Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/I4TuqjOm1C2zDBl84QYwRusdbW4.roa
File: I4TuqjOm1C2zDBl84QYwRusdbW4.roa (raw, json)
Hash identifier: 6Cy0hcq0lmTjssRip5hhqeI88aZGCGL9orwx2vFNpm0=
Subject key identifier: 23:84:EE:AA:33:A6:D4:2D:B3:0C:19:7C:E1:06:30:46:EB:1D:6D:6E
Certificate issuer: /CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Certificate serial: 019DB4078BFD46939F18BA8979F6F5BEBF1D
Authority key identifier: 99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/I4TuqjOm1C2zDBl84QYwRusdbW4.roa
Signing time: Wed 22 Apr 2026 07:11:26 +0000
ROA not before: Wed 22 Apr 2026 07:11:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6848
IP address blocks: 5.23.128.0/17 maxlen: 17
37.230.120.0/21 maxlen: 21
46.253.160.0/20 maxlen: 20
62.205.64.0/18 maxlen: 18
78.20.0.0/14 maxlen: 14
78.24.168.0/21 maxlen: 21
78.29.192.0/18 maxlen: 18
81.82.0.0/15 maxlen: 15
81.164.0.0/15 maxlen: 15
82.143.64.0/18 maxlen: 18
82.210.64.0/19 maxlen: 19
83.217.128.0/19 maxlen: 19
84.192.0.0/13 maxlen: 13
85.28.64.0/18 maxlen: 18
85.255.192.0/24 maxlen: 24
85.255.193.0/24 maxlen: 24
85.255.194.0/24 maxlen: 24
85.255.195.0/24 maxlen: 24
85.255.196.0/24 maxlen: 24
85.255.197.0/24 maxlen: 24
85.255.198.0/24 maxlen: 24
85.255.199.0/24 maxlen: 24
85.255.200.0/24 maxlen: 24
85.255.201.0/24 maxlen: 24
85.255.202.0/24 maxlen: 24
85.255.203.0/24 maxlen: 24
85.255.204.0/24 maxlen: 24
85.255.205.0/24 maxlen: 24
85.255.206.0/24 maxlen: 24
85.255.207.0/24 maxlen: 24
94.72.64.0/19 maxlen: 19
94.224.0.0/14 maxlen: 14
141.134.0.0/15 maxlen: 15
157.173.128.0/18 maxlen: 18
176.62.136.0/21 maxlen: 21
178.116.0.0/14 maxlen: 14
185.23.244.0/22 maxlen: 22
185.29.5.0/24 maxlen: 24
185.29.6.0/23 maxlen: 23
185.30.52.0/22 maxlen: 22
185.35.52.0/24 maxlen: 24
185.35.53.0/24 maxlen: 24
185.35.54.0/24 maxlen: 24
185.35.55.0/24 maxlen: 24
185.152.56.0/24 maxlen: 24
185.152.57.0/24 maxlen: 24
185.152.58.0/24 maxlen: 24
185.152.59.0/24 maxlen: 24
185.248.40.0/22 maxlen: 22
188.44.64.0/19 maxlen: 19
188.95.146.0/23 maxlen: 23
188.137.192.0/19 maxlen: 19
188.188.0.0/15 maxlen: 15
195.16.0.0/19 maxlen: 19
195.130.128.0/19 maxlen: 19
195.162.192.0/19 maxlen: 19
212.76.224.0/19 maxlen: 19
212.88.224.0/19 maxlen: 19
212.123.0.0/19 maxlen: 19
213.118.0.0/15 maxlen: 15
213.132.128.0/19 maxlen: 19
213.214.32.0/19 maxlen: 19
213.224.0.0/16 maxlen: 16
213.251.64.0/18 maxlen: 18
217.72.224.0/20 maxlen: 20
217.168.120.0/21 maxlen: 21
2a00:1cf8::/32 maxlen: 32
2a01:498::/32 maxlen: 32
2a01:498:200::/40 maxlen: 40
2a01:498:500::/40 maxlen: 40
2a01:498:8100::/40 maxlen: 40
2a01:498:8500::/40 maxlen: 40
2a02:1800::/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 22:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b4:07:8b:fd:46:93:9f:18:ba:89:79:f6:f5:be:bf:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Validity
Not Before: Apr 22 07:11:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2384eeaa33a6d42db30c197ce1063046eb1d6d6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:17:80:03:1f:e8:8d:48:2d:22:20:50:ae:c9:
a6:88:70:7d:7a:54:b2:67:9e:af:36:60:c4:ac:c6:
fe:8c:cb:fa:a1:ed:bf:fc:84:f0:85:db:04:b9:14:
e2:21:90:86:9f:3d:3c:60:0d:bd:a3:4c:6d:2d:b6:
8e:d2:6f:8e:86:bf:98:2b:a1:59:59:59:e9:8c:05:
6b:f6:af:11:92:b8:90:d0:a1:d0:25:89:c8:f9:2e:
1e:3b:2b:44:79:fd:47:8c:e1:df:ec:01:74:bc:c2:
35:aa:17:1c:7a:16:b9:47:72:73:e4:7e:1e:68:fb:
45:79:c0:11:f4:e9:c4:fe:fe:0e:98:b1:e0:28:d1:
10:2f:b3:ea:fd:7e:52:24:4b:08:c7:09:e3:0f:3f:
5f:57:da:a5:85:1d:7f:91:1b:3f:16:38:f1:8b:e3:
6d:8c:03:bc:5c:39:d7:52:3c:89:7e:70:ce:fd:ae:
46:a1:7d:32:5b:fc:a4:53:f6:03:d0:3c:07:84:0d:
b8:e6:e4:4d:70:66:5e:f4:d3:ba:a5:28:75:04:a8:
47:5a:00:91:ac:44:6b:91:dd:12:ac:dc:1d:dc:c7:
9c:09:f4:25:eb:0c:a0:51:24:65:7f:a1:5c:02:e5:
1b:43:f7:69:b9:dc:ae:68:88:34:44:bb:b6:c7:ee:
c9:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:84:EE:AA:33:A6:D4:2D:B3:0C:19:7C:E1:06:30:46:EB:1D:6D:6E
X509v3 Authority Key Identifier:
keyid:99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/I4TuqjOm1C2zDBl84QYwRusdbW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.128.0/17
37.230.120.0/21
46.253.160.0/20
62.205.64.0/18
78.20.0.0/14
78.24.168.0/21
78.29.192.0/18
81.82.0.0/15
81.164.0.0/15
82.143.64.0/18
82.210.64.0/19
83.217.128.0/19
84.192.0.0/13
85.28.64.0/18
85.255.192.0/20
94.72.64.0/19
94.224.0.0/14
141.134.0.0/15
157.173.128.0/18
176.62.136.0/21
178.116.0.0/14
185.23.244.0/22
185.29.5.0-185.29.7.255
185.30.52.0/22
185.35.52.0/22
185.152.56.0/22
185.248.40.0/22
188.44.64.0/19
188.95.146.0/23
188.137.192.0/19
188.188.0.0/15
195.16.0.0/19
195.130.128.0/19
195.162.192.0/19
212.76.224.0/19
212.88.224.0/19
212.123.0.0/19
213.118.0.0/15
213.132.128.0/19
213.214.32.0/19
213.224.0.0/16
213.251.64.0/18
217.72.224.0/20
217.168.120.0/21
IPv6:
2a00:1cf8::/32
2a01:498::/32
2a02:1800::/24
Signature Algorithm: sha256WithRSAEncryption
9a:72:04:5e:a2:86:cf:eb:65:56:67:ae:6d:30:e4:51:8b:20:
fc:17:26:81:2b:11:6f:3f:88:7d:af:53:1d:10:23:e7:95:eb:
a0:0b:54:f7:4b:65:80:d6:15:c2:a9:5a:b9:72:b4:76:10:7a:
ac:fd:f4:6f:9b:3b:9d:43:c3:cd:3b:75:84:67:e9:44:29:88:
3a:4b:90:de:e4:f4:63:49:ac:a1:ce:83:e3:85:b6:d0:4d:09:
96:93:d4:ee:3c:7c:9a:3d:e7:ec:a3:c3:c8:e6:bd:ba:84:13:
e5:ff:d7:dd:34:64:25:44:53:7d:5a:b0:a8:2b:21:40:1c:86:
4c:21:3c:48:d7:39:71:4b:7e:53:57:5d:c0:84:76:82:8e:5b:
2f:d6:3c:9a:d5:92:37:52:84:ca:fc:6f:6f:c1:f0:8a:0e:d6:
e6:85:1c:5d:fb:06:0b:0e:9b:d6:7b:08:60:ef:98:1c:a9:c6:
bc:a2:83:2c:cc:95:cc:0d:7f:f0:30:f8:26:5d:ab:fc:a1:3f:
4b:56:3e:07:47:9f:b8:71:a9:c1:36:d4:ec:e9:17:26:c7:86:
8e:f9:93:66:d6:9d:48:77:bd:49:d3:44:1a:bf:a9:99:78:ec:
e9:79:00:b3:8e:f3:bc:48:40:44:ad:0b:bd:75:fd:a7:bf:fb:
37:e8:46:c0
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgISAZ20B4v9RpOfGLqJefb1vr8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OWRmN2RjMGVkNTE4ZjFlYzY5OTc0Y2Y5OGNlY2FhZGEx
YTg2ODAwHhcNMjYwNDIyMDcxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzg0ZWVhYTMzYTZkNDJkYjMwYzE5N2NlMTA2MzA0NmViMWQ2ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxeAAx/ojUgtIiBQrsmmiHB9elSy
Z56vNmDErMb+jMv6oe2//ITwhdsEuRTiIZCGnz08YA29o0xtLbaO0m+Ohr+YK6FZ
WVnpjAVr9q8RkriQ0KHQJYnI+S4eOytEef1HjOHf7AF0vMI1qhcceha5R3Jz5H4e
aPtFecAR9OnE/v4OmLHgKNEQL7Pq/X5SJEsIxwnjDz9fV9qlhR1/kRs/Fjjxi+Nt
jAO8XDnXUjyJfnDO/a5GoX0yW/ykU/YD0DwHhA245uRNcGZe9NO6pSh1BKhHWgCR
rERrkd0SrNwd3MecCfQl6wygUSRlf6FcAuUbQ/dpudyuaIg0RLu2x+7J0wIDAQAB
o4IDLzCCAyswHQYDVR0OBBYEFCOE7qozptQtswwZfOEGMEbrHW1uMB8GA1UdIwQY
MBaAFJmd99wO1Rjx7GmXTPmM7KraGoaAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYt
MTM4Yjc4N2RlM2UzLzEvSTRUdXFqT20xQzJ6REJsODRRWXdSdXNkYlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYtMTM4Yjc4N2RlM2Uz
LzEvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCAQ4EAgABMIIB
BgMEBwUXgAMEAyXmeAMEBC79oAMEBj7NQAMDAk4UAwQDThioAwQGTh3AAwMBUVID
AwFRpAMEBlKPQAMEBVLSQAMEBVPZgAMDA1TAAwQGVRxAAwQEVf/AAwQFXkhAAwMC
XuADAwGNhgMEBp2tgAMEA7A+iAMDArJ0AwQCuRf0MAwDBAC5HQUDBAO5HQADBAK5
HjQDBAK5IzQDBAK5mDgDBAK5+CgDBAW8LEADBAG8X5IDBAW8icADAwG8vAMEBcMQ
AAMEBcOCgAMEBcOiwAMEBdRM4AMEBdRY4AMEBdR7AAMDAdV2AwQF1YSAAwQF1dYg
AwMA1eADBAbV+0ADBATZSOADBAPZqHgwGgQCAAIwFAMFACoAHPgDBQAqAQSYAwQA
KgIYMA0GCSqGSIb3DQEBCwUAA4IBAQCacgReoobP62VWZ65tMORRiyD8FyaBKxFv
P4h9r1MdECPnleugC1T3S2WA1hXCqVq5crR2EHqs/fRvmzudQ8PNO3WEZ+lEKYg6
S5De5PRjSayhzoPjhbbQTQmWk9TuPHyaPefso8PI5r26hBPl/9fdNGQlRFN9WrCo
KyFAHIZMITxI1zlxS35TV13AhHaCjlsv1jya1ZI3UoTK/G9vwfCKDtbmhRxd+wYL
DpvWewhg75gcqca8ooMszJXMDX/wMPgmXav8oT9LVj4HR5+4canBNtTs6Rcmx4aO
+ZNm1p1Id71J00Qav6mZeOzpeQCzjvO8SEBErQu9df2nv/s36EbA
-----END CERTIFICATE-----
Generated at Wed May 13 06:01:20 2026 by rpki-client