Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/whZDnVbA7DTq6XCQtpnwVv571yY.roa
File: whZDnVbA7DTq6XCQtpnwVv571yY.roa (raw, json)
Hash identifier: jaXDYTJdd7AC0EYJLuwjwpmbHTLmmIjlV4gnm9WnvPk=
Subject key identifier: C2:16:43:9D:56:C0:EC:34:EA:E9:70:90:B6:99:F0:56:FE:7B:D7:26
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019E8A8538954B9BA827095CD06483C49A10
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/whZDnVbA7DTq6XCQtpnwVv571yY.roa
Signing time: Tue 02 Jun 2026 22:47:26 +0000
ROA not before: Tue 02 Jun 2026 22:47:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 87.58.64.0/24 maxlen: 24
87.58.65.0/24 maxlen: 24
137.31.4.0/24 maxlen: 24
137.31.5.0/24 maxlen: 24
137.31.6.0/24 maxlen: 24
137.31.7.0/24 maxlen: 24
137.31.96.0/24 maxlen: 24
137.31.97.0/24 maxlen: 24
137.31.98.0/24 maxlen: 24
137.31.255.0/24 maxlen: 24
159.254.0.0/24 maxlen: 24
159.254.1.0/24 maxlen: 24
159.254.2.0/24 maxlen: 24
159.254.3.0/24 maxlen: 24
159.254.4.0/24 maxlen: 24
159.254.5.0/24 maxlen: 24
159.254.6.0/24 maxlen: 24
159.254.7.0/24 maxlen: 24
159.254.8.0/24 maxlen: 24
159.254.9.0/24 maxlen: 24
159.254.10.0/24 maxlen: 24
159.254.11.0/24 maxlen: 24
159.254.12.0/24 maxlen: 24
159.254.80.0/24 maxlen: 24
159.254.81.0/24 maxlen: 24
159.254.82.0/24 maxlen: 24
159.254.186.0/24 maxlen: 24
159.254.187.0/24 maxlen: 24
159.254.188.0/24 maxlen: 24
159.254.189.0/24 maxlen: 24
159.254.190.0/24 maxlen: 24
159.254.191.0/24 maxlen: 24
159.254.200.0/24 maxlen: 24
159.254.201.0/24 maxlen: 24
159.254.207.0/24 maxlen: 24
159.254.208.0/24 maxlen: 24
194.9.116.0/24 maxlen: 24
2a03:eec0:3601::/48 maxlen: 48
2a03:eec0:3602::/48 maxlen: 48
2a03:eec0:3603::/48 maxlen: 48
2a03:eec0:3604::/48 maxlen: 48
2a03:eec0:3605::/48 maxlen: 48
2a03:eec0:3606::/48 maxlen: 48
2a03:eec0:3607::/48 maxlen: 48
2a03:eec0:3608::/48 maxlen: 48
2a03:eec0:3609::/48 maxlen: 48
2a03:eec0:360a::/48 maxlen: 48
2a03:eec0:360b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 13:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:8a:85:38:95:4b:9b:a8:27:09:5c:d0:64:83:c4:9a:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Jun 2 22:47:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c216439d56c0ec34eae97090b699f056fe7bd726
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:98:01:20:70:ec:14:1e:e4:21:24:76:bb:58:
50:57:8d:6f:0e:f2:c5:3a:8c:d4:f9:3e:7f:ae:0d:
26:2e:81:59:e4:06:e0:79:6e:6d:b8:a6:6b:60:37:
fb:96:e3:7d:0a:6d:20:b0:9d:aa:a7:df:9e:2d:9e:
b8:ae:0f:2f:39:c3:2c:ec:5c:d2:d6:95:95:1c:e8:
4f:8c:b4:4b:de:4a:82:e2:87:c0:9b:7e:64:c1:48:
b3:4a:74:c0:31:4d:f6:28:e8:89:8a:d9:af:49:88:
f0:48:ee:ae:c3:bc:fa:20:d6:0b:12:ac:fa:61:02:
7b:2f:3e:55:50:1b:ee:2b:8a:57:54:55:3b:57:6d:
f2:2c:ff:e2:d9:f1:3e:7b:65:6a:a2:ab:04:fd:a7:
62:3e:55:10:be:af:73:8b:ad:7c:e3:19:58:06:ec:
60:cc:7d:12:7d:d1:4e:1e:f3:d7:57:39:20:03:10:
65:3a:2c:1f:ac:89:e6:9e:6c:7a:33:c3:83:35:c4:
96:05:0c:04:f7:bb:7e:64:a1:17:06:e5:43:8e:02:
3e:8c:d2:fa:0f:af:20:3f:c7:0b:7a:b6:4b:bb:b6:
0d:1e:9f:d8:a1:1b:70:10:73:af:71:8f:47:5c:29:
10:33:1f:6a:9c:9e:d1:15:27:17:78:57:f0:40:10:
18:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:16:43:9D:56:C0:EC:34:EA:E9:70:90:B6:99:F0:56:FE:7B:D7:26
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/whZDnVbA7DTq6XCQtpnwVv571yY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.64.0/23
137.31.4.0/22
137.31.96.0-137.31.98.255
137.31.255.0/24
159.254.0.0-159.254.12.255
159.254.80.0-159.254.82.255
159.254.186.0-159.254.191.255
159.254.200.0/23
159.254.207.0-159.254.208.255
194.9.116.0/24
IPv6:
2a03:eec0:3601::-2a03:eec0:360b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
52:07:01:ea:94:c0:63:0e:23:7a:64:7d:0b:b1:af:3a:04:cc:
af:22:06:3c:b2:a6:25:5f:3d:ed:37:5e:4a:c7:5b:f2:b3:4c:
dc:f4:1d:a0:5f:5b:c0:09:a5:ba:32:d0:f0:4a:79:0c:86:b8:
3e:b0:af:be:d3:3f:d9:da:ee:c1:9a:a5:ed:eb:75:cc:b0:9e:
24:71:76:91:2b:4f:20:0c:12:32:31:52:1b:b7:e8:bd:fb:0c:
b6:64:11:e0:dc:cb:1a:c8:d0:ee:48:6e:49:db:bc:87:be:b1:
f6:b8:77:38:db:49:6d:db:33:ed:68:21:fa:bf:97:71:8a:61:
7c:49:e6:8b:67:86:b2:f7:a3:bc:c5:c7:61:1d:f5:86:8d:71:
40:b5:45:0a:f3:d4:24:c7:6c:55:23:fa:03:6d:0d:ab:e0:79:
2d:a0:21:f1:c8:3c:7c:6c:39:8f:09:32:08:59:a8:ef:0d:3e:
44:30:7c:5d:5a:11:66:91:bf:3a:50:f8:f0:b5:74:63:b5:99:
a9:b6:84:dd:0e:23:c9:46:30:cc:c5:dd:01:0b:01:cb:7b:12:
ac:b5:06:70:77:ff:e9:92:8e:f0:8a:61:42:c6:37:77:64:9f:
ef:ca:b2:0f:e6:9f:81:40:a6:4b:80:69:c1:5e:0b:1d:30:77:
b8:c8:fe:8b
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZ6KhTiVS5uoJwlc0GSDxJoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwNjAyMjI0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjE2NDM5ZDU2YzBlYzM0ZWFlOTcwOTBiNjk5ZjA1NmZlN2JkNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZgBIHDsFB7kISR2u1hQV41vDvLF
OozU+T5/rg0mLoFZ5AbgeW5tuKZrYDf7luN9Cm0gsJ2qp9+eLZ64rg8vOcMs7FzS
1pWVHOhPjLRL3kqC4ofAm35kwUizSnTAMU32KOiJitmvSYjwSO6uw7z6INYLEqz6
YQJ7Lz5VUBvuK4pXVFU7V23yLP/i2fE+e2VqoqsE/adiPlUQvq9zi6184xlYBuxg
zH0SfdFOHvPXVzkgAxBlOiwfrInmnmx6M8ODNcSWBQwE97t+ZKEXBuVDjgI+jNL6
D68gP8cLerZLu7YNHp/YoRtwEHOvcY9HXCkQMx9qnJ7RFScXeFfwQBAYOQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFMIWQ51WwOw06ulwkLaZ8Fb+e9cmMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvd2haRG5WYkE3RFRxNlhDUXRwbndWdjU3MXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzBpBAIAATBjAwQBVzpA
AwQCiR8EMAwDBAWJH2ADBACJH2IDBACJH/8wCwMDAZ/+AwQAn/4MMAwDBASf/lAD
BACf/lIwDAMEAZ/+ugMEBp/+gAMEAZ/+yDAMAwQAn/7PAwQAn/7QAwQAwgl0MBoE
AgACMBQwEgMHACoD7sA2AQMHAioD7sA2CDANBgkqhkiG9w0BAQsFAAOCAQEAUgcB
6pTAYw4jemR9C7GvOgTMryIGPLKmJV897TdeSsdb8rNM3PQdoF9bwAmlujLQ8Ep5
DIa4PrCvvtM/2druwZql7et1zLCeJHF2kStPIAwSMjFSG7fovfsMtmQR4NzLGsjQ
7khuSdu8h76x9rh3ONtJbdsz7Wgh+r+XcYphfEnmi2eGsvejvMXHYR31ho1xQLVF
CvPUJMdsVSP6A20Nq+B5LaAh8cg8fGw5jwkyCFmo7w0+RDB8XVoRZpG/OlD48LV0
Y7WZqbaE3Q4jyUYwzMXdAQsBy3sSrLUGcHf/6ZKO8IphQsY3d2Sf78qyD+afgUCm
S4BpwV4LHTB3uMj+iw==
-----END CERTIFICATE-----
Generated at Sat Jun 13 23:02:24 2026 by rpki-client