Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/kVBqw1NBveCe29uXziyZqSZwkNE.roa
File: kVBqw1NBveCe29uXziyZqSZwkNE.roa (raw, json)
Hash identifier: 4QQTa0gtMgzzmsuQOSTk/eBtgGx9FmdkrEJEaJesrmA=
Subject key identifier: 91:50:6A:C3:53:41:BD:E0:9E:DB:DB:97:CE:2C:99:A9:26:70:90:D1
Certificate issuer: /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial: 019D3D4CD3145228D0F40D3F5C438E8A2D14
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/kVBqw1NBveCe29uXziyZqSZwkNE.roa
Signing time: Mon 30 Mar 2026 05:52:18 +0000
ROA not before: Mon 30 Mar 2026 05:52:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8447
IP address blocks: 46.74.0.0/15 maxlen: 23
46.206.0.0/15 maxlen: 15
62.46.0.0/15 maxlen: 15
62.116.32.0/19 maxlen: 19
80.75.32.0/19 maxlen: 22
80.75.34.0/24 maxlen: 24
80.75.56.0/21 maxlen: 21
80.89.96.0/20 maxlen: 20
80.120.0.0/14 maxlen: 24
80.240.224.0/20 maxlen: 24
81.5.192.0/18 maxlen: 18
84.20.160.0/19 maxlen: 19
85.90.128.0/19 maxlen: 19
88.116.0.0/15 maxlen: 15
88.116.217.0/24 maxlen: 24
89.144.192.0/18 maxlen: 18
91.112.0.0/14 maxlen: 14
92.248.0.0/17 maxlen: 17
93.82.0.0/15 maxlen: 15
93.111.0.0/16 maxlen: 23
176.66.0.0/18 maxlen: 18
176.66.128.0/17 maxlen: 17
178.188.0.0/14 maxlen: 14
185.157.248.0/22 maxlen: 22
188.20.0.0/14 maxlen: 24
188.45.0.0/16 maxlen: 16
192.164.0.0/19 maxlen: 19
192.164.32.0/22 maxlen: 22
192.164.39.0/24 maxlen: 24
192.164.40.0/21 maxlen: 21
192.164.48.0/20 maxlen: 20
192.164.64.0/21 maxlen: 21
192.164.80.0/20 maxlen: 20
192.164.96.0/19 maxlen: 19
192.164.128.0/19 maxlen: 19
192.164.208.0/20 maxlen: 20
192.164.224.0/19 maxlen: 19
193.80.0.0/15 maxlen: 15
193.83.0.0/16 maxlen: 16
193.154.0.0/16 maxlen: 16
193.187.212.0/22 maxlen: 22
193.187.216.0/21 maxlen: 21
193.187.224.0/20 maxlen: 20
193.187.240.0/22 maxlen: 22
194.48.124.0/22 maxlen: 22
194.48.128.0/21 maxlen: 21
194.48.136.0/22 maxlen: 22
194.48.136.0/24 maxlen: 24
194.96.0.0/16 maxlen: 16
194.118.0.0/16 maxlen: 16
194.152.96.0/19 maxlen: 19
194.152.160.0/19 maxlen: 19
194.166.0.0/16 maxlen: 16
195.3.64.0/18 maxlen: 18
195.64.0.0/19 maxlen: 19
195.82.224.0/19 maxlen: 19
195.170.64.0/19 maxlen: 19
195.230.32.0/19 maxlen: 19
212.16.32.0/19 maxlen: 19
212.60.160.0/19 maxlen: 19
212.88.0.0/19 maxlen: 19
212.88.160.0/19 maxlen: 24
212.124.128.0/19 maxlen: 19
212.183.0.0/17 maxlen: 24
212.197.128.0/18 maxlen: 18
213.33.0.0/17 maxlen: 17
213.33.63.0/24 maxlen: 24
213.147.160.0/19 maxlen: 19
213.157.128.0/19 maxlen: 19
213.225.0.0/18 maxlen: 18
213.240.64.0/18 maxlen: 18
217.149.160.0/20 maxlen: 20
2001:850::/29 maxlen: 29
2001:870::/29 maxlen: 29
2001:890::/29 maxlen: 29
2001:4bb8::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3d:4c:d3:14:52:28:d0:f4:0d:3f:5c:43:8e:8a:2d:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Validity
Not Before: Mar 30 05:52:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=91506ac35341bde09edbdb97ce2c99a9267090d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d6:c9:6b:19:4b:24:d3:af:f6:12:3e:86:91:
0a:fe:00:c3:eb:f9:68:9b:84:28:46:1b:7d:ba:d2:
8d:97:58:b5:ad:d0:43:46:6f:74:eb:3e:db:e2:58:
b9:1f:89:67:af:46:1b:38:fb:e2:1c:b2:2b:32:4e:
9a:2e:79:f9:34:dd:c1:c2:79:35:46:0a:af:d0:ce:
e9:15:f4:f0:24:6d:0c:58:6b:78:21:24:98:28:e6:
2b:11:d8:3b:88:64:6c:4d:62:78:f8:9e:72:67:52:
c7:6d:93:55:a6:36:c3:a4:52:e5:b4:d9:2d:8c:bc:
7e:1b:7a:35:da:15:e2:a8:6f:a4:1b:85:47:10:73:
40:e6:0b:c5:86:9a:a8:00:37:05:65:2f:9a:ae:fa:
7e:b4:48:10:75:f8:c1:9c:0d:74:d1:c0:94:3f:c6:
ba:90:f2:b3:01:41:c3:6e:e5:eb:4f:62:b2:28:ce:
86:65:0c:27:95:c9:5b:ac:51:28:88:be:5d:bf:d3:
9e:ad:9d:ed:84:2c:5f:f7:a4:4b:b5:77:fb:b4:d0:
72:e4:d6:be:b1:fc:dd:a3:25:1f:a0:44:d6:ac:19:
91:68:3f:b9:2e:b3:14:56:e6:fc:88:83:54:34:6a:
33:66:66:17:20:5f:68:b9:28:52:44:96:31:68:6d:
92:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:50:6A:C3:53:41:BD:E0:9E:DB:DB:97:CE:2C:99:A9:26:70:90:D1
X509v3 Authority Key Identifier:
keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/kVBqw1NBveCe29uXziyZqSZwkNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.74.0.0/15
46.206.0.0/15
62.46.0.0/15
62.116.32.0/19
80.75.32.0/19
80.89.96.0/20
80.120.0.0/14
80.240.224.0/20
81.5.192.0/18
84.20.160.0/19
85.90.128.0/19
88.116.0.0/15
89.144.192.0/18
91.112.0.0/14
92.248.0.0/17
93.82.0.0/15
93.111.0.0/16
176.66.0.0/18
176.66.128.0/17
178.188.0.0/14
185.157.248.0/22
188.20.0.0/14
188.45.0.0/16
192.164.0.0-192.164.35.255
192.164.39.0-192.164.71.255
192.164.80.0-192.164.159.255
192.164.208.0-192.164.255.255
193.80.0.0/15
193.83.0.0/16
193.154.0.0/16
193.187.212.0-193.187.243.255
194.48.124.0-194.48.139.255
194.96.0.0/16
194.118.0.0/16
194.152.96.0/19
194.152.160.0/19
194.166.0.0/16
195.3.64.0/18
195.64.0.0/19
195.82.224.0/19
195.170.64.0/19
195.230.32.0/19
212.16.32.0/19
212.60.160.0/19
212.88.0.0/19
212.88.160.0/19
212.124.128.0/19
212.183.0.0/17
212.197.128.0/18
213.33.0.0/17
213.147.160.0/19
213.157.128.0/19
213.225.0.0/18
213.240.64.0/18
217.149.160.0/20
IPv6:
2001:850::/29
2001:870::/29
2001:890::/29
2001:4bb8::/29
Signature Algorithm: sha256WithRSAEncryption
48:4d:36:0f:12:97:8e:e1:b6:46:3f:a8:cf:ea:f4:fb:4c:65:
1d:69:59:00:3b:07:22:b1:d5:d3:73:67:86:c7:41:df:74:e1:
98:34:19:23:92:f0:f1:26:a3:c0:16:a3:16:51:db:c2:16:ce:
10:b3:36:99:50:53:68:02:72:f3:47:49:20:f2:c9:e6:61:8d:
4b:c6:ee:01:f4:07:50:93:2f:52:c2:4e:64:fb:6c:12:9f:b3:
2a:27:f2:a3:f7:78:b6:b7:1c:70:76:62:7b:6a:a9:51:d4:9c:
ea:a4:5e:73:1b:0b:ed:2b:4d:45:57:f4:4c:35:c9:c0:44:df:
47:3d:ec:54:d7:3e:1e:62:16:d4:43:bb:74:94:13:cf:43:ea:
07:3e:00:22:69:ce:b1:9e:be:53:ce:fc:ef:0a:e9:28:c5:d1:
6d:9f:a5:c2:89:fe:49:31:28:9b:e8:ad:5d:3f:59:53:3c:14:
b5:02:b8:63:51:5a:87:44:ad:53:2a:fb:a5:16:89:f4:7c:0f:
d3:fa:9a:0e:e8:73:ed:ef:3f:f4:80:88:9d:20:f1:6f:c4:17:
3d:1c:f9:7b:fd:48:af:f8:96:8e:f8:c3:3e:fa:9c:e4:39:cc:
23:b0:9d:47:64:2e:68:fa:61:32:a5:94:b8:9f:cf:54:f6:8d:
ef:cf:92:af
-----BEGIN CERTIFICATE-----
MIIGjDCCBXSgAwIBAgISAZ09TNMUUijQ9A0/XEOOii0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjYwMzMwMDU1MjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUwNmFjMzUzNDFiZGUwOWVkYmRiOTdjZTJjOTlhOTI2NzA5MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9bJaxlLJNOv9hI+hpEK/gDD6/lo
m4QoRht9utKNl1i1rdBDRm906z7b4li5H4lnr0YbOPviHLIrMk6aLnn5NN3Bwnk1
Rgqv0M7pFfTwJG0MWGt4ISSYKOYrEdg7iGRsTWJ4+J5yZ1LHbZNVpjbDpFLltNkt
jLx+G3o12hXiqG+kG4VHEHNA5gvFhpqoADcFZS+arvp+tEgQdfjBnA100cCUP8a6
kPKzAUHDbuXrT2KyKM6GZQwnlclbrFEoiL5dv9OerZ3thCxf96RLtXf7tNBy5Na+
sfzdoyUfoETWrBmRaD+5LrMUVub8iINUNGozZmYXIF9ouShSRJYxaG2SdwIDAQAB
o4IDmDCCA5QwHQYDVR0OBBYEFJFQasNTQb3gntvbl84smakmcJDRMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEva1ZCcXcxTkJ2ZUNlMjl1WHppeVpxU1p3a05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBrAYIKwYBBQUHAQcBAf8EggGbMIIBlzCCAW8EAgABMIIB
ZwMDAS5KAwMBLs4DAwE+LgMEBT50IAMEBVBLIAMEBFBZYAMDAlB4AwQEUPDgAwQG
UQXAAwQFVBSgAwQFVVqAAwMBWHQDBAZZkMADAwJbcAMEB1z4AAMDAV1SAwMAXW8D
BAawQgADBAewQoADAwKyvAMEArmd+AMDArwUAwMAvC0wCwMDAsCkAwQCwKQgMAwD
BADApCcDBAPApEAwDAMEBMCkUAMEBcCkgDALAwQEwKTQAwMAwKQDAwHBUAMDAMFT
AwMAwZowDAMEAsG71AMEAsG78DAMAwQCwjB8AwQCwjCIAwMAwmADAwDCdgMEBcKY
YAMEBcKYoAMDAMKmAwQGwwNAAwQFw0AAAwQFw1LgAwQFw6pAAwQFw+YgAwQF1BAg
AwQF1DygAwQF1FgAAwQF1FigAwQF1HyAAwQH1LcAAwQG1MWAAwQH1SEAAwQF1ZOg
AwQF1Z2AAwQG1eEAAwQG1fBAAwQE2ZWgMCIEAgACMBwDBQMgAQhQAwUDIAEIcAMF
AyABCJADBQMgAUu4MA0GCSqGSIb3DQEBCwUAA4IBAQBITTYPEpeO4bZGP6jP6vT7
TGUdaVkAOwcisdXTc2eGx0HfdOGYNBkjkvDxJqPAFqMWUdvCFs4QszaZUFNoAnLz
R0kg8snmYY1Lxu4B9AdQky9Swk5k+2wSn7MqJ/Kj93i2txxwdmJ7aqlR1JzqpF5z
GwvtK01FV/RMNcnARN9HPexU1z4eYhbUQ7t0lBPPQ+oHPgAiac6xnr5TzvzvCuko
xdFtn6XCif5JMSib6K1dP1lTPBS1ArhjUVqHRK1TKvulFon0fA/T+poO6HPt7z/0
gIidIPFvxBc9HPl7/Uiv+JaO+MM++pzkOcwjsJ1HZC5o+mEypZS4n89U9o3vz5Kv
-----END CERTIFICATE-----
Generated at Fri Apr 17 16:53:18 2026 by rpki-client