Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/MhQ5HUvEaXMgZWuCMmPcH7n5ZMc.roa
File: MhQ5HUvEaXMgZWuCMmPcH7n5ZMc.roa (raw, json)
Hash identifier: HyJ3PY2sMV/XrRQW/oxrnMAsVecLjeVWTJMWb8dA+aw=
Subject key identifier: 32:14:39:1D:4B:C4:69:73:20:65:6B:82:32:63:DC:1F:B9:F9:64:C7
Certificate issuer: /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial: 019D8D954AB924CDD70040C67BD2E0CE911E
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/MhQ5HUvEaXMgZWuCMmPcH7n5ZMc.roa
Signing time: Tue 14 Apr 2026 20:01:04 +0000
ROA not before: Tue 14 Apr 2026 20:01:04 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 211183
IP address blocks: 5.35.124.0/24 maxlen: 24
5.35.125.0/24 maxlen: 24
5.35.126.0/24 maxlen: 24
5.35.127.0/24 maxlen: 24
5.253.62.0/24 maxlen: 24
37.140.241.0/24 maxlen: 24
45.128.204.0/24 maxlen: 24
79.133.181.0/24 maxlen: 24
79.133.182.0/24 maxlen: 24
79.133.183.0/24 maxlen: 24
89.191.225.0/24 maxlen: 24
91.200.84.0/24 maxlen: 24
94.154.11.0/24 maxlen: 24
130.49.143.0/24 maxlen: 24
130.49.146.0/24 maxlen: 24
130.49.153.0/24 maxlen: 24
153.80.184.0/24 maxlen: 24
153.80.185.0/24 maxlen: 24
153.80.250.0/24 maxlen: 24
153.80.251.0/24 maxlen: 24
155.212.245.0/24 maxlen: 24
155.212.246.0/24 maxlen: 24
155.212.247.0/24 maxlen: 24
157.22.172.0/24 maxlen: 24
157.22.173.0/24 maxlen: 24
157.22.174.0/24 maxlen: 24
157.22.175.0/24 maxlen: 24
157.22.230.0/24 maxlen: 24
157.22.231.0/24 maxlen: 24
185.198.152.0/24 maxlen: 24
185.219.41.0/24 maxlen: 24
185.233.185.0/24 maxlen: 24
185.239.50.0/24 maxlen: 24
185.239.51.0/24 maxlen: 24
185.240.103.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
185.250.44.0/24 maxlen: 24
185.250.46.0/24 maxlen: 24
185.250.47.0/24 maxlen: 24
193.187.96.0/24 maxlen: 24
194.5.78.0/24 maxlen: 24
194.5.79.0/24 maxlen: 24
195.93.252.0/24 maxlen: 24
217.171.146.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 05:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8d:95:4a:b9:24:cd:d7:00:40:c6:7b:d2:e0:ce:91:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
Validity
Not Before: Apr 14 20:01:04 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3214391d4bc4697320656b823263dc1fb9f964c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a8:3c:a4:0e:3f:4a:a0:9e:e8:0e:8d:3e:55:
21:55:bd:8b:a6:36:4a:6e:26:17:e8:28:09:35:d1:
4f:a4:8e:0c:8e:08:38:fd:3b:1a:3a:a2:f4:92:9b:
42:a8:47:55:33:b1:f2:f9:a3:d5:34:40:f4:7b:7d:
b3:8e:28:b1:fa:bf:1c:ba:f6:fc:7c:ab:2a:6c:a5:
fe:83:59:0f:e9:a9:e6:b5:e6:09:17:d7:e2:80:a9:
0e:7a:cc:50:0c:9c:d8:19:38:57:08:c3:39:a3:95:
67:fb:c4:67:80:f4:a2:6c:04:fb:3b:aa:ac:9b:14:
17:68:5a:cc:4f:ba:0d:e8:18:de:e9:a2:35:e8:9c:
dd:78:d0:4b:c0:6e:e2:b3:13:e0:7e:ea:07:de:52:
55:ee:39:50:e7:36:30:35:d4:57:c7:99:f1:38:55:
0c:4f:45:35:9a:8a:5f:33:bb:40:40:29:4e:1a:7a:
f7:a6:1f:07:40:63:48:89:2b:ab:86:07:82:3f:85:
41:18:b8:bc:09:95:0c:0f:5a:5e:32:46:23:69:32:
a9:53:29:28:7d:67:0b:2d:6c:32:5d:86:8a:8f:f9:
9a:31:46:86:e3:b8:00:84:6c:fc:8d:c3:08:2a:67:
b3:0e:de:80:45:fa:dc:09:cc:40:35:08:c9:60:ee:
32:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:14:39:1D:4B:C4:69:73:20:65:6B:82:32:63:DC:1F:B9:F9:64:C7
X509v3 Authority Key Identifier:
keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/MhQ5HUvEaXMgZWuCMmPcH7n5ZMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.124.0/22
5.253.62.0/24
37.140.241.0/24
45.128.204.0/24
79.133.181.0-79.133.183.255
89.191.225.0/24
91.200.84.0/24
94.154.11.0/24
130.49.143.0/24
130.49.146.0/24
130.49.153.0/24
153.80.184.0/23
153.80.250.0/23
155.212.245.0-155.212.247.255
157.22.172.0/22
157.22.230.0/23
185.198.152.0/24
185.219.41.0/24
185.233.185.0/24
185.239.50.0/23
185.240.103.0/24
185.244.51.0/24
185.250.44.0/24
185.250.46.0/23
193.187.96.0/24
194.5.78.0/23
195.93.252.0/24
217.171.146.0/24
Signature Algorithm: sha256WithRSAEncryption
59:ad:45:53:39:0e:c4:eb:1e:9a:97:9e:28:8f:79:a5:01:97:
54:22:42:67:22:1a:81:6b:9a:8c:ed:b6:f4:7f:d8:cd:e1:e1:
71:8d:47:de:54:3e:a6:85:85:87:45:65:64:c4:cf:80:10:5b:
a0:f4:bd:a4:1e:3b:5e:b6:d4:07:82:5a:e1:fe:5a:f1:a0:ca:
98:01:1c:39:c2:b0:b6:68:01:f3:f5:b8:48:62:29:ad:a5:34:
50:2d:ad:c0:c4:2f:95:48:4e:bd:a3:b7:65:69:cb:19:d4:f3:
5f:ef:1c:32:3e:0f:0c:fb:70:4c:1b:63:68:a3:13:b3:c3:1c:
f1:77:62:34:20:8c:be:7f:93:b7:93:7b:ab:3e:b4:b5:27:2a:
a1:70:93:17:5f:5d:47:47:a1:c8:8b:25:e0:26:7e:eb:dd:3e:
8f:97:49:cc:6c:c5:17:5e:43:71:47:2f:a8:a7:f4:ae:43:d9:
09:68:92:f8:4b:b8:0a:a0:f7:8a:c2:89:33:73:14:e9:87:fa:
4f:55:44:12:50:18:4e:da:ff:fb:f1:99:0d:17:c3:64:bc:ed:
e0:c5:78:ff:7c:30:e6:7b:e3:69:c6:93:47:0a:e5:c5:fc:43:
6e:c8:8b:af:d0:ba:71:86:c7:d9:77:bb:67:81:c8:86:cb:bd:
6d:ac:06:be
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZ2NlUq5JM3XAEDGe9LgzpEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjYwNDE0MjAwMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE0MzkxZDRiYzQ2OTczMjA2NTZiODIzMjYzZGMxZmI5Zjk2NGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6g8pA4/SqCe6A6NPlUhVb2LpjZK
biYX6CgJNdFPpI4Mjgg4/TsaOqL0kptCqEdVM7Hy+aPVNED0e32zjiix+r8cuvb8
fKsqbKX+g1kP6anmteYJF9figKkOesxQDJzYGThXCMM5o5Vn+8RngPSibAT7O6qs
mxQXaFrMT7oN6Bje6aI16JzdeNBLwG7isxPgfuoH3lJV7jlQ5zYwNdRXx5nxOFUM
T0U1mopfM7tAQClOGnr3ph8HQGNIiSurhgeCP4VBGLi8CZUMD1peMkYjaTKpUyko
fWcLLWwyXYaKj/maMUaG47gAhGz8jcMIKmezDt6ARfrcCcxANQjJYO4yBQIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFDIUOR1LxGlzIGVrgjJj3B+5+WTHMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvTWhRNUhVdkVhWE1nWld1Q01tUGNIN241Wk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHVBggrBgEFBQcBBwEB/wSBxTCBwjCBvwQCAAEwgbgDBAIF
I3wDBAAF/T4DBAAljPEDBAAtgMwwDAMEAE+FtQMEA0+FsAMEAFm/4QMEAFvIVAME
AF6aCwMEAIIxjwMEAIIxkgMEAIIxmQMEAZlQuAMEAZlQ+jAMAwQAm9T1AwQDm9Tw
AwQCnRasAwQBnRbmAwQAucaYAwQAudspAwQAuem5AwQBue8yAwQAufBnAwQAufQz
AwQAufosAwQBufouAwQAwbtgAwQBwgVOAwQAw138AwQA2auSMA0GCSqGSIb3DQEB
CwUAA4IBAQBZrUVTOQ7E6x6al54oj3mlAZdUIkJnIhqBa5qM7bb0f9jN4eFxjUfe
VD6mhYWHRWVkxM+AEFug9L2kHjtettQHglrh/lrxoMqYARw5wrC2aAHz9bhIYimt
pTRQLa3AxC+VSE69o7dlacsZ1PNf7xwyPg8M+3BMG2NooxOzwxzxd2I0IIy+f5O3
k3urPrS1JyqhcJMXX11HR6HIiyXgJn7r3T6Pl0nMbMUXXkNxRy+op/SuQ9kJaJL4
S7gKoPeKwokzcxTph/pPVUQSUBhO2v/78ZkNF8NkvO3gxXj/fDDme+NpxpNHCuXF
/ENuyIuv0LpxhsfZd7tngciGy71trAa+
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:59:58 2026 by rpki-client