Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/IY1D3woYJXfAQhJG76njGF2wx0I.roa
File: IY1D3woYJXfAQhJG76njGF2wx0I.roa (raw, json)
Hash identifier: WgZr0HmGpYvoOEM9mZhJBMdrHTvGivh4mHVUgCtVwus=
Subject key identifier: 21:8D:43:DF:0A:18:25:77:C0:42:12:46:EF:A9:E3:18:5D:B0:C7:42
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 019C899C49D6F383B907F1AC0EAD3294289A
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/IY1D3woYJXfAQhJG76njGF2wx0I.roa
Signing time: Mon 23 Feb 2026 08:27:26 +0000
ROA not before: Mon 23 Feb 2026 08:27:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9125
IP address blocks: 5.172.34.0/23 maxlen: 23
5.172.34.0/24 maxlen: 24
5.172.39.0/24 maxlen: 24
89.23.65.0/24 maxlen: 24
89.23.67.0/24 maxlen: 24
89.23.68.0/23 maxlen: 23
89.23.70.0/24 maxlen: 24
89.23.71.0/24 maxlen: 24
89.23.74.0/24 maxlen: 24
89.23.75.0/24 maxlen: 24
89.23.77.0/24 maxlen: 24
89.23.78.0/24 maxlen: 24
89.23.79.0/24 maxlen: 24
89.23.83.0/24 maxlen: 24
89.23.84.0/24 maxlen: 24
89.23.86.0/24 maxlen: 24
89.23.88.0/24 maxlen: 24
89.23.90.0/24 maxlen: 24
92.42.248.0/22 maxlen: 22
92.42.252.0/24 maxlen: 24
92.42.253.0/24 maxlen: 24
92.42.254.0/24 maxlen: 24
92.42.255.0/24 maxlen: 24
93.93.192.0/21 maxlen: 21
95.140.112.0/22 maxlen: 22
95.140.115.0/24 maxlen: 24
95.140.116.0/22 maxlen: 22
95.140.120.0/23 maxlen: 23
95.140.124.0/22 maxlen: 22
95.140.125.0/24 maxlen: 24
109.111.224.0/24 maxlen: 24
109.111.225.0/24 maxlen: 24
109.111.226.0/24 maxlen: 24
109.111.227.0/24 maxlen: 24
109.111.228.0/24 maxlen: 24
109.111.229.0/24 maxlen: 24
109.111.230.0/23 maxlen: 23
109.111.232.0/22 maxlen: 22
109.111.236.0/22 maxlen: 22
109.111.240.0/24 maxlen: 24
109.111.243.0/24 maxlen: 24
109.111.244.0/24 maxlen: 24
109.111.245.0/24 maxlen: 24
109.111.246.0/24 maxlen: 24
109.111.247.0/24 maxlen: 24
109.111.248.0/24 maxlen: 24
109.111.249.0/24 maxlen: 24
109.111.250.0/24 maxlen: 24
109.111.252.0/23 maxlen: 23
109.111.254.0/24 maxlen: 24
178.254.128.0/21 maxlen: 21
178.254.133.0/24 maxlen: 24
178.254.136.0/22 maxlen: 22
178.254.140.0/22 maxlen: 22
178.254.144.0/24 maxlen: 24
178.254.145.0/24 maxlen: 24
178.254.146.0/24 maxlen: 24
178.254.148.0/24 maxlen: 24
178.254.149.0/24 maxlen: 24
178.254.151.0/24 maxlen: 24
178.254.152.0/24 maxlen: 24
178.254.153.0/24 maxlen: 24
178.254.154.0/24 maxlen: 24
178.254.155.0/24 maxlen: 24
178.254.156.0/24 maxlen: 24
178.254.157.0/24 maxlen: 24
178.254.158.0/24 maxlen: 24
178.254.159.0/24 maxlen: 24
178.254.163.0/24 maxlen: 24
178.254.165.0/24 maxlen: 24
178.254.169.0/24 maxlen: 24
178.254.172.0/24 maxlen: 24
178.254.175.0/24 maxlen: 24
178.254.183.0/24 maxlen: 24
178.254.184.0/24 maxlen: 24
178.254.187.0/24 maxlen: 24
178.254.188.0/22 maxlen: 24
185.157.44.0/24 maxlen: 24
193.104.68.0/24 maxlen: 24
217.169.208.0/20 maxlen: 20
217.169.208.0/22 maxlen: 22
217.169.212.0/22 maxlen: 22
217.169.216.0/22 maxlen: 22
217.169.219.0/24 maxlen: 24
217.169.220.0/22 maxlen: 22
2a02:b58::/32 maxlen: 32
2a02:b58:1:13::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 11:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:89:9c:49:d6:f3:83:b9:07:f1:ac:0e:ad:32:94:28:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Feb 23 08:27:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=218d43df0a182577c0421246efa9e3185db0c742
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e6:1b:c1:bd:f6:14:f7:9d:1e:54:79:05:d0:
a2:59:e5:d8:aa:a7:27:24:b7:53:35:6f:0d:58:40:
0d:bd:ba:32:15:89:42:26:5d:29:67:f3:70:16:b7:
78:65:e3:ed:5a:a3:9a:bd:88:2d:ce:ad:dd:88:71:
12:3e:2a:f0:f0:b4:29:6c:07:5a:3d:af:6c:2f:ac:
e8:12:44:32:90:09:56:f1:e6:9c:3b:cc:d1:4c:d1:
31:d8:9c:56:bd:c0:21:d6:a6:02:74:4b:82:29:af:
29:1f:ec:ce:ea:e3:6d:fe:7e:aa:b5:0b:1c:8a:2c:
40:8e:90:69:ce:e4:92:08:1f:69:c3:3d:77:6c:22:
81:5f:b6:74:bd:46:41:a5:e3:dc:2a:d7:3d:2f:0f:
28:25:4b:62:74:81:f9:9f:ab:a9:09:6b:aa:12:6f:
78:bc:b7:2c:0f:06:10:94:35:82:9c:3c:6f:be:63:
b1:c8:50:02:4a:a4:90:aa:a1:1f:b9:dc:b4:db:21:
ea:74:7a:16:fe:77:0a:54:13:b0:be:fc:4f:93:5c:
0c:f7:51:1b:ae:38:d6:48:36:c2:9e:0f:2d:ab:56:
c5:75:2b:e4:ea:29:1f:45:06:89:7e:22:c2:e4:f3:
5b:e4:45:8c:27:26:68:96:16:e2:0f:d7:b3:86:a7:
2d:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:8D:43:DF:0A:18:25:77:C0:42:12:46:EF:A9:E3:18:5D:B0:C7:42
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/IY1D3woYJXfAQhJG76njGF2wx0I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.34.0/23
5.172.39.0/24
89.23.65.0/24
89.23.67.0-89.23.71.255
89.23.74.0/23
89.23.77.0-89.23.79.255
89.23.83.0-89.23.84.255
89.23.86.0/24
89.23.88.0/24
89.23.90.0/24
92.42.248.0/21
93.93.192.0/21
95.140.112.0-95.140.121.255
95.140.124.0/22
109.111.224.0-109.111.240.255
109.111.243.0-109.111.250.255
109.111.252.0-109.111.254.255
178.254.128.0-178.254.146.255
178.254.148.0/23
178.254.151.0-178.254.159.255
178.254.163.0/24
178.254.165.0/24
178.254.169.0/24
178.254.172.0/24
178.254.175.0/24
178.254.183.0-178.254.184.255
178.254.187.0-178.254.191.255
185.157.44.0/24
193.104.68.0/24
217.169.208.0/20
IPv6:
2a02:b58::/32
Signature Algorithm: sha256WithRSAEncryption
1b:4c:14:97:e0:50:14:ba:9a:1b:bb:c6:83:ce:a2:01:ae:ef:
29:53:45:f3:7f:96:d4:55:87:cd:6c:62:0b:ab:ce:d9:18:57:
4b:30:6a:7e:cb:51:93:bf:e3:cd:86:0a:3d:3a:0e:aa:db:ea:
cd:38:68:ed:84:d7:fb:57:0d:60:91:3a:f5:14:2d:48:e6:82:
4a:f0:e8:d4:80:ea:15:10:e6:3a:5d:9f:35:7f:b9:2f:47:27:
4d:81:52:c1:fb:67:53:44:df:14:a4:d4:1a:06:66:eb:da:a1:
f8:fe:b3:39:c2:05:ed:07:8f:a8:67:ce:e1:a7:fa:15:a5:eb:
cb:02:f7:28:2f:cc:82:65:22:e2:fe:9b:d9:09:ac:2c:a8:ae:
68:c5:87:d0:63:4f:c4:3e:78:3c:e2:84:aa:c7:b3:c3:ec:bd:
e8:35:55:83:4b:8e:17:a1:77:ac:4d:7e:b6:75:42:85:fa:7d:
b9:17:3a:03:6d:e6:3b:2b:12:12:59:1b:6f:8d:6e:15:bb:66:
b3:33:8e:49:b2:9f:56:05:f5:c1:53:7c:e1:42:d6:28:5c:3f:
84:34:1f:8a:53:fa:ac:8b:f3:2f:83:fa:59:01:6a:a4:bb:36:
f1:bb:c7:97:2f:5c:0b:d0:d3:48:e3:17:c7:38:61:78:f0:d3:
b2:4e:21:92
-----BEGIN CERTIFICATE-----
MIIGHDCCBQSgAwIBAgISAZyJnEnW84O5B/GsDq0ylCiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMjIzMDgyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMThkNDNkZjBhMTgyNTc3YzA0MjEyNDZlZmE5ZTMxODVkYjBjNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOYbwb32FPedHlR5BdCiWeXYqqcn
JLdTNW8NWEANvboyFYlCJl0pZ/NwFrd4ZePtWqOavYgtzq3diHESPirw8LQpbAda
Pa9sL6zoEkQykAlW8eacO8zRTNEx2JxWvcAh1qYCdEuCKa8pH+zO6uNt/n6qtQsc
iixAjpBpzuSSCB9pwz13bCKBX7Z0vUZBpePcKtc9Lw8oJUtidIH5n6upCWuqEm94
vLcsDwYQlDWCnDxvvmOxyFACSqSQqqEfudy02yHqdHoW/ncKVBOwvvxPk1wM91Eb
rjjWSDbCng8tq1bFdSvk6ikfRQaJfiLC5PNb5EWMJyZolhbiD9ezhqctEQIDAQAB
o4IDKDCCAyQwHQYDVR0OBBYEFCGNQ98KGCV3wEISRu+p4xhdsMdCMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvSVkxRDN3b1lKWGZBUWhKRzc2bmpHRjJ3eDBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPAYIKwYBBQUHAQcBAf8EggErMIIBJzCCARQEAgABMIIB
DAMEAQWsIgMEAAWsJwMEAFkXQTAMAwQAWRdDAwQDWRdAAwQBWRdKMAwDBABZF00D
BARZF0AwDAMEAFkXUwMEAFkXVAMEAFkXVgMEAFkXWAMEAFkXWgMEA1wq+AMEA11d
wDAMAwQEX4xwAwQBX4x4AwQCX4x8MAwDBAVtb+ADBABtb/AwDAMEAG1v8wMEAG1v
+jAMAwQCbW/8AwQAbW/+MAwDBAey/oADBACy/pIDBAGy/pQwDAMEALL+lwMEBbL+
gAMEALL+owMEALL+pQMEALL+qQMEALL+rAMEALL+rzAMAwQAsv63AwQAsv64MAwD
BACy/rsDBAay/oADBAC5nSwDBADBaEQDBATZqdAwDQQCAAIwBwMFACoCC1gwDQYJ
KoZIhvcNAQELBQADggEBABtMFJfgUBS6mhu7xoPOogGu7ylTRfN/ltRVh81sYgur
ztkYV0swan7LUZO/482GCj06Dqrb6s04aO2E1/tXDWCROvUULUjmgkrw6NSA6hUQ
5jpdnzV/uS9HJ02BUsH7Z1NE3xSk1BoGZuvaofj+sznCBe0Hj6hnzuGn+hWl68sC
9ygvzIJlIuL+m9kJrCyormjFh9BjT8Q+eDzihKrHs8Psveg1VYNLjhehd6xNfrZ1
QoX6fbkXOgNt5jsrEhJZG2+NbhW7ZrMzjkmyn1YF9cFTfOFC1ihcP4Q0H4pT+qyL
8y+D+lkBaqS7NvG7x5cvXAvQ00jjF8c4YXjw07JOIZI=
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:23:45 2026 by rpki-client