Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/PPMSN5ftVbVmFA7MLiS8HWouZbQ.roa
File: PPMSN5ftVbVmFA7MLiS8HWouZbQ.roa (raw, json)
Hash identifier: HtUbwNMUWX3DsqRNwPU8T/yihNDfkh2LcL+11x+HCT8=
Subject key identifier: 3C:F3:12:37:97:ED:55:B5:66:14:0E:CC:2E:24:BC:1D:6A:2E:65:B4
Certificate issuer: /CN=b66ea7359221c1b77d6cc006f7b6706a9a908299
Certificate serial: 019C6BAD1BD15D0841B0A5D9DBD7069F787A
Authority key identifier: B6:6E:A7:35:92:21:C1:B7:7D:6C:C0:06:F7:B6:70:6A:9A:90:82:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tm6nNZIhwbd9bMAG97ZwapqQgpk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/PPMSN5ftVbVmFA7MLiS8HWouZbQ.roa
Signing time: Tue 17 Feb 2026 12:57:12 +0000
ROA not before: Tue 17 Feb 2026 12:57:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 61272
IP address blocks: 85.206.160.0/22 maxlen: 32
85.206.164.0/22 maxlen: 32
85.206.166.58/32 maxlen: 32
85.206.168.0/22 maxlen: 32
85.206.172.0/22 maxlen: 32
85.206.240.0/22 maxlen: 32
88.119.160.0/21 maxlen: 32
88.119.168.0/24 maxlen: 32
88.119.169.0/24 maxlen: 32
88.119.170.0/24 maxlen: 32
88.119.171.0/24 maxlen: 32
88.119.173.0/24 maxlen: 32
88.119.174.0/24 maxlen: 32
88.119.175.0/24 maxlen: 32
89.117.242.0/24 maxlen: 32
91.216.163.0/24 maxlen: 32
185.25.48.0/22 maxlen: 32
185.64.104.0/22 maxlen: 32
213.252.228.0/24 maxlen: 32
213.252.229.0/24 maxlen: 32
213.252.230.0/24 maxlen: 32
213.252.231.0/24 maxlen: 32
213.252.232.0/24 maxlen: 32
213.252.233.0/24 maxlen: 32
213.252.238.0/24 maxlen: 32
213.252.239.0/24 maxlen: 32
2a04:2180::/32 maxlen: 64
2a04:2181:c010::/48 maxlen: 64
2a04:2181:c011::/48 maxlen: 64
2a04:2181:c012::/48 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/tm6nNZIhwbd9bMAG97ZwapqQgpk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/tm6nNZIhwbd9bMAG97ZwapqQgpk.mft
rsync://rpki.ripe.net/repository/DEFAULT/tm6nNZIhwbd9bMAG97ZwapqQgpk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:6b:ad:1b:d1:5d:08:41:b0:a5:d9:db:d7:06:9f:78:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b66ea7359221c1b77d6cc006f7b6706a9a908299
Validity
Not Before: Feb 17 12:57:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3cf3123797ed55b566140ecc2e24bc1d6a2e65b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:9e:4f:22:4f:37:7c:06:50:2b:6c:05:2c:80:
57:05:7b:47:5b:91:d8:ca:07:d7:ff:4f:33:e0:25:
c8:f8:8c:6f:8a:44:b1:4e:ca:3e:0e:bc:75:6c:0f:
7c:01:5c:35:17:52:c9:36:f9:4d:1b:63:eb:08:5f:
ce:d0:cf:7a:0d:28:8b:98:9a:c3:08:d6:cf:3d:87:
f0:f5:15:15:56:94:11:46:00:2e:7e:cc:56:49:59:
23:2b:db:9d:2f:e8:90:9f:71:7f:ab:00:85:20:33:
df:ca:a3:fb:32:65:19:12:72:3d:ac:eb:ba:ad:00:
58:9f:fc:c8:14:5b:a7:f1:70:93:67:54:ec:00:35:
27:a5:2b:6c:26:61:f1:7a:3e:fe:bd:6b:29:03:39:
83:a4:91:c6:25:a2:2c:e8:09:06:59:b4:58:21:2c:
ab:3a:34:15:f2:2b:d7:00:6b:8c:5d:90:43:f4:70:
d1:4c:9e:ba:48:6f:60:f9:84:38:36:6a:9b:d4:e2:
ff:15:14:28:79:bc:fb:d8:71:7e:16:17:b2:3b:91:
ca:37:90:cd:5e:47:6d:7d:f1:de:26:6f:f3:dc:61:
f7:6b:99:bf:51:58:9a:ba:35:ed:0c:19:9c:93:c3:
66:65:18:6a:d5:c5:8d:c5:b8:3f:ea:81:ca:0a:d7:
c9:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:F3:12:37:97:ED:55:B5:66:14:0E:CC:2E:24:BC:1D:6A:2E:65:B4
X509v3 Authority Key Identifier:
keyid:B6:6E:A7:35:92:21:C1:B7:7D:6C:C0:06:F7:B6:70:6A:9A:90:82:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tm6nNZIhwbd9bMAG97ZwapqQgpk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/PPMSN5ftVbVmFA7MLiS8HWouZbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/f87a2e-46b1-4a66-a90c-699835c92bfe/1/tm6nNZIhwbd9bMAG97ZwapqQgpk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.206.160.0/20
85.206.240.0/22
88.119.160.0-88.119.171.255
88.119.173.0-88.119.175.255
89.117.242.0/24
91.216.163.0/24
185.25.48.0/22
185.64.104.0/22
213.252.228.0-213.252.233.255
213.252.238.0/23
IPv6:
2a04:2180::/32
2a04:2181:c010::-2a04:2181:c012:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
1b:08:93:22:65:0c:9c:06:7c:37:90:cb:99:82:ed:26:13:27:
72:f0:c8:a8:a4:b9:fe:2f:57:39:83:76:85:e6:dc:2d:bd:02:
18:e2:de:30:41:29:52:19:f4:f3:46:2e:c8:3e:6f:03:ea:47:
08:37:dc:c0:d4:2d:51:47:ef:a5:3a:37:0e:24:57:74:5a:7e:
c7:6c:c4:5b:45:f8:bc:e5:c8:2d:33:5f:71:04:9d:2a:8b:1f:
5e:ee:b6:00:39:59:ae:53:f6:a3:2d:b5:b3:8e:a5:76:4e:93:
1f:af:37:25:fa:6b:66:5e:10:53:de:65:03:36:63:d1:81:8e:
42:e3:5c:fc:f3:65:31:1a:bb:3d:7f:23:32:a1:7c:3f:7f:07:
7e:70:ff:0e:28:96:5a:b7:98:d1:68:50:f7:08:c3:8e:e7:d7:
25:f0:be:14:f3:f2:3d:53:51:97:ab:f8:cb:2f:b8:17:a6:46:
96:47:cf:58:05:6f:0b:8c:dd:5c:5b:f2:97:62:b7:e7:7a:18:
92:d5:6f:70:5d:dc:00:58:16:73:b4:cd:8e:02:05:2a:7a:e7:
fb:ce:9b:b4:30:83:ba:26:62:29:a0:74:98:29:41:fb:1b:fc:
fd:21:a1:e2:40:e7:50:f6:2d:4c:27:b0:9d:34:1a:70:54:ea:
6e:19:e4:04
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAZxrrRvRXQhBsKXZ29cGn3h6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NmVhNzM1OTIyMWMxYjc3ZDZjYzAwNmY3YjY3MDZhOWE5
MDgyOTkwHhcNMjYwMjE3MTI1NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2YzMTIzNzk3ZWQ1NWI1NjYxNDBlY2MyZTI0YmMxZDZhMmU2NWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt55PIk83fAZQK2wFLIBXBXtHW5HY
ygfX/08z4CXI+IxvikSxTso+Drx1bA98AVw1F1LJNvlNG2PrCF/O0M96DSiLmJrD
CNbPPYfw9RUVVpQRRgAufsxWSVkjK9udL+iQn3F/qwCFIDPfyqP7MmUZEnI9rOu6
rQBYn/zIFFun8XCTZ1TsADUnpStsJmHxej7+vWspAzmDpJHGJaIs6AkGWbRYISyr
OjQV8ivXAGuMXZBD9HDRTJ66SG9g+YQ4Nmqb1OL/FRQoebz72HF+FheyO5HKN5DN
XkdtffHeJm/z3GH3a5m/UViaujXtDBmck8NmZRhq1cWNxbg/6oHKCtfJ4wIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFDzzEjeX7VW1ZhQOzC4kvB1qLmW0MB8GA1UdIwQY
MBaAFLZupzWSIcG3fWzABve2cGqakIKZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG02bk5aSWh3YmQ5Yk1BRzk3WndhcHFRZ3BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mODdhMmUtNDZiMS00YTY2LWE5MGMt
Njk5ODM1YzkyYmZlLzEvUFBNU041ZnRWYlZtRkE3TUxpUzhIV291WmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mODdhMmUtNDZiMS00YTY2LWE5MGMtNjk5ODM1YzkyYmZl
LzEvdG02bk5aSWh3YmQ5Yk1BRzk3WndhcHFRZ3BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MFoEAgABMFQDBARVzqAD
BAJVzvAwDAMEBVh3oAMEAlh3qDAMAwQAWHetAwQEWHegAwQAWXXyAwQAW9ijAwQC
uRkwAwQCuUBoMAwDBALV/OQDBAHV/OgDBAHV/O4wIQQCAAIwGwMFACoEIYAwEgMH
BCoEIYHAEAMHACoEIYHAEjANBgkqhkiG9w0BAQsFAAOCAQEAGwiTImUMnAZ8N5DL
mYLtJhMncvDIqKS5/i9XOYN2hebcLb0CGOLeMEEpUhn080YuyD5vA+pHCDfcwNQt
UUfvpTo3DiRXdFp+x2zEW0X4vOXILTNfcQSdKosfXu62ADlZrlP2oy21s46ldk6T
H683JfprZl4QU95lAzZj0YGOQuNc/PNlMRq7PX8jMqF8P38HfnD/DiiWWreY0WhQ
9wjDjufXJfC+FPPyPVNRl6v4yy+4F6ZGlkfPWAVvC4zdXFvyl2K353oYktVvcF3c
AFgWc7TNjgIFKnrn+86btDCDuiZiKaB0mClB+xv8/SGh4kDnUPYtTCewnTQacFTq
bhnkBA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:19:12 2026 by rpki-client