9:bd:fa:61:80:60:ce:08:f4:
cc:80:ca:1d:a6:9c:25:31:56:ed:bc:14:ea:0c:47:
7d:93:3a:0f:b5:2f:e2:36:69:8f:a3:b2:a5:35:58:
cf:8a:72:0b:2c:eb:53:76:9e:2e:ba:3f:76:21:16:
1f:b6:b9:92:14:48:86:1c:34:0b:b8:95:d7:8b:a8:
57:78:42:14:70:f3:27:76:52:8f:a5:f4:a3:ef:e7:
a6:41:d8:f1:7c:7b:f3:6c:57:63:c8:83:90:b8:20:
5f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:FD:E3:05:00:F3:F7:88:E9:F7:49:F7:61:73:A6:ED:44:7B:39:8D
X509v3 Authority Key Identifier:
keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/Wv3jBQDz94jp90n3YXOm7UR7OY0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.223.20.0/24
92.255.58.0/23
94.126.204.0/22
94.139.248.0/22
185.184.128.0/22
185.216.194.0/23
IPv6:
2a0d:d6c2::/48
2a0d:d6c7:3::/48
Signature Algorithm: sha256WithRSAEncryption
8e:ff:d9:c8:ff:ef:f3:19:3e:78:bf:2b:6e:bf:0e:4b:25:08:
fc:26:f3:6f:a8:4a:70:f9:b7:2a:eb:af:e7:ba:e7:6f:bb:44:
1f:34:9f:6b:e4:7f:5b:db:50:9f:fe:b8:fe:ef:7a:a5:c9:17:
b0:08:c8:9b:6d:c0:a3:71:94:68:9f:64:0d:d1:1b:ff:34:70:
d5:3b:cc:5e:f2:54:63:29:19:8a:94:02:9a:35:31:d1:14:ff:
4a:a9:f8:87:67:c2:7a:11:74:eb:5d:a5:18:74:dd:f8:c0:28:
2b:32:2e:87:44:b5:fd:e7:2d:77:0a:4f:f6:1d:d1:e8:ed:2d:
0b:03:10:10:78:54:1f:db:81:23:0f:44:dc:e9:1c:33:60:7b:
37:08:96:ed:1a:ff:fa:fd:ac:a5:30:49:82:81:7b:df:7c:c7:
a4:dc:bd:d9:7b:97:33:67:27:74:19:8e:cc:d1:67:01:1a:84:
10:78:18:0d:52:d5:20:ce:38:8b:fa:16:45:36:44:36:ec:bb:
d2:fa:3b:a6:61:47:fc:da:06:64:72:15:6a:04:9e:89:21:1a:
1b:bb:5f:95:00:34:a0:db:77:45:d6:47:41:d5:12:3a:db:c3:
96:e4:7d:c3:08:ac:fe:65:45:f5:bd:c0:f9:c5:84:16:04:55:
07:93:c9:fa
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ4IBcaRytCgNFDMnLDnNxQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjYwNTA4MTQzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZkZTMwNTAwZjNmNzg4ZTlmNzQ5Zjc2MTczYTZlZDQ0N2IzOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVn3pbOjd4hQWXCiHwMs7xqdo5My
cWD9q+8jmuz4qvV+lht5yxCuZp+4nzHM9njpExGgAHQF0wYgHctcbx+58xsnvgjW
ku49FvF2vkDJ73KMmdMKZ4zhnoL3RuXb17CCjSs6p96SgR/NN08gKLPiALJCKOvu
1ArvQuerZ6e3hkPDRcQYMxj3+hQ1h3w8qnG9epmWRYJA2jZvGJvJvfphgGDOCPTM
gModppwlMVbtvBTqDEd9kzoPtS/iNmmPo7KlNVjPinILLOtTdp4uuj92IRYftrmS
FEiGHDQLuJXXi6hXeEIUcPMndlKPpfSj7+emQdjxfHvzbFdjyIOQuCBfhwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFr94wUA8/eI6fdJ92Fzpu1EezmNMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvV3YzakJRRHo5NGpwOTBuM1lYT203VVI3T1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAWd8UAwQB
XP86AwQCXn7MAwQCXov4AwQCubiAAwQBudjCMBgEAgACMBIDBwAqDdbCAAADBwAq
DdbHAAMwDQYJKoZIhvcNAQELBQADggEBAI7/2cj/7/MZPni/K26/DkslCPwm82+o
SnD5tyrrr+e652+7RB80n2vkf1vbUJ/+uP7veqXJF7AIyJttwKNxlGifZA3RG/80
cNU7zF7yVGMpGYqUApo1MdEU/0qp+IdnwnoRdOtdpRh03fjAKCsyLodEtf3nLXcK
T/Yd0ejtLQsDEBB4VB/bgSMPRNzpHDNgezcIlu0a//r9rKUwSYKBe998x6Tcvdl7
lzNnJ3QZjszRZwEahBB4GA1S1SDOOIv6FkU2RDbsu9L6O6ZhR/zaBmRyFWoEnokh
Ghu7X5UANKDbd0XWR0HVEjrbw5bkfcMIrP5lRfW9wPnFhBYEVQeTyfo=
-----END CERTIFICATE-----
Generated at Wed May 13 02:15:21 2026 by rpki-client