Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/kB2FkBaRUfAJi-1yxcUFgqy84f8.roa
File: kB2FkBaRUfAJi-1yxcUFgqy84f8.roa (raw, json)
Hash identifier: EfQ4Aw8Q7Tcem9htNsAj6y3hOE53qNPfdKYIzWgsVyI=
Subject key identifier: 90:1D:85:90:16:91:51:F0:09:8B:ED:72:C5:C5:05:82:AC:BC:E1:FF
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 019C8F316C8AEF61BC71C7467BC672013140
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/kB2FkBaRUfAJi-1yxcUFgqy84f8.roa
Signing time: Tue 24 Feb 2026 10:28:26 +0000
ROA not before: Tue 24 Feb 2026 10:28:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 21267
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.178.218.0/24 maxlen: 24
185.178.219.0/24 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/22 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
188.94.19.0/24 maxlen: 24
188.94.21.0/24 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8f:31:6c:8a:ef:61:bc:71:c7:46:7b:c6:72:01:31:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Feb 24 10:28:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=901d8590169151f0098bed72c5c50582acbce1ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:be:a3:f7:44:83:a4:37:ca:c1:19:25:93:34:
ee:24:55:17:fb:6e:c5:8c:06:42:25:c8:74:26:1b:
01:9a:f1:ad:45:dd:94:c2:54:7a:ed:c6:b5:bf:64:
84:d1:21:d2:d2:fd:07:15:6a:cd:85:96:2f:4e:60:
18:6c:fe:c2:a0:81:ab:6b:68:57:b2:f9:09:0b:f9:
95:d3:09:ac:d5:23:3b:54:36:ce:06:fc:82:0f:cf:
72:04:4c:95:25:5b:4b:f8:67:9d:63:b0:f5:89:b2:
74:bc:55:33:c0:a4:38:0d:4c:7f:46:2d:15:7c:7a:
4b:76:d7:2f:35:8e:3c:8a:85:00:f0:e6:cb:8f:5d:
f3:ee:93:f0:33:59:6e:41:fc:04:1b:48:8c:f9:db:
cc:1b:48:1b:9e:4d:b2:5c:f4:b7:e5:b1:53:39:7f:
5c:26:c8:b4:3d:13:d5:6f:76:b8:0c:54:65:c0:e4:
71:83:fc:30:9f:f5:17:64:e8:cc:9e:d3:fa:4b:83:
40:fc:0f:08:f2:d5:3c:4d:d2:93:c7:25:4f:c1:71:
5d:6b:21:17:cd:2a:c0:dd:ca:56:ec:21:64:40:77:
d0:4e:b2:09:31:33:7a:45:61:55:3f:6d:c0:5a:b0:
53:b3:9c:79:e6:18:9c:db:cf:c6:1f:5d:35:ed:c6:
4f:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:1D:85:90:16:91:51:F0:09:8B:ED:72:C5:C5:05:82:AC:BC:E1:FF
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/kB2FkBaRUfAJi-1yxcUFgqy84f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/22
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
78:d8:1f:bd:c4:79:d4:88:a9:84:a3:09:5d:42:4d:c2:f6:93:
d2:1e:58:25:71:09:63:c0:89:92:91:2e:89:7c:3c:38:0e:91:
d7:72:d3:47:70:02:7f:1d:c9:bc:ed:95:4f:52:44:f3:2a:67:
92:13:88:1d:c2:4d:24:af:61:ac:b4:ef:20:62:27:49:79:92:
55:8f:60:b5:c2:bf:21:3a:41:00:1f:d6:a6:64:7e:5c:68:eb:
19:2b:07:17:d9:90:f8:97:b8:67:45:fc:d9:83:60:02:33:d1:
02:97:86:38:41:51:d4:b0:e1:21:54:b8:f7:9e:e8:f9:d9:8b:
de:88:01:19:c5:7a:92:ec:c7:df:f2:ec:cd:93:48:2e:52:fa:
9e:ca:7a:0b:13:bd:a1:a8:e5:f0:dc:55:00:c5:a1:f2:eb:0d:
b8:6d:6e:72:77:aa:1f:b7:aa:10:12:f4:2b:5f:f1:b4:f1:71:
2a:0b:0f:0d:af:12:3e:8c:8e:38:87:ee:cb:fc:03:32:31:3b:
62:d4:71:fb:33:67:ce:27:b0:87:03:63:b1:a4:63:61:de:6c:
1f:a2:f8:65:46:05:03:27:66:76:5e:84:78:c1:1e:1e:8b:66:
4a:95:0c:d2:99:d7:e5:89:6b:c1:99:4e:fb:7d:c5:0e:4f:a2:
b1:11:06:b9
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZyPMWyK72G8ccdGe8ZyATFAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjYwMjI0MTAyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFkODU5MDE2OTE1MWYwMDk4YmVkNzJjNWM1MDU4MmFjYmNlMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5L6j90SDpDfKwRklkzTuJFUX+27F
jAZCJch0JhsBmvGtRd2UwlR67ca1v2SE0SHS0v0HFWrNhZYvTmAYbP7CoIGra2hX
svkJC/mV0wms1SM7VDbOBvyCD89yBEyVJVtL+GedY7D1ibJ0vFUzwKQ4DUx/Ri0V
fHpLdtcvNY48ioUA8ObLj13z7pPwM1luQfwEG0iM+dvMG0gbnk2yXPS35bFTOX9c
Jsi0PRPVb3a4DFRlwORxg/wwn/UXZOjMntP6S4NA/A8I8tU8TdKTxyVPwXFdayEX
zSrA3cpW7CFkQHfQTrIJMTN6RWFVP23AWrBTs5x55hic28/GH1017cZPXwIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFJAdhZAWkVHwCYvtcsXFBYKsvOH/MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEva0IyRmtCYVJVZkFKaS0xeXhjVUZncXk4NGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEArm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQB42B+9xHnUiKmEowldQk3C9pPSHlglcQljwImSkS6JfDw4
DpHXctNHcAJ/Hcm87ZVPUkTzKmeSE4gdwk0kr2GstO8gYidJeZJVj2C1wr8hOkEA
H9amZH5caOsZKwcX2ZD4l7hnRfzZg2ACM9ECl4Y4QVHUsOEhVLj3nuj52YveiAEZ
xXqS7Mff8uzNk0guUvqeynoLE72hqOXw3FUAxaHy6w24bW5yd6oft6oQEvQrX/G0
8XEqCw8NrxI+jI44h+7L/AMyMTti1HH7M2fOJ7CHA2OxpGNh3mwfovhlRgUDJ2Z2
XoR4wR4ei2ZKlQzSmdfliWvBmU77fcUOT6KxEQa5
-----END CERTIFICATE-----
Generated at Mon Mar 2 14:54:58 2026 by rpki-client