Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/h49K85L4UEyeEFjotSv0qoO9c5E.roa
File: h49K85L4UEyeEFjotSv0qoO9c5E.roa (raw, json)
Hash identifier: Om6LbPxllmjNlvNuigobtMNJ+3VA5Oexf50hnPEjfBw=
Subject key identifier: 87:8F:4A:F3:92:F8:50:4C:9E:10:58:E8:B5:2B:F4:AA:83:BD:73:91
Certificate issuer: /CN=ea22f4fb955d79f093d7e87b182c3440ac4be06c
Certificate serial: 019B7FF28DE669721B782A6A52C5D67616B2
Authority key identifier: EA:22:F4:FB:95:5D:79:F0:93:D7:E8:7B:18:2C:34:40:AC:4B:E0:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6iL0-5VdefCT1-h7GCw0QKxL4Gw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/h49K85L4UEyeEFjotSv0qoO9c5E.roa
Signing time: Fri 02 Jan 2026 18:22:41 +0000
ROA not before: Fri 02 Jan 2026 18:22:41 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 56665
IP address blocks: 31.204.88.0/24 maxlen: 24
31.204.90.0/23 maxlen: 23
31.204.92.0/22 maxlen: 22
94.252.0.0/17 maxlen: 17
94.252.0.0/21 maxlen: 21
94.252.8.0/21 maxlen: 21
94.252.16.0/21 maxlen: 21
94.252.24.0/21 maxlen: 21
94.252.32.0/21 maxlen: 21
94.252.40.0/21 maxlen: 21
94.252.48.0/21 maxlen: 21
94.252.56.0/21 maxlen: 21
94.252.64.0/21 maxlen: 21
94.252.72.0/21 maxlen: 21
94.252.80.0/21 maxlen: 21
94.252.88.0/21 maxlen: 21
94.252.96.0/20 maxlen: 20
94.252.112.0/21 maxlen: 21
94.252.120.0/21 maxlen: 21
185.3.44.0/22 maxlen: 22
185.40.60.0/22 maxlen: 22
185.40.60.0/23 maxlen: 23
185.40.62.0/23 maxlen: 23
212.66.64.0/19 maxlen: 19
212.66.67.0/24 maxlen: 24
212.66.76.0/24 maxlen: 24
2a00:4180:1::/48 maxlen: 48
2a00:4180:2::/48 maxlen: 48
2a00:4180:3::/48 maxlen: 48
2a00:4180:1000::/36 maxlen: 36
2a04:81c0::/29 maxlen: 29
2a04:81c4::/44 maxlen: 44
2a04:81c4:10::/44 maxlen: 44
2a04:81c4:1000::/40 maxlen: 40
2a04:81c4:1100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/6iL0-5VdefCT1-h7GCw0QKxL4Gw.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/6iL0-5VdefCT1-h7GCw0QKxL4Gw.mft
rsync://rpki.ripe.net/repository/DEFAULT/6iL0-5VdefCT1-h7GCw0QKxL4Gw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:f2:8d:e6:69:72:1b:78:2a:6a:52:c5:d6:76:16:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ea22f4fb955d79f093d7e87b182c3440ac4be06c
Validity
Not Before: Jan 2 18:22:41 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=878f4af392f8504c9e1058e8b52bf4aa83bd7391
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a6:4d:14:cc:ca:79:0e:44:c7:e7:97:1f:d2:
64:32:77:9e:e7:13:be:a8:7b:4b:c8:1a:30:e8:17:
1e:d0:01:bd:61:b5:f0:96:0d:7d:f0:00:55:c8:a8:
c9:41:26:e2:3c:a3:07:b1:de:9f:54:bb:19:75:78:
77:3a:6b:7b:81:5c:6c:3c:5c:f9:28:c1:e0:1b:0a:
9a:5b:99:91:a8:a0:9e:16:ed:47:a7:3b:95:41:04:
9f:c4:f7:b3:5e:47:e4:3f:f1:d2:6e:86:af:cb:0c:
b7:4a:4e:3e:f8:9a:0d:0c:d2:e3:d7:d1:28:f1:34:
43:ea:27:8d:3d:e0:b4:d3:73:65:04:e4:bf:9a:5e:
c3:de:12:0e:bd:e4:59:8e:2d:83:f7:26:86:f3:13:
de:8a:cd:63:d1:6c:c4:27:8f:3b:0d:c8:39:12:d5:
bd:0f:ec:4f:b1:bc:37:ce:79:a1:78:8d:54:54:ab:
5f:76:f0:4e:12:c0:d3:9b:c6:1c:34:47:e0:86:a2:
ba:27:fe:27:a9:cc:97:fc:e8:16:e3:a6:04:93:0c:
78:96:b5:c4:93:96:e6:b6:b2:25:aa:d2:75:21:07:
8b:77:1f:eb:da:3e:f8:11:d1:7a:d6:b0:ae:a3:96:
4f:e8:13:5d:91:79:46:b7:58:0f:6a:29:80:ce:aa:
59:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:8F:4A:F3:92:F8:50:4C:9E:10:58:E8:B5:2B:F4:AA:83:BD:73:91
X509v3 Authority Key Identifier:
keyid:EA:22:F4:FB:95:5D:79:F0:93:D7:E8:7B:18:2C:34:40:AC:4B:E0:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6iL0-5VdefCT1-h7GCw0QKxL4Gw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/h49K85L4UEyeEFjotSv0qoO9c5E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fc8037-2b7c-41fc-9dbf-93d1fb72d383/1/6iL0-5VdefCT1-h7GCw0QKxL4Gw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.204.88.0/24
31.204.90.0-31.204.95.255
94.252.0.0/17
185.3.44.0/22
185.40.60.0/22
212.66.64.0/19
IPv6:
2a00:4180:1::-2a00:4180:3:ffff:ffff:ffff:ffff:ffff
2a00:4180:1000::/36
2a04:81c0::/29
Signature Algorithm: sha256WithRSAEncryption
a1:d9:5a:bd:8b:a4:40:7e:ca:5f:2b:02:c4:89:55:a7:05:63:
14:53:13:ad:23:10:00:8b:a0:47:25:ec:b9:2d:a5:c8:65:e2:
88:ef:fa:87:88:19:dd:0b:c2:c1:1b:b3:0e:de:ba:f2:d9:08:
ff:79:7b:f8:2c:48:f6:1c:8a:7a:20:6e:cb:5b:56:d4:81:1a:
cc:ee:d6:54:49:c6:8b:67:20:b2:48:1c:b2:57:7b:4c:15:a2:
e1:d9:42:fd:dc:13:5e:0d:60:a8:4e:70:b5:d0:35:9a:88:4d:
99:12:34:9d:ea:76:40:2b:a5:78:a5:7d:2f:8b:f9:b3:52:a1:
2d:b5:66:bb:ce:78:e9:87:65:fb:be:91:4e:de:35:08:c7:77:
81:ed:0b:fa:48:bc:26:bc:20:01:9a:57:85:b5:5b:ad:be:c2:
80:12:6b:d5:99:75:b4:f5:b8:0a:34:d8:e9:c6:aa:1d:43:68:
63:e9:59:10:eb:c4:f5:b2:a7:f7:8d:0c:03:16:5a:3d:30:36:
59:53:05:e2:f8:30:88:4a:38:49:7e:34:69:1d:fc:11:23:7a:
55:90:95:06:2e:db:45:26:3b:c6:8a:3a:0e:a3:5c:b9:d5:c8:
48:2b:0b:d9:8f:0f:fb:48:64:5c:84:d9:13:12:5a:b8:cc:22:
9b:13:c2:62
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZt/8o3maXIbeCpqUsXWdhayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMjJmNGZiOTU1ZDc5ZjA5M2Q3ZTg3YjE4MmMzNDQwYWM0
YmUwNmMwHhcNMjYwMTAyMTgyMjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhmNGFmMzkyZjg1MDRjOWUxMDU4ZThiNTJiZjRhYTgzYmQ3MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaZNFMzKeQ5Ex+eXH9JkMnee5xO+
qHtLyBow6Bce0AG9YbXwlg198ABVyKjJQSbiPKMHsd6fVLsZdXh3Omt7gVxsPFz5
KMHgGwqaW5mRqKCeFu1HpzuVQQSfxPezXkfkP/HSboavywy3Sk4++JoNDNLj19Eo
8TRD6ieNPeC003NlBOS/ml7D3hIOveRZji2D9yaG8xPeis1j0WzEJ487Dcg5EtW9
D+xPsbw3znmheI1UVKtfdvBOEsDTm8YcNEfghqK6J/4nqcyX/OgW46YEkwx4lrXE
k5bmtrIlqtJ1IQeLdx/r2j74EdF61rCuo5ZP6BNdkXlGt1gPaimAzqpZTQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFIePSvOS+FBMnhBY6LUr9KqDvXORMB8GA1UdIwQY
MBaAFOoi9PuVXXnwk9foexgsNECsS+BsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmlMMC01VmRlZkNUMS1oN0dDdzBRS3hMNEd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9mYzgwMzctMmI3Yy00MWZjLTlkYmYt
OTNkMWZiNzJkMzgzLzEvaDQ5Szg1TDRVRXllRUZqb3RTdjBxb085YzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9mYzgwMzctMmI3Yy00MWZjLTlkYmYtOTNkMWZiNzJkMzgz
LzEvNmlMMC01VmRlZkNUMS1oN0dDdzBRS3hMNEd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzAyBAIAATAsAwQAH8xYMAwD
BAEfzFoDBAUfzEADBAde/AADBAK5AywDBAK5KDwDBAXUQkAwKQQCAAIwIzASAwcA
KgBBgAABAwcCKgBBgAAAAwYEKgBBgBADBQMqBIHAMA0GCSqGSIb3DQEBCwUAA4IB
AQCh2Vq9i6RAfspfKwLEiVWnBWMUUxOtIxAAi6BHJey5LaXIZeKI7/qHiBndC8LB
G7MO3rry2Qj/eXv4LEj2HIp6IG7LW1bUgRrM7tZUScaLZyCySByyV3tMFaLh2UL9
3BNeDWCoTnC10DWaiE2ZEjSd6nZAK6V4pX0vi/mzUqEttWa7znjph2X7vpFO3jUI
x3eB7Qv6SLwmvCABmleFtVutvsKAEmvVmXW09bgKNNjpxqodQ2hj6VkQ68T1sqf3
jQwDFlo9MDZZUwXi+DCISjhJfjRpHfwRI3pVkJUGLttFJjvGijoOo1y51chIKwvZ
jw/7SGRchNkTElq4zCKbE8Ji
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:03:31 2026 by rpki-client