Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/1-wPMlW3QZMEwXIavR2Z5jC4eg3k.roa
File: 1-wPMlW3QZMEwXIavR2Z5jC4eg3k.roa (raw, json)
Hash identifier: NkpNm8Hi0eM4z4zMLpTQA7y21YX/UXYTQTZzRYCggcI=
Subject key identifier: FB:03:CC:95:6D:D0:64:C1:30:5C:86:AF:47:66:79:8C:2E:1E:83:79
Certificate issuer: /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial: 019C4C222959100DAECE9C43F9B217E1FF98
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/1-wPMlW3QZMEwXIavR2Z5jC4eg3k.roa
Signing time: Wed 11 Feb 2026 09:57:13 +0000
ROA not before: Wed 11 Feb 2026 09:57:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202940
IP address blocks: 89.208.0.0/21 maxlen: 24
89.208.4.0/22 maxlen: 24
89.208.56.0/21 maxlen: 24
89.208.128.0/21 maxlen: 24
89.208.134.0/23 maxlen: 24
141.226.120.0/23 maxlen: 23
141.226.122.0/24 maxlen: 24
147.234.23.0/24 maxlen: 24
147.236.104.0/21 maxlen: 24
147.236.116.0/23 maxlen: 24
147.236.120.0/21 maxlen: 24
147.236.125.0/24 maxlen: 24
147.236.148.0/22 maxlen: 24
147.236.152.0/23 maxlen: 23
147.236.154.0/24 maxlen: 24
147.236.176.0/20 maxlen: 24
147.236.183.0/24 maxlen: 24
185.108.80.0/22 maxlen: 24
185.149.252.0/22 maxlen: 24
185.167.108.0/22 maxlen: 24
185.175.32.0/22 maxlen: 24
185.180.100.0/22 maxlen: 24
185.180.100.0/24 maxlen: 24
185.180.100.0/27 maxlen: 32
185.180.102.0/24 maxlen: 24
185.180.103.0/24 maxlen: 24
185.182.76.0/22 maxlen: 24
185.184.244.0/22 maxlen: 24
188.191.224.0/21 maxlen: 24
188.191.224.0/22 maxlen: 22
188.191.224.0/24 maxlen: 24
188.191.224.0/27 maxlen: 32
188.191.228.0/22 maxlen: 22
217.175.80.0/20 maxlen: 24
217.175.84.0/22 maxlen: 22
217.175.88.0/21 maxlen: 23
2a00:7c40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:01:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4c:22:29:59:10:0d:ae:ce:9c:43:f9:b2:17:e1:ff:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Validity
Not Before: Feb 11 09:57:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fb03cc956dd064c1305c86af4766798c2e1e8379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:01:95:84:3f:80:2d:6d:2d:98:fb:b7:00:fb:
ac:f7:57:52:eb:9f:bf:76:88:42:ed:60:95:0e:19:
34:5c:93:38:a7:49:51:70:0f:ac:7f:bd:78:27:b0:
8f:ca:1b:ac:35:fd:a8:6e:5d:23:8b:17:fd:c3:85:
7d:4c:e1:1c:74:b0:f7:2c:8c:16:5a:96:8d:65:c4:
bb:8c:b1:b6:58:11:2c:e5:97:6f:76:e4:ec:c9:58:
a8:d9:c7:b8:fc:cd:04:a4:ad:80:d1:4a:58:5d:77:
99:8a:6f:25:ae:8c:4a:57:56:10:d5:7b:5e:70:1a:
8e:2a:b4:67:bc:ba:3d:61:a0:7a:7c:df:bd:80:73:
03:a9:f5:e7:e9:da:51:89:16:3c:04:47:08:13:e1:
0e:90:9c:fc:5c:25:07:75:b1:0a:c5:f9:e3:b9:f4:
2e:56:31:4e:40:72:f8:ee:ac:46:57:9f:0d:e8:57:
03:b7:62:af:f5:ba:e5:d7:ca:55:5a:7e:9f:37:28:
d9:33:0c:80:b5:fc:f5:1b:53:23:37:7d:f6:c8:c5:
a3:bf:ef:3a:4f:33:ae:5f:44:68:07:ab:bb:fb:21:
1d:02:d2:9f:a6:21:3b:aa:a9:1d:e5:d5:26:18:d1:
4f:cb:e1:71:c8:af:29:3d:c5:65:af:96:2f:83:1b:
72:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:03:CC:95:6D:D0:64:C1:30:5C:86:AF:47:66:79:8C:2E:1E:83:79
X509v3 Authority Key Identifier:
keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/1-wPMlW3QZMEwXIavR2Z5jC4eg3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.208.0.0/21
89.208.56.0/21
89.208.128.0/21
141.226.120.0-141.226.122.255
147.234.23.0/24
147.236.104.0/21
147.236.116.0/23
147.236.120.0/21
147.236.148.0-147.236.154.255
147.236.176.0/20
185.108.80.0/22
185.149.252.0/22
185.167.108.0/22
185.175.32.0/22
185.180.100.0/22
185.182.76.0/22
185.184.244.0/22
188.191.224.0/21
217.175.80.0/20
IPv6:
2a00:7c40::/29
Signature Algorithm: sha256WithRSAEncryption
30:6d:11:0c:b9:e5:c5:06:13:d4:ba:16:cc:62:9d:a5:f8:47:
32:52:78:8f:c1:cd:49:94:da:b9:69:6a:c9:bc:9e:1f:83:51:
1f:d9:f3:37:31:07:0e:c1:72:1e:23:7d:43:02:33:6a:a3:eb:
90:07:fa:7b:3b:f4:10:32:ee:32:9e:d0:6b:56:86:a7:7a:ad:
b9:24:5d:44:2f:28:95:59:6e:0f:e3:b5:61:d0:fb:32:07:46:
58:fe:7e:40:b1:5c:54:fb:b9:75:20:3f:aa:a9:2d:23:ce:41:
e2:d6:85:27:5c:76:bb:09:e6:21:1e:15:b5:87:bc:84:71:35:
f7:7d:d1:90:91:77:e7:d6:33:6e:2f:7c:bc:28:1b:04:04:7a:
be:7d:e7:34:19:3e:e3:ab:5d:8c:35:7a:23:31:7d:40:29:5c:
7c:8c:21:ae:73:a1:be:c5:4e:81:f8:43:a4:92:63:1a:60:50:
9c:f0:7f:40:a7:39:98:3a:8f:b3:1e:d8:1e:40:d5:0f:da:ee:
5e:31:2b:7d:e5:ba:20:ac:9b:1f:0f:51:84:ed:3c:0c:83:13:
37:ab:12:9f:82:73:68:5b:22:83:de:59:6d:e3:15:c6:72:d0:
fc:05:4e:59:98:a4:9d:60:f0:a8:88:8b:24:d0:a6:4f:be:25:
68:20:08:ca
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAZxMIilZEA2uzpxD+bIX4f+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjYwMjExMDk1NzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjAzY2M5NTZkZDA2NGMxMzA1Yzg2YWY0NzY2Nzk4YzJlMWU4Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwGVhD+ALW0tmPu3APus91dS65+/
dohC7WCVDhk0XJM4p0lRcA+sf714J7CPyhusNf2obl0jixf9w4V9TOEcdLD3LIwW
WpaNZcS7jLG2WBEs5ZdvduTsyVio2ce4/M0EpK2A0UpYXXeZim8lroxKV1YQ1Xte
cBqOKrRnvLo9YaB6fN+9gHMDqfXn6dpRiRY8BEcIE+EOkJz8XCUHdbEKxfnjufQu
VjFOQHL47qxGV58N6FcDt2Kv9brl18pVWn6fNyjZMwyAtfz1G1MjN332yMWjv+86
TzOuX0RoB6u7+yEdAtKfpiE7qqkd5dUmGNFPy+FxyK8pPcVlr5YvgxtyXQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFPsDzJVt0GTBMFyGr0dmeYwuHoN5MB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvMS13UE1sVzNRWk1Fd1hJYXZSMlo1akM0ZWczay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDgvMzYzOGQ3LTNlYzMtNDU5NS1hNjMxLTExMGM4NzhkY2Qy
OS8xLzZLaFIzYTVhWk13NGdsT1Z2cHBRZmFsYXQ4OC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBrgYIKwYBBQUHAQcBAf8EgZ4wgZswgYkEAgABMIGCAwQD
WdAAAwQDWdA4AwQDWdCAMAwDBAON4ngDBACN4noDBACT6hcDBAOT7GgDBAGT7HQD
BAOT7HgwDAMEApPslAMEAJPsmgMEBJPssAMEArlsUAMEArmV/AMEArmnbAMEArmv
IAMEArm0ZAMEArm2TAMEArm49AMEA7y/4AMEBNmvUDANBAIAAjAHAwUDKgB8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAMG0RDLnlxQYT1LoWzGKdpfhHMlJ4j8HNSZTauWlq
ybyeH4NRH9nzNzEHDsFyHiN9QwIzaqPrkAf6ezv0EDLuMp7Qa1aGp3qtuSRdRC8o
lVluD+O1YdD7MgdGWP5+QLFcVPu5dSA/qqktI85B4taFJ1x2uwnmIR4VtYe8hHE1
933RkJF359Yzbi98vCgbBAR6vn3nNBk+46tdjDV6IzF9QClcfIwhrnOhvsVOgfhD
pJJjGmBQnPB/QKc5mDqPsx7YHkDVD9ruXjErfeW6IKybHw9RhO08DIMTN6sSn4Jz
aFsig95ZbeMVxnLQ/AVOWZiknWDwqIiLJNCmT74laCAIyg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:04:02 2026 by rpki-client