Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/MYqosqYznshSBHhJRCRXz5w9vvU.roa
File: MYqosqYznshSBHhJRCRXz5w9vvU.roa (raw, json)
Hash identifier: YCd4lsvChvCvSXFOE9n0zc8M89HnW32oRzu9rQpmrMo=
Subject key identifier: 31:8A:A8:B2:A6:33:9E:C8:52:04:78:49:44:24:57:CF:9C:3D:BE:F5
Certificate issuer: /CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Certificate serial: 019B78353D2687A1B21B891334ECAE87B072
Authority key identifier: 89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/MYqosqYznshSBHhJRCRXz5w9vvU.roa
Signing time: Thu 01 Jan 2026 06:18:33 +0000
ROA not before: Thu 01 Jan 2026 06:18:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50710
IP address blocks: 109.224.0.0/18 maxlen: 18
109.224.0.0/21 maxlen: 21
109.224.1.0/24 maxlen: 24
109.224.2.0/23 maxlen: 23
109.224.4.0/22 maxlen: 22
109.224.8.0/21 maxlen: 21
109.224.8.0/22 maxlen: 22
109.224.12.0/23 maxlen: 23
109.224.12.0/24 maxlen: 24
109.224.13.0/24 maxlen: 24
109.224.14.0/23 maxlen: 23
109.224.14.0/24 maxlen: 24
109.224.15.0/24 maxlen: 24
109.224.16.0/22 maxlen: 22
109.224.20.0/22 maxlen: 22
109.224.24.0/22 maxlen: 22
109.224.28.0/24 maxlen: 24
109.224.29.0/24 maxlen: 24
109.224.30.0/23 maxlen: 23
109.224.32.0/22 maxlen: 22
109.224.32.0/24 maxlen: 24
109.224.36.0/22 maxlen: 22
109.224.40.0/21 maxlen: 21
109.224.40.0/24 maxlen: 24
109.224.41.0/24 maxlen: 24
109.224.42.0/23 maxlen: 23
109.224.42.0/24 maxlen: 24
109.224.43.0/24 maxlen: 24
109.224.44.0/22 maxlen: 22
109.224.44.0/24 maxlen: 24
109.224.45.0/24 maxlen: 24
109.224.46.0/24 maxlen: 24
109.224.47.0/24 maxlen: 24
109.224.48.0/21 maxlen: 21
109.224.48.0/22 maxlen: 22
109.224.52.0/22 maxlen: 22
109.224.56.0/21 maxlen: 21
109.224.56.0/22 maxlen: 22
109.224.60.0/22 maxlen: 22
185.118.96.0/22 maxlen: 22
185.118.96.0/24 maxlen: 24
185.141.9.0/24 maxlen: 24
185.141.10.0/24 maxlen: 24
185.141.11.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:35:3d:26:87:a1:b2:1b:89:13:34:ec:ae:87:b0:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Validity
Not Before: Jan 1 06:18:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=318aa8b2a6339ec852047849442457cf9c3dbef5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:e6:ea:5d:83:70:8a:13:0a:25:9d:13:a7:4d:
2d:a7:18:f0:2c:b6:2e:32:80:b1:1e:78:8c:cd:af:
4b:f0:df:09:16:9c:e4:bb:20:06:9b:0b:f8:f1:26:
41:f4:d1:2b:ae:4d:4a:ad:fd:5f:0a:ee:1b:a8:ad:
6f:f0:13:9c:94:37:8e:f2:5e:37:11:2d:84:5e:75:
8f:2c:7c:4b:37:cb:09:d9:d8:54:60:85:8e:5a:11:
e6:ca:f2:f4:dd:15:ff:92:e4:fc:6c:d1:f8:64:6f:
42:af:be:3d:00:5e:08:9c:c2:de:03:d4:c7:63:4c:
50:f1:51:8e:b2:50:5e:e5:e2:00:25:57:59:c8:0f:
01:e9:aa:43:32:1c:bb:fa:1a:f0:9f:bd:63:58:5f:
68:d8:3b:e7:3f:46:7d:e1:54:14:33:8c:47:04:97:
31:4d:83:ea:2e:ef:25:3d:f7:fb:b5:dd:ce:59:10:
20:e7:1e:9e:6a:8e:a4:04:5c:d7:82:a8:0a:c7:a2:
b8:dd:9f:57:64:0c:82:71:1b:1b:89:89:a2:25:3f:
f0:f0:41:ab:e9:8e:03:8d:c5:95:74:78:a3:b4:14:
c0:6d:21:fe:39:69:fd:1c:3a:4e:3c:6d:96:f3:8a:
29:04:4e:f8:c3:c8:dd:61:fd:88:71:0f:d3:a9:49:
7c:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:8A:A8:B2:A6:33:9E:C8:52:04:78:49:44:24:57:CF:9C:3D:BE:F5
X509v3 Authority Key Identifier:
keyid:89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/MYqosqYznshSBHhJRCRXz5w9vvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.0.0/18
185.118.96.0/22
185.141.9.0-185.141.11.255
Signature Algorithm: sha256WithRSAEncryption
a2:e2:0e:57:9b:b0:50:da:4d:92:3f:9c:3b:c0:10:22:ac:fe:
a2:38:f4:96:8e:f8:5e:fb:32:28:92:d7:12:ff:39:6c:58:94:
69:d3:71:c7:ae:82:f9:48:e4:9e:46:71:8d:9d:01:7a:5f:0c:
4b:d9:a9:36:5a:f9:77:d7:df:f4:43:74:e5:47:b4:7f:d4:81:
bb:b0:fa:00:fb:21:ce:fb:af:5b:bc:25:1d:43:ac:70:8b:26:
4f:b4:a0:ce:f6:46:c7:53:94:d9:f5:b8:a4:28:59:38:58:3e:
25:f9:cd:9e:b4:29:d3:98:18:9b:df:6b:2e:4d:31:4f:6a:a3:
91:19:39:49:07:29:61:60:a0:a0:72:a6:81:55:90:54:7f:69:
d4:ab:e2:6a:6c:c1:e9:f7:21:56:ff:51:50:21:0f:46:b2:31:
6b:2c:81:6d:54:cd:8b:42:3a:6b:1e:72:41:f4:b1:f3:b0:6d:
0c:1c:d9:16:bf:37:54:bc:69:b6:ed:ed:ab:bd:24:55:c1:96:
a4:e4:dd:b5:1c:1f:5b:b0:23:d9:61:0c:6d:3f:2c:0e:51:d9:
48:c8:4e:86:50:a3:98:aa:9e:97:11:26:38:43:96:d8:c9:63:
bb:69:8b:aa:65:6a:fd:db:44:03:c1:f9:31:48:49:39:fc:47:
71:f6:f7:45
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZt4NT0mh6GyG4kTNOyuh7ByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmVkNmU0YjVjN2MxOWRiOThjNTc0MzJhZjRkY2Y2MzBi
ZjYwYWUwHhcNMjYwMTAxMDYxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMThhYThiMmE2MzM5ZWM4NTIwNDc4NDk0NDI0NTdjZjljM2RiZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqebqXYNwihMKJZ0Tp00tpxjwLLYu
MoCxHniMza9L8N8JFpzkuyAGmwv48SZB9NErrk1Krf1fCu4bqK1v8BOclDeO8l43
ES2EXnWPLHxLN8sJ2dhUYIWOWhHmyvL03RX/kuT8bNH4ZG9Cr749AF4InMLeA9TH
Y0xQ8VGOslBe5eIAJVdZyA8B6apDMhy7+hrwn71jWF9o2DvnP0Z94VQUM4xHBJcx
TYPqLu8lPff7td3OWRAg5x6eao6kBFzXgqgKx6K43Z9XZAyCcRsbiYmiJT/w8EGr
6Y4DjcWVdHijtBTAbSH+OWn9HDpOPG2W84opBE74w8jdYf2IcQ/TqUl8ZQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDGKqLKmM57IUgR4SUQkV8+cPb71MB8GA1UdIwQY
MBaAFIlu1uS1x8GduYxXQyr03PYwv2CuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYt
ZGMxZmY2NzQ2ZDJlLzEvTVlxb3NxWXpuc2hTQkhoSlJDUlh6NXc5dnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYtZGMxZmY2NzQ2ZDJl
LzEvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQGbeAAAwQC
uXZgMAwDBAC5jQkDBAK5jQgwDQYJKoZIhvcNAQELBQADggEBAKLiDlebsFDaTZI/
nDvAECKs/qI49JaO+F77MiiS1xL/OWxYlGnTcceugvlI5J5GcY2dAXpfDEvZqTZa
+XfX3/RDdOVHtH/Ugbuw+gD7Ic77r1u8JR1DrHCLJk+0oM72RsdTlNn1uKQoWThY
PiX5zZ60KdOYGJvfay5NMU9qo5EZOUkHKWFgoKBypoFVkFR/adSr4mpswen3IVb/
UVAhD0ayMWssgW1UzYtCOmseckH0sfOwbQwc2Ra/N1S8abbt7au9JFXBlqTk3bUc
H1uwI9lhDG0/LA5R2UjIToZQo5iqnpcRJjhDltjJY7tpi6plav3bRAPB+TFISTn8
R3H290U=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:50:53 2026 by rpki-client