Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oTAnj8V3sccufxLPJpZJ2av8j-A.roa
File: oTAnj8V3sccufxLPJpZJ2av8j-A.roa (raw, json)
Hash identifier: +rK4QlG7dHwB2u8oBpVxeumts0TuXiCtUppM0dEFMEE=
Subject key identifier: A1:30:27:8F:C5:77:B1:C7:2E:7F:12:CF:26:96:49:D9:AB:FC:8F:E0
Certificate issuer: /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial: 019D2EFBF63A7D560072CEFF55BF67F71BAB
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oTAnj8V3sccufxLPJpZJ2av8j-A.roa
Signing time: Fri 27 Mar 2026 11:09:17 +0000
ROA not before: Fri 27 Mar 2026 11:09:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 719
IP address blocks: 131.207.133.0/24 maxlen: 24
131.207.134.0/24 maxlen: 24
131.207.168.0/24 maxlen: 24
131.207.174.0/24 maxlen: 24
131.207.175.0/24 maxlen: 24
131.207.176.0/24 maxlen: 24
131.207.199.0/24 maxlen: 24
131.207.213.0/24 maxlen: 24
131.207.225.0/24 maxlen: 24
131.207.230.0/24 maxlen: 24
131.207.242.0/24 maxlen: 24
131.207.243.0/24 maxlen: 24
131.207.248.0/21 maxlen: 21
192.49.8.0/24 maxlen: 24
192.49.32.0/24 maxlen: 24
192.49.69.0/24 maxlen: 24
192.49.171.0/24 maxlen: 24
192.49.172.0/24 maxlen: 24
193.142.224.0/24 maxlen: 24
193.142.225.0/24 maxlen: 24
193.142.226.0/24 maxlen: 24
193.142.227.0/24 maxlen: 24
193.142.228.0/24 maxlen: 24
193.142.229.0/24 maxlen: 24
193.142.230.0/24 maxlen: 24
193.142.231.0/24 maxlen: 24
194.110.38.0/24 maxlen: 24
194.110.44.0/24 maxlen: 24
194.110.45.0/24 maxlen: 24
194.110.46.0/24 maxlen: 24
194.110.47.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2e:fb:f6:3a:7d:56:00:72:ce:ff:55:bf:67:f7:1b:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
Validity
Not Before: Mar 27 11:09:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a130278fc577b1c72e7f12cf269649d9abfc8fe0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:6a:da:9c:4a:8d:80:ee:18:ad:a4:01:4a:18:
23:b9:9b:64:3c:fd:8d:0a:3f:39:e6:17:3f:58:57:
53:e4:a7:59:46:9c:73:27:52:13:94:ce:7f:e3:d7:
45:fa:a3:ef:9a:ad:0c:db:8b:44:f7:5b:8d:93:0d:
7d:3f:40:b2:63:ad:f7:53:f4:8f:0a:94:cb:da:c0:
c7:a1:42:a9:8f:19:cf:2b:65:b3:6d:23:e0:f6:0b:
11:79:41:31:00:64:ae:ae:4a:41:81:22:79:82:1a:
90:eb:de:38:48:f1:62:da:95:fb:00:f4:0a:9c:0e:
b7:a1:1d:85:e9:08:ef:8f:f1:15:ca:e6:0f:43:cb:
db:9b:76:0b:8d:f8:ca:0a:bf:46:9d:e8:40:72:5a:
81:a6:cb:b1:fe:cc:62:6a:72:7f:37:94:a1:24:40:
58:21:94:3f:db:2e:0c:9e:ba:24:bb:49:a3:65:2f:
c6:c6:ee:77:23:d4:0f:d8:0f:e4:2e:05:4e:bb:fd:
ad:5a:47:0d:6d:2a:f8:73:a1:97:9d:88:a9:b1:a6:
7e:2c:33:28:66:31:3f:c6:c7:33:e6:81:b3:79:1b:
76:13:2c:71:fa:e9:b3:c9:69:50:9b:69:07:a1:f0:
b2:bf:48:62:2d:fc:67:70:88:92:b8:eb:3a:8d:d3:
2d:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:30:27:8F:C5:77:B1:C7:2E:7F:12:CF:26:96:49:D9:AB:FC:8F:E0
X509v3 Authority Key Identifier:
keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oTAnj8V3sccufxLPJpZJ2av8j-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.207.133.0-131.207.134.255
131.207.168.0/24
131.207.174.0-131.207.176.255
131.207.199.0/24
131.207.213.0/24
131.207.225.0/24
131.207.230.0/24
131.207.242.0/23
131.207.248.0/21
192.49.8.0/24
192.49.32.0/24
192.49.69.0/24
192.49.171.0-192.49.172.255
193.142.224.0/21
194.110.38.0/24
194.110.44.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:7e:6b:eb:74:03:24:11:3e:35:07:8b:21:a4:d3:88:41:2d:
f6:e4:74:d9:08:8f:4f:be:a4:40:ed:66:a4:7e:56:ec:73:65:
55:c8:e7:c4:52:39:13:5e:fb:0a:c6:81:82:0d:7f:c3:eb:e6:
bf:44:a8:dd:86:c3:b2:82:78:2c:ad:c1:8e:95:ad:83:c2:66:
1c:b7:4b:aa:85:ac:cf:a5:f7:dc:10:dd:b3:15:f5:c6:e2:a0:
de:7b:02:1f:cf:d2:a6:08:7a:11:6c:1e:9a:9d:47:9c:9f:07:
75:62:12:24:0c:25:41:a9:74:67:80:70:37:fc:95:27:d3:0f:
1b:d3:c6:1f:13:28:5e:21:c5:f3:a0:39:07:04:33:17:5b:ea:
d3:80:1b:6a:91:36:ba:c2:3e:00:69:1e:98:95:bf:ca:42:33:
e3:e1:2d:87:de:d0:e6:64:19:60:f5:78:3e:09:f5:b4:c7:2d:
bb:60:eb:5a:a9:0b:80:37:66:b7:46:cd:6f:a9:fd:c3:e9:99:
93:d4:2f:00:13:7a:bd:21:ec:6d:49:91:01:44:cf:aa:9f:c4:
13:77:b4:d6:3b:c8:b2:48:2c:20:f0:ef:cb:a1:40:45:59:f2:
b4:f7:b4:1f:8f:45:50:88:16:1e:49:db:fe:2c:1a:a1:67:d7:
b3:64:f6:f7
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZ0u+/Y6fVYAcs7/Vb9n9xurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjYwMzI3MTEwOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMwMjc4ZmM1NzdiMWM3MmU3ZjEyY2YyNjk2NDlkOWFiZmM4ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WranEqNgO4YraQBShgjuZtkPP2N
Cj855hc/WFdT5KdZRpxzJ1ITlM5/49dF+qPvmq0M24tE91uNkw19P0CyY633U/SP
CpTL2sDHoUKpjxnPK2WzbSPg9gsReUExAGSurkpBgSJ5ghqQ6944SPFi2pX7APQK
nA63oR2F6Qjvj/EVyuYPQ8vbm3YLjfjKCr9GnehAclqBpsux/sxianJ/N5ShJEBY
IZQ/2y4Mnroku0mjZS/Gxu53I9QP2A/kLgVOu/2tWkcNbSr4c6GXnYipsaZ+LDMo
ZjE/xscz5oGzeRt2Eyxx+umzyWlQm2kHofCyv0hiLfxncIiSuOs6jdMtIQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFKEwJ4/Fd7HHLn8SzyaWSdmr/I/gMB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvb1RBbmo4VjNzY2N1ZnhMUEpwWkoyYXY4ai1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4MAwDBACD
z4UDBACDz4YDBACDz6gwDAMEAYPPrgMEAIPPsAMEAIPPxwMEAIPP1QMEAIPP4QME
AIPP5gMEAYPP8gMEA4PP+AMEAMAxCAMEAMAxIAMEAMAxRTAMAwQAwDGrAwQAwDGs
AwQDwY7gAwQAwm4mAwQCwm4sMA0GCSqGSIb3DQEBCwUAA4IBAQAKfmvrdAMkET41
B4shpNOIQS325HTZCI9PvqRA7Wakflbsc2VVyOfEUjkTXvsKxoGCDX/D6+a/RKjd
hsOygngsrcGOla2DwmYct0uqhazPpffcEN2zFfXG4qDeewIfz9KmCHoRbB6anUec
nwd1YhIkDCVBqXRngHA3/JUn0w8b08YfEyheIcXzoDkHBDMXW+rTgBtqkTa6wj4A
aR6Ylb/KQjPj4S2H3tDmZBlg9Xg+CfW0xy27YOtaqQuAN2a3Rs1vqf3D6ZmT1C8A
E3q9IextSZEBRM+qn8QTd7TWO8iySCwg8O/LoUBFWfK097Qfj0VQiBYeSdv+LBqh
Z9ezZPb3
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:23:56 2026 by rpki-client