Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/6HFZqocQgM6Tvjt5SVa1d-JKQro.roa
File: 6HFZqocQgM6Tvjt5SVa1d-JKQro.roa (raw, json)
Hash identifier: R7CY28+/1QGV8imQwHhXvvPJh8Q9cCcEUd0a8h48WvQ=
Subject key identifier: E8:71:59:AA:87:10:80:CE:93:BE:3B:79:49:56:B5:77:E2:4A:42:BA
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 019C052C8A2AD15CC349497156CBD748218E
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/6HFZqocQgM6Tvjt5SVa1d-JKQro.roa
Signing time: Wed 28 Jan 2026 15:15:30 +0000
ROA not before: Wed 28 Jan 2026 15:15:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:05:2c:8a:2a:d1:5c:c3:49:49:71:56:cb:d7:48:21:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Jan 28 15:15:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e87159aa871080ce93be3b794956b577e24a42ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:36:31:62:39:14:dd:a9:7f:a2:56:7d:51:64:
3a:86:34:24:89:36:f5:f4:a1:b5:fa:5a:f1:bb:75:
e3:06:63:53:3a:3d:85:bf:d0:86:4f:b8:9e:d1:41:
3e:53:c2:59:fc:e7:67:4c:aa:be:d1:50:c7:b2:17:
cc:18:7d:fd:a1:f6:3b:57:e0:1e:03:37:a3:14:a5:
a1:fa:2d:1a:84:8f:d3:99:02:01:c8:1a:26:16:7f:
e3:fc:de:35:f6:56:81:f5:c6:45:48:8f:1a:a9:1e:
c4:91:61:10:eb:06:97:49:32:74:a0:19:be:bc:d8:
7b:49:21:cf:65:35:e4:5e:bc:09:49:a4:c9:41:4b:
54:2f:20:c1:81:6c:b9:98:28:a9:85:67:96:32:32:
42:49:b4:e3:14:9e:97:4b:45:b6:21:ea:48:b6:bb:
b0:b1:3c:ef:73:7b:73:33:8d:91:1e:29:60:19:7f:
fc:13:24:26:3c:3a:2d:9b:40:82:7b:19:eb:89:a5:
bd:bd:d8:8f:81:b8:52:04:2c:32:0d:ea:22:9e:0c:
0b:06:bc:86:03:fa:e6:ee:7e:5c:f5:f2:35:1b:d0:
57:f9:2a:4b:4a:48:28:2f:aa:4c:f4:28:71:6c:b3:
d1:91:6b:04:ac:25:3b:66:bc:c0:9a:6c:4a:1f:c1:
74:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:71:59:AA:87:10:80:CE:93:BE:3B:79:49:56:B5:77:E2:4A:42:BA
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/6HFZqocQgM6Tvjt5SVa1d-JKQro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/22
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
40:0d:1d:b1:83:cf:db:5a:63:13:48:3a:fe:bd:10:70:8b:2c:
7c:99:54:8b:ee:c6:2d:69:67:f7:4c:3d:65:85:48:6b:ef:22:
e3:c7:d8:42:44:4f:98:a3:78:a4:8f:15:93:ed:0a:a4:ef:21:
3d:90:e9:df:fa:69:0b:15:f8:f5:1e:42:ca:9c:66:fd:fa:de:
a1:f9:5e:d5:e8:a5:6b:6b:46:c2:b1:bf:ed:76:03:16:c9:d6:
7d:f6:e6:ca:12:a0:3d:3c:c9:a2:62:ac:4b:0a:f9:97:ec:66:
65:3c:96:76:0e:5b:a0:59:20:78:31:b1:18:6e:30:89:a3:af:
f1:6f:63:ca:80:a2:6b:f6:7a:84:56:9d:2d:39:b7:d3:dd:e3:
4a:d2:dd:9f:8e:c7:29:f1:97:77:07:d3:31:a5:92:ee:ec:b9:
ca:36:8a:c1:0b:7a:15:59:76:ac:a3:ba:69:6f:e3:9e:b8:56:
df:8f:88:5d:4b:c4:bb:ec:50:7d:c1:9a:20:e4:1b:60:05:e2:
31:34:ee:7a:cd:ad:4e:e6:b2:ec:cd:18:b2:2e:39:c0:4a:a8:
49:c5:67:bd:22:d3:53:8c:ab:e3:4d:28:64:f0:52:c6:e3:be:
76:69:0c:91:b8:ac:55:5a:f3:7a:5c:2b:89:bd:be:77:e2:c5:
b8:2b:fe:3d
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZwFLIoq0VzDSUlxVsvXSCGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjYwMTI4MTUxNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODcxNTlhYTg3MTA4MGNlOTNiZTNiNzk0OTU2YjU3N2UyNGE0MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTYxYjkU3al/olZ9UWQ6hjQkiTb1
9KG1+lrxu3XjBmNTOj2Fv9CGT7ie0UE+U8JZ/OdnTKq+0VDHshfMGH39ofY7V+Ae
AzejFKWh+i0ahI/TmQIByBomFn/j/N419laB9cZFSI8aqR7EkWEQ6waXSTJ0oBm+
vNh7SSHPZTXkXrwJSaTJQUtULyDBgWy5mCiphWeWMjJCSbTjFJ6XS0W2IepItruw
sTzvc3tzM42RHilgGX/8EyQmPDotm0CCexnriaW9vdiPgbhSBCwyDeoingwLBryG
A/rm7n5c9fI1G9BX+SpLSkgoL6pM9ChxbLPRkWsErCU7ZrzAmmxKH8F06QIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFOhxWaqHEIDOk747eUlWtXfiSkK6MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvNkhGWnFvY1FnTTZUdmp0NVNWYTFkLUpLUXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEArm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQBADR2xg8/bWmMTSDr+vRBwiyx8mVSL7sYtaWf3TD1lhUhr
7yLjx9hCRE+Yo3ikjxWT7Qqk7yE9kOnf+mkLFfj1HkLKnGb9+t6h+V7V6KVra0bC
sb/tdgMWydZ99ubKEqA9PMmiYqxLCvmX7GZlPJZ2DlugWSB4MbEYbjCJo6/xb2PK
gKJr9nqEVp0tObfT3eNK0t2fjscp8Zd3B9MxpZLu7LnKNorBC3oVWXaso7ppb+Oe
uFbfj4hdS8S77FB9wZog5BtgBeIxNO56za1O5rLszRiyLjnASqhJxWe9ItNTjKvj
TShk8FLG4752aQyRuKxVWvN6XCuJvb534sW4K/49
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:17:51 2026 by rpki-client