Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/NWiUT2h5N844d0_aD_PPs6l--WE.roa
File: NWiUT2h5N844d0_aD_PPs6l--WE.roa (raw, json)
Hash identifier: tFi5JSQJ28jym+kV92b0uTOcCyV0DXc/kCOA77oQXFg=
Subject key identifier: 35:68:94:4F:68:79:37:CE:38:77:4F:DA:0F:F3:CF:B3:A9:7E:F9:61
Certificate issuer: /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial: 019D715A5B3C8FC80090BE9F3D25F0A14F8F
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/NWiUT2h5N844d0_aD_PPs6l--WE.roa
Signing time: Thu 09 Apr 2026 08:27:20 +0000
ROA not before: Thu 09 Apr 2026 08:27:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43519
IP address blocks: 149.20.120.0/24 maxlen: 24
149.20.121.0/24 maxlen: 24
149.20.122.0/24 maxlen: 24
149.20.123.0/24 maxlen: 24
213.248.200.0/24 maxlen: 24
213.248.201.0/24 maxlen: 24
213.248.202.0/24 maxlen: 24
213.248.203.0/24 maxlen: 24
213.248.204.0/24 maxlen: 24
213.248.205.0/24 maxlen: 24
213.248.216.0/24 maxlen: 24
213.248.217.0/24 maxlen: 24
213.248.218.0/24 maxlen: 24
213.248.219.0/24 maxlen: 24
213.248.220.0/24 maxlen: 24
213.248.221.0/24 maxlen: 24
213.248.222.0/24 maxlen: 24
213.248.223.0/24 maxlen: 24
213.248.224.0/24 maxlen: 24
213.248.225.0/24 maxlen: 24
213.248.226.0/24 maxlen: 24
213.248.227.0/24 maxlen: 24
213.248.254.0/24 maxlen: 24
2a01:618:200::/48 maxlen: 48
2a01:618:201::/48 maxlen: 48
2a01:618:202::/48 maxlen: 48
2a01:618:203::/48 maxlen: 48
2a01:618:400::/48 maxlen: 48
2a01:618:401::/48 maxlen: 48
2a01:618:402::/48 maxlen: 48
2a01:618:403::/48 maxlen: 48
2a01:618:404::/48 maxlen: 48
2a01:618:405::/48 maxlen: 48
2a01:618:406::/48 maxlen: 48
2a01:618:407::/48 maxlen: 48
2a01:618:408::/48 maxlen: 48
2a01:618:409::/48 maxlen: 48
2a01:61e:1::/48 maxlen: 48
2a01:61e:2::/48 maxlen: 48
2a01:61e:3::/48 maxlen: 48
2a01:61e:4::/48 maxlen: 48
2a01:61e:5::/48 maxlen: 48
2a01:61e:6::/48 maxlen: 48
2a01:61e:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:71:5a:5b:3c:8f:c8:00:90:be:9f:3d:25:f0:a1:4f:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Validity
Not Before: Apr 9 08:27:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3568944f687937ce38774fda0ff3cfb3a97ef961
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:0a:7b:8c:ed:ce:8f:b7:d3:0a:d2:a4:40:ae:
f3:36:1e:68:b8:82:77:8c:a8:23:74:6f:75:e5:21:
1b:84:18:77:45:09:43:c8:b1:b7:7e:13:7d:04:9f:
b9:29:f4:67:79:cd:c8:05:25:cb:2d:e6:9e:3d:41:
39:1d:7b:af:cf:d4:60:b2:a4:57:60:f0:20:34:a9:
9e:5c:6b:9a:3e:d3:b1:24:a2:78:b7:1f:3d:74:0a:
d1:3d:ff:b3:eb:23:85:d5:ed:36:52:a3:58:2c:01:
46:ed:9c:c9:bd:40:e5:1a:49:5d:96:c1:c6:a6:f4:
c9:56:c7:49:b1:bf:e4:2d:86:56:5c:d7:6e:ae:5f:
2a:4c:24:dd:7d:c7:7d:49:8d:b2:95:ce:1e:56:8a:
e7:53:1e:a7:6f:f3:65:80:78:a8:fb:11:bb:3a:26:
d6:30:5a:b3:e0:5b:f1:57:69:55:0d:53:04:46:98:
c3:06:e5:bb:f5:2a:75:28:34:ba:19:95:c3:8c:41:
53:be:31:b2:8b:fe:b0:de:7d:29:5d:95:28:8e:49:
61:af:ab:6b:b1:0e:ac:9e:fb:5b:ed:53:b5:5c:b1:
fe:69:c0:3d:a9:2e:1b:4e:cf:40:3a:71:3f:bf:42:
1f:10:7f:f7:3b:3a:5d:7e:c4:06:8e:a9:9e:87:a1:
0c:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:68:94:4F:68:79:37:CE:38:77:4F:DA:0F:F3:CF:B3:A9:7E:F9:61
X509v3 Authority Key Identifier:
keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/NWiUT2h5N844d0_aD_PPs6l--WE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.20.120.0/22
213.248.200.0-213.248.205.255
213.248.216.0-213.248.227.255
213.248.254.0/24
IPv6:
2a01:618:200::/46
2a01:618:400::-2a01:618:409:ffff:ffff:ffff:ffff:ffff
2a01:61e:1::-2a01:61e:6:ffff:ffff:ffff:ffff:ffff
2a01:61e:ffff::/48
Signature Algorithm: sha256WithRSAEncryption
69:56:e4:43:a7:fb:88:db:3c:1d:1f:b2:33:18:ed:61:ea:46:
26:86:5b:bc:03:c4:78:35:14:16:97:45:b2:92:a6:93:ba:1d:
0a:80:65:f5:de:26:b4:fe:6b:66:97:89:9c:12:7a:1d:f5:57:
23:8c:57:99:b7:4f:c6:d8:4e:73:67:70:bf:3d:78:91:99:e0:
71:7c:bf:e0:e5:98:bc:e8:fe:e6:95:24:82:0e:f0:a6:f1:c8:
1c:33:5a:28:6c:57:50:d8:69:19:66:78:10:52:39:14:86:a8:
20:88:67:c8:c5:ba:73:80:9d:8c:12:ff:40:f0:2e:80:86:99:
9b:19:20:50:da:bd:e6:67:2b:1d:4e:c7:25:ad:e5:7f:33:81:
5c:1b:d6:f3:73:8b:5b:15:ec:f7:35:51:83:10:0f:75:f5:11:
ab:f7:7e:ca:97:db:ce:dd:4d:64:43:ad:22:b2:88:fc:ad:69:
d2:93:69:f7:79:7d:d8:73:9a:b0:f0:4e:e2:83:25:78:d7:07:
c7:e9:e3:a2:7b:52:d6:c9:1a:56:e0:76:ab:2d:d5:35:c1:ff:
bb:5d:b7:ba:3d:f1:08:27:52:4b:74:a2:e4:5a:e7:82:9c:ca:
9d:cf:c4:ba:c3:91:61:75:75:93:0b:7b:a3:cb:37:fd:f7:47:
80:c6:9e:48
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZ1xWls8j8gAkL6fPSXwoU+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjYwNDA5MDgyNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTY4OTQ0ZjY4NzkzN2NlMzg3NzRmZGEwZmYzY2ZiM2E5N2VmOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQp7jO3Oj7fTCtKkQK7zNh5ouIJ3
jKgjdG915SEbhBh3RQlDyLG3fhN9BJ+5KfRnec3IBSXLLeaePUE5HXuvz9RgsqRX
YPAgNKmeXGuaPtOxJKJ4tx89dArRPf+z6yOF1e02UqNYLAFG7ZzJvUDlGkldlsHG
pvTJVsdJsb/kLYZWXNdurl8qTCTdfcd9SY2ylc4eVornUx6nb/NlgHio+xG7OibW
MFqz4FvxV2lVDVMERpjDBuW79Sp1KDS6GZXDjEFTvjGyi/6w3n0pXZUojklhr6tr
sQ6snvtb7VO1XLH+acA9qS4bTs9AOnE/v0IfEH/3OzpdfsQGjqmeh6EMuQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFDVolE9oeTfOOHdP2g/zz7OpfvlhMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvTldpVVQyaDVOODQ0ZDBfYURfUFBzNmwtLVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwLgQCAAEwKAMEApUUeDAM
AwQD1fjIAwQB1fjMMAwDBAPV+NgDBALV+OADBADV+P4wPwQCAAIwOQMHAioBBhgC
ADARAwYCKgEGGAQDBwEqAQYYBAgwEgMHACoBBh4AAQMHACoBBh4ABgMHACoBBh7/
/zANBgkqhkiG9w0BAQsFAAOCAQEAaVbkQ6f7iNs8HR+yMxjtYepGJoZbvAPEeDUU
FpdFspKmk7odCoBl9d4mtP5rZpeJnBJ6HfVXI4xXmbdPxthOc2dwvz14kZngcXy/
4OWYvOj+5pUkgg7wpvHIHDNaKGxXUNhpGWZ4EFI5FIaoIIhnyMW6c4CdjBL/QPAu
gIaZmxkgUNq95mcrHU7HJa3lfzOBXBvW83OLWxXs9zVRgxAPdfURq/d+ypfbzt1N
ZEOtIrKI/K1p0pNp93l92HOasPBO4oMleNcHx+njontS1skaVuB2qy3VNcH/u123
uj3xCCdSS3Si5FrngpzKnc/EusORYXV1kwt7o8s3/fdHgMaeSA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:58:27 2026 by rpki-client