Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/IuFmJvsHD5o_taQdbTSGHbIC8dg.roa
File: IuFmJvsHD5o_taQdbTSGHbIC8dg.roa (raw, json)
Hash identifier: +9JczVarrdbSoQeefrGk4Nw/SgcDEq/FGN8i6yrs6mY=
Subject key identifier: 22:E1:66:26:FB:07:0F:9A:3F:B5:A4:1D:6D:34:86:1D:B2:02:F1:D8
Certificate issuer: /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial: 019C71D741F9134801FD7DA2E940D36C18F6
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/IuFmJvsHD5o_taQdbTSGHbIC8dg.roa
Signing time: Wed 18 Feb 2026 17:40:58 +0000
ROA not before: Wed 18 Feb 2026 17:40:58 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43350
IP address blocks: 5.104.136.0/21 maxlen: 24
37.143.32.0/21 maxlen: 24
37.153.168.0/22 maxlen: 22
37.156.228.0/24 maxlen: 24
46.166.128.0/19 maxlen: 24
46.166.176.0/20 maxlen: 24
77.247.176.0/21 maxlen: 21
77.247.176.0/24 maxlen: 24
85.159.232.0/21 maxlen: 24
89.38.160.0/22 maxlen: 22
92.114.100.0/22 maxlen: 22
92.114.100.0/24 maxlen: 24
109.201.128.0/19 maxlen: 19
176.126.232.0/24 maxlen: 24
176.126.233.0/24 maxlen: 24
185.7.76.0/22 maxlen: 24
185.11.144.0/24 maxlen: 24
185.47.200.0/24 maxlen: 24
185.47.201.0/24 maxlen: 24
185.47.202.0/24 maxlen: 24
185.47.203.0/24 maxlen: 24
185.107.36.0/24 maxlen: 24
185.107.37.0/24 maxlen: 24
185.107.38.0/24 maxlen: 24
185.107.44.0/22 maxlen: 22
185.107.45.0/24 maxlen: 24
185.107.56.0/22 maxlen: 22
185.107.68.0/22 maxlen: 22
185.107.80.0/22 maxlen: 22
185.107.92.0/22 maxlen: 22
185.107.100.0/22 maxlen: 24
185.107.116.0/22 maxlen: 24
185.164.208.0/24 maxlen: 24
185.164.209.0/24 maxlen: 24
185.164.210.0/24 maxlen: 24
185.164.211.0/24 maxlen: 24
188.209.55.0/24 maxlen: 24
188.209.56.0/24 maxlen: 24
188.209.57.0/24 maxlen: 24
212.92.104.0/21 maxlen: 21
212.92.112.0/21 maxlen: 21
212.92.120.0/22 maxlen: 22
212.92.124.0/23 maxlen: 23
2a00:1768::/32 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:71:d7:41:f9:13:48:01:fd:7d:a2:e9:40:d3:6c:18:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Validity
Not Before: Feb 18 17:40:58 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=22e16626fb070f9a3fb5a41d6d34861db202f1d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:d2:58:fb:94:1c:e3:60:f9:55:0a:db:f6:af:
32:c5:23:76:27:5b:d2:60:d4:1f:47:4d:02:0f:ae:
b9:81:60:9c:38:13:1d:70:2d:d1:21:1e:c2:d7:85:
a4:c5:ff:55:34:ab:a7:d1:ad:44:a4:3a:4f:21:49:
bc:eb:b2:a7:a5:35:93:d8:21:bc:8a:62:de:13:9f:
df:70:47:fa:02:1f:ff:eb:91:1a:96:3b:3b:a9:7b:
1f:7c:f5:f4:be:06:2b:1d:95:53:62:59:71:4c:da:
0a:c5:f8:42:9f:11:92:4e:67:e3:bc:f1:28:59:5c:
3c:3c:36:b7:12:0e:56:e0:f7:de:20:d2:4c:c8:58:
dd:13:fc:18:ef:71:ea:b4:11:d5:c5:7e:47:77:5a:
e4:ba:9f:16:a0:e3:99:a2:6f:38:13:da:b2:ec:37:
9b:0a:fd:f3:c1:f1:66:ba:41:60:8a:1e:8b:47:3d:
b3:6c:a3:1a:a0:da:69:20:a8:81:81:9e:48:d4:77:
c3:4b:a7:71:25:a4:08:12:3c:58:a7:5a:eb:ca:a5:
e2:64:66:94:a4:4e:05:07:9f:d0:a5:d0:0c:18:75:
23:39:fb:67:f8:dd:90:a4:b4:ca:cd:68:c1:4d:8e:
f7:79:ff:f6:1e:22:d8:b5:d8:9d:fe:bc:12:71:2e:
fa:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:E1:66:26:FB:07:0F:9A:3F:B5:A4:1D:6D:34:86:1D:B2:02:F1:D8
X509v3 Authority Key Identifier:
keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/IuFmJvsHD5o_taQdbTSGHbIC8dg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.104.136.0/21
37.143.32.0/21
37.153.168.0/22
37.156.228.0/24
46.166.128.0/19
46.166.176.0/20
77.247.176.0/21
85.159.232.0/21
89.38.160.0/22
92.114.100.0/22
109.201.128.0/19
176.126.232.0/23
185.7.76.0/22
185.11.144.0/24
185.47.200.0/22
185.107.36.0-185.107.38.255
185.107.44.0/22
185.107.56.0/22
185.107.68.0/22
185.107.80.0/22
185.107.92.0/22
185.107.100.0/22
185.107.116.0/22
185.164.208.0/22
188.209.55.0-188.209.57.255
212.92.104.0-212.92.125.255
IPv6:
2a00:1768::/32
Signature Algorithm: sha256WithRSAEncryption
ba:35:54:45:48:96:a6:b6:80:a4:78:ba:9c:cc:78:53:d9:a4:
44:88:b2:71:f2:7f:be:68:b0:3b:d2:52:43:b9:11:36:c1:84:
50:15:0c:6b:98:b9:76:34:17:2a:d8:fd:67:77:56:3f:72:4d:
62:09:1a:09:4a:ab:db:e1:d8:d2:71:14:d6:87:22:19:49:f7:
ef:d0:69:e6:3c:57:f9:a3:17:c8:33:20:f4:80:84:02:4d:cc:
3e:bc:8f:00:18:ea:cc:40:31:80:c3:56:1d:a7:32:00:0b:ab:
26:d0:4d:3b:e4:32:ee:48:4d:58:a6:bf:ed:1e:ac:51:96:78:
3c:05:1b:75:db:5d:3f:10:6f:c4:ce:d6:6f:f9:cd:c5:3b:f1:
97:43:43:91:08:7e:56:96:9c:b0:73:3c:76:95:06:ae:c6:82:
92:74:d8:2e:2f:ce:aa:94:80:ee:be:8e:b0:dc:72:7a:8c:d7:
36:98:8a:e6:d0:a6:63:49:f7:7b:a7:11:cc:5a:23:cc:b4:11:
dd:4c:e0:99:0a:ac:ed:b1:35:d1:43:a5:c4:e7:1f:00:c5:7f:
5f:ec:dc:3a:72:a3:b9:53:18:a6:d3:c9:f4:22:49:5e:12:7a:
98:9a:2e:05:c1:b1:e1:b5:0c:b5:cb:f2:7e:1b:78:49:95:1d:
cc:67:0f:a4
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgISAZxx10H5E0gB/X2i6UDTbBj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjYwMjE4MTc0MDU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUxNjYyNmZiMDcwZjlhM2ZiNWE0MWQ2ZDM0ODYxZGIyMDJmMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tJY+5Qc42D5VQrb9q8yxSN2J1vS
YNQfR00CD665gWCcOBMdcC3RIR7C14Wkxf9VNKun0a1EpDpPIUm867KnpTWT2CG8
imLeE5/fcEf6Ah//65Ealjs7qXsffPX0vgYrHZVTYllxTNoKxfhCnxGSTmfjvPEo
WVw8PDa3Eg5W4PfeINJMyFjdE/wY73HqtBHVxX5Hd1rkup8WoOOZom84E9qy7Deb
Cv3zwfFmukFgih6LRz2zbKMaoNppIKiBgZ5I1HfDS6dxJaQIEjxYp1rryqXiZGaU
pE4FB5/QpdAMGHUjOftn+N2QpLTKzWjBTY73ef/2HiLYtdid/rwScS76LwIDAQAB
o4ICyzCCAscwHQYDVR0OBBYEFCLhZib7Bw+aP7WkHW00hh2yAvHYMB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvSXVGbUp2c0hENW9fdGFRZGJUU0dIYklDOGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHgBggrBgEFBQcBBwEB/wSB0DCBzTCBuwQCAAEwgbQDBAMF
aIgDBAMljyADBAIlmagDBAAlnOQDBAUupoADBAQuprADBANN97ADBANVn+gDBAJZ
JqADBAJccmQDBAVtyYADBAGwfugDBAK5B0wDBAC5C5ADBAK5L8gwDAMEArlrJAME
ALlrJgMEArlrLAMEArlrOAMEArlrRAMEArlrUAMEArlrXAMEArlrZAMEArlrdAME
Armk0DAMAwQAvNE3AwQBvNE4MAwDBAPUXGgDBAHUXHwwDQQCAAIwBwMFACoAF2gw
DQYJKoZIhvcNAQELBQADggEBALo1VEVIlqa2gKR4upzMeFPZpESIsnHyf75osDvS
UkO5ETbBhFAVDGuYuXY0FyrY/Wd3Vj9yTWIJGglKq9vh2NJxFNaHIhlJ9+/QaeY8
V/mjF8gzIPSAhAJNzD68jwAY6sxAMYDDVh2nMgALqybQTTvkMu5ITVimv+0erFGW
eDwFG3XbXT8Qb8TO1m/5zcU78ZdDQ5EIflaWnLBzPHaVBq7GgpJ02C4vzqqUgO6+
jrDccnqM1zaYiubQpmNJ93unEcxaI8y0Ed1M4JkKrO2xNdFDpcTnHwDFf1/s3Dpy
o7lTGKbTyfQiSV4SepiaLgXBseG1DLXL8n4beEmVHcxnD6Q=
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:43:16 2026 by rpki-client