Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/iSpxNzZ1D0jT4gC2x5Kl37tJ5RI.roa
File: iSpxNzZ1D0jT4gC2x5Kl37tJ5RI.roa (raw, json)
Hash identifier: HDTPQGbISh5IcmH4kjYu97mki78Ro81q2Cj4w2U9m8w=
Subject key identifier: 89:2A:71:37:36:75:0F:48:D3:E2:00:B6:C7:92:A5:DF:BB:49:E5:12
Certificate issuer: /CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
Certificate serial: 019D7C2E92729208C89DF92F58593A789D9C
Authority key identifier: F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/iSpxNzZ1D0jT4gC2x5Kl37tJ5RI.roa
Signing time: Sat 11 Apr 2026 10:55:20 +0000
ROA not before: Sat 11 Apr 2026 10:55:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202448
IP address blocks: 2.56.212.0/24 maxlen: 24
2.56.213.0/24 maxlen: 24
2.56.214.0/24 maxlen: 24
2.56.215.0/24 maxlen: 24
31.14.238.0/24 maxlen: 24
31.222.229.0/24 maxlen: 24
45.137.148.0/24 maxlen: 32
45.137.149.0/24 maxlen: 24
45.137.150.0/24 maxlen: 24
45.137.151.0/24 maxlen: 24
45.153.184.0/24 maxlen: 24
45.153.185.0/24 maxlen: 24
45.153.186.0/24 maxlen: 24
45.153.187.0/24 maxlen: 24
62.3.32.0/24 maxlen: 24
84.238.132.0/24 maxlen: 24
85.137.172.0/24 maxlen: 24
85.137.173.0/24 maxlen: 24
85.137.174.0/24 maxlen: 24
85.137.175.0/24 maxlen: 24
86.105.252.0/24 maxlen: 24
86.106.181.0/24 maxlen: 24
86.107.197.0/24 maxlen: 24
89.38.128.0/24 maxlen: 24
89.38.129.0/24 maxlen: 24
89.38.130.0/24 maxlen: 24
89.38.131.0/24 maxlen: 24
89.38.135.0/24 maxlen: 32
89.43.33.0/24 maxlen: 24
91.227.40.0/24 maxlen: 24
91.227.41.0/24 maxlen: 24
91.236.195.0/24 maxlen: 24
91.250.248.0/24 maxlen: 32
91.250.249.0/24 maxlen: 32
93.114.128.0/24 maxlen: 24
93.114.133.0/24 maxlen: 24
93.115.16.0/24 maxlen: 24
93.115.17.0/24 maxlen: 24
93.115.18.0/24 maxlen: 24
93.115.19.0/24 maxlen: 24
93.115.20.0/24 maxlen: 24
93.115.21.0/24 maxlen: 24
93.115.22.0/24 maxlen: 24
93.115.23.0/24 maxlen: 24
94.176.182.0/24 maxlen: 24
94.231.205.0/24 maxlen: 24
95.169.192.0/24 maxlen: 24
95.169.201.0/24 maxlen: 24
95.169.204.0/24 maxlen: 24
95.169.205.0/24 maxlen: 24
178.157.82.0/24 maxlen: 24
178.157.90.0/24 maxlen: 24
178.157.91.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
185.96.163.0/24 maxlen: 24
185.170.212.0/24 maxlen: 24
185.170.213.0/24 maxlen: 24
185.170.214.0/24 maxlen: 24
185.170.215.0/24 maxlen: 24
185.177.73.0/24 maxlen: 24
185.234.52.0/24 maxlen: 32
185.243.214.0/24 maxlen: 32
185.243.215.0/24 maxlen: 24
188.212.124.0/24 maxlen: 24
188.212.125.0/24 maxlen: 24
193.24.232.0/24 maxlen: 24
193.24.233.0/24 maxlen: 24
193.24.234.0/24 maxlen: 24
193.24.235.0/24 maxlen: 24
193.201.15.0/24 maxlen: 24
194.26.213.0/24 maxlen: 24
194.32.76.0/24 maxlen: 24
194.32.77.0/24 maxlen: 24
194.32.78.0/24 maxlen: 24
194.32.79.0/24 maxlen: 24
194.63.145.0/24 maxlen: 24
194.99.20.0/24 maxlen: 24
194.99.21.0/24 maxlen: 24
194.99.22.0/24 maxlen: 24
194.99.23.0/24 maxlen: 24
195.14.9.0/24 maxlen: 24
2a05:8280::/32 maxlen: 32
2a09:cd40::/32 maxlen: 32
2a09:cd41::/32 maxlen: 32
2a09:cd42::/32 maxlen: 32
2a09:cd43::/32 maxlen: 32
2a09:cd44::/32 maxlen: 32
2a09:cd45::/32 maxlen: 32
2a09:cd46::/32 maxlen: 32
2a0c:b9c0::/32 maxlen: 32
2a0c:b9c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.mft
rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 10:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:7c:2e:92:72:92:08:c8:9d:f9:2f:58:59:3a:78:9d:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
Validity
Not Before: Apr 11 10:55:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=892a713736750f48d3e200b6c792a5dfbb49e512
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c8:89:5b:28:82:b5:0c:de:76:59:de:fb:19:
a7:ea:11:e7:4f:e8:6a:b8:b0:82:06:90:1e:ab:d9:
4b:9f:28:b2:a4:fd:75:1c:22:8c:54:8f:79:a3:d4:
38:03:bb:45:a5:46:6a:85:24:d1:12:ff:4b:12:12:
33:10:c7:ac:3f:2f:51:02:db:13:99:77:97:f6:f6:
b1:a8:e2:ed:18:5c:d6:1c:be:31:48:c3:00:0d:c1:
7f:19:11:0a:ca:f6:c3:c9:a1:15:7c:9e:36:35:0e:
f4:37:3f:ad:10:40:7f:48:ca:a4:fb:9c:b3:83:49:
ec:71:60:3b:d2:12:a8:c7:e9:ac:5b:a0:57:16:88:
a2:40:95:c5:13:84:70:43:05:d9:84:c9:27:2c:d7:
5d:88:1b:53:a3:4b:10:2d:c5:43:6d:d6:da:dc:6e:
21:e5:49:10:cc:e1:25:68:e5:ad:91:41:f8:b9:e7:
56:b3:ef:a7:08:a6:77:94:31:5b:6a:57:e6:47:d2:
4b:f1:47:11:17:eb:bc:a4:9b:50:a9:44:15:5d:07:
cc:61:5c:d1:c0:48:32:b8:84:42:ca:ce:78:5f:ea:
56:14:03:19:e7:89:ed:81:1a:4c:82:b6:05:31:69:
83:dc:90:43:a9:b7:05:d2:0f:11:28:ec:29:fb:93:
59:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:2A:71:37:36:75:0F:48:D3:E2:00:B6:C7:92:A5:DF:BB:49:E5:12
X509v3 Authority Key Identifier:
keyid:F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/iSpxNzZ1D0jT4gC2x5Kl37tJ5RI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.212.0/22
31.14.238.0/24
31.222.229.0/24
45.137.148.0/22
45.153.184.0/22
62.3.32.0/24
84.238.132.0/24
85.137.172.0/22
86.105.252.0/24
86.106.181.0/24
86.107.197.0/24
89.38.128.0/22
89.38.135.0/24
89.43.33.0/24
91.227.40.0/23
91.236.195.0/24
91.250.248.0/23
93.114.128.0/24
93.114.133.0/24
93.115.16.0/21
94.176.182.0/24
94.231.205.0/24
95.169.192.0/24
95.169.201.0/24
95.169.204.0/23
178.157.82.0/24
178.157.90.0/23
178.215.237.0/24
185.96.163.0/24
185.170.212.0/22
185.177.73.0/24
185.234.52.0/24
185.243.214.0/23
188.212.124.0/23
193.24.232.0/22
193.201.15.0/24
194.26.213.0/24
194.32.76.0/22
194.63.145.0/24
194.99.20.0/22
195.14.9.0/24
IPv6:
2a05:8280::/32
2a09:cd40::-2a09:cd46:ffff:ffff:ffff:ffff:ffff:ffff
2a0c:b9c0::/31
Signature Algorithm: sha256WithRSAEncryption
24:0c:d0:39:d7:a5:d6:f7:e5:40:02:26:fb:d9:0c:3b:8c:e3:
9f:21:d1:7f:8e:5c:c9:a8:47:b2:34:fa:a6:66:22:3b:b9:07:
f1:ad:30:65:04:4f:e6:40:e0:c8:40:af:aa:78:1f:5a:3e:22:
f5:22:88:51:87:4e:6d:62:1d:51:e8:c4:37:fb:63:91:c9:01:
02:6a:f0:fe:be:3e:6a:85:dd:26:0b:52:b0:a8:01:01:cd:a3:
84:c9:11:44:69:3b:8e:1f:de:cc:09:9a:36:5d:1c:37:b2:fb:
87:e3:c9:98:7d:0a:88:59:f3:a0:b4:d7:f2:06:fb:16:c9:9a:
11:d1:c7:75:39:62:f9:ae:73:02:81:ea:b9:ee:aa:53:13:64:
7d:ff:7a:67:81:bf:61:6b:e6:55:11:82:8d:0a:a6:4c:dc:a2:
28:16:cc:97:61:0e:0a:99:24:ca:91:0e:c9:98:4b:7a:d3:8f:
87:e7:c5:e4:b1:92:d8:54:8d:fe:15:c5:d6:f0:b9:14:be:fb:
5f:70:e7:8b:2a:94:14:8b:d2:06:0f:29:61:0c:f9:dd:57:ed:
3e:3c:38:7a:af:8e:8e:6e:31:82:18:c8:98:37:80:55:72:50:
81:2c:3a:b8:d5:96:18:5a:0b:50:26:ee:93:87:23:bf:2d:f6:
2e:a0:f1:66
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAZ18LpJykgjInfkvWFk6eJ2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0M2JmOTA4MDhhZTdlY2EwNjNmNzQ2YThmMWQ4ODg2NTcz
NGM4YTMwHhcNMjYwNDExMTA1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJhNzEzNzM2NzUwZjQ4ZDNlMjAwYjZjNzkyYTVkZmJiNDllNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8iJWyiCtQzedlne+xmn6hHnT+hq
uLCCBpAeq9lLnyiypP11HCKMVI95o9Q4A7tFpUZqhSTREv9LEhIzEMesPy9RAtsT
mXeX9vaxqOLtGFzWHL4xSMMADcF/GREKyvbDyaEVfJ42NQ70Nz+tEEB/SMqk+5yz
g0nscWA70hKox+msW6BXFoiiQJXFE4RwQwXZhMknLNddiBtTo0sQLcVDbdba3G4h
5UkQzOElaOWtkUH4uedWs++nCKZ3lDFbalfmR9JL8UcRF+u8pJtQqUQVXQfMYVzR
wEgyuIRCys54X+pWFAMZ54ntgRpMgrYFMWmD3JBDqbcF0g8RKOwp+5NZnQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFIkqcTc2dQ9I0+IAtseSpd+7SeUSMB8GA1UdIwQY
MBaAFPQ7+QgIrn7KBj90ao8diIZXNMijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAt
Mzg5MTk1YzRmMDdiLzEvaVNweE56WjFEMGpUNGdDMng1S2wzN3RKNVJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAtMzg5MTk1YzRmMDdi
LzEvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCB/QQCAAEwgfYD
BAICONQDBAAfDu4DBAAf3uUDBAItiZQDBAItmbgDBAA+AyADBABU7oQDBAJViawD
BABWafwDBABWarUDBABWa8UDBAJZJoADBABZJocDBABZKyEDBAFb4ygDBABb7MMD
BAFb+vgDBABdcoADBABdcoUDBANdcxADBABesLYDBABe580DBABfqcADBABfqckD
BAFfqcwDBACynVIDBAGynVoDBACy1+0DBAC5YKMDBAK5qtQDBAC5sUkDBAC56jQD
BAG589YDBAG81HwDBALBGOgDBADByQ8DBADCGtUDBALCIEwDBADCP5EDBALCYxQD
BADDDgkwJAQCAAIwHgMFACoFgoAwDgMFBioJzUADBQAqCc1GAwUBKgy5wDANBgkq
hkiG9w0BAQsFAAOCAQEAJAzQOdel1vflQAIm+9kMO4zjnyHRf45cyahHsjT6pmYi
O7kH8a0wZQRP5kDgyECvqngfWj4i9SKIUYdObWIdUejEN/tjkckBAmrw/r4+aoXd
JgtSsKgBAc2jhMkRRGk7jh/ezAmaNl0cN7L7h+PJmH0KiFnzoLTX8gb7FsmaEdHH
dTli+a5zAoHque6qUxNkff96Z4G/YWvmVRGCjQqmTNyiKBbMl2EOCpkkypEOyZhL
etOPh+fF5LGS2FSN/hXF1vC5FL77X3DniyqUFIvSBg8pYQz53VftPjw4eq+Ojm4x
ghjImDeAVXJQgSw6uNWWGFoLUCbuk4cjvy32LqDxZg==
-----END CERTIFICATE-----
Generated at Fri Apr 17 19:41:41 2026 by rpki-client