Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/JejL0L9MCBQWF6peNve4-RWHF1w.roa
File: JejL0L9MCBQWF6peNve4-RWHF1w.roa (raw, json)
Hash identifier: PXp7lUFrDYOjtMqq8880S6RWrXRSNsHPCPxIMrX1zVU=
Subject key identifier: 25:E8:CB:D0:BF:4C:08:14:16:17:AA:5E:36:F7:B8:F9:15:87:17:5C
Certificate issuer: /CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Certificate serial: 019C6A3878AE8AB0A56F067630F18834E895
Authority key identifier: 96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/JejL0L9MCBQWF6peNve4-RWHF1w.roa
Signing time: Tue 17 Feb 2026 06:10:11 +0000
ROA not before: Tue 17 Feb 2026 06:10:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58256
IP address blocks: 37.143.144.0/24 maxlen: 24
37.143.145.0/24 maxlen: 24
37.143.146.0/24 maxlen: 24
37.143.147.0/24 maxlen: 24
37.143.148.0/24 maxlen: 24
37.143.149.0/24 maxlen: 24
37.143.150.0/24 maxlen: 24
37.143.151.0/24 maxlen: 24
91.108.128.0/24 maxlen: 24
91.108.129.0/24 maxlen: 24
91.108.130.0/24 maxlen: 24
91.108.131.0/24 maxlen: 24
91.108.132.0/24 maxlen: 24
91.108.133.0/24 maxlen: 24
91.108.134.0/24 maxlen: 24
91.108.135.0/24 maxlen: 24
91.108.136.0/24 maxlen: 24
91.108.137.0/24 maxlen: 24
91.108.138.0/24 maxlen: 24
91.108.139.0/24 maxlen: 24
91.108.144.0/24 maxlen: 24
91.108.147.0/24 maxlen: 24
91.108.148.0/24 maxlen: 24
91.108.149.0/24 maxlen: 24
91.108.150.0/24 maxlen: 24
91.108.153.0/24 maxlen: 24
91.108.154.0/24 maxlen: 24
91.108.155.0/24 maxlen: 24
91.108.156.0/24 maxlen: 24
91.108.157.0/24 maxlen: 24
91.108.158.0/24 maxlen: 24
91.108.159.0/24 maxlen: 24
185.42.213.0/24 maxlen: 24
185.42.214.0/24 maxlen: 24
185.42.215.0/24 maxlen: 24
185.83.28.0/24 maxlen: 24
185.83.29.0/24 maxlen: 24
185.83.30.0/24 maxlen: 24
185.83.31.0/24 maxlen: 24
185.83.184.0/22 maxlen: 22
185.83.184.0/24 maxlen: 24
185.83.185.0/24 maxlen: 24
185.83.186.0/24 maxlen: 24
185.83.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.mft
rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:6a:38:78:ae:8a:b0:a5:6f:06:76:30:f1:88:34:e8:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Validity
Not Before: Feb 17 06:10:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=25e8cbd0bf4c08141617aa5e36f7b8f91587175c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:cd:91:eb:60:9a:eb:02:47:04:45:1a:69:39:
9d:2c:52:76:26:41:09:22:40:d4:42:e5:56:8f:87:
46:17:39:dd:15:0b:ea:bc:d1:c7:3d:ad:83:2d:7f:
72:e1:e5:74:57:4c:2b:f3:59:d9:95:b3:d2:a7:45:
5f:2f:f2:55:38:87:c1:11:b8:a6:e8:e0:23:d8:f0:
54:b4:bd:34:ca:e2:2c:50:81:05:b0:d1:c5:49:6d:
b3:19:5f:64:f5:62:4b:f7:9b:ab:34:35:38:26:60:
a8:34:1d:af:c3:8a:ed:f6:f3:be:19:59:50:c0:e5:
c3:fc:1f:07:3d:2d:56:15:21:90:47:3b:f5:a7:a9:
27:b0:59:54:d0:bb:6e:e1:6d:e5:90:94:ca:3f:1b:
86:fe:f3:ce:5a:8b:cf:1f:b4:e3:5f:7f:44:ad:72:
46:c4:f3:7c:e2:0b:88:92:f4:65:5c:9d:66:3c:74:
0a:81:0c:e9:ff:5a:4c:78:39:f3:29:dc:c3:91:4c:
89:cb:44:ff:02:97:57:49:47:52:4b:02:c9:42:cd:
dd:d4:2e:1f:f5:68:49:ab:dc:45:38:37:53:f4:4f:
1d:41:85:f3:7b:ba:a9:ee:14:9c:5a:2c:28:c9:ae:
e7:ea:81:c4:d4:09:3b:66:48:61:d5:08:b6:47:8a:
93:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:E8:CB:D0:BF:4C:08:14:16:17:AA:5E:36:F7:B8:F9:15:87:17:5C
X509v3 Authority Key Identifier:
keyid:96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/JejL0L9MCBQWF6peNve4-RWHF1w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.144.0/21
91.108.128.0-91.108.139.255
91.108.144.0/24
91.108.147.0-91.108.150.255
91.108.153.0-91.108.159.255
185.42.213.0-185.42.215.255
185.83.28.0/22
185.83.184.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:ab:73:68:d0:e6:75:8b:8d:2a:c6:e2:82:4f:9e:cc:9b:24:
78:b3:75:87:0d:a5:18:88:91:42:6e:cb:90:b4:bd:ea:ef:d4:
57:2d:77:44:4a:bc:e9:01:29:66:92:9f:92:73:bd:93:30:6b:
45:21:87:43:5f:37:3a:57:ad:b3:09:4c:79:01:3e:0d:29:f4:
51:41:36:9a:a5:f0:da:11:cb:db:50:b6:fc:34:9d:13:db:d4:
aa:1a:bb:3d:40:b9:c2:c4:c8:86:62:09:60:a0:2a:0d:e1:db:
77:4f:ae:11:10:db:41:6a:42:d0:4e:c7:cb:57:dc:7e:0f:fb:
4a:2f:46:bf:b0:e0:5f:5b:ae:06:ac:15:af:20:35:81:3d:c7:
79:2e:16:78:3a:4d:61:60:fb:20:3c:e2:fb:2c:49:8c:e2:6f:
16:3f:0c:cc:9d:92:8b:ad:3f:5b:d4:56:fc:14:73:a9:4c:c3:
02:ff:af:16:a0:33:91:96:85:0e:20:d3:72:90:d4:8b:25:37:
f1:63:3a:4c:63:c5:62:37:fa:d4:97:6e:a4:81:d7:1c:ef:0f:
52:21:f6:07:4a:69:a0:9f:bf:12:20:46:aa:93:05:e6:95:d8:
c2:42:3b:aa:4c:b4:ca:69:b4:96:37:30:35:55:27:53:33:cd:
d6:f3:1b:1e
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZxqOHiuirClbwZ2MPGINOiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2Y2JjZjJlOTU3Y2E4ZDk0MjQ3MmE3YjAwNDQyODViMjZk
YjZiMjIwHhcNMjYwMjE3MDYxMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU4Y2JkMGJmNGMwODE0MTYxN2FhNWUzNmY3YjhmOTE1ODcxNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn82R62Ca6wJHBEUaaTmdLFJ2JkEJ
IkDUQuVWj4dGFzndFQvqvNHHPa2DLX9y4eV0V0wr81nZlbPSp0VfL/JVOIfBEbim
6OAj2PBUtL00yuIsUIEFsNHFSW2zGV9k9WJL95urNDU4JmCoNB2vw4rt9vO+GVlQ
wOXD/B8HPS1WFSGQRzv1p6knsFlU0Ltu4W3lkJTKPxuG/vPOWovPH7TjX39ErXJG
xPN84guIkvRlXJ1mPHQKgQzp/1pMeDnzKdzDkUyJy0T/ApdXSUdSSwLJQs3d1C4f
9WhJq9xFODdT9E8dQYXze7qp7hScWiwoya7n6oHE1Ak7Zkhh1Qi2R4qTbwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFCXoy9C/TAgUFheqXjb3uPkVhxdcMB8GA1UdIwQY
MBaAFJbLzy6VfKjZQkcqewBEKFsm22siMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEt
MTNiNDMxMzQyYWI4LzEvSmVqTDBMOU1DQlFXRjZwZU52ZTQtUldIRjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEtMTNiNDMxMzQyYWI4
LzEvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQDJY+QMAwD
BAdbbIADBAJbbIgDBABbbJAwDAMEAFtskwMEAFtsljAMAwQAW2yZAwQFW2yAMAwD
BAC5KtUDBAO5KtADBAK5UxwDBAK5U7gwDQYJKoZIhvcNAQELBQADggEBACqrc2jQ
5nWLjSrG4oJPnsybJHizdYcNpRiIkUJuy5C0verv1Fctd0RKvOkBKWaSn5JzvZMw
a0Uhh0NfNzpXrbMJTHkBPg0p9FFBNpql8NoRy9tQtvw0nRPb1Koauz1AucLEyIZi
CWCgKg3h23dPrhEQ20FqQtBOx8tX3H4P+0ovRr+w4F9brgasFa8gNYE9x3kuFng6
TWFg+yA84vssSYzibxY/DMydkoutP1vUVvwUc6lMwwL/rxagM5GWhQ4g03KQ1Isl
N/FjOkxjxWI3+tSXbqSB1xzvD1Ih9gdKaaCfvxIgRqqTBeaV2MJCO6pMtMpptJY3
MDVVJ1MzzdbzGx4=
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:03:15 2026 by rpki-client