Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XLDNxA63G2vAo5DcVFJP_8qH_lU.roa
File: XLDNxA63G2vAo5DcVFJP_8qH_lU.roa (raw, json)
Hash identifier: PlNCj7O474dXPu6RR7pikSE0sWydtv8HttNpi49XYc0=
Subject key identifier: 5C:B0:CD:C4:0E:B7:1B:6B:C0:A3:90:DC:54:52:4F:FF:CA:87:FE:55
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019C96244C4225D8158ED8A826AABE0BDE3C
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XLDNxA63G2vAo5DcVFJP_8qH_lU.roa
Signing time: Wed 25 Feb 2026 18:51:27 +0000
ROA not before: Wed 25 Feb 2026 18:51:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 22616
IP address blocks: 147.161.128.0/23 maxlen: 24
159.254.58.0/23 maxlen: 24
159.254.60.0/23 maxlen: 24
159.254.64.0/23 maxlen: 24
159.254.66.0/23 maxlen: 24
159.254.69.0/24 maxlen: 24
159.254.84.0/24 maxlen: 24
159.254.85.0/24 maxlen: 24
159.254.86.0/24 maxlen: 24
159.254.92.0/24 maxlen: 24
159.254.93.0/24 maxlen: 24
159.254.94.0/24 maxlen: 24
159.254.95.0/24 maxlen: 24
159.254.96.0/24 maxlen: 24
159.254.97.0/24 maxlen: 24
159.254.99.0/24 maxlen: 24
159.254.100.0/24 maxlen: 24
159.254.182.0/23 maxlen: 24
159.254.184.0/23 maxlen: 24
159.254.202.0/24 maxlen: 24
159.254.209.0/24 maxlen: 24
159.254.217.0/24 maxlen: 24
159.254.220.0/24 maxlen: 24
159.254.221.0/24 maxlen: 24
159.254.240.0/24 maxlen: 24
164.137.4.0/24 maxlen: 24
164.137.5.0/24 maxlen: 24
164.137.6.0/24 maxlen: 24
164.137.7.0/24 maxlen: 24
164.137.8.0/24 maxlen: 24
164.137.9.0/24 maxlen: 24
164.137.10.0/24 maxlen: 24
164.137.11.0/24 maxlen: 24
164.137.12.0/24 maxlen: 24
164.137.13.0/24 maxlen: 24
164.137.14.0/24 maxlen: 24
164.137.15.0/24 maxlen: 24
164.137.16.0/24 maxlen: 24
164.137.17.0/24 maxlen: 24
164.137.18.0/24 maxlen: 24
164.137.19.0/24 maxlen: 24
164.137.20.0/24 maxlen: 24
164.137.21.0/24 maxlen: 24
164.137.22.0/24 maxlen: 24
164.137.23.0/24 maxlen: 24
164.137.24.0/24 maxlen: 24
164.137.25.0/24 maxlen: 24
164.137.26.0/24 maxlen: 24
164.137.27.0/24 maxlen: 24
164.137.28.0/24 maxlen: 24
164.137.29.0/24 maxlen: 24
164.137.30.0/24 maxlen: 24
164.137.31.0/24 maxlen: 24
164.137.32.0/24 maxlen: 24
164.137.33.0/24 maxlen: 24
164.137.34.0/24 maxlen: 24
164.137.35.0/24 maxlen: 24
164.137.36.0/24 maxlen: 24
164.137.37.0/24 maxlen: 24
164.137.38.0/24 maxlen: 24
164.137.39.0/24 maxlen: 24
164.137.40.0/24 maxlen: 24
164.137.41.0/24 maxlen: 24
164.137.42.0/24 maxlen: 24
164.137.43.0/24 maxlen: 24
164.137.44.0/24 maxlen: 24
164.137.45.0/24 maxlen: 24
164.137.46.0/24 maxlen: 24
164.137.47.0/24 maxlen: 24
164.137.48.0/24 maxlen: 24
164.137.49.0/24 maxlen: 24
164.137.50.0/24 maxlen: 24
164.137.51.0/24 maxlen: 24
164.137.52.0/24 maxlen: 24
164.137.53.0/24 maxlen: 24
2a03:eec0:3212::/48 maxlen: 48
2a03:eec0:321b::/48 maxlen: 48
2a03:eec0:322b::/48 maxlen: 48
2a03:eec0:322c::/48 maxlen: 48
2a03:eec0:322d::/48 maxlen: 48
2a03:eec0:322e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 06:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:96:24:4c:42:25:d8:15:8e:d8:a8:26:aa:be:0b:de:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Feb 25 18:51:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5cb0cdc40eb71b6bc0a390dc54524fffca87fe55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:6e:2b:cd:07:c9:a3:d8:75:f1:d2:e5:c9:62:
e7:b1:cc:3d:81:e7:80:6a:fb:a5:bd:b4:ce:aa:3e:
24:a6:86:41:06:65:63:d7:55:b1:58:1d:b4:15:39:
72:bc:36:56:c7:b2:c1:32:3d:f7:01:19:45:eb:34:
e1:5c:a1:2b:0c:a9:22:08:e7:9e:06:cf:30:68:9e:
37:96:c3:11:16:cb:4c:ee:3f:e8:cf:5d:50:da:58:
74:67:b8:dc:3b:ee:9a:3e:4f:05:7c:e6:2f:65:48:
8a:8a:9b:c6:f5:e4:ea:09:95:ef:72:a1:6a:db:65:
58:bc:b5:c4:23:47:ac:73:df:4e:5e:71:9a:4d:d8:
38:7a:34:4b:85:f5:7a:73:82:24:d1:4e:e0:a1:6f:
64:37:69:52:71:ae:3c:a4:56:84:64:64:1d:57:41:
35:52:7c:61:4d:a1:15:e8:8e:a6:fe:a6:d6:8c:e8:
84:2d:ff:c0:33:db:9c:ec:66:4c:00:61:6a:e0:40:
73:61:89:4e:7d:a7:98:87:fc:41:da:f4:6c:e3:1c:
42:72:d5:40:4b:c1:d0:39:db:94:af:6a:8e:38:45:
47:b4:03:1e:a7:2f:45:28:9a:b3:b1:f6:b1:df:5d:
42:c4:99:80:b5:a2:51:cf:66:8e:48:68:ff:51:91:
c4:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:B0:CD:C4:0E:B7:1B:6B:C0:A3:90:DC:54:52:4F:FF:CA:87:FE:55
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XLDNxA63G2vAo5DcVFJP_8qH_lU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.128.0/23
159.254.58.0-159.254.61.255
159.254.64.0/22
159.254.69.0/24
159.254.84.0-159.254.86.255
159.254.92.0-159.254.97.255
159.254.99.0-159.254.100.255
159.254.182.0-159.254.185.255
159.254.202.0/24
159.254.209.0/24
159.254.217.0/24
159.254.220.0/23
159.254.240.0/24
164.137.4.0-164.137.53.255
IPv6:
2a03:eec0:3212::/48
2a03:eec0:321b::/48
2a03:eec0:322b::-2a03:eec0:322e:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
33:d4:56:78:a6:a9:0a:f5:e9:6a:bb:92:19:50:07:72:82:c2:
56:76:d5:ad:0e:60:47:65:7b:99:d8:2c:b0:76:8f:15:1c:2b:
d5:2f:95:ec:8a:8e:cd:7a:ca:b1:66:ef:29:44:37:5d:db:0d:
77:af:01:a7:b8:bd:26:21:a9:c7:6e:0b:29:67:67:a9:f6:03:
9a:9f:4c:a9:5e:32:cb:ac:c9:56:5b:a7:00:1e:23:1f:4e:00:
cb:86:0f:3e:95:a5:e9:93:7e:15:e3:eb:33:74:1e:32:b2:8d:
5d:38:2d:f3:bc:8a:10:6c:e2:26:90:8f:15:41:7b:91:b5:07:
c4:c9:a2:64:55:43:aa:17:57:b7:52:63:f4:f8:fc:61:56:9a:
dd:ef:5a:3f:59:16:f0:e5:91:e1:4a:ed:0e:38:96:43:5e:32:
c9:c6:9c:be:2b:c4:6d:6c:9e:35:69:07:aa:ad:04:00:98:bc:
31:76:45:79:a8:1d:07:89:d3:36:c1:16:6f:ff:4d:74:1c:77:
56:71:55:4c:48:9d:a8:f5:18:3a:07:de:52:09:f1:59:8d:4f:
77:fe:d3:74:77:b3:25:d7:e0:b2:51:6d:2a:02:e8:fb:e6:08:
ef:d3:28:c7:04:41:bb:1e:d9:91:0e:69:0b:41:a7:76:0c:ad:
91:b0:5b:03
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAZyWJExCJdgVjtioJqq+C948MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMjI1MTg1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2IwY2RjNDBlYjcxYjZiYzBhMzkwZGM1NDUyNGZmZmNhODdmZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA824rzQfJo9h18dLlyWLnscw9geeA
avulvbTOqj4kpoZBBmVj11WxWB20FTlyvDZWx7LBMj33ARlF6zThXKErDKkiCOee
Bs8waJ43lsMRFstM7j/oz11Q2lh0Z7jcO+6aPk8FfOYvZUiKipvG9eTqCZXvcqFq
22VYvLXEI0esc99OXnGaTdg4ejRLhfV6c4Ik0U7goW9kN2lSca48pFaEZGQdV0E1
UnxhTaEV6I6m/qbWjOiELf/AM9uc7GZMAGFq4EBzYYlOfaeYh/xB2vRs4xxCctVA
S8HQOduUr2qOOEVHtAMepy9FKJqzsfax311CxJmAtaJRz2aOSGj/UZHEzwIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFFywzcQOtxtrwKOQ3FRST//Kh/5VMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvWExETnhBNjNHMnZBbzVEY1ZGSlBfOHFIX2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHPBggrBgEFBQcBBwEB/wSBvzCBvDCBiwQCAAEwgYQDBAGT
oYAwDAMEAZ/+OgMEAZ/+PAMEAp/+QAMEAJ/+RTAMAwQCn/5UAwQAn/5WMAwDBAKf
/lwDBAGf/mAwDAMEAJ/+YwMEAJ/+ZDAMAwQBn/62AwQBn/64AwQAn/7KAwQAn/7R
AwQAn/7ZAwQBn/7cAwQAn/7wMAwDBAKkiQQDBAGkiTQwLAQCAAIwJgMHACoD7sAy
EgMHACoD7sAyGzASAwcAKgPuwDIrAwcAKgPuwDIuMA0GCSqGSIb3DQEBCwUAA4IB
AQAz1FZ4pqkK9elqu5IZUAdygsJWdtWtDmBHZXuZ2Cywdo8VHCvVL5Xsio7Nesqx
Zu8pRDdd2w13rwGnuL0mIanHbgspZ2ep9gOan0ypXjLLrMlWW6cAHiMfTgDLhg8+
laXpk34V4+szdB4yso1dOC3zvIoQbOImkI8VQXuRtQfEyaJkVUOqF1e3UmP0+Pxh
Vprd71o/WRbw5ZHhSu0OOJZDXjLJxpy+K8RtbJ41aQeqrQQAmLwxdkV5qB0HidM2
wRZv/010HHdWcVVMSJ2o9Rg6B95SCfFZjU93/tN0d7Ml1+CyUW0qAuj75gjv0yjH
BEG7HtmRDmkLQad2DK2RsFsD
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:13:31 2026 by rpki-client