Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/W522yPrkm1ETf534dyGiRFmcWcU.roa
File: W522yPrkm1ETf534dyGiRFmcWcU.roa (raw, json)
Hash identifier: ciBX1xa4glvJ/scnztG/cwNIztp6J0jz4XLKjig6bnM=
Subject key identifier: 5B:9D:B6:C8:FA:E4:9B:51:13:7F:9D:F8:77:21:A2:44:59:9C:59:C5
Certificate issuer: /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial: 019D54706786897BB0303CBBF47A3DF37E80
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/W522yPrkm1ETf534dyGiRFmcWcU.roa
Signing time: Fri 03 Apr 2026 17:42:25 +0000
ROA not before: Fri 03 Apr 2026 17:42:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1680
IP address blocks: 37.26.144.0/21 maxlen: 21
37.26.145.0/24 maxlen: 24
37.26.146.0/24 maxlen: 24
37.26.147.0/24 maxlen: 24
37.26.148.0/24 maxlen: 24
37.26.149.0/24 maxlen: 24
37.26.150.0/24 maxlen: 24
37.26.151.0/24 maxlen: 24
46.116.0.0/16 maxlen: 18
46.117.0.0/16 maxlen: 18
46.210.0.0/16 maxlen: 24
62.0.0.0/16 maxlen: 23
62.0.87.0/24 maxlen: 24
62.0.88.0/22 maxlen: 24
62.0.92.0/23 maxlen: 24
62.0.94.0/24 maxlen: 24
62.0.114.0/23 maxlen: 24
62.0.116.0/22 maxlen: 24
62.0.120.0/21 maxlen: 24
62.0.128.0/23 maxlen: 24
62.90.0.0/16 maxlen: 24
62.90.135.0/24 maxlen: 24
62.90.143.0/24 maxlen: 24
80.250.144.0/20 maxlen: 24
82.166.0.0/16 maxlen: 24
82.166.100.0/22 maxlen: 24
82.166.112.0/21 maxlen: 24
82.166.201.128/25 maxlen: 25
85.64.0.0/16 maxlen: 16
85.65.0.0/16 maxlen: 16
85.250.0.0/16 maxlen: 16
89.138.0.0/16 maxlen: 16
89.139.0.0/16 maxlen: 16
93.172.0.0/16 maxlen: 16
93.173.0.0/16 maxlen: 16
95.35.0.0/16 maxlen: 24
109.186.0.0/16 maxlen: 16
109.253.0.0/16 maxlen: 24
141.226.132.0/24 maxlen: 24
141.226.134.0/24 maxlen: 24
147.161.8.0/21 maxlen: 24
147.234.17.0/24 maxlen: 24
147.234.22.0/24 maxlen: 24
147.234.27.0/24 maxlen: 24
147.234.27.0/25 maxlen: 25
147.234.27.128/25 maxlen: 25
147.234.28.0/24 maxlen: 24
147.234.43.0/24 maxlen: 24
147.234.83.0/24 maxlen: 24
147.234.84.0/24 maxlen: 24
147.234.86.0/24 maxlen: 24
176.12.128.0/17 maxlen: 24
176.13.0.0/16 maxlen: 24
192.115.84.0/22 maxlen: 24
192.115.112.0/20 maxlen: 24
192.115.140.0/22 maxlen: 24
192.115.152.0/21 maxlen: 24
192.115.160.0/22 maxlen: 24
192.115.200.0/21 maxlen: 24
192.116.32.0/19 maxlen: 24
192.118.28.0/22 maxlen: 22
192.118.28.0/23 maxlen: 23
192.118.30.0/23 maxlen: 23
192.118.84.0/22 maxlen: 24
194.90.0.0/16 maxlen: 24
194.90.1.0/24 maxlen: 24
194.90.229.0/24 maxlen: 24
199.203.0.0/16 maxlen: 24
199.203.1.0/24 maxlen: 24
199.203.21.0/24 maxlen: 24
199.203.76.0/24 maxlen: 24
199.203.191.0/24 maxlen: 24
207.232.0.0/18 maxlen: 18
207.232.50.0/24 maxlen: 24
212.29.192.0/18 maxlen: 18
212.29.244.0/24 maxlen: 24
212.143.0.0/16 maxlen: 24
212.143.194.0/24 maxlen: 24
212.150.0.0/16 maxlen: 24
212.235.0.0/17 maxlen: 24
217.132.0.0/16 maxlen: 16
2001:4df0::/29 maxlen: 32
2001:4df0::/32 maxlen: 32
2001:4df1::/32 maxlen: 32
2001:4df2::/32 maxlen: 32
2001:4df3::/32 maxlen: 32
2001:4df4::/32 maxlen: 32
2001:4df5::/32 maxlen: 32
2001:4df6::/32 maxlen: 32
2001:4df7::/32 maxlen: 32
2a02:148::/29 maxlen: 32
2a02:148::/32 maxlen: 32
2a02:149::/32 maxlen: 32
2a02:14a::/32 maxlen: 32
2a02:14b::/32 maxlen: 32
2a02:14c::/32 maxlen: 32
2a02:14d::/32 maxlen: 32
2a02:14e::/32 maxlen: 32
2a02:14f::/32 maxlen: 32
2a03:c5c0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 05:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:70:67:86:89:7b:b0:30:3c:bb:f4:7a:3d:f3:7e:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Validity
Not Before: Apr 3 17:42:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5b9db6c8fae49b51137f9df87721a244599c59c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:15:45:63:07:b3:5a:5a:bc:97:8c:c0:4e:ae:
e0:5f:bd:5d:ac:ce:a6:bd:c8:02:cd:72:bc:5b:c6:
fd:4e:24:80:92:64:77:9b:91:c4:e7:fc:f9:49:05:
61:e3:e5:9a:03:0f:d0:5d:ff:55:9c:d3:f7:04:24:
73:7d:76:ca:11:12:9d:d7:02:52:6d:6c:fe:22:e7:
b6:1d:0f:f5:ca:74:94:32:2c:b8:02:ff:b4:45:44:
3d:5f:5e:e5:c1:32:1c:75:59:f8:f1:3c:f1:ce:f2:
59:90:a1:f7:74:d2:05:4f:f1:be:d0:14:56:c4:bc:
d1:cc:01:29:bd:2d:7a:a8:bb:d6:b5:2e:40:c9:e1:
54:f1:a9:33:51:58:41:5a:0c:21:bb:29:50:8f:0f:
f2:d2:5a:0e:33:2e:ad:1d:a8:a5:b0:cd:94:57:f2:
a7:ef:fd:b9:59:73:a9:ee:cf:45:eb:a8:3b:ab:1c:
9c:52:16:5c:eb:d1:63:6e:14:a7:5e:d7:ec:6c:61:
66:92:01:77:35:bb:28:7e:fa:a0:80:04:cf:d8:ec:
98:a9:3e:ed:0f:02:79:80:35:1b:7a:22:66:70:d3:
da:ca:75:95:a0:cd:42:b9:40:94:fd:82:0c:4d:24:
aa:45:d2:b1:09:a3:53:21:4d:e5:fa:44:3b:1c:68:
53:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:9D:B6:C8:FA:E4:9B:51:13:7F:9D:F8:77:21:A2:44:59:9C:59:C5
X509v3 Authority Key Identifier:
keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/W522yPrkm1ETf534dyGiRFmcWcU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.144.0/21
46.116.0.0/15
46.210.0.0/16
62.0.0.0/16
62.90.0.0/16
80.250.144.0/20
82.166.0.0/16
85.64.0.0/15
85.250.0.0/16
89.138.0.0/15
93.172.0.0/15
95.35.0.0/16
109.186.0.0/16
109.253.0.0/16
141.226.132.0/24
141.226.134.0/24
147.161.8.0/21
147.234.17.0/24
147.234.22.0/24
147.234.27.0-147.234.28.255
147.234.43.0/24
147.234.83.0-147.234.84.255
147.234.86.0/24
176.12.128.0-176.13.255.255
192.115.84.0/22
192.115.112.0/20
192.115.140.0/22
192.115.152.0-192.115.163.255
192.115.200.0/21
192.116.32.0/19
192.118.28.0/22
192.118.84.0/22
194.90.0.0/16
199.203.0.0/16
207.232.0.0/18
212.29.192.0/18
212.143.0.0/16
212.150.0.0/16
212.235.0.0/17
217.132.0.0/16
IPv6:
2001:4df0::/29
2a02:148::/29
2a03:c5c0::/32
Signature Algorithm: sha256WithRSAEncryption
67:45:2e:dc:f2:95:c2:d0:83:92:a2:83:58:b6:9a:ae:ff:4b:
ba:7f:71:62:c5:93:12:91:f3:33:db:05:21:ce:39:63:02:50:
de:31:fc:f7:3b:91:bc:3e:8a:d4:27:8e:29:af:1c:7d:0d:1f:
02:60:2f:4b:f2:06:e6:6f:14:93:e2:68:40:a7:6a:24:32:01:
b7:83:a8:40:34:e0:84:39:64:d7:d8:13:96:2c:a6:89:90:36:
c1:a5:24:65:92:c9:75:3d:11:82:d0:7c:68:9f:60:0e:9b:43:
e0:b1:63:e6:e4:af:e8:d2:e3:5f:a4:aa:34:a9:93:22:36:db:
0b:b6:f7:9e:29:1a:61:7c:0c:a8:51:63:c4:3a:9c:1b:89:3b:
fb:28:08:b2:04:f6:d7:20:86:b6:58:eb:20:a2:96:e1:fd:fc:
2e:af:bd:00:12:72:09:db:7e:21:24:d7:c5:6a:26:ef:98:da:
eb:4d:9b:d0:df:e5:37:86:57:b1:16:9a:80:de:9d:2f:4e:7d:
93:cc:db:f7:e7:54:1d:a8:6c:79:8f:d2:9e:d6:16:08:74:d0:
14:2c:5a:86:00:bb:c9:ee:03:52:14:cc:b1:74:39:35:28:a1:
dd:9a:53:2a:57:9a:a4:d9:e2:94:34:dc:c9:f9:a5:b5:1d:bf:
b2:ff:59:85
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAZ1UcGeGiXuwMDy79Ho9836AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjYwNDAzMTc0MjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjlkYjZjOGZhZTQ5YjUxMTM3ZjlkZjg3NzIxYTI0NDU5OWM1OWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRVFYwezWlq8l4zATq7gX71drM6m
vcgCzXK8W8b9TiSAkmR3m5HE5/z5SQVh4+WaAw/QXf9VnNP3BCRzfXbKERKd1wJS
bWz+Iue2HQ/1ynSUMiy4Av+0RUQ9X17lwTIcdVn48TzxzvJZkKH3dNIFT/G+0BRW
xLzRzAEpvS16qLvWtS5AyeFU8akzUVhBWgwhuylQjw/y0loOMy6tHailsM2UV/Kn
7/25WXOp7s9F66g7qxycUhZc69FjbhSnXtfsbGFmkgF3NbsofvqggATP2OyYqT7t
DwJ5gDUbeiJmcNPaynWVoM1CuUCU/YIMTSSqRdKxCaNTIU3l+kQ7HGhTHQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFFudtsj65JtRE3+d+HchokRZnFnFMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvVzUyMnlQcmttMUVUZjUzNGR5R2lSRm1jV2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCCAQUEAgABMIH+
AwQDJRqQAwMBLnQDAwAu0gMDAD4AAwMAPloDBARQ+pADAwBSpgMDAVVAAwMAVfoD
AwFZigMDAV2sAwMAXyMDAwBtugMDAG39AwQAjeKEAwQAjeKGAwQDk6EIAwQAk+oR
AwQAk+oWMAwDBACT6hsDBACT6hwDBACT6iswDAMEAJPqUwMEAJPqVAMEAJPqVjAL
AwQHsAyAAwMBsAwDBALAc1QDBATAc3ADBALAc4wwDAMEA8BzmAMEAsBzoAMEA8Bz
yAMEBcB0IAMEAsB2HAMEAsB2VAMDAMJaAwMAx8sDBAbP6AADBAbUHcADAwDUjwMD
ANSWAwQH1OsAAwMA2YQwGwQCAAIwFQMFAyABTfADBQMqAgFIAwUAKgPFwDANBgkq
hkiG9w0BAQsFAAOCAQEAZ0Uu3PKVwtCDkqKDWLaarv9Lun9xYsWTEpHzM9sFIc45
YwJQ3jH89zuRvD6K1CeOKa8cfQ0fAmAvS/IG5m8Uk+JoQKdqJDIBt4OoQDTghDlk
19gTliymiZA2waUkZZLJdT0RgtB8aJ9gDptD4LFj5uSv6NLjX6SqNKmTIjbbC7b3
nikaYXwMqFFjxDqcG4k7+ygIsgT21yCGtljrIKKW4f38Lq+9ABJyCdt+ISTXxWom
75ja602b0N/lN4ZXsRaagN6dL059k8zb9+dUHahseY/SntYWCHTQFCxahgC7ye4D
UhTMsXQ5NSih3ZpTKleapNnilDTcyfmltR2/sv9ZhQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:02:12 2026 by rpki-client