Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/hkHYWWrW4y_ul5fdYlpYzXiLvyk.roa
File: hkHYWWrW4y_ul5fdYlpYzXiLvyk.roa (raw, json)
Hash identifier: G8zs4iepaUfSzTVyBQdcl2X1K8STLz2UxM5NO2UatAg=
Subject key identifier: 86:41:D8:59:6A:D6:E3:2F:EE:97:97:DD:62:5A:58:CD:78:8B:BF:29
Certificate issuer: /CN=70e5b30272e43053208978dbe44bfee10a5d007e
Certificate serial: 019C906A897FD2A4C04FB9467070857B4F4D
Authority key identifier: 70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/hkHYWWrW4y_ul5fdYlpYzXiLvyk.roa
Signing time: Tue 24 Feb 2026 16:10:26 +0000
ROA not before: Tue 24 Feb 2026 16:10:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44051
IP address blocks: 2.58.64.0/24 maxlen: 24
2.58.65.0/24 maxlen: 24
2.58.66.0/24 maxlen: 24
2.58.67.0/24 maxlen: 24
5.187.0.0/24 maxlen: 24
5.187.1.0/24 maxlen: 24
5.187.2.0/24 maxlen: 24
5.187.3.0/24 maxlen: 24
5.187.4.0/24 maxlen: 24
5.187.5.0/24 maxlen: 24
5.187.6.0/24 maxlen: 24
5.187.7.0/24 maxlen: 24
31.172.68.0/24 maxlen: 24
31.172.70.0/24 maxlen: 24
31.172.71.0/24 maxlen: 24
31.172.72.0/24 maxlen: 24
31.172.73.0/24 maxlen: 24
31.172.75.0/24 maxlen: 24
31.172.77.0/24 maxlen: 24
79.132.136.0/24 maxlen: 24
79.132.138.0/24 maxlen: 24
79.132.140.0/24 maxlen: 24
79.132.142.0/24 maxlen: 24
79.132.143.0/24 maxlen: 24
91.228.152.0/24 maxlen: 24
91.228.153.0/24 maxlen: 24
91.228.154.0/24 maxlen: 24
91.228.155.0/24 maxlen: 24
103.75.124.0/24 maxlen: 24
103.75.127.0/24 maxlen: 24
103.228.168.0/24 maxlen: 24
103.228.169.0/24 maxlen: 24
103.228.170.0/24 maxlen: 24
103.228.171.0/24 maxlen: 24
162.248.160.0/24 maxlen: 24
162.248.164.0/24 maxlen: 24
162.248.165.0/24 maxlen: 24
162.248.166.0/24 maxlen: 24
162.248.167.0/24 maxlen: 24
185.21.8.0/24 maxlen: 24
185.44.206.0/24 maxlen: 24
185.44.207.0/24 maxlen: 24
195.26.237.0/24 maxlen: 24
212.2.234.0/24 maxlen: 24
212.2.235.0/24 maxlen: 24
217.177.72.0/24 maxlen: 24
2a02:6b40::/32 maxlen: 32
2a02:6b40::/48 maxlen: 48
2a02:6b40:1::/48 maxlen: 48
2a02:6b40:1000::/48 maxlen: 48
2a02:6b40:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.mft
rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 06:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:90:6a:89:7f:d2:a4:c0:4f:b9:46:70:70:85:7b:4f:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70e5b30272e43053208978dbe44bfee10a5d007e
Validity
Not Before: Feb 24 16:10:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8641d8596ad6e32fee9797dd625a58cd788bbf29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:28:58:51:2c:43:41:7a:78:a2:8d:33:fc:bf:
b2:37:88:77:73:4d:fc:1b:a1:9a:fd:85:84:ed:f9:
00:c2:3a:0d:db:41:d3:c3:fb:e2:6c:fd:cc:94:be:
89:fa:26:33:3e:4d:6a:7f:58:35:50:b4:1d:4f:72:
df:78:90:07:d7:1f:b3:79:25:7b:11:51:54:53:95:
04:15:12:5c:3b:dc:da:20:58:18:8f:81:e1:a8:fa:
cb:05:a0:66:aa:c3:fa:c4:87:92:d7:14:bf:7e:df:
e6:46:45:76:90:67:0a:79:fc:9a:cb:13:96:de:90:
fb:7e:b3:db:03:ca:d2:39:6a:fe:d2:13:63:53:d4:
80:9e:6e:c4:f9:4f:77:7a:ea:ab:03:86:0a:9d:9b:
3f:ae:49:42:7a:67:ca:43:20:78:88:dc:31:5a:74:
20:88:b0:97:6c:b2:76:ce:37:2e:2d:3b:96:b4:e9:
65:95:9d:d8:01:e6:32:bb:fe:01:fd:ba:ef:27:36:
4d:a2:bd:90:c1:ed:93:2a:e7:06:1b:5a:34:b8:0f:
30:c2:38:f2:dc:f7:44:17:c3:40:f4:96:29:80:d7:
9a:14:0b:b2:ad:ce:e3:5c:51:55:78:56:95:37:10:
dd:2a:60:c5:86:05:bb:4e:84:02:b8:b4:04:7f:25:
f2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:41:D8:59:6A:D6:E3:2F:EE:97:97:DD:62:5A:58:CD:78:8B:BF:29
X509v3 Authority Key Identifier:
keyid:70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/hkHYWWrW4y_ul5fdYlpYzXiLvyk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.64.0/22
5.187.0.0/21
31.172.68.0/24
31.172.70.0-31.172.73.255
31.172.75.0/24
31.172.77.0/24
79.132.136.0/24
79.132.138.0/24
79.132.140.0/24
79.132.142.0/23
91.228.152.0/22
103.75.124.0/24
103.75.127.0/24
103.228.168.0/22
162.248.160.0/24
162.248.164.0/22
185.21.8.0/24
185.44.206.0/23
195.26.237.0/24
212.2.234.0/23
217.177.72.0/24
IPv6:
2a02:6b40::/32
Signature Algorithm: sha256WithRSAEncryption
88:e2:f6:1e:1c:9f:46:ae:01:39:a9:f4:a8:2d:63:f2:97:3f:
1d:88:e4:76:96:15:50:93:23:c0:de:dd:f2:6f:ab:a3:6e:f3:
6f:59:43:67:e9:2a:3c:af:cb:ee:bd:90:a7:59:83:60:a1:eb:
d8:7d:f1:ce:8c:74:cb:c7:c6:f9:1f:04:ca:10:0b:1c:59:b0:
19:2b:ea:55:2f:70:02:3a:8f:e3:1c:9e:ec:9f:2e:54:d5:40:
cf:c4:f8:d5:e8:c2:cc:2a:cb:28:1b:13:2b:b3:ad:db:29:b3:
11:fd:87:c3:40:7f:ab:b8:d2:41:96:70:4a:87:75:a5:cb:ca:
d6:6a:5d:91:81:6d:b1:b8:02:10:27:c9:38:05:3f:9f:2f:be:
e5:65:64:5d:d2:65:7b:0a:d2:5b:52:3c:cf:dd:9e:9b:38:d7:
eb:11:a2:10:d3:54:25:d3:06:c7:48:4a:c5:6c:89:c3:9f:2a:
ea:56:f5:72:07:d7:be:da:55:76:a3:53:4f:6d:de:3b:f3:bc:
0b:63:8d:79:ae:2e:5b:3d:7f:c4:45:cc:3b:68:ae:91:c8:3d:
5f:ca:0a:17:73:14:0e:9e:bd:cd:43:53:2f:bb:6a:a5:4e:b8:
45:00:a4:b1:76:f5:a0:2e:9f:9a:a6:ab:e6:74:ec:21:ea:94:
3a:39:ad:25
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAZyQaol/0qTAT7lGcHCFe09NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTViMzAyNzJlNDMwNTMyMDg5NzhkYmU0NGJmZWUxMGE1
ZDAwN2UwHhcNMjYwMjI0MTYxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQxZDg1OTZhZDZlMzJmZWU5Nzk3ZGQ2MjVhNThjZDc4OGJiZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtihYUSxDQXp4oo0z/L+yN4h3c038
G6Ga/YWE7fkAwjoN20HTw/vibP3MlL6J+iYzPk1qf1g1ULQdT3LfeJAH1x+zeSV7
EVFUU5UEFRJcO9zaIFgYj4HhqPrLBaBmqsP6xIeS1xS/ft/mRkV2kGcKefyayxOW
3pD7frPbA8rSOWr+0hNjU9SAnm7E+U93euqrA4YKnZs/rklCemfKQyB4iNwxWnQg
iLCXbLJ2zjcuLTuWtOlllZ3YAeYyu/4B/brvJzZNor2Qwe2TKucGG1o0uA8wwjjy
3PdEF8NA9JYpgNeaFAuyrc7jXFFVeFaVNxDdKmDFhgW7ToQCuLQEfyXyowIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFIZB2Flq1uMv7peX3WJaWM14i78pMB8GA1UdIwQY
MBaAFHDlswJy5DBTIIl42+RL/uEKXQB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEt
MWZiYzY0MWI1MGIxLzEvaGtIWVdXclc0eV91bDVmZFlscFl6WGlMdnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEtMWZiYzY0MWI1MGIx
LzEvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGyBggrBgEFBQcBBwEB/wSBojCBnzCBjQQCAAEwgYYDBAIC
OkADBAMFuwADBAAfrEQwDAMEAR+sRgMEAR+sSAMEAB+sSwMEAB+sTQMEAE+EiAME
AE+EigMEAE+EjAMEAU+EjgMEAlvkmAMEAGdLfAMEAGdLfwMEAmfkqAMEAKL4oAME
AqL4pAMEALkVCAMEAbkszgMEAMMa7QMEAdQC6gMEANmxSDANBAIAAjAHAwUAKgJr
QDANBgkqhkiG9w0BAQsFAAOCAQEAiOL2HhyfRq4BOan0qC1j8pc/HYjkdpYVUJMj
wN7d8m+ro27zb1lDZ+kqPK/L7r2Qp1mDYKHr2H3xzox0y8fG+R8EyhALHFmwGSvq
VS9wAjqP4xye7J8uVNVAz8T41ejCzCrLKBsTK7Ot2ymzEf2Hw0B/q7jSQZZwSod1
pcvK1mpdkYFtsbgCECfJOAU/ny++5WVkXdJlewrSW1I8z92emzjX6xGiENNUJdMG
x0hKxWyJw58q6lb1cgfXvtpVdqNTT23eO/O8C2ONea4uWz1/xEXMO2iukcg9X8oK
F3MUDp69zUNTL7tqpU64RQCksXb1oC6fmqar5nTsIeqUOjmtJQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:27:57 2026 by rpki-client