Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/wlkqPCWXMJsz1R99hgzE3_VYv5c.roa
File: wlkqPCWXMJsz1R99hgzE3_VYv5c.roa (raw, json)
Hash identifier: KrKqWLoyfi0cuRqfEdDLZj1DmY6m+y1d1kGaimNA4oE=
Subject key identifier: C2:59:2A:3C:25:97:30:9B:33:D5:1F:7D:86:0C:C4:DF:F5:58:BF:97
Certificate issuer: /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial: 019D96EBFAD1FAB613EA8C5084535AA912A7
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/wlkqPCWXMJsz1R99hgzE3_VYv5c.roa
Signing time: Thu 16 Apr 2026 15:32:20 +0000
ROA not before: Thu 16 Apr 2026 15:32:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9002
IP address blocks: 87.245.208.0/20 maxlen: 20
87.245.208.0/21 maxlen: 21
87.245.224.0/19 maxlen: 19
89.19.36.0/22 maxlen: 22
94.158.240.0/22 maxlen: 22
139.45.192.0/19 maxlen: 19
185.13.152.0/22 maxlen: 22
185.82.8.0/22 maxlen: 22
193.109.100.0/22 maxlen: 22
2a02:2d8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 04:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:96:eb:fa:d1:fa:b6:13:ea:8c:50:84:53:5a:a9:12:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
Validity
Not Before: Apr 16 15:32:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c2592a3c2597309b33d51f7d860cc4dff558bf97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d4:da:46:83:42:80:3b:7c:47:d8:cd:9a:a6:
83:9f:58:e2:bb:55:50:9e:cf:00:93:8a:01:e3:e9:
2c:d1:20:a2:9c:06:c5:37:9d:3f:32:d1:47:1f:25:
e3:03:26:57:7f:ef:b8:52:c7:0a:e1:c2:6b:2f:ff:
41:08:f5:4d:d0:1a:e8:e4:ab:9e:6e:24:51:cb:a9:
73:fe:30:c7:0d:16:6f:be:79:ce:67:10:48:a6:3d:
15:29:cf:59:c5:27:8a:a9:15:db:15:38:e8:ad:91:
5e:78:bc:b2:4f:7f:32:98:55:93:c0:84:a8:ba:4d:
12:91:9f:0b:44:08:20:ce:8d:82:26:7d:56:ab:2c:
94:cb:62:d3:29:69:10:07:c4:20:37:42:18:c1:b9:
6f:76:0d:63:c0:50:7d:f8:56:91:e8:89:3e:17:49:
69:e7:2b:18:bb:f2:90:7f:7e:63:a5:f4:c3:19:a7:
88:d1:af:42:83:e3:ae:a7:4e:66:05:3e:8d:92:71:
81:f6:4b:e9:36:af:16:de:0f:8e:51:1c:ba:0a:14:
3c:83:69:26:d4:cc:fb:eb:03:4f:78:c2:ee:ca:a0:
80:cf:18:83:bb:b5:49:4e:62:52:a1:40:07:8e:46:
da:ae:c6:fc:a0:79:86:1f:50:78:74:f8:eb:4b:c1:
e1:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:59:2A:3C:25:97:30:9B:33:D5:1F:7D:86:0C:C4:DF:F5:58:BF:97
X509v3 Authority Key Identifier:
keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/wlkqPCWXMJsz1R99hgzE3_VYv5c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.245.208.0-87.245.255.255
89.19.36.0/22
94.158.240.0/22
139.45.192.0/19
185.13.152.0/22
185.82.8.0/22
193.109.100.0/22
IPv6:
2a02:2d8::/32
Signature Algorithm: sha256WithRSAEncryption
8f:86:1a:07:55:82:00:c3:bb:5a:87:98:04:17:bb:82:fa:52:
6a:b9:08:4e:0e:cd:a4:01:a2:9e:3c:4b:7e:3d:a5:e8:1a:1d:
c8:5c:7e:30:af:48:97:3e:bf:01:bd:8c:73:1a:24:5e:8b:0f:
40:a8:74:04:7e:53:80:43:58:de:df:1e:94:d3:61:1c:3b:c2:
81:e7:dd:69:8c:7d:65:8b:2a:b7:23:38:60:99:78:7c:f1:6e:
10:b2:7c:ba:9d:fe:f9:db:f4:0e:a4:8d:c0:a9:81:19:a1:0f:
94:8b:c5:68:02:75:71:0d:0b:da:c9:bd:73:70:2e:a1:8b:9e:
dc:29:9c:04:c8:1b:cb:69:58:80:cd:97:df:41:03:f0:ba:59:
46:5f:49:ad:64:a0:26:0e:d3:3b:f7:72:70:7f:1e:c8:7b:e0:
ee:3d:22:23:26:be:98:fb:4d:df:62:de:76:bc:fb:f3:be:e6:
05:ec:2c:af:00:7e:79:f4:3b:09:62:09:94:a8:0e:06:9d:3d:
64:cd:12:17:24:ce:6c:2b:34:e3:df:0c:2e:27:dd:e3:aa:79:
d0:aa:e1:58:60:6a:9a:29:79:47:19:3b:7e:87:e9:99:05:2d:
c4:d1:cc:3f:a6:77:f1:76:1b:68:fe:6e:12:04:44:2f:cf:93:
62:60:f7:75
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ2W6/rR+rYT6oxQhFNaqRKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjYwNDE2MTUzMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjU5MmEzYzI1OTczMDliMzNkNTFmN2Q4NjBjYzRkZmY1NThiZjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodTaRoNCgDt8R9jNmqaDn1jiu1VQ
ns8Ak4oB4+ks0SCinAbFN50/MtFHHyXjAyZXf++4UscK4cJrL/9BCPVN0Bro5Kue
biRRy6lz/jDHDRZvvnnOZxBIpj0VKc9ZxSeKqRXbFTjorZFeeLyyT38ymFWTwISo
uk0SkZ8LRAggzo2CJn1WqyyUy2LTKWkQB8QgN0IYwblvdg1jwFB9+FaR6Ik+F0lp
5ysYu/KQf35jpfTDGaeI0a9Cg+Oup05mBT6NknGB9kvpNq8W3g+OURy6ChQ8g2km
1Mz76wNPeMLuyqCAzxiDu7VJTmJSoUAHjkbarsb8oHmGH1B4dPjrS8HhZQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFMJZKjwllzCbM9UffYYMxN/1WL+XMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvd2xrcVBDV1hNSnN6MVI5OWhnekUzX1ZZdjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxMAsDBARX9dAD
AwFX9AMEAlkTJAMEAl6e8AMEBYstwAMEArkNmAMEArlSCAMEAsFtZDANBAIAAjAH
AwUAKgIC2DANBgkqhkiG9w0BAQsFAAOCAQEAj4YaB1WCAMO7WoeYBBe7gvpSarkI
Tg7NpAGinjxLfj2l6BodyFx+MK9Ilz6/Ab2McxokXosPQKh0BH5TgENY3t8elNNh
HDvCgefdaYx9ZYsqtyM4YJl4fPFuELJ8up3++dv0DqSNwKmBGaEPlIvFaAJ1cQ0L
2sm9c3AuoYue3CmcBMgby2lYgM2X30ED8LpZRl9JrWSgJg7TO/dycH8eyHvg7j0i
Iya+mPtN32Ledrz7877mBewsrwB+efQ7CWIJlKgOBp09ZM0SFyTObCs0498MLifd
46p50KrhWGBqmil5Rxk7fofpmQUtxNHMP6Z38XYbaP5uEgREL8+TYmD3dQ==
-----END CERTIFICATE-----
Generated at Sun Apr 19 13:57:17 2026 by rpki-client