Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/D5C99kcr8mKT50Mvo5HM81YJTXY.roa
File: D5C99kcr8mKT50Mvo5HM81YJTXY.roa (raw, json)
Hash identifier: ywYbUhHw9iiYTrmHz0ZR8yctV0n/Q7G+wDNxeTZXe8s=
Subject key identifier: 0F:90:BD:F6:47:2B:F2:62:93:E7:43:2F:A3:91:CC:F3:56:09:4D:76
Certificate issuer: /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial: 019C27CAD6AF6F480718DCDEF85B8BB95411
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/D5C99kcr8mKT50Mvo5HM81YJTXY.roa
Signing time: Wed 04 Feb 2026 08:35:30 +0000
ROA not before: Wed 04 Feb 2026 08:35:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12716
IP address blocks: 37.63.0.0/20 maxlen: 20
37.63.16.0/22 maxlen: 22
37.63.20.0/22 maxlen: 24
37.63.24.0/22 maxlen: 22
37.63.28.0/22 maxlen: 24
37.63.32.0/22 maxlen: 24
37.63.96.0/22 maxlen: 22
62.204.154.0/23 maxlen: 23
78.90.18.0/23 maxlen: 23
78.90.44.0/23 maxlen: 23
78.90.62.0/24 maxlen: 24
78.90.73.0/24 maxlen: 24
78.90.124.0/24 maxlen: 24
78.90.188.0/22 maxlen: 22
78.90.218.0/23 maxlen: 23
83.97.30.0/24 maxlen: 24
84.252.40.0/23 maxlen: 23
85.118.64.0/22 maxlen: 22
85.118.68.0/23 maxlen: 24
85.118.70.0/24 maxlen: 24
85.118.71.0/24 maxlen: 24
85.118.72.0/23 maxlen: 23
85.118.74.0/24 maxlen: 24
85.118.76.0/22 maxlen: 22
85.118.80.0/22 maxlen: 22
85.118.84.0/24 maxlen: 24
85.118.92.0/24 maxlen: 24
85.118.93.0/24 maxlen: 24
89.215.62.0/23 maxlen: 23
151.251.44.0/22 maxlen: 22
151.251.68.0/22 maxlen: 22
151.251.121.0/24 maxlen: 24
151.251.126.0/23 maxlen: 23
151.251.192.0/22 maxlen: 22
151.251.196.0/24 maxlen: 24
151.251.200.0/22 maxlen: 22
151.251.204.0/22 maxlen: 22
151.251.238.0/24 maxlen: 24
151.251.239.0/24 maxlen: 24
151.251.240.0/20 maxlen: 20
176.222.0.0/20 maxlen: 24
185.151.156.0/22 maxlen: 22
185.224.160.0/23 maxlen: 23
212.104.116.0/22 maxlen: 24
213.226.17.0/24 maxlen: 24
213.226.19.0/24 maxlen: 24
213.226.36.0/24 maxlen: 24
213.226.40.0/24 maxlen: 24
213.226.51.0/24 maxlen: 24
213.226.56.0/24 maxlen: 24
213.226.57.0/24 maxlen: 24
213.226.59.0/24 maxlen: 24
2001:1ac8:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:27:ca:d6:af:6f:48:07:18:dc:de:f8:5b:8b:b9:54:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Validity
Not Before: Feb 4 08:35:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0f90bdf6472bf26293e7432fa391ccf356094d76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d2:2e:44:ea:c0:90:86:f9:4d:47:a8:37:ab:
be:66:ce:e4:36:d4:54:b7:5b:c8:aa:92:22:b5:bc:
ff:5e:c0:49:9d:45:50:f2:05:09:b9:fd:0b:d1:8d:
f6:2f:65:ce:4e:a5:3e:27:55:c0:3e:bc:49:89:22:
c2:64:6b:e7:0f:7b:00:a6:4b:de:18:b3:19:59:19:
e0:15:40:ee:fd:01:5a:62:3f:e0:df:1b:b6:d8:dd:
80:3a:13:b6:75:44:fe:06:7c:93:0e:c4:e6:32:35:
75:8d:94:61:e7:87:be:b8:6f:87:63:e5:ec:b5:0b:
57:e0:ff:8f:3d:56:03:49:6f:e8:e4:24:11:56:ca:
4e:26:60:53:da:7a:e6:88:20:d1:21:39:64:3b:cf:
f9:91:72:8c:7b:bc:1f:33:8b:b0:2c:28:68:26:41:
cd:54:b8:27:1b:9a:23:35:28:92:21:52:6e:9d:65:
8c:e3:52:1d:2f:8d:10:99:af:02:eb:6f:45:19:7d:
21:da:1c:5b:2f:7e:82:fb:7c:3f:7e:7c:cb:cd:01:
76:6b:e9:c9:92:41:14:4d:3a:6a:e0:a7:cd:55:58:
2b:98:84:d2:93:36:46:b9:c5:c2:98:eb:38:a7:f6:
71:99:b0:4c:d6:f2:ce:04:57:52:8f:2a:2e:d8:36:
09:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:90:BD:F6:47:2B:F2:62:93:E7:43:2F:A3:91:CC:F3:56:09:4D:76
X509v3 Authority Key Identifier:
keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/D5C99kcr8mKT50Mvo5HM81YJTXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.63.0.0-37.63.35.255
37.63.96.0/22
62.204.154.0/23
78.90.18.0/23
78.90.44.0/23
78.90.62.0/24
78.90.73.0/24
78.90.124.0/24
78.90.188.0/22
78.90.218.0/23
83.97.30.0/24
84.252.40.0/23
85.118.64.0-85.118.74.255
85.118.76.0-85.118.84.255
85.118.92.0/23
89.215.62.0/23
151.251.44.0/22
151.251.68.0/22
151.251.121.0/24
151.251.126.0/23
151.251.192.0-151.251.196.255
151.251.200.0/21
151.251.238.0-151.251.255.255
176.222.0.0/20
185.151.156.0/22
185.224.160.0/23
212.104.116.0/22
213.226.17.0/24
213.226.19.0/24
213.226.36.0/24
213.226.40.0/24
213.226.51.0/24
213.226.56.0/23
213.226.59.0/24
IPv6:
2001:1ac8:1::/48
Signature Algorithm: sha256WithRSAEncryption
2b:14:2a:84:c1:5f:3d:b4:99:48:f7:bc:60:70:38:31:68:f6:
95:62:7a:be:78:b3:a5:cb:3d:c4:39:91:65:cc:7c:bc:9d:b8:
86:24:0e:4c:f4:1c:a1:94:f9:b6:99:71:eb:c1:99:b4:49:cf:
e7:21:28:ab:91:37:f7:34:4c:0a:25:6e:7c:d6:79:1e:44:6a:
fb:7a:f1:55:c0:62:29:7e:c1:74:0e:16:96:b2:60:a4:ff:8b:
89:a3:07:0c:eb:ca:7b:28:9d:46:7d:b4:6c:99:a9:c6:f0:9f:
31:07:f8:b1:f5:d9:66:4c:04:eb:79:ed:e6:31:b5:4c:37:46:
3a:27:68:60:c4:18:02:a3:59:e9:8c:75:00:a5:b6:00:85:c5:
f6:1a:8d:c5:05:fb:05:fe:16:2b:9b:78:f3:5d:a5:b8:66:ac:
1f:c0:50:47:eb:84:1e:bd:f6:36:f2:1e:cc:a6:44:29:a1:ef:
3b:ed:04:25:6b:ef:96:d3:04:14:3d:33:fa:e2:44:58:f1:93:
bb:72:70:d3:bc:d8:f8:8e:3e:ae:70:74:f2:49:dc:50:5f:89:
ca:f0:a4:bb:a5:f3:c7:42:f9:1f:eb:39:5b:31:fa:5f:ab:9b:
cd:3b:6f:a3:d0:bc:5a:87:a5:dd:fd:7f:0f:05:91:03:c7:88:
df:23:76:fb
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZwnytavb0gHGNze+FuLuVQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMjA0MDgzNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjkwYmRmNjQ3MmJmMjYyOTNlNzQzMmZhMzkxY2NmMzU2MDk0ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotIuROrAkIb5TUeoN6u+Zs7kNtRU
t1vIqpIitbz/XsBJnUVQ8gUJuf0L0Y32L2XOTqU+J1XAPrxJiSLCZGvnD3sApkve
GLMZWRngFUDu/QFaYj/g3xu22N2AOhO2dUT+BnyTDsTmMjV1jZRh54e+uG+HY+Xs
tQtX4P+PPVYDSW/o5CQRVspOJmBT2nrmiCDRITlkO8/5kXKMe7wfM4uwLChoJkHN
VLgnG5ojNSiSIVJunWWM41IdL40Qma8C629FGX0h2hxbL36C+3w/fnzLzQF2a+nJ
kkEUTTpq4KfNVVgrmITSkzZGucXCmOs4p/ZxmbBM1vLOBFdSjyou2DYJRQIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFA+QvfZHK/Jik+dDL6ORzPNWCU12MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvRDVDOTlrY3I4bUtUNTBNdm81SE04MVlKVFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCB+QQCAAEwgfIw
CwMDACU/AwQCJT8gAwQCJT9gAwQBPsyaAwQBTloSAwQBTlosAwQATlo+AwQATlpJ
AwQATlp8AwQCTlq8AwQBTlraAwQAU2EeAwQBVPwoMAwDBAZVdkADBABVdkowDAME
AlV2TAMEAFV2VAMEAVV2XAMEAVnXPgMEApf7LAMEApf7RAMEAJf7eQMEAZf7fjAM
AwQGl/vAAwQAl/vEAwQDl/vIMAsDBAGX++4DAwKX+AMEBLDeAAMEArmXnAMEAbng
oAMEAtRodAMEANXiEQMEANXiEwMEANXiJAMEANXiKAMEANXiMwMEAdXiOAMEANXi
OzAPBAIAAjAJAwcAIAEayAABMA0GCSqGSIb3DQEBCwUAA4IBAQArFCqEwV89tJlI
97xgcDgxaPaVYnq+eLOlyz3EOZFlzHy8nbiGJA5M9ByhlPm2mXHrwZm0Sc/nISir
kTf3NEwKJW581nkeRGr7evFVwGIpfsF0DhaWsmCk/4uJowcM68p7KJ1GfbRsmanG
8J8xB/ix9dlmTATree3mMbVMN0Y6J2hgxBgCo1npjHUApbYAhcX2Go3FBfsF/hYr
m3jzXaW4ZqwfwFBH64QevfY28h7MpkQpoe877QQla++W0wQUPTP64kRY8ZO7cnDT
vNj4jj6ucHTySdxQX4nK8KS7pfPHQvkf6zlbMfpfq5vNO2+j0Lxah6Xd/X8PBZED
x4jfI3b7
-----END CERTIFICATE-----
Generated at Tue Mar 3 00:56:04 2026 by rpki-client