Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/WM_CkksfpxlOvbVfJ29q-PM94R0.roa
File: WM_CkksfpxlOvbVfJ29q-PM94R0.roa (raw, json)
Hash identifier: ieRO0VQfX3WMm1FhYHOk166k7TlopH7iRCo/7Z4383I=
Subject key identifier: 58:CF:C2:92:4B:1F:A7:19:4E:BD:B5:5F:27:6F:6A:F8:F3:3D:E1:1D
Certificate issuer: /CN=3144e609e361913e3c3b0a78d7486aa45b562401
Certificate serial: 019B7C11CC7F0777DDF29C118F759D10F4AB
Authority key identifier: 31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/WM_CkksfpxlOvbVfJ29q-PM94R0.roa
Signing time: Fri 02 Jan 2026 00:18:19 +0000
ROA not before: Fri 02 Jan 2026 00:18:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 28990
IP address blocks: 217.26.144.0/20 maxlen: 24
217.26.144.0/21 maxlen: 21
217.26.144.0/24 maxlen: 24
217.26.145.0/24 maxlen: 24
217.26.146.0/24 maxlen: 24
217.26.147.0/24 maxlen: 24
217.26.150.0/24 maxlen: 24
217.26.152.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.mft
rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 21:16:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:11:cc:7f:07:77:dd:f2:9c:11:8f:75:9d:10:f4:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3144e609e361913e3c3b0a78d7486aa45b562401
Validity
Not Before: Jan 2 00:18:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=58cfc2924b1fa7194ebdb55f276f6af8f33de11d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a7:4e:45:98:5e:84:eb:a0:12:a7:19:33:f8:
c1:62:52:02:a8:b7:4f:93:ca:06:50:97:70:29:36:
1a:8b:d1:ac:a7:15:2d:3d:0a:46:89:9e:94:18:fd:
ee:f2:e5:5f:21:9e:d2:3e:43:8c:61:18:01:b1:25:
42:67:43:f3:79:3d:3a:cb:db:f1:be:f1:24:f4:e3:
d4:e7:60:d7:90:b2:25:13:32:47:23:3f:8c:1e:65:
53:b2:f0:5e:e8:cf:4b:ed:00:49:07:24:70:49:41:
62:03:82:96:31:93:8e:d7:cf:c6:64:8e:75:12:f6:
ff:f6:17:01:78:ce:5a:99:7a:6e:c7:f1:4b:16:59:
f4:41:a6:32:c7:65:b8:e6:ad:09:7e:27:84:7a:2e:
a0:8a:0e:5f:ab:ff:d3:74:65:5f:68:50:a9:77:d0:
97:db:33:08:8b:1c:d4:4a:21:7c:15:cf:e8:22:1b:
f4:74:0d:99:16:d6:85:45:d3:71:f7:02:9e:80:33:
bc:02:6d:26:66:07:84:64:97:90:8b:fe:28:19:1e:
82:b5:a4:d5:ea:61:9b:56:40:38:d0:7f:24:b5:a3:
65:bd:c7:a5:e1:58:a6:b0:db:d6:ae:28:8b:2f:6d:
f1:ca:20:a8:54:97:de:6d:3d:97:7d:c8:0a:46:d1:
54:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:CF:C2:92:4B:1F:A7:19:4E:BD:B5:5F:27:6F:6A:F8:F3:3D:E1:1D
X509v3 Authority Key Identifier:
keyid:31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/WM_CkksfpxlOvbVfJ29q-PM94R0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.26.144.0/20
Signature Algorithm: sha256WithRSAEncryption
7e:33:10:69:ce:fa:84:91:5b:0c:be:30:1e:42:32:ca:0f:ea:
bf:fc:5f:eb:b8:ce:56:de:fe:76:cd:36:bb:a0:e7:c4:be:39:
60:47:b0:cc:a1:c4:6d:8c:0d:13:28:d6:c4:be:e0:66:26:97:
98:72:8f:cc:8d:21:f1:75:19:b4:6b:37:78:28:96:ae:eb:71:
fe:7e:d5:e4:32:f3:cb:8d:b3:75:c3:e0:5d:8a:fd:41:db:f1:
3f:2b:af:4c:cd:b1:43:32:1f:45:7d:e3:a8:00:bc:85:dd:59:
cf:12:ea:70:44:d7:90:bf:f3:06:4e:f4:d1:d5:6f:55:c3:2b:
f8:0a:11:33:de:a3:63:3b:87:4a:8a:61:ab:6b:9e:17:5d:10:
08:5f:06:5c:5a:cb:e0:84:83:4b:61:04:46:59:cc:a0:b1:37:
bb:27:3f:22:bb:0f:99:6e:91:fa:c2:17:a9:87:c9:47:45:29:
9f:fe:8d:42:16:23:57:0d:7b:57:cd:aa:24:58:17:6f:3d:da:
84:23:54:3c:13:d5:50:8c:3b:ae:6b:74:06:c9:00:4f:23:79:
ca:29:e0:b0:49:21:8b:06:75:d1:19:62:c5:f3:23:b6:06:a9:
5d:9f:16:15:5a:ac:39:fb:aa:11:bb:4b:c8:83:75:40:7e:3e:
c8:54:f8:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ecx/B3fd8pwRj3WdEPSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNDRlNjA5ZTM2MTkxM2UzYzNiMGE3OGQ3NDg2YWE0NWI1
NjI0MDEwHhcNMjYwMTAyMDAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGNmYzI5MjRiMWZhNzE5NGViZGI1NWYyNzZmNmFmOGYzM2RlMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqdORZhehOugEqcZM/jBYlICqLdP
k8oGUJdwKTYai9GspxUtPQpGiZ6UGP3u8uVfIZ7SPkOMYRgBsSVCZ0PzeT06y9vx
vvEk9OPU52DXkLIlEzJHIz+MHmVTsvBe6M9L7QBJByRwSUFiA4KWMZOO18/GZI51
Evb/9hcBeM5amXpux/FLFln0QaYyx2W45q0JfieEei6gig5fq//TdGVfaFCpd9CX
2zMIixzUSiF8Fc/oIhv0dA2ZFtaFRdNx9wKegDO8Am0mZgeEZJeQi/4oGR6CtaTV
6mGbVkA40H8ktaNlvcel4VimsNvWriiLL23xyiCoVJfebT2XfcgKRtFUvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjPwpJLH6cZTr21XydvavjzPeEdMB8GA1UdIwQY
MBaAFDFE5gnjYZE+PDsKeNdIaqRbViQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYt
Nzc1ODg4YTg3MTk0LzEvV01fQ2trc2ZweGxPdmJWZkoyOXEtUE05NFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYtNzc1ODg4YTg3MTk0
LzEvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RqQMA0G
CSqGSIb3DQEBCwUAA4IBAQB+MxBpzvqEkVsMvjAeQjLKD+q//F/ruM5W3v52zTa7
oOfEvjlgR7DMocRtjA0TKNbEvuBmJpeYco/MjSHxdRm0azd4KJau63H+ftXkMvPL
jbN1w+Bdiv1B2/E/K69MzbFDMh9FfeOoALyF3VnPEupwRNeQv/MGTvTR1W9Vwyv4
ChEz3qNjO4dKimGra54XXRAIXwZcWsvghINLYQRGWcygsTe7Jz8iuw+ZbpH6whep
h8lHRSmf/o1CFiNXDXtXzaokWBdvPdqEI1Q8E9VQjDuua3QGyQBPI3nKKeCwSSGL
BnXRGWLF8yO2BqldnxYVWqw5+6oRu0vIg3VAfj7IVPhc
-----END CERTIFICATE-----
Generated at Tue Mar 3 05:38:16 2026 by rpki-client