Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/ljtHnjq5j5z6450o-D-KXWoEKBw.roa
File: ljtHnjq5j5z6450o-D-KXWoEKBw.roa (raw, json)
Hash identifier: k+ArXELCmMBtJaFY8pmY2yHtg7KoU0obxGCRosBcuzw=
Subject key identifier: 96:3B:47:9E:3A:B9:8F:9C:FA:E3:9D:28:F8:3F:8A:5D:6A:04:28:1C
Certificate issuer: /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial: 019D4DA97B83F68D8F2E2FCD05F50125BC43
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/ljtHnjq5j5z6450o-D-KXWoEKBw.roa
Signing time: Thu 02 Apr 2026 10:07:25 +0000
ROA not before: Thu 02 Apr 2026 10:07:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62212
IP address blocks: 85.137.164.0/22 maxlen: 24
87.236.146.0/24 maxlen: 24
91.184.248.0/22 maxlen: 24
91.199.137.0/24 maxlen: 24
91.199.147.0/24 maxlen: 24
91.199.154.0/24 maxlen: 24
91.199.160.0/24 maxlen: 24
92.61.70.0/23 maxlen: 24
109.172.8.0/23 maxlen: 24
188.127.246.0/23 maxlen: 24
193.124.56.0/22 maxlen: 24
2a11:3b80::/29 maxlen: 48
2a11:3b80::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.mft
rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4d:a9:7b:83:f6:8d:8f:2e:2f:cd:05:f5:01:25:bc:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
Validity
Not Before: Apr 2 10:07:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=963b479e3ab98f9cfae39d28f83f8a5d6a04281c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:1e:35:8c:e2:b4:0b:14:9f:da:b8:16:9c:b4:
c9:0b:5d:65:ec:f6:6d:4f:96:95:75:71:1e:de:ef:
3b:13:22:e6:11:6a:50:43:73:85:c1:8a:f2:d5:52:
f2:3d:16:df:a8:f2:25:b9:22:1a:81:0b:89:f2:9d:
9a:64:a0:65:3b:6d:f5:e8:fb:c2:9a:e5:0e:2e:a9:
65:ed:7a:8b:be:a2:6b:8b:84:d9:51:1e:45:0d:53:
87:bb:e4:2d:7c:85:00:1c:0b:1b:4d:0c:9c:0c:c1:
90:87:71:b4:95:f5:18:f0:22:a2:96:ea:57:a1:22:
46:88:eb:37:ad:b0:ee:94:ad:95:9d:8c:92:f0:a1:
85:ac:26:94:51:1f:a1:b2:0b:f4:41:1a:20:c2:60:
48:9b:ab:2b:20:c6:5e:b2:60:62:26:b1:49:33:13:
bd:d4:9a:58:55:24:99:32:02:34:b5:b6:eb:3b:14:
f8:a7:ab:48:b0:1f:89:b1:a8:91:0c:c8:8d:e4:63:
ad:5d:a6:94:18:61:04:d8:bf:60:b4:1b:5d:1f:a6:
3b:ff:3b:7b:59:95:24:03:ad:d8:3a:f3:fd:e7:67:
49:01:3c:cb:94:c0:69:87:81:33:8d:97:37:b7:78:
b4:90:06:80:48:18:0b:dd:8a:3a:6b:de:35:19:4f:
f0:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:3B:47:9E:3A:B9:8F:9C:FA:E3:9D:28:F8:3F:8A:5D:6A:04:28:1C
X509v3 Authority Key Identifier:
keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/ljtHnjq5j5z6450o-D-KXWoEKBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.137.164.0/22
87.236.146.0/24
91.184.248.0/22
91.199.137.0/24
91.199.147.0/24
91.199.154.0/24
91.199.160.0/24
92.61.70.0/23
109.172.8.0/23
188.127.246.0/23
193.124.56.0/22
IPv6:
2a11:3b80::/29
Signature Algorithm: sha256WithRSAEncryption
29:7f:16:a1:8f:85:79:37:4f:0e:f1:99:a9:04:51:40:03:24:
fa:61:e9:da:f5:c4:68:88:69:65:b5:0d:cf:30:3e:31:0f:50:
64:8a:8c:fe:c2:1d:59:cd:39:95:69:32:a5:f2:63:6b:8c:7f:
8a:9e:a1:9a:f9:7e:4a:7e:46:7d:e8:16:e2:07:70:01:66:22:
91:d8:3a:2f:c2:ee:0d:4b:e2:79:f7:68:ee:95:2b:3d:b1:a4:
d3:09:dd:48:21:69:7b:f3:3f:2a:ea:a4:9c:46:19:72:86:4c:
70:71:08:15:4f:ae:a8:10:e7:9c:b6:c9:a2:4f:a6:d2:89:99:
e2:e5:73:9c:35:00:fe:47:e3:39:8b:d8:61:71:92:31:09:dc:
dd:b1:9f:da:85:91:8f:82:41:bd:8f:d6:06:3d:6b:1f:89:e6:
54:8b:2c:1b:97:d0:7a:bd:6a:30:e8:06:1c:69:c4:aa:98:8e:
bc:e5:f0:4a:77:e9:33:22:11:23:a3:39:7e:14:34:cc:84:d3:
3b:26:b5:a7:28:bc:ca:53:6d:0f:c8:ac:84:8b:d5:cc:ad:95:
32:cc:ef:5d:18:f3:83:ca:da:11:af:6b:7c:f7:bf:01:f3:83:
6a:64:3a:e8:6c:dc:86:81:59:8b:79:53:80:a1:8d:22:f9:53:
b7:fe:16:28
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZ1NqXuD9o2PLi/NBfUBJbxDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjYwNDAyMTAwNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjNiNDc5ZTNhYjk4ZjljZmFlMzlkMjhmODNmOGE1ZDZhMDQyODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx41jOK0CxSf2rgWnLTJC11l7PZt
T5aVdXEe3u87EyLmEWpQQ3OFwYry1VLyPRbfqPIluSIagQuJ8p2aZKBlO2316PvC
muUOLqll7XqLvqJri4TZUR5FDVOHu+QtfIUAHAsbTQycDMGQh3G0lfUY8CKilupX
oSJGiOs3rbDulK2VnYyS8KGFrCaUUR+hsgv0QRogwmBIm6srIMZesmBiJrFJMxO9
1JpYVSSZMgI0tbbrOxT4p6tIsB+JsaiRDMiN5GOtXaaUGGEE2L9gtBtdH6Y7/zt7
WZUkA63YOvP952dJATzLlMBph4EzjZc3t3i0kAaASBgL3Yo6a941GU/wPwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFJY7R546uY+c+uOdKPg/il1qBCgcMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvbGp0SG5qcTVqNXo2NDUwby1ELUtYV29FS0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQCVYmkAwQA
V+ySAwQCW7j4AwQAW8eJAwQAW8eTAwQAW8eaAwQAW8egAwQBXD1GAwQBbawIAwQB
vH/2AwQCwXw4MA0EAgACMAcDBQMqETuAMA0GCSqGSIb3DQEBCwUAA4IBAQApfxah
j4V5N08O8ZmpBFFAAyT6Yena9cRoiGlltQ3PMD4xD1Bkioz+wh1ZzTmVaTKl8mNr
jH+KnqGa+X5KfkZ96BbiB3ABZiKR2Dovwu4NS+J592julSs9saTTCd1IIWl78z8q
6qScRhlyhkxwcQgVT66oEOectsmiT6bSiZni5XOcNQD+R+M5i9hhcZIxCdzdsZ/a
hZGPgkG9j9YGPWsfieZUiywbl9B6vWow6AYcacSqmI685fBKd+kzIhEjozl+FDTM
hNM7JrWnKLzKU20PyKyEi9XMrZUyzO9dGPODytoRr2t8978B84NqZDrobNyGgVmL
eVOAoY0i+VO3/hYo
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:20:09 2026 by rpki-client