Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cmHW_ykgOcPQt53Nlt07NIpBGBI.roa
File: cmHW_ykgOcPQt53Nlt07NIpBGBI.roa (raw, json)
Hash identifier: boqKNGkmULgW1q98tc/WW3axMX2VA4Y1UJwlop5tg90=
Subject key identifier: 72:61:D6:FF:29:20:39:C3:D0:B7:9D:CD:96:DD:3B:34:8A:41:18:12
Certificate issuer: /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial: 019C76D3BB581F1E65CCFF3B617D43CC0E7B
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cmHW_ykgOcPQt53Nlt07NIpBGBI.roa
Signing time: Thu 19 Feb 2026 16:55:13 +0000
ROA not before: Thu 19 Feb 2026 16:55:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213999
IP address blocks: 95.214.251.0/24 maxlen: 24
171.22.109.0/24 maxlen: 24
171.22.121.0/24 maxlen: 24
185.161.69.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 02:01:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:76:d3:bb:58:1f:1e:65:cc:ff:3b:61:7d:43:cc:0e:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Validity
Not Before: Feb 19 16:55:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7261d6ff292039c3d0b79dcd96dd3b348a411812
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:88:1b:8f:97:2d:85:3b:af:d5:84:89:33:80:
f8:43:0e:b8:97:e6:10:bc:75:37:6b:a0:a1:4e:9e:
42:0e:60:54:01:aa:09:c1:c0:5b:bb:a2:50:5f:cd:
d9:f2:1e:fd:f5:63:42:40:ec:42:c0:f0:7f:79:63:
45:69:80:c6:bd:59:f6:2f:92:d8:4d:2f:ed:8e:41:
e4:ed:f1:f2:aa:be:c0:5e:20:75:d2:0f:2b:b3:6b:
8b:f8:fa:ff:9f:f8:ea:43:24:0b:62:d8:b6:66:a3:
0d:46:e2:d0:1c:60:df:b4:b8:2a:36:f8:3a:86:b0:
c6:09:13:d8:86:f5:59:6c:5e:33:0c:4b:a6:cb:0c:
7d:f3:6a:39:72:98:97:cc:64:5f:89:d6:a9:92:c5:
bd:30:37:b7:71:ce:a6:18:ec:eb:f9:dd:40:58:94:
01:c5:c1:f5:e1:2f:26:a0:31:9f:91:45:86:84:c4:
f2:f3:d5:a0:8c:bf:dc:6c:b2:ae:c3:f2:00:e1:7d:
9e:45:7d:9a:2f:7d:16:41:12:f8:19:3e:7b:62:53:
af:29:e9:51:61:60:e9:69:91:c2:c1:d2:f0:6b:96:
d6:79:86:14:05:0a:eb:ed:6a:b6:be:e7:e5:a1:1a:
bf:02:1c:35:63:b4:f5:8a:1a:51:d5:51:f7:46:2f:
b0:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:61:D6:FF:29:20:39:C3:D0:B7:9D:CD:96:DD:3B:34:8A:41:18:12
X509v3 Authority Key Identifier:
keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/cmHW_ykgOcPQt53Nlt07NIpBGBI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.214.251.0/24
171.22.109.0/24
171.22.121.0/24
185.161.69.0/24
Signature Algorithm: sha256WithRSAEncryption
b1:db:a8:b7:d6:22:54:7d:d4:6d:dd:b4:10:20:0d:71:83:97:
f2:82:a3:07:51:c0:00:64:b9:3c:41:d1:81:9e:cb:61:c2:23:
da:9b:50:5e:86:db:51:45:7b:78:c7:fc:05:a1:ed:d2:0d:0f:
fa:f8:83:bb:14:b7:d1:c0:11:c8:d0:a0:f9:53:a4:a9:64:61:
f0:72:fa:c3:9b:82:77:22:9d:cd:86:df:c5:3c:d5:f2:47:50:
8f:96:07:25:43:b4:d0:94:c8:72:08:54:bb:98:f3:4d:bc:f7:
0d:b4:70:80:e1:b9:3c:6f:6b:fb:dd:9b:c5:b5:04:fa:75:5c:
16:df:db:62:04:d1:15:49:4f:9a:90:f7:d1:68:cd:c7:3d:6f:
b9:44:40:38:60:dd:8c:53:e0:aa:38:27:34:bb:f4:fa:e5:44:
4b:2e:da:52:1a:05:ba:56:7c:fc:3d:f2:d3:4a:14:eb:62:53:
30:14:79:c6:5e:bc:32:fb:fa:18:28:41:50:db:3b:31:ca:d8:
ab:4a:b0:80:25:1b:91:62:52:5b:dc:92:1b:52:77:4b:d6:b1:
9d:62:9d:35:cc:2c:55:14:6d:6f:35:f1:a7:78:c9:b6:ea:e7:
70:79:57:ae:1d:69:16:8e:70:2d:9a:f7:45:96:22:83:04:3f:
8c:1b:54:6d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZx207tYHx5lzP87YX1DzA57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMjE5MTY1NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYxZDZmZjI5MjAzOWMzZDBiNzlkY2Q5NmRkM2IzNDhhNDExODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA94gbj5cthTuv1YSJM4D4Qw64l+YQ
vHU3a6ChTp5CDmBUAaoJwcBbu6JQX83Z8h799WNCQOxCwPB/eWNFaYDGvVn2L5LY
TS/tjkHk7fHyqr7AXiB10g8rs2uL+Pr/n/jqQyQLYti2ZqMNRuLQHGDftLgqNvg6
hrDGCRPYhvVZbF4zDEumywx982o5cpiXzGRfidapksW9MDe3cc6mGOzr+d1AWJQB
xcH14S8moDGfkUWGhMTy89WgjL/cbLKuw/IA4X2eRX2aL30WQRL4GT57YlOvKelR
YWDpaZHCwdLwa5bWeYYUBQrr7Wq2vufloRq/Ahw1Y7T1ihpR1VH3Ri+wyQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHJh1v8pIDnD0LedzZbdOzSKQRgSMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvY21IV195a2dPY1BRdDUzTmx0MDdOSXBCR0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX9b7AwQA
qxZtAwQAqxZ5AwQAuaFFMA0GCSqGSIb3DQEBCwUAA4IBAQCx26i31iJUfdRt3bQQ
IA1xg5fygqMHUcAAZLk8QdGBnsthwiPam1BehttRRXt4x/wFoe3SDQ/6+IO7FLfR
wBHI0KD5U6SpZGHwcvrDm4J3Ip3Nht/FPNXyR1CPlgclQ7TQlMhyCFS7mPNNvPcN
tHCA4bk8b2v73ZvFtQT6dVwW39tiBNEVSU+akPfRaM3HPW+5REA4YN2MU+CqOCc0
u/T65URLLtpSGgW6Vnz8PfLTShTrYlMwFHnGXrwy+/oYKEFQ2zsxytirSrCAJRuR
YlJb3JIbUndL1rGdYp01zCxVFG1vNfGneMm26udweVeuHWkWjnAtmvdFliKDBD+M
G1Rt
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:42:28 2026 by rpki-client