Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/wgk7tbWmPW1ceRhgjBnAVe2XcSo.roa
File: wgk7tbWmPW1ceRhgjBnAVe2XcSo.roa (raw, json)
Hash identifier: ArVzv6tRuWJhm3qMA99cKCCM7Y2OnnqGto+xwi0HB+I=
Subject key identifier: C2:09:3B:B5:B5:A6:3D:6D:5C:79:18:60:8C:19:C0:55:ED:97:71:2A
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019C9BD5D10E540990BA127580EB90E106C4
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/wgk7tbWmPW1ceRhgjBnAVe2XcSo.roa
Signing time: Thu 26 Feb 2026 21:23:27 +0000
ROA not before: Thu 26 Feb 2026 21:23:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 87.58.64.0/24 maxlen: 24
87.58.65.0/24 maxlen: 24
137.31.4.0/24 maxlen: 24
137.31.5.0/24 maxlen: 24
137.31.6.0/24 maxlen: 24
137.31.7.0/24 maxlen: 24
159.254.0.0/24 maxlen: 24
159.254.1.0/24 maxlen: 24
159.254.2.0/24 maxlen: 24
159.254.3.0/24 maxlen: 24
159.254.4.0/24 maxlen: 24
159.254.5.0/24 maxlen: 24
159.254.6.0/24 maxlen: 24
159.254.7.0/24 maxlen: 24
159.254.8.0/24 maxlen: 24
159.254.9.0/24 maxlen: 24
159.254.10.0/24 maxlen: 24
159.254.11.0/24 maxlen: 24
159.254.12.0/24 maxlen: 24
159.254.80.0/24 maxlen: 24
159.254.81.0/24 maxlen: 24
159.254.82.0/24 maxlen: 24
159.254.186.0/24 maxlen: 24
159.254.187.0/24 maxlen: 24
159.254.188.0/24 maxlen: 24
159.254.189.0/24 maxlen: 24
159.254.190.0/24 maxlen: 24
159.254.191.0/24 maxlen: 24
159.254.200.0/24 maxlen: 24
159.254.201.0/24 maxlen: 24
159.254.207.0/24 maxlen: 24
159.254.208.0/24 maxlen: 24
194.9.116.0/24 maxlen: 24
2a03:eec0:3601::/48 maxlen: 48
2a03:eec0:3602::/48 maxlen: 48
2a03:eec0:3603::/48 maxlen: 48
2a03:eec0:3604::/48 maxlen: 48
2a03:eec0:3605::/48 maxlen: 48
2a03:eec0:3606::/48 maxlen: 48
2a03:eec0:3607::/48 maxlen: 48
2a03:eec0:3608::/48 maxlen: 48
2a03:eec0:3609::/48 maxlen: 48
2a03:eec0:360a::/48 maxlen: 48
2a03:eec0:360b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9b:d5:d1:0e:54:09:90:ba:12:75:80:eb:90:e1:06:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Feb 26 21:23:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c2093bb5b5a63d6d5c7918608c19c055ed97712a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ab:1e:ac:c1:30:d0:1c:a6:6e:4c:5f:1f:29:
62:1a:0f:6a:ba:27:85:4e:ad:07:7c:ed:42:59:7a:
8c:6b:0f:d9:a3:db:da:70:7c:71:5b:44:33:7e:c0:
bb:90:f9:79:b4:45:d6:52:2e:50:df:98:e4:e0:69:
b4:8a:d0:64:6b:14:14:e8:66:9d:04:85:0e:1b:42:
22:d9:50:d1:10:cd:94:c8:fd:5a:81:85:c5:7b:ad:
62:f6:eb:8f:b6:cb:46:0b:1a:df:e5:9e:72:a9:e1:
4c:16:1b:1b:cb:a6:87:52:2a:28:e2:74:d6:7c:98:
31:2b:0a:53:f4:28:53:d2:68:65:3c:f2:c0:e6:21:
0b:fa:d5:4a:5b:58:99:ed:c0:c8:71:61:c6:8b:1b:
d2:8e:a0:ce:8e:17:bf:56:6d:2a:4a:18:8e:09:21:
a7:8a:aa:d0:81:e8:fe:47:68:eb:7d:b9:67:1a:99:
ba:f4:b0:97:72:f7:2d:69:e9:1f:3c:42:8b:77:b2:
63:a2:ed:1b:9b:f6:38:48:fa:89:bd:8a:e4:a2:de:
07:f6:71:6d:46:71:b6:ef:50:c6:29:3e:a0:f8:51:
e5:d5:57:a7:23:68:67:b3:fa:54:e4:67:59:a8:0c:
a3:44:d5:a9:03:ee:56:d7:26:33:c3:bf:6a:69:84:
92:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:09:3B:B5:B5:A6:3D:6D:5C:79:18:60:8C:19:C0:55:ED:97:71:2A
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/wgk7tbWmPW1ceRhgjBnAVe2XcSo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.64.0/23
137.31.4.0/22
159.254.0.0-159.254.12.255
159.254.80.0-159.254.82.255
159.254.186.0-159.254.191.255
159.254.200.0/23
159.254.207.0-159.254.208.255
194.9.116.0/24
IPv6:
2a03:eec0:3601::-2a03:eec0:360b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
61:6d:4c:ce:52:71:fd:2f:df:8d:3f:d8:e5:bc:a1:16:9b:f5:
e7:f3:3a:78:86:00:a5:be:71:22:29:c6:b9:ea:66:94:c0:4f:
18:3e:41:d1:ec:1d:08:fe:24:52:5d:de:73:5d:43:9a:4e:d6:
f5:21:ef:b0:c7:8e:31:bc:77:65:95:d5:35:ee:dd:c0:41:1e:
32:b8:cf:a4:d6:5d:8c:c5:1e:08:4b:9e:0a:48:b0:26:e9:53:
c6:5c:a9:ec:86:80:9d:df:96:41:cf:47:31:38:2f:5d:16:44:
5b:b8:f9:ee:16:48:cc:db:73:31:3c:29:af:ee:b1:bf:69:b9:
74:17:cb:c2:4f:70:5c:7c:74:72:2f:d4:48:f8:f7:0b:b5:a4:
dc:64:88:df:ca:16:15:4c:0e:6b:6e:93:b8:85:3e:ef:67:bd:
c9:bf:4a:a5:58:be:e0:e6:6c:ce:66:67:7a:17:bb:0f:86:4e:
7c:c0:32:14:24:dd:d3:04:35:66:22:12:66:dd:f6:43:1e:91:
55:5d:d3:6a:41:34:ed:a9:94:67:ae:13:17:16:2d:55:e0:92:
24:22:62:66:91:93:95:7d:65:f8:7b:a1:e7:f4:e7:64:62:bf:
34:2d:5c:97:4b:ed:a4:f8:b5:1b:a3:37:d8:bf:66:d8:c4:28:
40:5f:4e:b1
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZyb1dEOVAmQuhJ1gOuQ4QbEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMjI2MjEyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjA5M2JiNWI1YTYzZDZkNWM3OTE4NjA4YzE5YzA1NWVkOTc3MTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraserMEw0BymbkxfHyliGg9quieF
Tq0HfO1CWXqMaw/Zo9vacHxxW0QzfsC7kPl5tEXWUi5Q35jk4Gm0itBkaxQU6Gad
BIUOG0Ii2VDREM2UyP1agYXFe61i9uuPtstGCxrf5Z5yqeFMFhsby6aHUioo4nTW
fJgxKwpT9ChT0mhlPPLA5iEL+tVKW1iZ7cDIcWHGixvSjqDOjhe/Vm0qShiOCSGn
iqrQgej+R2jrfblnGpm69LCXcvctaekfPEKLd7Jjou0bm/Y4SPqJvYrkot4H9nFt
RnG271DGKT6g+FHl1VenI2hns/pU5GdZqAyjRNWpA+5W1yYzw79qaYSSDwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFMIJO7W1pj1tXHkYYIwZwFXtl3EqMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvd2drN3RiV21QVzFjZVJoZ2pCbkFWZTJYY1NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwVQQCAAEwTwMEAVc6QAME
AokfBDALAwMBn/4DBACf/gwwDAMEBJ/+UAMEAJ/+UjAMAwQBn/66AwQGn/6AAwQB
n/7IMAwDBACf/s8DBACf/tADBADCCXQwGgQCAAIwFDASAwcAKgPuwDYBAwcCKgPu
wDYIMA0GCSqGSIb3DQEBCwUAA4IBAQBhbUzOUnH9L9+NP9jlvKEWm/Xn8zp4hgCl
vnEiKca56maUwE8YPkHR7B0I/iRSXd5zXUOaTtb1Ie+wx44xvHdlldU17t3AQR4y
uM+k1l2MxR4IS54KSLAm6VPGXKnshoCd35ZBz0cxOC9dFkRbuPnuFkjM23MxPCmv
7rG/abl0F8vCT3BcfHRyL9RI+PcLtaTcZIjfyhYVTA5rbpO4hT7vZ73Jv0qlWL7g
5mzOZmd6F7sPhk58wDIUJN3TBDVmIhJm3fZDHpFVXdNqQTTtqZRnrhMXFi1V4JIk
ImJmkZOVfWX4e6Hn9OdkYr80LVyXS+2k+LUbozfYv2bYxChAX06x
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:02:10 2026 by rpki-client