Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/XdIgNIFzUX4k2EKnMN077mtqc7w.roa
File: XdIgNIFzUX4k2EKnMN077mtqc7w.roa (raw, json)
Hash identifier: dgYLsjjFuphvMS01kT7lUhGhlkTPHmssMRDEFqyinkU=
Subject key identifier: 5D:D2:20:34:81:73:51:7E:24:D8:42:A7:30:DD:3B:EE:6B:6A:73:BC
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019C2E93574D26B2062882E17BAA4624B5F2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/XdIgNIFzUX4k2EKnMN077mtqc7w.roa
Signing time: Thu 05 Feb 2026 16:12:13 +0000
ROA not before: Thu 05 Feb 2026 16:12:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6762
IP address blocks: 2.16.19.0/24 maxlen: 24
2.16.70.0/23 maxlen: 23
2.16.146.0/23 maxlen: 23
2.16.220.0/22 maxlen: 22
2.18.0.0/22 maxlen: 22
2.19.16.0/20 maxlen: 20
2.20.4.0/22 maxlen: 22
2.20.109.0/24 maxlen: 24
2.20.110.0/24 maxlen: 24
2.20.112.0/22 maxlen: 22
2.20.242.0/24 maxlen: 24
2.20.252.0/24 maxlen: 24
2.21.2.0/24 maxlen: 24
2.21.14.0/24 maxlen: 24
2.21.100.0/22 maxlen: 22
2.22.216.0/22 maxlen: 22
88.221.28.0/22 maxlen: 22
88.221.100.0/22 maxlen: 22
92.122.68.0/22 maxlen: 22
92.122.225.0/24 maxlen: 24
92.122.248.0/22 maxlen: 22
92.123.48.0/24 maxlen: 24
92.123.106.0/24 maxlen: 24
92.123.208.0/22 maxlen: 22
95.100.136.0/22 maxlen: 22
95.101.35.0/24 maxlen: 24
95.101.68.0/22 maxlen: 22
95.101.78.0/24 maxlen: 24
95.101.114.0/24 maxlen: 24
95.101.156.0/22 maxlen: 22
2a02:26f0:b00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2e:93:57:4d:26:b2:06:28:82:e1:7b:aa:46:24:b5:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Feb 5 16:12:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5dd220348173517e24d842a730dd3bee6b6a73bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:8b:95:7c:fd:6a:a3:12:02:55:6d:4b:7c:1d:
13:34:1e:02:64:47:06:a4:ed:41:a9:f0:0c:5b:3d:
4c:48:1f:de:41:9e:a3:7a:27:18:ec:17:b4:43:a5:
4d:7c:90:83:26:77:3d:31:b0:fc:03:28:62:18:0f:
64:97:93:fc:04:0c:55:1b:9e:cc:9e:6e:c2:54:f3:
4e:d2:e4:88:0d:64:16:6a:99:68:c3:62:1f:31:17:
41:83:ee:8d:f0:73:ab:fc:4f:87:45:64:5a:a9:c2:
d3:05:14:f7:22:64:81:9c:31:1d:30:9b:44:d8:4f:
ab:64:31:46:f2:82:c9:59:5d:74:be:73:1d:35:c7:
0c:7b:53:62:ab:e5:03:e1:86:97:40:03:c9:89:73:
4a:5d:7d:5f:52:f3:08:3c:1f:17:50:8e:88:af:0e:
b3:7d:7a:ef:8b:04:d1:ec:1c:0c:7d:ab:e7:ce:5e:
9b:19:8b:0f:2c:76:ef:bf:49:23:12:f4:12:44:18:
da:11:51:c4:69:2e:df:92:af:aa:ac:f8:33:35:c0:
35:34:78:15:b9:7d:01:3a:0e:6c:2d:de:71:01:16:
bb:ab:97:65:5e:f6:24:8e:56:fc:8c:cd:9a:40:8e:
f6:45:3a:89:91:af:c1:be:48:ad:b6:fc:a5:bc:1e:
e3:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:D2:20:34:81:73:51:7E:24:D8:42:A7:30:DD:3B:EE:6B:6A:73:BC
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/XdIgNIFzUX4k2EKnMN077mtqc7w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.19.0/24
2.16.70.0/23
2.16.146.0/23
2.16.220.0/22
2.18.0.0/22
2.19.16.0/20
2.20.4.0/22
2.20.109.0-2.20.110.255
2.20.112.0/22
2.20.242.0/24
2.20.252.0/24
2.21.2.0/24
2.21.14.0/24
2.21.100.0/22
2.22.216.0/22
88.221.28.0/22
88.221.100.0/22
92.122.68.0/22
92.122.225.0/24
92.122.248.0/22
92.123.48.0/24
92.123.106.0/24
92.123.208.0/22
95.100.136.0/22
95.101.35.0/24
95.101.68.0/22
95.101.78.0/24
95.101.114.0/24
95.101.156.0/22
IPv6:
2a02:26f0:b00::/48
Signature Algorithm: sha256WithRSAEncryption
53:0a:d3:81:c4:8d:0c:96:79:65:fb:c1:1d:bb:6b:90:ef:06:
5f:44:65:3f:a5:2e:df:28:a6:cd:b7:1e:02:85:58:82:56:25:
59:ff:f5:17:0c:69:bf:34:f8:d1:bb:ff:34:2f:12:e4:21:b1:
ed:ca:3d:34:32:e1:7e:aa:8e:be:30:c9:77:d2:0b:42:69:22:
92:fb:42:73:64:60:69:a3:7a:bf:62:23:cd:fe:78:29:1e:7d:
0b:cc:04:b9:9f:95:fc:6a:38:56:55:13:83:fe:83:e3:e7:d9:
6b:4d:a2:75:1d:72:c1:0f:94:90:46:35:f3:81:74:2c:b9:4e:
26:d8:7a:2f:6a:10:ca:4b:0c:76:dc:98:3e:61:c4:e2:e1:9c:
cb:7e:87:4c:b2:d5:88:3b:17:e3:2a:0a:76:38:e2:a7:42:bf:
18:cb:6a:4a:5a:2f:00:5e:62:88:f5:f4:91:01:1d:49:7e:bc:
c0:b3:c3:28:0c:96:76:c2:78:14:96:cc:81:84:97:41:09:7f:
29:e6:5d:dc:a3:47:c9:2a:57:cf:97:af:2e:c3:db:ae:87:81:
f7:61:0a:44:4b:86:01:93:f2:5e:7f:60:25:6b:d7:4b:cc:cc:
a9:8e:32:b7:90:42:cd:7f:a4:04:79:04:18:f3:30:ae:df:17:
40:37:5c:f3
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAZwuk1dNJrIGKILhe6pGJLXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMjA1MTYxMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQyMjAzNDgxNzM1MTdlMjRkODQyYTczMGRkM2JlZTZiNmE3M2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYuVfP1qoxICVW1LfB0TNB4CZEcG
pO1BqfAMWz1MSB/eQZ6jeicY7Be0Q6VNfJCDJnc9MbD8AyhiGA9kl5P8BAxVG57M
nm7CVPNO0uSIDWQWaplow2IfMRdBg+6N8HOr/E+HRWRaqcLTBRT3ImSBnDEdMJtE
2E+rZDFG8oLJWV10vnMdNccMe1Niq+UD4YaXQAPJiXNKXX1fUvMIPB8XUI6Irw6z
fXrviwTR7BwMfavnzl6bGYsPLHbvv0kjEvQSRBjaEVHEaS7fkq+qrPgzNcA1NHgV
uX0BOg5sLd5xARa7q5dlXvYkjlb8jM2aQI72RTqJka/BvkittvylvB7jowIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFF3SIDSBc1F+JNhCpzDdO+5ranO8MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWGRJZ05JRnpVWDRrMkVLbk1OMDc3bXRxYzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHkBggrBgEFBQcBBwEB/wSB1DCB0TCBvQQCAAEwgbYDBAAC
EBMDBAECEEYDBAECEJIDBAICENwDBAICEgADBAQCExADBAICFAQwDAMEAAIUbQME
AAIUbgMEAgIUcAMEAAIU8gMEAAIU/AMEAAIVAgMEAAIVDgMEAgIVZAMEAgIW2AME
AljdHAMEAljdZAMEAlx6RAMEAFx64QMEAlx6+AMEAFx7MAMEAFx7agMEAlx70AME
Al9kiAMEAF9lIwMEAl9lRAMEAF9lTgMEAF9lcgMEAl9lnDAPBAIAAjAJAwcAKgIm
8AsAMA0GCSqGSIb3DQEBCwUAA4IBAQBTCtOBxI0Mlnll+8Edu2uQ7wZfRGU/pS7f
KKbNtx4ChViCViVZ//UXDGm/NPjRu/80LxLkIbHtyj00MuF+qo6+MMl30gtCaSKS
+0JzZGBpo3q/YiPN/ngpHn0LzAS5n5X8ajhWVROD/oPj59lrTaJ1HXLBD5SQRjXz
gXQsuU4m2HovahDKSwx23Jg+YcTi4ZzLfodMstWIOxfjKgp2OOKnQr8Yy2pKWi8A
XmKI9fSRAR1JfrzAs8MoDJZ2wngUlsyBhJdBCX8p5l3co0fJKlfPl68uw9uuh4H3
YQpES4YBk/Jef2Ala9dLzMypjjK3kELNf6QEeQQY8zCu3xdAN1zz
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:53:22 2026 by rpki-client