Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2hJWw_7yFtnQ1zbXHgx4q8jKP0o.roa
File: 2hJWw_7yFtnQ1zbXHgx4q8jKP0o.roa (raw, json)
Hash identifier: QiSBPLnPtb0Hglhprh6/gZol3Qo6vltRIQjkqOX6AQ0=
Subject key identifier: DA:12:56:C3:FE:F2:16:D9:D0:D7:36:D7:1E:0C:78:AB:C8:CA:3F:4A
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019C7C13F33566BC0356520924C99EA41C4D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2hJWw_7yFtnQ1zbXHgx4q8jKP0o.roa
Signing time: Fri 20 Feb 2026 17:23:28 +0000
ROA not before: Fri 20 Feb 2026 17:23:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 273091
IP address blocks: 217.60.40.0/21 maxlen: 24
217.60.40.0/24 maxlen: 24
217.60.41.0/24 maxlen: 24
217.60.42.0/24 maxlen: 24
217.60.43.0/24 maxlen: 24
217.60.44.0/24 maxlen: 24
217.60.45.0/24 maxlen: 24
217.60.46.0/24 maxlen: 24
217.60.47.0/24 maxlen: 24
217.60.48.0/22 maxlen: 24
217.60.48.0/24 maxlen: 24
217.60.49.0/24 maxlen: 24
217.60.50.0/24 maxlen: 24
217.60.51.0/24 maxlen: 24
217.60.208.0/20 maxlen: 24
217.60.208.0/24 maxlen: 24
217.60.209.0/24 maxlen: 24
217.60.210.0/24 maxlen: 24
217.60.211.0/24 maxlen: 24
217.60.212.0/24 maxlen: 24
217.60.213.0/24 maxlen: 24
217.60.214.0/24 maxlen: 24
217.60.215.0/24 maxlen: 24
217.60.216.0/24 maxlen: 24
217.60.217.0/24 maxlen: 24
217.60.218.0/24 maxlen: 24
217.60.219.0/24 maxlen: 24
217.60.220.0/24 maxlen: 24
217.60.221.0/24 maxlen: 24
217.60.222.0/24 maxlen: 24
217.60.223.0/24 maxlen: 24
217.60.224.0/21 maxlen: 24
217.60.224.0/24 maxlen: 24
217.60.225.0/24 maxlen: 24
217.60.226.0/24 maxlen: 24
217.60.227.0/24 maxlen: 24
217.60.228.0/24 maxlen: 24
217.60.229.0/24 maxlen: 24
217.60.230.0/24 maxlen: 24
217.60.231.0/24 maxlen: 24
217.60.232.0/22 maxlen: 24
217.60.232.0/24 maxlen: 24
217.60.233.0/24 maxlen: 24
217.60.234.0/24 maxlen: 24
217.60.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 08:38:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7c:13:f3:35:66:bc:03:56:52:09:24:c9:9e:a4:1c:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Feb 20 17:23:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=da1256c3fef216d9d0d736d71e0c78abc8ca3f4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:03:85:0e:e7:7d:a4:b6:d7:14:0f:8d:6c:59:
31:7e:40:23:8a:a3:04:60:4e:b0:9e:74:b2:ac:ec:
1a:14:2e:b6:cb:dd:e8:7c:7c:d2:bd:7a:b1:4f:a2:
b0:ee:e5:8a:dc:e6:b5:7c:ea:e4:5b:fd:4c:70:bd:
36:31:4b:74:13:d3:02:76:d5:e2:b4:c5:8a:41:0f:
62:45:5b:ef:a3:52:7a:d1:87:6a:e8:81:2a:bb:d8:
a6:00:dc:06:36:0a:98:7e:0b:a2:ff:a7:a7:84:fe:
c4:94:9a:34:d3:13:7d:6d:18:6e:26:04:d6:1a:a5:
ad:6a:13:18:e2:04:79:c0:c7:a1:7a:2a:95:30:8b:
ff:67:ae:0c:15:fd:c2:ea:21:da:90:41:24:bd:db:
f3:d7:45:65:7f:a3:61:11:77:d8:26:67:af:44:df:
4b:c3:ef:b5:62:a6:6f:5b:73:83:aa:01:43:15:8f:
82:34:5a:6f:17:81:f9:3b:77:08:d0:f3:e9:d6:64:
d9:c1:79:96:98:76:a0:b7:86:11:24:89:93:aa:32:
86:9d:fb:3d:97:3b:b6:9d:23:6b:56:31:39:74:f1:
d0:b5:4c:2f:2c:81:9d:46:4d:12:95:5d:f9:7b:b7:
ed:47:7b:0f:52:11:06:f4:7d:b1:3c:af:91:65:22:
80:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:12:56:C3:FE:F2:16:D9:D0:D7:36:D7:1E:0C:78:AB:C8:CA:3F:4A
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2hJWw_7yFtnQ1zbXHgx4q8jKP0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.40.0-217.60.51.255
217.60.208.0-217.60.235.255
Signature Algorithm: sha256WithRSAEncryption
7e:9b:84:6f:d0:a8:15:05:47:a3:9e:87:00:b6:48:4b:86:f0:
06:de:09:d1:f9:0a:55:d1:f4:c5:3f:79:5c:10:58:83:16:9e:
ee:f3:0e:b0:20:da:87:54:e7:31:a4:f1:d7:1f:4c:9f:b1:d8:
99:e8:fd:d1:7b:df:40:6b:87:7e:fb:da:25:55:c7:41:d8:5c:
a0:ae:82:ae:5b:48:5b:93:50:61:92:b9:cd:f1:13:f6:5c:57:
9a:80:50:51:bb:0a:c7:cc:33:f6:97:20:1e:3b:79:b7:bf:9b:
a4:00:72:ab:40:3e:13:96:b7:a2:62:f9:e4:c9:83:a3:c3:08:
42:df:ad:8d:d3:1b:34:fd:0e:33:3a:df:1f:07:9b:ff:3c:5d:
86:af:b4:39:20:e1:fb:de:c2:c2:32:51:7c:00:f4:aa:11:55:
8c:b1:7c:89:e6:5b:27:7e:83:e5:74:c3:3a:17:a2:ed:c1:7b:
fb:11:39:1d:5a:c1:80:9b:ee:2d:9b:af:a1:f5:0c:bf:99:2c:
5c:98:3b:6a:35:4c:62:30:08:7d:67:35:69:30:fb:30:d1:a4:
64:08:fd:57:9f:90:a0:bb:5f:f8:05:c1:47:d2:f2:66:40:b9:
fe:02:cc:75:68:b5:b9:98:14:d0:1d:d9:34:b4:f3:2e:4e:da:
c8:e9:ae:9f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZx8E/M1ZrwDVlIJJMmepBxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMjIwMTcyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEyNTZjM2ZlZjIxNmQ5ZDBkNzM2ZDcxZTBjNzhhYmM4Y2EzZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAOFDud9pLbXFA+NbFkxfkAjiqME
YE6wnnSyrOwaFC62y93ofHzSvXqxT6Kw7uWK3Oa1fOrkW/1McL02MUt0E9MCdtXi
tMWKQQ9iRVvvo1J60Ydq6IEqu9imANwGNgqYfgui/6enhP7ElJo00xN9bRhuJgTW
GqWtahMY4gR5wMeheiqVMIv/Z64MFf3C6iHakEEkvdvz10Vlf6NhEXfYJmevRN9L
w++1YqZvW3ODqgFDFY+CNFpvF4H5O3cI0PPp1mTZwXmWmHagt4YRJImTqjKGnfs9
lzu2nSNrVjE5dPHQtUwvLIGdRk0SlV35e7ftR3sPUhEG9H2xPK+RZSKAawIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNoSVsP+8hbZ0Nc21x4MeKvIyj9KMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMmhKV3dfN3lGdG5RMXpiWEhneDRxOGpLUDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAPZPCgD
BALZPDAwDAMEBNk80AMEAtk86DANBgkqhkiG9w0BAQsFAAOCAQEAfpuEb9CoFQVH
o56HALZIS4bwBt4J0fkKVdH0xT95XBBYgxae7vMOsCDah1TnMaTx1x9Mn7HYmej9
0XvfQGuHfvvaJVXHQdhcoK6CrltIW5NQYZK5zfET9lxXmoBQUbsKx8wz9pcgHjt5
t7+bpAByq0A+E5a3omL55MmDo8MIQt+tjdMbNP0OMzrfHweb/zxdhq+0OSDh+97C
wjJRfAD0qhFVjLF8ieZbJ36D5XTDOhei7cF7+xE5HVrBgJvuLZuvofUMv5ksXJg7
ajVMYjAIfWc1aTD7MNGkZAj9V5+QoLtf+AXBR9LyZkC5/gLMdWi1uZgU0B3ZNLTz
Lk7ayOmunw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:11:43 2026 by rpki-client