Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-1xRNlbMFXQJxEI71UFIw3CVJUU.roa
File: 1-1xRNlbMFXQJxEI71UFIw3CVJUU.roa (raw, json)
Hash identifier: twjQ68dfTgQ7w9TF7q9GgM3w0xO3qF/tbK/i04rRZPU=
Subject key identifier: FB:5C:51:36:56:CC:15:74:09:C4:42:3B:D5:41:48:C3:70:95:25:45
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019C2D5CF92DFF3765EDB4352E319367B125
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-1xRNlbMFXQJxEI71UFIw3CVJUU.roa
Signing time: Thu 05 Feb 2026 10:33:13 +0000
ROA not before: Thu 05 Feb 2026 10:33:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8434
IP address blocks: 192.36.37.0/24 maxlen: 24
192.71.97.0/24 maxlen: 24
192.71.158.0/24 maxlen: 24
192.121.21.0/24 maxlen: 24
192.121.172.0/24 maxlen: 24
192.121.192.0/24 maxlen: 24
192.165.65.0/24 maxlen: 24
192.165.86.0/24 maxlen: 24
192.176.161.0/24 maxlen: 24
193.180.61.0/24 maxlen: 24
193.181.0.0/24 maxlen: 24
193.181.187.0/24 maxlen: 24
193.183.3.0/24 maxlen: 24
193.183.118.0/24 maxlen: 24
193.234.220.0/23 maxlen: 23
193.234.237.0/24 maxlen: 24
193.235.142.0/23 maxlen: 24
194.14.129.0/24 maxlen: 24
194.14.212.0/24 maxlen: 24
194.68.56.0/23 maxlen: 23
194.68.99.0/24 maxlen: 24
194.68.126.0/24 maxlen: 24
194.68.194.0/23 maxlen: 23
194.71.27.0/24 maxlen: 24
194.71.83.0/24 maxlen: 24
194.71.140.0/23 maxlen: 23
194.71.168.0/24 maxlen: 24
194.103.50.0/24 maxlen: 24
194.132.108.0/23 maxlen: 24
194.132.174.0/24 maxlen: 24
194.132.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2d:5c:f9:2d:ff:37:65:ed:b4:35:2e:31:93:67:b1:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Feb 5 10:33:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fb5c513656cc157409c4423bd54148c370952545
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:92:fd:c7:11:1c:78:19:58:27:8d:93:66:45:
d5:d9:a8:ae:71:ce:aa:b8:51:f3:2c:de:7a:41:58:
c4:d0:d1:7b:18:cc:c4:21:b5:4f:be:31:eb:6e:39:
38:dc:3f:41:81:db:db:a9:ad:7f:4a:72:b7:2a:c5:
5e:c0:e6:2f:9f:8f:f6:37:69:1f:7f:cf:8c:f6:67:
d9:ff:11:be:a2:3b:71:7d:3c:07:f4:5b:93:53:2a:
84:30:98:3c:a0:e9:d3:1c:50:77:30:00:1a:2b:51:
f6:33:b4:84:13:be:5f:5b:2b:79:c5:d6:e4:2b:55:
bd:70:d0:99:8c:9e:f0:28:96:d9:1e:13:f3:7e:32:
35:5d:79:6c:58:e1:b8:ca:28:3a:f7:29:69:d7:dc:
7f:62:1a:b4:0d:0c:9a:b0:6d:90:cf:81:0b:ca:50:
5f:9c:15:fb:32:85:ac:b3:33:0c:c2:86:b0:10:48:
91:66:e0:e8:5d:0b:cf:94:b9:48:b1:3e:5c:9a:05:
39:1b:1b:44:73:5f:00:88:80:99:09:3b:36:89:70:
7d:db:3d:eb:cd:e8:ef:a5:4e:43:e8:f8:ed:6f:02:
ca:38:46:ed:27:f8:a4:ce:ad:e3:a8:05:86:c0:eb:
c2:ab:0c:b1:6f:20:7b:e5:76:44:f6:e5:c2:92:53:
95:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:5C:51:36:56:CC:15:74:09:C4:42:3B:D5:41:48:C3:70:95:25:45
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-1xRNlbMFXQJxEI71UFIw3CVJUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.37.0/24
192.71.97.0/24
192.71.158.0/24
192.121.21.0/24
192.121.172.0/24
192.121.192.0/24
192.165.65.0/24
192.165.86.0/24
192.176.161.0/24
193.180.61.0/24
193.181.0.0/24
193.181.187.0/24
193.183.3.0/24
193.183.118.0/24
193.234.220.0/23
193.234.237.0/24
193.235.142.0/23
194.14.129.0/24
194.14.212.0/24
194.68.56.0/23
194.68.99.0/24
194.68.126.0/24
194.68.194.0/23
194.71.27.0/24
194.71.83.0/24
194.71.140.0/23
194.71.168.0/24
194.103.50.0/24
194.132.108.0/23
194.132.174.0/23
Signature Algorithm: sha256WithRSAEncryption
8b:ce:b3:03:63:98:0d:d8:fe:56:d1:f7:c3:10:0c:96:7e:99:
e1:67:de:da:1c:ef:67:b9:05:25:f3:63:f0:2f:2b:db:0c:f6:
90:28:83:b5:70:22:b5:92:80:a5:c2:e7:c4:e0:81:db:4e:6c:
10:36:b3:02:9a:f3:c5:72:7e:df:19:97:36:22:26:71:dd:1c:
d5:14:ff:dd:33:52:f9:a1:3f:76:8b:39:f6:05:40:f3:a4:6d:
b2:29:c0:51:cf:6e:30:c5:78:dd:6b:4f:5d:c7:a1:e7:b4:75:
5a:71:b9:38:99:f0:f8:79:81:4c:3e:59:62:50:35:fa:9e:44:
c2:a3:59:5a:9b:a8:ae:bd:a3:e0:c1:cf:a0:10:0b:7e:78:a4:
fc:54:8c:d3:8d:4f:9d:6a:7c:93:f8:e5:27:8d:b0:2b:a9:c1:
e7:54:d1:c6:8a:93:ff:08:c8:1a:98:33:8f:99:62:90:5b:bc:
56:71:67:42:fe:b7:51:45:02:66:22:b6:95:71:10:a4:a9:5d:
fc:21:14:2c:19:67:8c:7d:4c:9e:04:53:10:3f:d5:a5:d2:c0:
0f:66:20:9c:dd:e3:7f:91:6e:fd:ca:d2:1a:80:7c:93:b6:7e:
2f:9e:76:61:0d:0c:03:93:c5:da:bd:08:10:f8:c1:03:a8:53:
69:1f:b4:38
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgISAZwtXPkt/zdl7bQ1LjGTZ7ElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMjA1MTAzMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVjNTEzNjU2Y2MxNTc0MDljNDQyM2JkNTQxNDhjMzcwOTUyNTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpL9xxEceBlYJ42TZkXV2aiucc6q
uFHzLN56QVjE0NF7GMzEIbVPvjHrbjk43D9Bgdvbqa1/SnK3KsVewOYvn4/2N2kf
f8+M9mfZ/xG+ojtxfTwH9FuTUyqEMJg8oOnTHFB3MAAaK1H2M7SEE75fWyt5xdbk
K1W9cNCZjJ7wKJbZHhPzfjI1XXlsWOG4yig69ylp19x/Yhq0DQyasG2Qz4ELylBf
nBX7MoWsszMMwoawEEiRZuDoXQvPlLlIsT5cmgU5GxtEc18AiICZCTs2iXB92z3r
zejvpU5D6PjtbwLKOEbtJ/ikzq3jqAWGwOvCqwyxbyB75XZE9uXCklOV4QIDAQAB
o4ICvTCCArkwHQYDVR0OBBYEFPtcUTZWzBV0CcRCO9VBSMNwlSVFMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMS0xeFJObGJNRlhRSnhFSTcxVUZJdzNDVkpVVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDkvNjgwYjc4LTk2YWYtNGE4NS1hYzAyLTk0M2QwMzMyMTMy
Ni8xL0lUWEg5WEh1X3JaMEJLdHNSZjFIVlZHdHJ4cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB0QYIKwYBBQUHAQcBAf8EgcEwgb4wgbsEAgABMIG0AwQA
wCQlAwQAwEdhAwQAwEeeAwQAwHkVAwQAwHmsAwQAwHnAAwQAwKVBAwQAwKVWAwQA
wLChAwQAwbQ9AwQAwbUAAwQAwbW7AwQAwbcDAwQAwbd2AwQBwercAwQAwertAwQB
weuOAwQAwg6BAwQAwg7UAwQBwkQ4AwQAwkRjAwQAwkR+AwQBwkTCAwQAwkcbAwQA
wkdTAwQBwkeMAwQAwkeoAwQAwmcyAwQBwoRsAwQBwoSuMA0GCSqGSIb3DQEBCwUA
A4IBAQCLzrMDY5gN2P5W0ffDEAyWfpnhZ97aHO9nuQUl82PwLyvbDPaQKIO1cCK1
koClwufE4IHbTmwQNrMCmvPFcn7fGZc2IiZx3RzVFP/dM1L5oT92izn2BUDzpG2y
KcBRz24wxXjda09dx6HntHVacbk4mfD4eYFMPlliUDX6nkTCo1lam6iuvaPgwc+g
EAt+eKT8VIzTjU+danyT+OUnjbArqcHnVNHGipP/CMgamDOPmWKQW7xWcWdC/rdR
RQJmIraVcRCkqV38IRQsGWeMfUyeBFMQP9Wl0sAPZiCc3eN/kW79ytIagHyTtn4v
nnZhDQwDk8XavQgQ+MEDqFNpH7Q4
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:08:45 2026 by rpki-client