Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/inl3oK6KntOVTBjF2QtajgW1paQ.roa
File: inl3oK6KntOVTBjF2QtajgW1paQ.roa (raw, json)
Hash identifier: hSh/MkCdcKj7PpJEVgb25px7FEs0jeNWgRrerofSRCY=
Subject key identifier: 8A:79:77:A0:AE:8A:9E:D3:95:4C:18:C5:D9:0B:5A:8E:05:B5:A5:A4
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 019C052C89AC1AAE8EE62C553AB571AD9EAE
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/inl3oK6KntOVTBjF2QtajgW1paQ.roa
Signing time: Wed 28 Jan 2026 15:15:30 +0000
ROA not before: Wed 28 Jan 2026 15:15:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:05:2c:89:ac:1a:ae:8e:e6:2c:55:3a:b5:71:ad:9e:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Jan 28 15:15:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8a7977a0ae8a9ed3954c18c5d90b5a8e05b5a5a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:49:bf:2a:f8:4b:3b:c1:70:da:46:d4:6f:f1:
a9:f4:17:80:9b:1d:90:e4:b4:5e:00:a1:9b:f4:04:
a3:8b:ee:f9:b0:e3:89:6a:f3:de:5a:46:2c:6b:3b:
03:69:ea:aa:96:d8:61:4e:c7:22:b4:c7:33:c6:8b:
1a:d8:43:41:93:50:80:6d:46:07:33:e9:29:49:6f:
17:c9:0b:53:13:80:f8:bd:fb:a4:b8:a7:cd:c7:22:
a5:bf:98:be:f9:6b:0e:64:4d:7a:0d:18:7c:c0:43:
1b:8a:5d:8d:82:ec:fd:d9:d5:30:be:9c:2b:9f:c6:
63:6f:c0:22:d9:61:aa:70:05:a9:30:30:af:79:25:
60:a2:82:ce:12:02:2e:79:c1:df:19:55:4a:00:14:
55:c6:86:57:eb:20:d7:f1:96:6d:7d:21:33:c7:12:
f1:02:30:27:ea:7e:28:16:4f:5b:fc:0a:0a:aa:85:
68:bb:40:cc:f1:da:69:c0:ce:2c:24:f3:a7:f5:35:
83:50:56:cb:b0:10:c8:52:20:8a:b1:10:b0:73:4c:
03:1c:91:c5:ee:5a:d3:e0:6b:34:dc:a0:6a:03:37:
89:eb:b9:20:52:a4:ea:57:ec:be:8f:4a:54:58:bc:
41:64:9e:77:01:4d:7b:83:e7:25:a5:62:c1:c9:90:
1a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:79:77:A0:AE:8A:9E:D3:95:4C:18:C5:D9:0B:5A:8E:05:B5:A5:A4
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/inl3oK6KntOVTBjF2QtajgW1paQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/22
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
a4:53:30:5e:4c:ae:1b:74:3b:3e:a4:6d:89:cf:0c:b6:38:52:
b1:d9:32:ca:86:2d:5a:b7:3a:13:46:1b:83:1f:18:c8:eb:7a:
7a:0a:ed:ea:0c:5d:97:a0:f5:80:b7:9c:0f:4c:7e:19:0c:5c:
af:01:21:e7:b6:d4:19:07:cb:13:39:f5:bb:bd:db:6f:00:8b:
bf:89:f1:cc:c3:14:53:f1:6c:c4:a6:03:dc:8d:bf:b0:35:9d:
db:94:8e:76:2d:be:a1:e8:60:9e:46:54:73:dd:74:73:9a:6e:
3e:bf:11:70:b7:7f:f2:e6:66:71:77:02:b4:d3:18:3c:1c:8f:
5a:29:e9:6a:25:e3:38:cf:74:83:22:77:60:27:37:ec:dd:42:
8d:ee:f1:fc:77:f8:6d:3b:52:26:f3:17:8e:9c:91:c4:7f:31:
b8:8a:45:6c:23:f5:04:76:70:5f:e0:47:d6:96:b9:21:72:42:
f2:e2:4e:4c:e7:e1:94:93:ee:5e:1d:76:60:f6:a3:7e:d5:42:
69:25:cc:ba:2b:ac:d2:06:d9:81:bc:3c:d1:1e:51:10:f0:ea:
45:57:f4:a4:ed:31:8f:67:b7:58:98:32:c6:b2:18:aa:e6:31:
ed:d8:7c:3a:1e:11:96:72:b2:52:d3:2e:35:4f:9e:e9:06:0b:
fa:56:1e:3d
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZwFLImsGq6O5ixVOrVxrZ6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjYwMTI4MTUxNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTc5NzdhMGFlOGE5ZWQzOTU0YzE4YzVkOTBiNWE4ZTA1YjVhNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0m/KvhLO8Fw2kbUb/Gp9BeAmx2Q
5LReAKGb9ASji+75sOOJavPeWkYsazsDaeqqlthhTscitMczxosa2ENBk1CAbUYH
M+kpSW8XyQtTE4D4vfukuKfNxyKlv5i++WsOZE16DRh8wEMbil2Nguz92dUwvpwr
n8Zjb8Ai2WGqcAWpMDCveSVgooLOEgIuecHfGVVKABRVxoZX6yDX8ZZtfSEzxxLx
AjAn6n4oFk9b/AoKqoVou0DM8dppwM4sJPOn9TWDUFbLsBDIUiCKsRCwc0wDHJHF
7lrT4Gs03KBqAzeJ67kgUqTqV+y+j0pUWLxBZJ53AU17g+clpWLByZAa9QIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFIp5d6Cuip7TlUwYxdkLWo4FtaWkMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvaW5sM29LNktudE9WVEJqRjJRdGFqZ1cxcGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEArm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQCkUzBeTK4bdDs+pG2Jzwy2OFKx2TLKhi1atzoTRhuDHxjI
63p6Cu3qDF2XoPWAt5wPTH4ZDFyvASHnttQZB8sTOfW7vdtvAIu/ifHMwxRT8WzE
pgPcjb+wNZ3blI52Lb6h6GCeRlRz3XRzmm4+vxFwt3/y5mZxdwK00xg8HI9aKelq
JeM4z3SDIndgJzfs3UKN7vH8d/htO1Im8xeOnJHEfzG4ikVsI/UEdnBf4EfWlrkh
ckLy4k5M5+GUk+5eHXZg9qN+1UJpJcy6K6zSBtmBvDzRHlEQ8OpFV/Sk7TGPZ7dY
mDLGshiq5jHt2Hw6HhGWcrJS0y41T57pBgv6Vh49
-----END CERTIFICATE-----
Generated at Mon Mar 2 14:05:59 2026 by rpki-client