Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/KnEXW3Brw2MIDpGrLVFTgXMk2KA.roa
File: KnEXW3Brw2MIDpGrLVFTgXMk2KA.roa (raw, json)
Hash identifier: 3UoLaMcfbT4AG0LaTD3EcAjfBYwvEUH73Eo0nRJf2GM=
Subject key identifier: 2A:71:17:5B:70:6B:C3:63:08:0E:91:AB:2D:51:53:81:73:24:D8:A0
Certificate issuer: /CN=e9aab1446100a8fce03df19d755e06329ee24713
Certificate serial: 019C9E95DB21FF538FA0F037C22E53398DEF
Authority key identifier: E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/KnEXW3Brw2MIDpGrLVFTgXMk2KA.roa
Signing time: Fri 27 Feb 2026 10:12:26 +0000
ROA not before: Fri 27 Feb 2026 10:12:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42708
IP address blocks: 5.23.56.0/21 maxlen: 21
5.178.72.0/21 maxlen: 21
31.192.224.0/21 maxlen: 21
31.192.228.0/24 maxlen: 24
37.152.56.0/21 maxlen: 21
46.21.96.0/20 maxlen: 24
46.21.100.0/24 maxlen: 24
46.246.0.0/17 maxlen: 17
79.99.0.0/21 maxlen: 21
80.67.0.0/20 maxlen: 20
91.213.246.0/24 maxlen: 24
91.217.189.0/24 maxlen: 24
91.223.232.0/24 maxlen: 24
91.228.193.0/24 maxlen: 24
91.228.194.0/23 maxlen: 23
94.247.168.0/21 maxlen: 21
109.74.0.0/20 maxlen: 20
159.253.24.0/21 maxlen: 21
178.73.192.0/18 maxlen: 18
178.73.224.0/19 maxlen: 19
185.11.96.0/22 maxlen: 22
185.21.88.0/22 maxlen: 22
185.39.144.0/22 maxlen: 22
185.118.36.0/22 maxlen: 22
185.157.220.0/22 maxlen: 22
188.126.64.0/19 maxlen: 19
193.108.196.0/24 maxlen: 24
193.201.96.0/24 maxlen: 24
194.54.164.0/22 maxlen: 22
195.20.206.0/23 maxlen: 23
195.149.101.0/24 maxlen: 24
195.238.76.0/23 maxlen: 23
195.246.120.0/23 maxlen: 23
212.112.0.0/19 maxlen: 19
2a00:1a28::/32 maxlen: 32
2a02:750::/29 maxlen: 48
2a02:750:8::/48 maxlen: 48
2a02:750:10::/48 maxlen: 48
2a02:e400::/29 maxlen: 29
2a03:5e00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.mft
rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9e:95:db:21:ff:53:8f:a0:f0:37:c2:2e:53:39:8d:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9aab1446100a8fce03df19d755e06329ee24713
Validity
Not Before: Feb 27 10:12:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2a71175b706bc363080e91ab2d5153817324d8a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:5b:15:79:e3:04:71:de:17:c5:68:6d:59:14:
f5:44:b6:5c:0d:68:95:72:dc:0d:df:86:9e:f9:b1:
77:f7:ba:54:90:fc:13:81:07:bc:9b:4c:da:51:06:
cf:53:04:f4:e9:7f:e9:4a:cb:d8:38:d6:cc:0d:df:
41:b8:af:fa:d7:35:bc:83:9e:26:83:ac:d3:f8:e5:
69:2f:92:d3:34:68:5c:14:7d:4f:64:4b:bc:4a:d5:
9e:88:c8:b2:2c:24:3e:c0:99:40:7b:33:93:01:85:
25:91:c3:cd:18:5b:5e:de:22:82:57:dc:5f:a3:66:
80:03:03:8b:84:c8:85:97:7c:a9:01:b4:c9:d9:d8:
e2:54:99:8c:e0:c5:1a:60:ae:a6:68:31:d0:f1:03:
c0:78:6a:bf:f8:fa:18:96:01:88:bb:9c:ea:f2:fc:
f1:c7:0f:c7:f3:a5:82:07:10:e5:d4:d6:03:ee:f9:
f4:ea:e5:d1:27:1b:56:4b:df:d8:43:22:f5:e6:53:
fc:2f:8d:1b:13:6d:94:a6:79:27:6a:14:84:38:78:
5f:b0:13:4d:3c:a5:05:6b:17:98:ee:36:ca:e0:ab:
8a:e9:42:99:00:be:27:04:d1:2d:3c:55:5e:7e:b4:
32:43:8a:d2:f3:32:9a:bc:f8:1b:ff:ac:c1:eb:82:
24:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:71:17:5B:70:6B:C3:63:08:0E:91:AB:2D:51:53:81:73:24:D8:A0
X509v3 Authority Key Identifier:
keyid:E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/KnEXW3Brw2MIDpGrLVFTgXMk2KA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.56.0/21
5.178.72.0/21
31.192.224.0/21
37.152.56.0/21
46.21.96.0/20
46.246.0.0/17
79.99.0.0/21
80.67.0.0/20
91.213.246.0/24
91.217.189.0/24
91.223.232.0/24
91.228.193.0-91.228.195.255
94.247.168.0/21
109.74.0.0/20
159.253.24.0/21
178.73.192.0/18
185.11.96.0/22
185.21.88.0/22
185.39.144.0/22
185.118.36.0/22
185.157.220.0/22
188.126.64.0/19
193.108.196.0/24
193.201.96.0/24
194.54.164.0/22
195.20.206.0/23
195.149.101.0/24
195.238.76.0/23
195.246.120.0/23
212.112.0.0/19
IPv6:
2a00:1a28::/32
2a02:750::/29
2a02:e400::/29
2a03:5e00::/32
Signature Algorithm: sha256WithRSAEncryption
98:0d:50:72:94:35:ea:b1:58:88:c2:52:b5:9b:86:21:0c:6a:
e0:e7:12:ae:34:d2:fb:4d:3c:f1:e2:eb:ce:24:05:5d:d8:4e:
7a:7c:70:b7:fe:20:38:c1:8e:80:0d:db:c2:88:91:35:35:5d:
b1:1a:2f:2a:ea:06:80:12:36:47:58:85:61:e3:e6:cb:62:36:
6f:a0:17:9f:e5:8a:57:78:51:68:c1:98:d3:68:ac:62:a8:db:
48:0e:67:ca:bd:2b:92:5b:d2:1c:e1:d9:82:18:0d:eb:06:1c:
33:f4:89:2c:de:c9:c5:5f:2e:1f:32:18:96:b0:78:a3:88:11:
ee:30:e5:8e:34:63:c0:10:0b:b5:7f:b5:cd:ec:fd:8f:0f:ca:
ea:57:76:10:0c:96:a8:59:d1:10:3b:e5:b2:1c:9e:3f:f3:c1:
97:24:6b:b1:cb:10:ea:78:a3:b6:d1:e4:95:93:6e:8a:6b:97:
23:3d:e5:31:6d:b1:dc:f4:5e:41:f4:75:7b:ce:a4:7e:c5:b3:
9d:ed:e3:b5:9c:6d:03:45:c1:ba:0d:ab:c5:96:b3:a6:e7:d4:
9e:91:1c:39:a9:dc:1e:be:1b:4b:2e:71:ad:0a:b4:01:a4:6a:
48:11:3c:7a:34:3c:ac:2d:3f:91:cb:d3:53:5e:b0:ad:a0:80:
5b:33:78:61
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAZyeldsh/1OPoPA3wi5TOY3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWFiMTQ0NjEwMGE4ZmNlMDNkZjE5ZDc1NWUwNjMyOWVl
MjQ3MTMwHhcNMjYwMjI3MTAxMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTcxMTc1YjcwNmJjMzYzMDgwZTkxYWIyZDUxNTM4MTczMjRkOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FsVeeMEcd4XxWhtWRT1RLZcDWiV
ctwN34ae+bF397pUkPwTgQe8m0zaUQbPUwT06X/pSsvYONbMDd9BuK/61zW8g54m
g6zT+OVpL5LTNGhcFH1PZEu8StWeiMiyLCQ+wJlAezOTAYUlkcPNGFte3iKCV9xf
o2aAAwOLhMiFl3ypAbTJ2djiVJmM4MUaYK6maDHQ8QPAeGq/+PoYlgGIu5zq8vzx
xw/H86WCBxDl1NYD7vn06uXRJxtWS9/YQyL15lP8L40bE22UpnknahSEOHhfsBNN
PKUFaxeY7jbK4KuK6UKZAL4nBNEtPFVefrQyQ4rS8zKavPgb/6zB64Ik2wIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFCpxF1twa8NjCA6Rqy1RU4FzJNigMB8GA1UdIwQY
MBaAFOmqsURhAKj84D3xnXVeBjKe4kcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYt
YTBkYzM1NGY0Y2EzLzEvS25FWFczQnJ3Mk1JRHBHckxWRlRnWE1rMktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYtYTBkYzM1NGY0Y2Ez
LzEvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCBwwQCAAEwgbwDBAMF
FzgDBAMFskgDBAMfwOADBAMlmDgDBAQuFWADBAcu9gADBANPYwADBARQQwADBABb
1fYDBABb2b0DBABb3+gwDAMEAFvkwQMEAlvkwAMEA173qAMEBG1KAAMEA5/9GAME
BrJJwAMEArkLYAMEArkVWAMEArknkAMEArl2JAMEArmd3AMEBbx+QAMEAMFsxAME
AMHJYAMEAsI2pAMEAcMUzgMEAMOVZQMEAcPuTAMEAcP2eAMEBdRwADAiBAIAAjAc
AwUAKgAaKAMFAyoCB1ADBQMqAuQAAwUAKgNeADANBgkqhkiG9w0BAQsFAAOCAQEA
mA1QcpQ16rFYiMJStZuGIQxq4OcSrjTS+0088eLrziQFXdhOenxwt/4gOMGOgA3b
woiRNTVdsRovKuoGgBI2R1iFYePmy2I2b6AXn+WKV3hRaMGY02isYqjbSA5nyr0r
klvSHOHZghgN6wYcM/SJLN7JxV8uHzIYlrB4o4gR7jDljjRjwBALtX+1zez9jw/K
6ld2EAyWqFnREDvlshyeP/PBlyRrscsQ6nijttHklZNuimuXIz3lMW2x3PReQfR1
e86kfsWzne3jtZxtA0XBug2rxZazpufUnpEcOancHr4bSy5xrQq0AaRqSBE8ejQ8
rC0/kcvTU16wraCAWzN4YQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:32:59 2026 by rpki-client