Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/G4otAnex2hpyBQw1LDV4AIuNrXg.roa
File: G4otAnex2hpyBQw1LDV4AIuNrXg.roa (raw, json)
Hash identifier: HPbBIX2SdfmPs0L4ocpaH7SpiLrccLLTL3E+zx0pMD4=
Subject key identifier: 1B:8A:2D:02:77:B1:DA:1A:72:05:0C:35:2C:35:78:00:8B:8D:AD:78
Certificate issuer: /CN=1795ac843cd8ba90188f7313652bb561299b296f
Certificate serial: 019C98BECC346CB144A9C89EE44C8E74B95A
Authority key identifier: 17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/G4otAnex2hpyBQw1LDV4AIuNrXg.roa
Signing time: Thu 26 Feb 2026 06:59:26 +0000
ROA not before: Thu 26 Feb 2026 06:59:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31313
IP address blocks: 85.136.116.0/22 maxlen: 24
85.137.84.0/22 maxlen: 24
86.105.108.0/22 maxlen: 24
86.105.216.0/22 maxlen: 24
89.35.192.0/24 maxlen: 24
89.41.56.0/23 maxlen: 24
89.42.116.0/23 maxlen: 24
89.43.190.0/23 maxlen: 24
89.124.128.0/18 maxlen: 24
89.124.192.0/19 maxlen: 19
89.200.246.0/23 maxlen: 24
89.200.247.0/24 maxlen: 24
91.235.4.0/23 maxlen: 24
93.113.29.0/24 maxlen: 24
130.195.57.0/24 maxlen: 24
176.126.252.0/22 maxlen: 24
176.126.252.0/24 maxlen: 24
176.126.253.0/24 maxlen: 24
176.126.254.0/24 maxlen: 24
176.126.255.0/24 maxlen: 24
185.57.80.0/22 maxlen: 24
185.57.80.0/24 maxlen: 24
185.57.81.0/24 maxlen: 24
185.57.82.0/24 maxlen: 24
185.57.83.0/24 maxlen: 24
185.233.148.0/22 maxlen: 24
185.233.148.0/24 maxlen: 24
185.233.149.0/24 maxlen: 24
185.233.150.0/24 maxlen: 24
185.233.151.0/24 maxlen: 24
193.151.28.0/22 maxlen: 24
193.169.21.0/24 maxlen: 24
195.242.244.0/22 maxlen: 24
203.25.143.0/24 maxlen: 24
213.177.0.0/19 maxlen: 24
213.177.0.0/21 maxlen: 21
213.177.8.0/21 maxlen: 21
213.177.16.0/21 maxlen: 21
213.177.24.0/21 maxlen: 21
2a00:5dc0::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.mft
rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 18:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:98:be:cc:34:6c:b1:44:a9:c8:9e:e4:4c:8e:74:b9:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1795ac843cd8ba90188f7313652bb561299b296f
Validity
Not Before: Feb 26 06:59:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1b8a2d0277b1da1a72050c352c3578008b8dad78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:25:af:50:ae:92:90:8f:76:b9:58:dd:63:3b:
33:aa:08:e0:8f:3f:03:a9:1b:45:91:02:be:8b:a3:
c1:d2:05:7c:5a:bc:77:f1:6e:cb:0d:f2:2c:d3:e8:
be:7c:ec:7b:c3:94:b4:63:4f:db:7d:a6:18:bf:58:
57:8d:fd:b6:8c:cb:7d:dc:68:f2:bd:aa:cb:65:10:
9f:b7:78:81:75:65:55:de:1b:6d:63:25:23:95:e3:
20:17:e9:5d:de:f0:94:21:f7:51:73:2b:30:40:15:
4b:09:c3:d2:38:10:82:ad:8b:ad:7e:58:ce:df:0a:
19:d2:55:63:f5:cf:e5:28:ab:e2:87:83:af:20:e0:
95:1b:00:53:98:40:63:f9:25:33:9c:0e:7f:18:f8:
81:78:9c:a4:5d:b0:83:29:a1:c9:e3:69:4c:ac:01:
b8:a8:f2:40:85:df:64:54:4e:da:07:6c:48:33:6b:
4f:b1:bd:48:6a:2a:f9:97:23:e7:9a:e3:bb:76:15:
e4:3f:d7:5f:26:38:63:f8:0a:53:ee:19:a0:8c:b0:
01:4f:24:eb:b1:67:d6:59:e6:e4:d1:14:92:52:8e:
0b:fe:31:9c:09:32:75:cd:e6:bb:75:70:db:96:75:
7d:73:04:7e:68:b8:25:13:1e:a5:0f:a9:d9:83:e6:
cd:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:8A:2D:02:77:B1:DA:1A:72:05:0C:35:2C:35:78:00:8B:8D:AD:78
X509v3 Authority Key Identifier:
keyid:17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/G4otAnex2hpyBQw1LDV4AIuNrXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.136.116.0/22
85.137.84.0/22
86.105.108.0/22
86.105.216.0/22
89.35.192.0/24
89.41.56.0/23
89.42.116.0/23
89.43.190.0/23
89.124.128.0-89.124.223.255
89.200.246.0/23
91.235.4.0/23
93.113.29.0/24
130.195.57.0/24
176.126.252.0/22
185.57.80.0/22
185.233.148.0/22
193.151.28.0/22
193.169.21.0/24
195.242.244.0/22
203.25.143.0/24
213.177.0.0/19
IPv6:
2a00:5dc0::/29
Signature Algorithm: sha256WithRSAEncryption
6d:13:3b:82:7d:25:27:5e:bf:9a:03:13:88:29:32:83:8e:c3:
d9:aa:87:f6:a3:98:7e:b8:64:7f:8a:04:c1:56:fc:e5:a5:ea:
75:3f:6f:00:90:82:e6:03:19:54:94:ad:d1:3e:4f:ef:20:df:
32:bd:19:72:f5:19:d4:59:7c:b4:60:11:aa:d3:79:4c:47:04:
b5:df:ef:f2:3c:77:00:01:d4:78:29:89:db:02:90:47:77:47:
65:89:e9:56:60:bb:34:11:6c:ae:c7:7a:3d:a3:f5:5d:6b:ec:
1e:b6:55:33:9e:3b:94:a7:e5:ad:cd:b1:3f:cc:97:40:cb:6f:
b2:d5:d8:3c:47:9b:6b:19:8b:27:ac:88:e5:4f:ac:f0:ce:9c:
f5:7e:78:3f:ef:ef:94:ca:fc:73:e5:57:04:0d:2e:3f:a5:ea:
d9:f2:5e:51:a6:06:84:a2:77:12:a4:b0:13:7b:06:1a:c1:38:
ca:7f:66:f7:9e:ad:58:0d:a8:ab:0c:49:e6:21:7b:8f:56:71:
dd:36:e8:ef:9a:c7:c6:a8:90:03:b4:6b:53:a1:65:d9:71:21:
31:d4:3d:c5:60:81:c6:b7:6f:f8:78:15:9a:62:a6:0f:7f:57:
34:ad:c3:62:95:17:1b:ae:f2:c2:80:00:31:93:aa:f5:14:34:
1d:88:6f:14
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAZyYvsw0bLFEqcie5EyOdLlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTVhYzg0M2NkOGJhOTAxODhmNzMxMzY1MmJiNTYxMjk5
YjI5NmYwHhcNMjYwMjI2MDY1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhhMmQwMjc3YjFkYTFhNzIwNTBjMzUyYzM1NzgwMDhiOGRhZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyWvUK6SkI92uVjdYzszqgjgjz8D
qRtFkQK+i6PB0gV8Wrx38W7LDfIs0+i+fOx7w5S0Y0/bfaYYv1hXjf22jMt93Gjy
varLZRCft3iBdWVV3httYyUjleMgF+ld3vCUIfdRcyswQBVLCcPSOBCCrYutfljO
3woZ0lVj9c/lKKvih4OvIOCVGwBTmEBj+SUznA5/GPiBeJykXbCDKaHJ42lMrAG4
qPJAhd9kVE7aB2xIM2tPsb1Iair5lyPnmuO7dhXkP9dfJjhj+ApT7hmgjLABTyTr
sWfWWebk0RSSUo4L/jGcCTJ1zea7dXDblnV9cwR+aLglEx6lD6nZg+bNDQIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFBuKLQJ3sdoacgUMNSw1eACLja14MB8GA1UdIwQY
MBaAFBeVrIQ82LqQGI9zE2UrtWEpmylvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODct
NzMxYWJjNmY3NWNhLzEvRzRvdEFuZXgyaHB5QlF3MUxEVjRBSXVOclhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODctNzMxYWJjNmY3NWNh
LzEvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGyBggrBgEFBQcBBwEB/wSBojCBnzCBjQQCAAEwgYYDBAJV
iHQDBAJViVQDBAJWaWwDBAJWadgDBABZI8ADBAFZKTgDBAFZKnQDBAFZK74wDAME
B1l8gAMEBVl8wAMEAVnI9gMEAVvrBAMEAF1xHQMEAILDOQMEArB+/AMEArk5UAME
ArnplAMEAsGXHAMEAMGpFQMEAsPy9AMEAMsZjwMEBdWxADANBAIAAjAHAwUDKgBd
wDANBgkqhkiG9w0BAQsFAAOCAQEAbRM7gn0lJ16/mgMTiCkyg47D2aqH9qOYfrhk
f4oEwVb85aXqdT9vAJCC5gMZVJSt0T5P7yDfMr0ZcvUZ1Fl8tGARqtN5TEcEtd/v
8jx3AAHUeCmJ2wKQR3dHZYnpVmC7NBFsrsd6PaP1XWvsHrZVM547lKflrc2xP8yX
QMtvstXYPEebaxmLJ6yI5U+s8M6c9X54P+/vlMr8c+VXBA0uP6Xq2fJeUaYGhKJ3
EqSwE3sGGsE4yn9m956tWA2oqwxJ5iF7j1Zx3Tbo75rHxqiQA7RrU6Fl2XEhMdQ9
xWCBxrdv+HgVmmKmD39XNK3DYpUXG67ywoAAMZOq9RQ0HYhvFA==
-----END CERTIFICATE-----
Generated at Tue Mar 3 01:57:41 2026 by rpki-client