Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/W0Hh1_d1lPKloXzotL4nkvHB3XU.roa
File: W0Hh1_d1lPKloXzotL4nkvHB3XU.roa (raw, json)
Hash identifier: /zOxrQImQ5Imt5+eL/vw3bZaT0Bqvqa9qPhLvzw4n4s=
Subject key identifier: 5B:41:E1:D7:F7:75:94:F2:A5:A1:7C:E8:B4:BE:27:92:F1:C1:DD:75
Certificate issuer: /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial: 019C1E5BAD27F042677E314AFD59D72D57F9
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/W0Hh1_d1lPKloXzotL4nkvHB3XU.roa
Signing time: Mon 02 Feb 2026 12:37:30 +0000
ROA not before: Mon 02 Feb 2026 12:37:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213176
IP address blocks: 209.35.224.0/24 maxlen: 24
209.35.225.0/24 maxlen: 24
209.35.226.0/24 maxlen: 24
209.35.227.0/24 maxlen: 24
209.35.228.0/24 maxlen: 24
209.35.229.0/24 maxlen: 24
209.35.230.0/24 maxlen: 24
209.35.231.0/24 maxlen: 24
209.35.233.0/24 maxlen: 24
209.35.234.0/24 maxlen: 24
209.35.235.0/24 maxlen: 24
209.35.236.0/24 maxlen: 24
209.35.237.0/24 maxlen: 24
209.35.238.0/24 maxlen: 24
209.35.239.0/24 maxlen: 24
209.35.240.0/24 maxlen: 24
209.35.241.0/24 maxlen: 24
209.35.242.0/24 maxlen: 24
209.35.243.0/24 maxlen: 24
209.35.244.0/24 maxlen: 24
209.35.245.0/24 maxlen: 24
209.35.246.0/24 maxlen: 24
209.35.247.0/24 maxlen: 24
209.35.248.0/24 maxlen: 24
209.35.249.0/24 maxlen: 24
209.35.250.0/24 maxlen: 24
209.35.251.0/24 maxlen: 24
209.35.252.0/24 maxlen: 24
209.35.253.0/24 maxlen: 24
209.35.254.0/24 maxlen: 24
209.35.255.0/24 maxlen: 24
212.59.64.0/24 maxlen: 24
212.59.65.0/24 maxlen: 24
212.59.66.0/24 maxlen: 24
212.59.67.0/24 maxlen: 24
212.59.68.0/24 maxlen: 24
212.59.69.0/24 maxlen: 24
212.59.70.0/24 maxlen: 24
212.59.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 21:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:1e:5b:ad:27:f0:42:67:7e:31:4a:fd:59:d7:2d:57:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Validity
Not Before: Feb 2 12:37:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5b41e1d7f77594f2a5a17ce8b4be2792f1c1dd75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:36:53:90:86:42:20:11:c6:ee:6a:fb:69:dd:
0d:b3:dd:e0:9c:f7:74:51:cc:9f:ef:33:bd:5c:e7:
c1:7b:74:0c:03:12:75:48:09:f2:92:38:c9:42:31:
6d:31:3c:80:0b:b7:87:bd:fd:f7:36:8f:0f:85:b0:
1a:b1:d7:ae:be:2b:ef:41:b6:96:d3:f8:17:e2:49:
a7:ea:d4:11:ef:6e:b9:a8:ba:1f:85:62:e9:e6:ff:
b0:97:3a:8c:aa:f9:45:1e:b2:05:32:79:29:8f:cb:
41:b4:e4:ae:1b:e3:e3:b7:e3:6d:49:23:27:4f:a6:
ee:2d:1d:6f:93:a7:06:29:83:89:fd:c5:aa:2d:f0:
88:af:37:e1:91:08:d6:a0:95:04:83:dc:6d:4d:02:
f4:30:b0:5e:4f:0e:de:bd:4e:30:0c:d7:ea:17:ea:
f3:9b:c1:c6:6b:00:81:2a:f0:a4:7e:4b:8d:57:95:
69:47:37:72:03:6b:83:3c:98:98:2e:d6:ef:20:8b:
57:0d:57:65:d7:9a:c1:95:4f:5c:0b:01:29:c0:a2:
9c:46:5b:36:3b:ca:1d:16:ff:d9:42:da:e4:44:a7:
ed:62:0e:b6:64:a4:41:08:1b:aa:42:72:38:90:78:
ba:72:ab:55:af:6d:73:5d:99:f4:39:74:7b:6e:63:
69:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:41:E1:D7:F7:75:94:F2:A5:A1:7C:E8:B4:BE:27:92:F1:C1:DD:75
X509v3 Authority Key Identifier:
keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/W0Hh1_d1lPKloXzotL4nkvHB3XU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
209.35.224.0/21
209.35.233.0-209.35.255.255
212.59.64.0/21
Signature Algorithm: sha256WithRSAEncryption
5f:38:3e:43:b0:59:f6:82:9a:21:ef:58:29:5a:42:b0:b2:47:
e2:de:af:58:bf:77:ed:72:99:eb:8e:99:05:64:4e:9f:fa:97:
e1:85:b4:54:e0:56:eb:09:97:1a:31:69:19:55:8a:06:16:a8:
b3:40:36:ef:71:2e:72:f2:35:96:c4:12:1a:27:70:3d:50:cd:
eb:89:e3:81:0a:93:9d:8c:ee:96:af:d3:f1:ce:56:c6:5b:30:
7e:09:e1:8b:ec:bd:49:3c:cd:c3:fc:b5:ca:22:4b:b0:f7:5b:
93:a8:90:87:b5:30:46:e9:49:c7:4b:f5:b3:8b:8c:dd:c7:ed:
b0:b9:dc:ef:3f:f4:88:11:33:48:1b:0b:7a:4d:d0:1e:63:66:
33:6a:72:71:da:12:19:09:56:2a:2e:62:d1:6d:2b:02:ab:67:
ce:6b:16:c4:db:68:a0:40:f6:c2:50:dc:27:ba:b7:89:0f:a6:
97:0f:61:b8:85:25:f7:91:b2:39:6e:8a:04:e9:b9:86:65:15:
55:07:26:84:c1:d9:db:65:46:5b:1d:36:f3:93:fb:2e:a0:6a:
b9:36:a4:3b:85:38:a2:a4:89:64:e8:a2:10:f3:77:cc:8d:8b:
99:ba:ba:30:67:a6:b8:ef:46:a7:20:61:e5:ea:2f:d7:e6:56:
70:27:6f:d6
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZweW60n8EJnfjFK/VnXLVf5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjYwMjAyMTIzNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQxZTFkN2Y3NzU5NGYyYTVhMTdjZThiNGJlMjc5MmYxYzFkZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTZTkIZCIBHG7mr7ad0Ns93gnPd0
Ucyf7zO9XOfBe3QMAxJ1SAnykjjJQjFtMTyAC7eHvf33No8PhbAasdeuvivvQbaW
0/gX4kmn6tQR7265qLofhWLp5v+wlzqMqvlFHrIFMnkpj8tBtOSuG+Pjt+NtSSMn
T6buLR1vk6cGKYOJ/cWqLfCIrzfhkQjWoJUEg9xtTQL0MLBeTw7evU4wDNfqF+rz
m8HGawCBKvCkfkuNV5VpRzdyA2uDPJiYLtbvIItXDVdl15rBlU9cCwEpwKKcRls2
O8odFv/ZQtrkRKftYg62ZKRBCBuqQnI4kHi6cqtVr21zXZn0OXR7bmNpVwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFFtB4df3dZTypaF86LS+J5Lxwd11MB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvVzBIaDFfZDFsUEtsb1h6b3RMNG5rdkhCM1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQD0SPgMAsD
BADRI+kDAwLRIAMEA9Q7QDANBgkqhkiG9w0BAQsFAAOCAQEAXzg+Q7BZ9oKaIe9Y
KVpCsLJH4t6vWL937XKZ646ZBWROn/qX4YW0VOBW6wmXGjFpGVWKBhaos0A273Eu
cvI1lsQSGidwPVDN64njgQqTnYzulq/T8c5Wxlswfgnhi+y9STzNw/y1yiJLsPdb
k6iQh7UwRulJx0v1s4uM3cftsLnc7z/0iBEzSBsLek3QHmNmM2pycdoSGQlWKi5i
0W0rAqtnzmsWxNtooED2wlDcJ7q3iQ+mlw9huIUl95GyOW6KBOm5hmUVVQcmhMHZ
22VGWx0285P7LqBquTakO4U4oqSJZOiiEPN3zI2Lmbq6MGemuO9GpyBh5eov1+ZW
cCdv1g==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:35:18 2026 by rpki-client