Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/SPPQs6sj1ChGjioRgdt4m0EK_DI.roa
File: SPPQs6sj1ChGjioRgdt4m0EK_DI.roa (raw, json)
Hash identifier: dA7acJP1FFj2uYgRIKSdY63Jcht0mQAVqYE4S/QoGHQ=
Subject key identifier: 48:F3:D0:B3:AB:23:D4:28:46:8E:2A:11:81:DB:78:9B:41:0A:FC:32
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019C9BD5D09A811FFFDC8CF054659F71B4BA
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/SPPQs6sj1ChGjioRgdt4m0EK_DI.roa
Signing time: Thu 26 Feb 2026 21:23:26 +0000
ROA not before: Thu 26 Feb 2026 21:23:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 87.58.64.0/24 maxlen: 24
87.58.65.0/24 maxlen: 24
137.31.4.0/24 maxlen: 24
137.31.5.0/24 maxlen: 24
137.31.6.0/24 maxlen: 24
137.31.7.0/24 maxlen: 24
159.254.0.0/24 maxlen: 24
159.254.1.0/24 maxlen: 24
159.254.2.0/24 maxlen: 24
159.254.3.0/24 maxlen: 24
159.254.4.0/24 maxlen: 24
159.254.5.0/24 maxlen: 24
159.254.6.0/24 maxlen: 24
159.254.7.0/24 maxlen: 24
159.254.8.0/24 maxlen: 24
159.254.9.0/24 maxlen: 24
159.254.10.0/24 maxlen: 24
159.254.11.0/24 maxlen: 24
159.254.12.0/24 maxlen: 24
159.254.80.0/24 maxlen: 24
159.254.81.0/24 maxlen: 24
159.254.82.0/24 maxlen: 24
159.254.186.0/24 maxlen: 24
159.254.187.0/24 maxlen: 24
159.254.188.0/24 maxlen: 24
159.254.189.0/24 maxlen: 24
159.254.190.0/24 maxlen: 24
159.254.191.0/24 maxlen: 24
159.254.200.0/24 maxlen: 24
159.254.201.0/24 maxlen: 24
159.254.207.0/24 maxlen: 24
159.254.208.0/24 maxlen: 24
194.9.116.0/24 maxlen: 24
2a03:eec0:3601::/48 maxlen: 48
2a03:eec0:3602::/48 maxlen: 48
2a03:eec0:3603::/48 maxlen: 48
2a03:eec0:3604::/48 maxlen: 48
2a03:eec0:3605::/48 maxlen: 48
2a03:eec0:3606::/48 maxlen: 48
2a03:eec0:3607::/48 maxlen: 48
2a03:eec0:3608::/48 maxlen: 48
2a03:eec0:3609::/48 maxlen: 48
2a03:eec0:360a::/48 maxlen: 48
2a03:eec0:360b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9b:d5:d0:9a:81:1f:ff:dc:8c:f0:54:65:9f:71:b4:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Feb 26 21:23:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=48f3d0b3ab23d428468e2a1181db789b410afc32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:aa:40:ea:7e:b4:cd:a2:e0:0f:15:a0:a9:71:
09:fe:35:18:bd:7d:82:6e:38:85:2b:31:f0:13:4f:
7a:f5:9c:1d:5f:55:7e:5d:08:07:d0:5f:ab:24:7a:
78:d5:0e:34:79:75:ca:40:53:3b:1c:d7:df:d6:ca:
6a:12:32:7a:b0:6a:9f:ea:37:82:c5:c0:2b:13:5a:
19:0c:3b:cd:02:8d:3e:ae:cb:08:91:9d:41:5b:3d:
0d:68:f0:6a:54:46:fb:73:78:5a:dd:84:d9:d7:60:
c7:5d:58:f9:22:0d:19:e0:80:33:d3:9c:f1:9a:dd:
29:64:12:ef:ed:9e:78:87:ac:ca:77:60:bf:11:86:
7f:49:eb:a1:0d:f3:20:95:ff:2e:b2:87:ca:2b:b9:
d1:08:bb:d6:85:8e:25:1c:6b:c4:30:a3:e3:c2:db:
4f:78:33:73:37:1b:b5:03:7a:10:b3:7a:7f:69:ba:
27:2b:54:0b:d3:ea:40:33:23:a5:b1:2b:00:93:a0:
30:48:ca:a3:2e:a3:71:c7:a6:e4:b2:6a:fd:0c:e8:
20:5e:40:60:98:f6:6f:d1:34:7e:6a:8f:74:bb:f2:
15:b8:20:b0:3f:73:bc:52:ac:04:1a:e5:32:3e:96:
83:df:15:c2:cc:cf:02:ed:2c:87:5e:4b:a4:91:f1:
8a:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:F3:D0:B3:AB:23:D4:28:46:8E:2A:11:81:DB:78:9B:41:0A:FC:32
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/SPPQs6sj1ChGjioRgdt4m0EK_DI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.64.0/23
137.31.4.0/22
159.254.0.0-159.254.12.255
159.254.80.0-159.254.82.255
159.254.186.0-159.254.191.255
159.254.200.0/23
159.254.207.0-159.254.208.255
194.9.116.0/24
IPv6:
2a03:eec0:3601::-2a03:eec0:360b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
a1:a7:82:ff:60:dd:ac:58:ea:b1:71:ac:c1:ab:c7:19:28:92:
9a:29:a1:df:ec:82:3b:e5:b3:2c:df:69:d1:33:7c:15:07:b1:
47:4f:c6:1e:e0:f3:d6:0f:80:30:38:bb:f1:19:13:26:5d:65:
94:d7:98:b9:d3:87:dc:8a:97:93:6a:79:66:1a:e0:b3:85:5a:
94:21:d5:59:4b:6a:b6:75:af:63:3f:98:5c:c1:3b:dc:5e:e3:
9c:c5:11:6c:a3:b1:21:35:a5:fd:a8:ec:54:25:c1:91:c2:7a:
a3:2e:20:b4:88:5c:8f:5e:53:1d:d9:54:84:70:97:3a:1a:2a:
95:f6:57:4d:28:af:8d:45:f1:2f:ff:62:09:a9:2e:81:6b:dc:
e7:f8:11:ee:d6:81:42:90:ad:8b:b9:e2:85:14:3a:d4:ef:d8:
e9:d4:68:6e:7c:57:d8:80:5f:3f:e1:91:30:0d:1a:a4:14:f0:
46:29:28:ff:92:50:2c:26:64:b5:10:f3:f2:56:57:d3:28:ed:
86:55:54:91:f1:7b:08:41:61:5d:63:27:e5:0e:ff:08:85:93:
4a:27:a2:ae:36:26:9d:2d:a4:6b:13:df:3e:a9:04:9b:bd:0f:
bd:ab:cc:2d:a2:cd:ef:1f:c2:da:8f:28:1d:56:51:38:de:a2:
80:68:65:75
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZyb1dCagR//3IzwVGWfcbS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMjI2MjEyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGYzZDBiM2FiMjNkNDI4NDY4ZTJhMTE4MWRiNzg5YjQxMGFmYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6pA6n60zaLgDxWgqXEJ/jUYvX2C
bjiFKzHwE0969ZwdX1V+XQgH0F+rJHp41Q40eXXKQFM7HNff1spqEjJ6sGqf6jeC
xcArE1oZDDvNAo0+rssIkZ1BWz0NaPBqVEb7c3ha3YTZ12DHXVj5Ig0Z4IAz05zx
mt0pZBLv7Z54h6zKd2C/EYZ/SeuhDfMglf8usofKK7nRCLvWhY4lHGvEMKPjwttP
eDNzNxu1A3oQs3p/abonK1QL0+pAMyOlsSsAk6AwSMqjLqNxx6bksmr9DOggXkBg
mPZv0TR+ao90u/IVuCCwP3O8UqwEGuUyPpaD3xXCzM8C7SyHXkukkfGKBwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFEjz0LOrI9QoRo4qEYHbeJtBCvwyMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvU1BQUXM2c2oxQ2hHamlvUmdkdDRtMEVLX0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwVQQCAAEwTwMEAVc6QAME
AokfBDALAwMBn/4DBACf/gwwDAMEBJ/+UAMEAJ/+UjAMAwQBn/66AwQGn/6AAwQB
n/7IMAwDBACf/s8DBACf/tADBADCCXQwGgQCAAIwFDASAwcAKgPuwDYBAwcCKgPu
wDYIMA0GCSqGSIb3DQEBCwUAA4IBAQChp4L/YN2sWOqxcazBq8cZKJKaKaHf7II7
5bMs32nRM3wVB7FHT8Ye4PPWD4AwOLvxGRMmXWWU15i504fcipeTanlmGuCzhVqU
IdVZS2q2da9jP5hcwTvcXuOcxRFso7EhNaX9qOxUJcGRwnqjLiC0iFyPXlMd2VSE
cJc6GiqV9ldNKK+NRfEv/2IJqS6Ba9zn+BHu1oFCkK2LueKFFDrU79jp1GhufFfY
gF8/4ZEwDRqkFPBGKSj/klAsJmS1EPPyVlfTKO2GVVSR8XsIQWFdYyflDv8IhZNK
J6KuNiadLaRrE98+qQSbvQ+9q8wtos3vH8LajygdVlE43qKAaGV1
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:38:57 2026 by rpki-client