Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/lHjQO7jIydQID9FPIzALkdDaTQw.roa
File: lHjQO7jIydQID9FPIzALkdDaTQw.roa (raw, json)
Hash identifier: 2TnE9GMqYPhlNgos9yA3/b1YBmj6N6uR1084fLzEosM=
Subject key identifier: 94:78:D0:3B:B8:C8:C9:D4:08:0F:D1:4F:23:30:0B:91:D0:DA:4D:0C
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019D9CC345C4208AD7EFBC2CBEB26351A987
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/lHjQO7jIydQID9FPIzALkdDaTQw.roa
Signing time: Fri 17 Apr 2026 18:45:36 +0000
ROA not before: Fri 17 Apr 2026 18:45:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29262
IP address blocks: 91.194.55.0/24 maxlen: 24
93.190.14.0/24 maxlen: 24
185.85.188.0/24 maxlen: 24
185.85.189.0/24 maxlen: 24
185.85.190.0/24 maxlen: 24
185.85.191.0/24 maxlen: 24
185.85.237.0/24 maxlen: 24
185.85.238.0/24 maxlen: 24
185.85.239.0/24 maxlen: 24
185.86.5.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.86.13.0/24 maxlen: 24
185.86.153.0/24 maxlen: 24
185.86.154.0/24 maxlen: 24
185.86.164.0/24 maxlen: 24
185.86.165.0/24 maxlen: 24
185.86.166.0/24 maxlen: 24
185.86.167.0/24 maxlen: 24
185.87.24.0/24 maxlen: 24
185.87.26.0/24 maxlen: 24
185.87.121.0/24 maxlen: 24
185.87.122.0/24 maxlen: 24
185.87.123.0/24 maxlen: 24
185.98.61.0/24 maxlen: 24
185.98.63.0/24 maxlen: 24
185.119.80.0/24 maxlen: 24
185.119.81.0/24 maxlen: 24
185.119.82.0/24 maxlen: 24
185.119.83.0/24 maxlen: 24
185.141.32.0/24 maxlen: 24
185.250.210.0/24 maxlen: 24
2a0b:6780::/29 maxlen: 29
2a0c:46c0::/29 maxlen: 29
2a0c:67c0::/29 maxlen: 29
2a10:8b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9c:c3:45:c4:20:8a:d7:ef:bc:2c:be:b2:63:51:a9:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Apr 17 18:45:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9478d03bb8c8c9d4080fd14f23300b91d0da4d0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:37:f6:74:86:05:5d:4f:a8:8b:59:69:3a:bb:
22:04:68:a5:a0:a0:d6:cf:3b:69:2c:c5:db:5b:5c:
fd:f6:f9:71:8f:d0:1d:94:d8:e2:d7:22:85:3a:84:
87:53:bf:bc:a6:17:fc:3f:73:25:ef:26:63:7c:87:
da:20:df:e8:17:ef:d8:21:8f:38:a4:18:4f:a8:4d:
58:46:ce:ec:fb:4d:6d:19:98:de:23:63:37:83:5a:
6e:f6:ea:46:1b:f0:9d:00:c0:c9:50:c8:bb:87:98:
95:3b:3b:0a:c8:25:6c:ad:7b:00:fa:aa:98:1d:65:
c6:fe:35:29:3e:bc:25:75:67:f4:96:32:a6:4a:35:
e8:76:9a:6a:66:e8:e3:8c:b3:11:b3:bf:77:a6:c4:
fd:7b:bb:8a:95:37:3c:78:a0:4e:a0:0a:13:a8:f5:
75:12:bc:b4:e2:8e:50:ed:a0:63:a6:60:83:e8:25:
47:de:08:48:3d:17:78:70:b6:07:0a:e5:63:2e:e5:
27:98:3b:b9:86:c9:25:48:bc:43:a3:b6:d4:7e:8d:
fa:9d:74:ca:22:7b:5c:68:91:51:81:14:52:f0:26:
06:92:0d:55:61:92:90:e1:81:80:9b:02:b5:3b:20:
b3:f3:8b:e1:a5:70:36:c8:53:c7:73:16:21:5d:a0:
b4:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:78:D0:3B:B8:C8:C9:D4:08:0F:D1:4F:23:30:0B:91:D0:DA:4D:0C
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/lHjQO7jIydQID9FPIzALkdDaTQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.55.0/24
93.190.14.0/24
185.85.188.0/22
185.85.237.0-185.85.239.255
185.86.5.0-185.86.6.255
185.86.13.0/24
185.86.153.0-185.86.154.255
185.86.164.0/22
185.87.24.0/24
185.87.26.0/24
185.87.121.0-185.87.123.255
185.98.61.0/24
185.98.63.0/24
185.119.80.0/22
185.141.32.0/24
185.250.210.0/24
IPv6:
2a0b:6780::/29
2a0c:46c0::/29
2a0c:67c0::/29
2a10:8b00::/29
Signature Algorithm: sha256WithRSAEncryption
41:17:0c:08:e4:56:76:89:51:0f:dc:76:37:65:80:9d:f9:64:
65:0a:1f:52:4e:4b:e4:45:8d:56:54:07:18:fd:f0:57:15:dd:
2d:a5:80:23:f5:c0:be:65:1d:83:a7:3a:cc:86:d7:d8:cd:e0:
b2:15:34:23:b1:87:5a:53:fb:18:49:10:e0:bb:db:ee:28:03:
7a:11:d4:2e:d2:aa:f0:89:83:08:fe:48:fa:3c:2b:dd:58:8b:
00:01:ae:be:d0:75:55:6b:22:f9:83:db:9b:3e:d1:83:17:5c:
bb:5c:06:2a:7d:0a:55:0a:8c:37:da:36:a9:d4:6d:ed:be:4f:
52:18:a6:1f:66:cb:9f:fb:99:81:7f:06:b4:79:44:e8:17:80:
a9:dc:cb:b4:36:51:15:33:e0:80:d6:ab:99:33:ad:12:92:11:
ce:d8:f4:d7:67:91:f4:29:f2:01:c4:75:11:d5:16:48:98:ab:
4f:a0:01:f0:ca:64:49:c5:e1:66:e6:5e:9d:cf:84:2d:dd:f4:
76:bb:b4:5e:1a:6a:1c:b9:fe:00:6c:83:14:af:84:06:34:55:
db:0a:eb:f9:82:7a:2f:c7:66:7e:9b:e0:2f:4d:1f:e0:2f:06:
5e:99:bf:04:7d:af:6b:9d:c6:6b:a8:9e:1c:24:0b:94:84:38:
6a:77:39:07
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZ2cw0XEIIrX77wsvrJjUamHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDE3MTg0NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc4ZDAzYmI4YzhjOWQ0MDgwZmQxNGYyMzMwMGI5MWQwZGE0ZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zf2dIYFXU+oi1lpOrsiBGiloKDW
zztpLMXbW1z99vlxj9AdlNji1yKFOoSHU7+8phf8P3Ml7yZjfIfaIN/oF+/YIY84
pBhPqE1YRs7s+01tGZjeI2M3g1pu9upGG/CdAMDJUMi7h5iVOzsKyCVsrXsA+qqY
HWXG/jUpPrwldWf0ljKmSjXodppqZujjjLMRs793psT9e7uKlTc8eKBOoAoTqPV1
Ery04o5Q7aBjpmCD6CVH3ghIPRd4cLYHCuVjLuUnmDu5hsklSLxDo7bUfo36nXTK
IntcaJFRgRRS8CYGkg1VYZKQ4YGAmwK1OyCz84vhpXA2yFPHcxYhXaC0jwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFJR40Du4yMnUCA/RTyMwC5HQ2k0MMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbEhqUU83akl5ZFFJRDlGUEl6QUxrZERhVFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBhwQCAAEwgYADBABb
wjcDBABdvg4DBAK5VbwwDAMEALlV7QMEBLlV4DAMAwQAuVYFAwQAuVYGAwQAuVYN
MAwDBAC5VpkDBAC5VpoDBAK5VqQDBAC5VxgDBAC5VxowDAMEALlXeQMEArlXeAME
ALliPQMEALliPwMEArl3UAMEALmNIAMEALn60jAiBAIAAjAcAwUDKgtngAMFAyoM
RsADBQMqDGfAAwUDKhCLADANBgkqhkiG9w0BAQsFAAOCAQEAQRcMCORWdolRD9x2
N2WAnflkZQofUk5L5EWNVlQHGP3wVxXdLaWAI/XAvmUdg6c6zIbX2M3gshU0I7GH
WlP7GEkQ4Lvb7igDehHULtKq8ImDCP5I+jwr3ViLAAGuvtB1VWsi+YPbmz7Rgxdc
u1wGKn0KVQqMN9o2qdRt7b5PUhimH2bLn/uZgX8GtHlE6BeAqdzLtDZRFTPggNar
mTOtEpIRztj012eR9CnyAcR1EdUWSJirT6AB8MpkScXhZuZenc+ELd30dru0Xhpq
HLn+AGyDFK+EBjRV2wrr+YJ6L8dmfpvgL00f4C8GXpm/BH2va53Ga6ieHCQLlIQ4
anc5Bw==
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:50:12 2026 by rpki-client