Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/tusmxRMWIAwEpYPSOoqJvIiGe6Y.roa
File: tusmxRMWIAwEpYPSOoqJvIiGe6Y.roa (raw, json)
Hash identifier: Y+h643AXdu/W8Kb6xvutaQ49rtSwE1WVNhhcs22Oz2o=
Subject key identifier: B6:EB:26:C5:13:16:20:0C:04:A5:83:D2:3A:8A:89:BC:88:86:7B:A6
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019C293854E64F39143EE05527E4E8CB6D54
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/tusmxRMWIAwEpYPSOoqJvIiGe6Y.roa
Signing time: Wed 04 Feb 2026 15:14:43 +0000
ROA not before: Wed 04 Feb 2026 15:14:43 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36454
IP address blocks: 65.181.112.0/24 maxlen: 24
65.181.116.0/24 maxlen: 24
65.181.123.0/24 maxlen: 24
65.181.124.0/24 maxlen: 24
65.181.125.0/24 maxlen: 24
69.57.189.0/24 maxlen: 24
162.208.8.0/24 maxlen: 24
162.208.9.0/24 maxlen: 24
162.208.10.0/24 maxlen: 24
162.208.11.0/24 maxlen: 24
185.181.253.0/24 maxlen: 24
185.181.254.0/24 maxlen: 24
185.181.255.0/24 maxlen: 24
192.243.96.0/24 maxlen: 24
192.243.97.0/24 maxlen: 24
192.243.98.0/24 maxlen: 24
192.243.99.0/24 maxlen: 24
192.243.100.0/24 maxlen: 24
192.243.101.0/24 maxlen: 24
192.243.102.0/24 maxlen: 24
192.243.103.0/24 maxlen: 24
192.243.104.0/24 maxlen: 24
192.243.105.0/24 maxlen: 24
192.243.106.0/24 maxlen: 24
192.243.107.0/24 maxlen: 24
192.243.108.0/24 maxlen: 24
192.243.109.0/24 maxlen: 24
192.243.111.0/24 maxlen: 24
192.250.224.0/20 maxlen: 20
192.250.226.0/24 maxlen: 24
192.250.227.0/24 maxlen: 24
192.250.236.0/24 maxlen: 24
194.39.148.0/24 maxlen: 24
194.39.149.0/24 maxlen: 24
195.250.25.0/24 maxlen: 24
198.38.90.0/24 maxlen: 24
199.175.48.0/24 maxlen: 24
199.175.49.0/24 maxlen: 24
199.175.50.0/24 maxlen: 24
199.175.51.0/24 maxlen: 24
199.175.52.0/24 maxlen: 24
199.175.53.0/24 maxlen: 24
199.175.54.0/24 maxlen: 24
199.175.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:29:38:54:e6:4f:39:14:3e:e0:55:27:e4:e8:cb:6d:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Feb 4 15:14:43 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b6eb26c51316200c04a583d23a8a89bc88867ba6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:43:13:f8:07:01:a9:a5:c5:21:f0:53:86:1c:
ce:bf:fe:10:c1:43:db:b0:ba:49:14:97:56:46:c5:
3b:8b:26:61:4b:6b:5d:66:1c:20:e5:43:f4:a3:8f:
49:b8:df:6f:a9:98:ad:10:a6:12:2f:ef:50:6b:28:
0d:9b:5c:39:e3:09:37:f1:dc:e5:e0:e5:b6:17:87:
4e:c7:de:21:2f:2c:7c:5f:8d:7d:e7:72:71:46:cc:
50:0c:8a:0d:72:4e:d1:cb:24:e5:a2:ed:d0:e9:58:
4c:7f:51:9d:18:2c:84:b9:ac:43:4d:ae:82:89:0c:
6c:0f:3a:ba:bf:2b:82:84:1c:46:a3:ef:0e:12:1e:
c4:6a:e7:9e:85:e6:e4:a0:d6:14:2e:f8:51:0e:bb:
8c:08:a8:69:43:94:53:1a:e9:1c:92:c8:b5:87:e1:
a6:b0:0c:02:3b:65:bb:a9:06:d0:03:58:50:05:9c:
b3:ed:40:58:a2:5f:39:d4:2d:2e:9f:86:e3:7a:0d:
5a:1e:45:ea:fe:6b:2b:4a:ec:89:8e:15:84:98:8a:
55:d1:1c:b6:e8:8e:c3:dc:36:d0:ff:77:b8:0d:80:
88:ad:06:79:9f:2c:f5:e4:9e:04:95:12:1d:0c:e6:
9b:89:35:8e:9b:23:2d:3d:d5:71:75:b4:45:ba:ef:
33:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:EB:26:C5:13:16:20:0C:04:A5:83:D2:3A:8A:89:BC:88:86:7B:A6
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/tusmxRMWIAwEpYPSOoqJvIiGe6Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.112.0/24
65.181.116.0/24
65.181.123.0-65.181.125.255
69.57.189.0/24
162.208.8.0/22
185.181.253.0-185.181.255.255
192.243.96.0-192.243.109.255
192.243.111.0/24
192.250.224.0/20
194.39.148.0/23
195.250.25.0/24
198.38.90.0/24
199.175.48.0/21
Signature Algorithm: sha256WithRSAEncryption
64:18:ce:d6:52:9b:b9:17:28:f3:5e:4b:23:30:51:86:df:23:
67:b6:d4:b3:e6:f7:c9:c6:d3:05:83:bf:11:0f:56:2c:83:a6:
52:ce:f9:01:de:b3:6a:dc:fa:fd:b8:e7:5f:a4:20:88:90:07:
ef:57:16:5c:0c:22:15:a5:25:aa:d7:ea:1f:52:03:a4:f2:7e:
01:ad:6d:ae:54:80:c1:86:78:b3:f4:88:24:9a:c1:8d:8b:1e:
e2:f5:8b:0e:3f:48:ac:5a:e5:31:db:37:1d:b5:88:26:36:19:
e3:a1:f4:c5:26:f9:27:99:3a:bd:4b:80:04:e0:d6:6a:a0:ff:
30:ca:8d:42:d8:50:54:e7:6b:78:e9:b5:49:62:73:4f:40:7a:
1e:ea:25:4e:fe:6e:0a:e9:33:71:88:56:8d:6f:34:80:09:42:
b6:9d:c4:d8:7d:db:6b:7f:b2:f4:f9:8d:1e:ba:8f:bc:e7:1f:
a6:f8:8f:cb:e8:fa:54:ee:ae:00:34:68:d2:9c:2e:be:f6:f2:
9d:87:93:60:ae:7b:e4:ad:28:e6:41:c8:77:9a:7f:9e:8e:27:
60:7f:0c:c1:64:88:15:eb:90:ed:06:5e:b7:ae:d0:d0:bd:e2:
06:3a:1f:00:4f:78:62:9b:ce:89:62:01:8d:f3:f8:6a:46:3e:
2e:12:bb:44
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZwpOFTmTzkUPuBVJ+Toy21UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwMjA0MTUxNDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmViMjZjNTEzMTYyMDBjMDRhNTgzZDIzYThhODliYzg4ODY3YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kMT+AcBqaXFIfBThhzOv/4QwUPb
sLpJFJdWRsU7iyZhS2tdZhwg5UP0o49JuN9vqZitEKYSL+9QaygNm1w54wk38dzl
4OW2F4dOx94hLyx8X41953JxRsxQDIoNck7RyyTlou3Q6VhMf1GdGCyEuaxDTa6C
iQxsDzq6vyuChBxGo+8OEh7EaueehebkoNYULvhRDruMCKhpQ5RTGukcksi1h+Gm
sAwCO2W7qQbQA1hQBZyz7UBYol851C0un4bjeg1aHkXq/msrSuyJjhWEmIpV0Ry2
6I7D3DbQ/3e4DYCIrQZ5nyz15J4ElRIdDOabiTWOmyMtPdVxdbRFuu8zRwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFLbrJsUTFiAMBKWD0jqKibyIhnumMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvdHVzbXhSTVdJQXdFcFlQU09vcUp2SWlHZTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBrBAIAATBlAwQAQbVwAwQA
QbV0MAwDBABBtXsDBAFBtXwDBABFOb0DBAKi0AgwCwMEALm1/QMDAbm0MAwDBAXA
82ADBAHA82wDBADA828DBATA+uADBAHCJ5QDBADD+hkDBADGJloDBAPHrzAwDQYJ
KoZIhvcNAQELBQADggEBAGQYztZSm7kXKPNeSyMwUYbfI2e21LPm98nG0wWDvxEP
ViyDplLO+QHes2rc+v2451+kIIiQB+9XFlwMIhWlJarX6h9SA6TyfgGtba5UgMGG
eLP0iCSawY2LHuL1iw4/SKxa5THbNx21iCY2GeOh9MUm+SeZOr1LgATg1mqg/zDK
jULYUFTna3jptUlic09Aeh7qJU7+bgrpM3GIVo1vNIAJQradxNh922t/svT5jR66
j7znH6b4j8vo+lTurgA0aNKcLr728p2Hk2Cue+StKOZByHeaf56OJ2B/DMFkiBXr
kO0GXreu0NC94gY6HwBPeGKbzoliAY3z+GpGPi4Su0Q=
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:31:56 2026 by rpki-client