Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/EUeWkU0aryB-YkR2M3TsErGD9Is.roa
File: EUeWkU0aryB-YkR2M3TsErGD9Is.roa (raw, json)
Hash identifier: gK62/o9yO+OyvLt7cRE+ehw4Ouq7VrrbTSmr3DLojOI=
Subject key identifier: 11:47:96:91:4D:1A:AF:20:7E:62:44:76:33:74:EC:12:B1:83:F4:8B
Certificate issuer: /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial: 019C3C6EFE73732F94F744E23EE7C13624A8
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/EUeWkU0aryB-YkR2M3TsErGD9Is.roa
Signing time: Sun 08 Feb 2026 08:47:12 +0000
ROA not before: Sun 08 Feb 2026 08:47:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25091
IP address blocks: 5.144.32.0/21 maxlen: 24
5.144.34.0/24 maxlen: 24
5.144.35.0/24 maxlen: 24
5.144.38.0/23 maxlen: 23
46.20.240.0/20 maxlen: 24
85.8.128.0/24 maxlen: 24
91.247.176.0/24 maxlen: 24
185.60.52.0/22 maxlen: 24
212.102.126.0/24 maxlen: 24
2a02:2528::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:3c:6e:fe:73:73:2f:94:f7:44:e2:3e:e7:c1:36:24:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Validity
Not Before: Feb 8 08:47:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=114796914d1aaf207e6244763374ec12b183f48b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:35:f6:32:db:f6:d9:b2:09:61:c2:c4:ee:82:
79:d4:5f:f2:d2:36:af:ce:c4:cc:0f:3d:d1:9f:9a:
40:0a:d6:c2:57:ff:74:a6:31:1b:25:37:0b:02:ec:
3b:fd:7a:87:aa:47:f5:ae:c5:63:c3:9a:5e:59:b5:
e3:a2:44:a9:4b:95:a9:03:8f:7d:11:81:53:40:44:
f3:c3:22:f3:54:83:39:5c:e3:5e:0a:07:e8:0c:39:
66:e1:22:ee:59:a2:e1:c1:7d:e4:47:73:78:18:c8:
7c:d2:7d:2f:e4:30:fd:50:c0:44:ad:61:19:a2:8f:
41:3b:2f:74:bf:6c:73:98:91:cf:3f:fb:ff:99:ec:
31:84:de:09:c3:ae:ae:e3:03:ba:d4:e4:49:4c:2c:
08:8c:2d:6a:62:79:a8:24:6d:8c:f8:ce:72:42:35:
0f:b9:13:da:da:a4:2c:12:af:a6:b4:44:f9:9a:2b:
a9:c4:73:f5:b6:4b:be:16:d9:00:36:14:62:4d:8d:
14:d6:c6:50:76:a7:00:d5:39:6a:f3:aa:f1:f3:20:
74:ac:f7:b2:51:46:47:4c:e2:85:e8:bc:ae:d7:f4:
bb:5f:18:89:d5:a2:99:4c:14:c4:a7:ce:81:67:06:
51:a6:8b:82:ad:5b:da:c3:c3:35:68:6f:99:fa:19:
e2:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:47:96:91:4D:1A:AF:20:7E:62:44:76:33:74:EC:12:B1:83:F4:8B
X509v3 Authority Key Identifier:
keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/EUeWkU0aryB-YkR2M3TsErGD9Is.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.144.32.0/21
46.20.240.0/20
85.8.128.0/24
91.247.176.0/24
185.60.52.0/22
212.102.126.0/24
IPv6:
2a02:2528::/29
Signature Algorithm: sha256WithRSAEncryption
65:de:f1:6f:b5:b0:e6:6d:19:42:ae:f7:66:66:56:a8:9a:b2:
48:56:5d:fe:0f:82:92:bc:ed:bd:95:d4:af:07:65:57:41:90:
f5:40:32:45:bb:c5:60:58:99:61:bb:d2:ee:27:95:a3:12:da:
25:f7:d3:56:48:17:14:ac:16:f7:0a:0e:f9:08:6f:9c:69:2d:
04:2a:af:8f:ad:7e:ca:e7:9a:63:2c:5f:fb:3d:bd:22:bf:cd:
b6:c6:d7:43:b8:2a:40:ea:64:3a:36:3c:be:db:87:5b:15:a2:
e0:4b:0d:cc:d2:30:7e:b1:3d:5a:92:c2:d6:41:5d:81:6f:9c:
de:e7:48:3f:dc:cc:65:95:a1:58:08:08:e5:1c:c2:ce:8f:39:
f1:66:90:13:3b:58:3e:36:1c:49:97:3e:71:c9:0d:b1:61:c1:
9d:93:7e:eb:06:24:e1:f7:0b:6d:a9:ff:de:da:a2:ca:aa:0e:
88:f1:9a:cb:c7:9e:cd:2c:f7:b0:88:bd:8e:f5:e4:03:5a:61:
fc:df:63:cc:65:13:93:41:7f:20:17:b3:09:b5:d0:88:e1:8b:
e9:c9:ec:9a:29:62:a8:9d:ac:30:61:cf:6c:26:7e:7f:67:71:
e1:2d:4c:a9:48:78:d1:ce:bd:62:f6:55:6c:da:7e:3e:a4:fa:
27:e5:19:fe
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZw8bv5zcy+U90TiPufBNiSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjYwMjA4MDg0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTQ3OTY5MTRkMWFhZjIwN2U2MjQ0NzYzMzc0ZWMxMmIxODNmNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTX2Mtv22bIJYcLE7oJ51F/y0jav
zsTMDz3Rn5pACtbCV/90pjEbJTcLAuw7/XqHqkf1rsVjw5peWbXjokSpS5WpA499
EYFTQETzwyLzVIM5XONeCgfoDDlm4SLuWaLhwX3kR3N4GMh80n0v5DD9UMBErWEZ
oo9BOy90v2xzmJHPP/v/mewxhN4Jw66u4wO61ORJTCwIjC1qYnmoJG2M+M5yQjUP
uRPa2qQsEq+mtET5miupxHP1tku+FtkANhRiTY0U1sZQdqcA1Tlq86rx8yB0rPey
UUZHTOKF6Lyu1/S7XxiJ1aKZTBTEp86BZwZRpouCrVvaw8M1aG+Z+hniOQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBFHlpFNGq8gfmJEdjN07BKxg/SLMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvRVVlV2tVMGFyeUItWWtSMk0zVHNFckdEOUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDBZAgAwQE
LhTwAwQAVQiAAwQAW/ewAwQCuTw0AwQA1GZ+MA0EAgACMAcDBQMqAiUoMA0GCSqG
SIb3DQEBCwUAA4IBAQBl3vFvtbDmbRlCrvdmZlaomrJIVl3+D4KSvO29ldSvB2VX
QZD1QDJFu8VgWJlhu9LuJ5WjEtol99NWSBcUrBb3Cg75CG+caS0EKq+PrX7K55pj
LF/7Pb0iv822xtdDuCpA6mQ6Njy+24dbFaLgSw3M0jB+sT1aksLWQV2Bb5ze50g/
3MxllaFYCAjlHMLOjznxZpATO1g+NhxJlz5xyQ2xYcGdk37rBiTh9wttqf/e2qLK
qg6I8ZrLx57NLPewiL2O9eQDWmH832PMZROTQX8gF7MJtdCI4YvpyeyaKWKonaww
Yc9sJn5/Z3HhLUypSHjRzr1i9lVs2n4+pPon5Rn+
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:59:25 2026 by rpki-client