Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/IPMiCKDGg-4bycZ4wSrvvc3HolI.roa
File: IPMiCKDGg-4bycZ4wSrvvc3HolI.roa (raw, json)
Hash identifier: Up0dPWNya84ceqWIOnzBSjlOj2l1pRl6VXrPutXxbZ4=
Subject key identifier: 20:F3:22:08:A0:C6:83:EE:1B:C9:C6:78:C1:2A:EF:BD:CD:C7:A2:52
Certificate issuer: /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial: 019C9FD1B6CEB35595137F9AD4E3F7843F9D
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/IPMiCKDGg-4bycZ4wSrvvc3HolI.roa
Signing time: Fri 27 Feb 2026 15:57:26 +0000
ROA not before: Fri 27 Feb 2026 15:57:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 132892
IP address blocks: 141.101.88.0/24 maxlen: 24
141.101.89.0/24 maxlen: 24
2a06:98c0:3400::/48 maxlen: 48
2a06:98c0:3401::/48 maxlen: 48
2a06:98c0:3402::/48 maxlen: 48
2a06:98c0:3600::/48 maxlen: 48
2a06:98c0:3601::/48 maxlen: 48
2a06:98c0:3602::/48 maxlen: 48
2a06:98c0:3603::/48 maxlen: 48
2a06:98c0:3604::/48 maxlen: 48
2a06:98c0:3605::/48 maxlen: 48
2a06:98c0:3606::/48 maxlen: 48
2a06:98c0:3607::/48 maxlen: 48
2a06:98c0:3608::/48 maxlen: 48
2a06:98c0:3609::/48 maxlen: 48
2a06:98c0:360a::/48 maxlen: 48
2a06:98c0:360b::/48 maxlen: 48
2a06:98c0:360c::/48 maxlen: 48
2a06:98c0:360d::/48 maxlen: 48
2a06:98c0:360f::/48 maxlen: 48
2a06:98c0:3610::/48 maxlen: 48
2a06:98c0:3611::/48 maxlen: 48
2a06:98c0:3613::/48 maxlen: 48
2a06:98c0:3614::/48 maxlen: 48
2a06:98c0:3615::/48 maxlen: 48
2a06:98c0:3617::/48 maxlen: 48
2a06:98c0:361c::/48 maxlen: 48
2a06:98c0:361d::/48 maxlen: 48
2a06:98c0:361f::/48 maxlen: 48
2a06:98c0:3620::/48 maxlen: 48
2a06:98c0:3621::/48 maxlen: 48
2a06:98c0:3622::/48 maxlen: 48
2a06:98c0:3623::/48 maxlen: 48
2a06:98c0:3624::/48 maxlen: 48
2a06:98c0:3625::/48 maxlen: 48
2a06:98c0:3628::/48 maxlen: 48
2a06:98c0:3629::/48 maxlen: 48
2a06:98c0:362a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9f:d1:b6:ce:b3:55:95:13:7f:9a:d4:e3:f7:84:3f:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Validity
Not Before: Feb 27 15:57:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20f32208a0c683ee1bc9c678c12aefbdcdc7a252
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:da:19:15:58:ff:08:a3:2f:30:50:22:ff:b8:
44:66:0b:b4:62:37:fc:05:db:82:de:36:b2:b6:89:
13:01:df:a8:1d:87:60:22:39:84:61:cf:cc:58:da:
e2:a9:51:2b:ae:12:78:48:47:96:ad:23:23:b8:0a:
f2:e4:9d:92:13:91:4e:cb:35:64:4c:2e:88:d6:04:
34:2a:40:6d:32:ad:27:b6:11:94:0e:fe:8e:df:a9:
d2:3c:aa:9d:72:25:6f:54:72:c1:b8:c9:05:b9:59:
24:39:50:89:d8:b2:52:48:58:fd:e2:c2:ce:57:26:
08:72:09:df:09:8a:29:ca:96:67:fc:ce:62:44:67:
47:e6:d9:0c:fc:ed:b8:4b:3e:25:4f:05:b4:ce:61:
b2:7a:f2:de:a7:23:9c:2c:c8:ee:97:99:57:79:18:
87:36:b7:86:b6:4b:86:ce:9d:1c:e2:de:a5:bd:2c:
5c:8c:de:1b:e4:83:4f:f8:e8:56:df:8a:3a:43:be:
6b:2c:87:40:5f:82:b2:88:02:5b:d1:bd:06:6b:65:
0e:35:85:24:e2:6d:4e:5c:3a:d9:1e:36:7f:90:07:
41:df:70:cd:24:a8:c1:6f:71:22:2b:df:a8:f2:ad:
79:27:a0:e4:b9:9a:13:ce:07:ba:91:4f:d6:ea:7f:
2f:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F3:22:08:A0:C6:83:EE:1B:C9:C6:78:C1:2A:EF:BD:CD:C7:A2:52
X509v3 Authority Key Identifier:
keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/IPMiCKDGg-4bycZ4wSrvvc3HolI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.101.88.0/23
IPv6:
2a06:98c0:3400::-2a06:98c0:3402:ffff:ffff:ffff:ffff:ffff
2a06:98c0:3600::-2a06:98c0:360d:ffff:ffff:ffff:ffff:ffff
2a06:98c0:360f::-2a06:98c0:3611:ffff:ffff:ffff:ffff:ffff
2a06:98c0:3613::-2a06:98c0:3615:ffff:ffff:ffff:ffff:ffff
2a06:98c0:3617::/48
2a06:98c0:361c::/47
2a06:98c0:361f::-2a06:98c0:3625:ffff:ffff:ffff:ffff:ffff
2a06:98c0:3628::-2a06:98c0:362a:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
29:23:18:93:13:4e:b2:69:c4:2f:28:eb:4c:5f:b7:36:57:f0:
df:aa:ac:b7:a4:5e:6d:5b:a0:b6:f5:d4:41:00:cd:a2:67:c8:
63:d6:2f:22:9e:73:2a:ec:00:9c:4c:dd:93:cb:39:0a:e8:0b:
fe:3c:dc:dd:ad:09:1a:1c:4c:04:0a:d2:fb:81:fe:64:bc:7b:
73:1e:47:36:dd:e6:91:55:e7:f5:4c:c3:37:10:3a:d0:70:3f:
0d:96:93:bf:ef:4f:34:a9:5b:5d:5f:69:e4:74:36:0d:a3:53:
16:8e:58:21:8f:66:6d:39:2c:fb:19:4b:80:e3:6e:d4:ab:ca:
0f:a8:75:f5:4c:00:d6:22:0c:12:80:65:89:1c:63:d8:6c:13:
be:84:98:34:c6:3f:d5:c9:9f:37:89:e9:65:49:a1:ad:0b:b5:
0a:4f:ae:ea:2c:cb:78:bc:45:85:dc:df:50:72:7f:eb:04:d8:
ed:c0:b2:dd:db:eb:c4:43:9a:62:e0:db:38:6c:55:22:50:b7:
07:6f:1b:84:df:2f:d3:a5:24:be:ee:39:40:ac:9c:07:e5:53:
e0:09:f3:d1:0a:a7:fb:a1:b9:ed:83:50:3a:46:17:6f:7d:fa:
eb:20:0e:54:a6:49:aa:5c:07:8d:57:3b:c8:d1:72:51:1a:95:
d5:01:85:83
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZyf0bbOs1WVE3+a1OP3hD+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjYwMjI3MTU1NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGYzMjIwOGEwYzY4M2VlMWJjOWM2NzhjMTJhZWZiZGNkYzdhMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNoZFVj/CKMvMFAi/7hEZgu0Yjf8
BduC3jaytokTAd+oHYdgIjmEYc/MWNriqVErrhJ4SEeWrSMjuAry5J2SE5FOyzVk
TC6I1gQ0KkBtMq0nthGUDv6O36nSPKqdciVvVHLBuMkFuVkkOVCJ2LJSSFj94sLO
VyYIcgnfCYopypZn/M5iRGdH5tkM/O24Sz4lTwW0zmGyevLepyOcLMjul5lXeRiH
NreGtkuGzp0c4t6lvSxcjN4b5INP+OhW34o6Q75rLIdAX4KyiAJb0b0Ga2UONYUk
4m1OXDrZHjZ/kAdB33DNJKjBb3EiK9+o8q15J6DkuZoTzge6kU/W6n8v7wIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFCDzIgigxoPuG8nGeMEq773Nx6JSMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvSVBNaUNLREdnLTRieWNaNHdTcnZ2YzNIb2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDAMBAIAATAGAwQBjWVY
MIGPBAIAAjCBiDARAwYCKgaYwDQDBwAqBpjANAIwEQMGASoGmMA2AwcBKgaYwDYM
MBIDBwAqBpjANg8DBwEqBpjANhAwEgMHACoGmMA2EwMHASoGmMA2FAMHACoGmMA2
FwMHASoGmMA2HDASAwcAKgaYwDYfAwcBKgaYwDYkMBIDBwMqBpjANigDBwAqBpjA
NiowDQYJKoZIhvcNAQELBQADggEBACkjGJMTTrJpxC8o60xftzZX8N+qrLekXm1b
oLb11EEAzaJnyGPWLyKecyrsAJxM3ZPLOQroC/483N2tCRocTAQK0vuB/mS8e3Me
Rzbd5pFV5/VMwzcQOtBwPw2Wk7/vTzSpW11faeR0Ng2jUxaOWCGPZm05LPsZS4Dj
btSryg+odfVMANYiDBKAZYkcY9hsE76EmDTGP9XJnzeJ6WVJoa0LtQpPruosy3i8
RYXc31Byf+sE2O3Ast3b68RDmmLg2zhsVSJQtwdvG4TfL9OlJL7uOUCsnAflU+AJ
89EKp/uhue2DUDpGF299+usgDlSmSapcB41XO8jRclEaldUBhYM=
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:54:43 2026 by rpki-client