Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/X4D9lHTk8PnxZTblZAtVaE1dNQQ.roa
File: X4D9lHTk8PnxZTblZAtVaE1dNQQ.roa (raw, json)
Hash identifier: 6uloBsTlbb42wmCR8mdc3PElXKD6suKGJ+NWpe9F6Hc=
Subject key identifier: 5F:80:FD:94:74:E4:F0:F9:F1:65:36:E5:64:0B:55:68:4D:5D:35:04
Certificate issuer: /CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
Certificate serial: 019D95775C5B31813AC881DF4EBC6FFAA8A7
Authority key identifier: AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/X4D9lHTk8PnxZTblZAtVaE1dNQQ.roa
Signing time: Thu 16 Apr 2026 08:45:20 +0000
ROA not before: Thu 16 Apr 2026 08:45:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6821
IP address blocks: 37.25.80.0/21 maxlen: 24
37.25.84.0/22 maxlen: 22
46.217.0.0/19 maxlen: 21
46.217.0.0/21 maxlen: 21
46.217.8.0/21 maxlen: 21
46.217.16.0/21 maxlen: 21
46.217.24.0/21 maxlen: 21
46.217.32.0/21 maxlen: 21
46.217.40.0/21 maxlen: 21
46.217.48.0/21 maxlen: 21
46.217.56.0/21 maxlen: 21
46.217.64.0/18 maxlen: 21
46.217.64.0/21 maxlen: 21
46.217.72.0/21 maxlen: 21
46.217.80.0/21 maxlen: 21
46.217.88.0/21 maxlen: 21
46.217.96.0/21 maxlen: 21
46.217.104.0/21 maxlen: 21
46.217.112.0/21 maxlen: 21
46.217.120.0/21 maxlen: 21
46.217.128.0/18 maxlen: 21
46.217.128.0/21 maxlen: 21
46.217.136.0/21 maxlen: 21
46.217.144.0/21 maxlen: 21
46.217.152.0/21 maxlen: 21
46.217.160.0/19 maxlen: 19
46.217.192.0/19 maxlen: 23
46.217.198.0/23 maxlen: 23
46.217.200.0/21 maxlen: 21
46.217.216.0/21 maxlen: 21
46.217.224.0/19 maxlen: 19
46.217.224.0/20 maxlen: 21
46.217.232.0/21 maxlen: 21
46.217.254.0/24 maxlen: 24
62.77.136.0/21 maxlen: 21
62.162.0.0/16 maxlen: 24
62.162.0.0/18 maxlen: 18
62.162.5.0/24 maxlen: 24
62.162.27.0/24 maxlen: 24
62.162.31.0/24 maxlen: 24
62.162.41.0/24 maxlen: 24
62.162.42.0/24 maxlen: 24
62.162.70.0/24 maxlen: 24
62.162.90.0/24 maxlen: 24
62.162.120.0/24 maxlen: 24
62.162.129.0/24 maxlen: 24
62.162.130.0/24 maxlen: 24
62.162.133.0/24 maxlen: 24
62.162.134.0/24 maxlen: 24
62.162.136.0/24 maxlen: 24
62.162.138.0/24 maxlen: 24
62.162.145.0/24 maxlen: 24
62.162.146.0/24 maxlen: 24
62.162.155.0/24 maxlen: 24
62.162.161.0/24 maxlen: 24
62.162.162.0/24 maxlen: 24
62.220.192.0/19 maxlen: 24
62.220.203.0/24 maxlen: 24
62.220.204.0/22 maxlen: 22
77.28.0.0/15 maxlen: 21
77.28.0.0/16 maxlen: 21
77.28.0.0/18 maxlen: 21
77.28.0.0/20 maxlen: 20
77.28.16.0/21 maxlen: 21
77.28.24.0/21 maxlen: 21
77.28.64.0/18 maxlen: 21
77.28.64.0/19 maxlen: 19
77.28.120.0/21 maxlen: 21
77.28.128.0/18 maxlen: 21
77.28.192.0/18 maxlen: 21
77.28.224.0/20 maxlen: 20
77.28.240.0/20 maxlen: 20
77.29.0.0/16 maxlen: 18
77.29.0.0/18 maxlen: 18
77.29.64.0/18 maxlen: 18
77.29.128.0/18 maxlen: 18
77.29.192.0/18 maxlen: 18
79.125.128.0/17 maxlen: 24
79.125.128.0/18 maxlen: 18
79.125.128.0/19 maxlen: 22
79.125.128.0/22 maxlen: 22
79.125.132.0/22 maxlen: 22
79.125.136.0/22 maxlen: 22
79.125.140.0/22 maxlen: 22
79.125.160.0/19 maxlen: 19
79.125.160.0/20 maxlen: 20
79.125.192.0/18 maxlen: 23
79.125.220.0/23 maxlen: 23
79.125.232.0/21 maxlen: 21
79.125.240.0/20 maxlen: 20
95.156.0.0/19 maxlen: 24
95.156.29.0/24 maxlen: 24
95.156.30.0/24 maxlen: 24
95.156.31.0/24 maxlen: 24
95.156.32.0/19 maxlen: 24
95.156.50.0/24 maxlen: 24
95.156.52.0/22 maxlen: 22
195.26.128.0/19 maxlen: 24
195.26.130.0/24 maxlen: 24
195.26.144.0/24 maxlen: 24
195.26.149.0/24 maxlen: 24
2a00:5c40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl
rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.mft
rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:95:77:5c:5b:31:81:3a:c8:81:df:4e:bc:6f:fa:a8:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
Validity
Not Before: Apr 16 08:45:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f80fd9474e4f0f9f16536e5640b55684d5d3504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:93:74:e0:51:a1:3c:9e:e0:1b:24:0f:f6:8d:
e6:81:46:20:8b:cb:86:84:f9:6c:02:72:d4:96:3a:
cb:84:8f:2c:d3:31:38:68:53:ff:28:1a:f9:fd:25:
f1:4d:03:03:02:aa:3b:12:94:66:bc:a5:60:77:fe:
6b:e7:bc:fe:ab:63:db:58:87:7c:81:7f:f5:c8:20:
84:42:41:eb:d6:27:cb:ac:f8:7c:d4:35:9f:6f:07:
ad:e3:a3:a4:c1:6f:01:7a:20:d4:db:65:96:e8:0d:
58:e0:28:b9:e9:41:68:05:e8:78:51:63:74:b4:3f:
90:ad:bd:5b:f0:ae:7c:c3:a1:33:a2:39:79:77:f1:
be:2f:4c:da:46:7b:8a:5d:26:94:c9:30:b0:b0:1d:
48:95:d6:f2:be:0b:fe:92:d5:c5:85:1b:75:4e:0a:
9b:35:df:0b:7e:96:8b:b7:b1:3b:c6:74:5a:60:cb:
af:a8:05:4b:a9:06:13:52:47:24:31:72:6f:bb:8f:
42:0a:98:fa:81:77:76:16:2b:b9:fc:ab:d5:1d:52:
e5:bb:b3:a0:38:61:d2:75:b0:c7:19:9b:9f:bc:6b:
85:96:4b:df:b1:05:cd:b2:0f:9e:7c:74:9e:a9:c6:
3b:f1:69:87:41:06:7c:52:f1:9a:fc:47:51:df:2d:
63:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:80:FD:94:74:E4:F0:F9:F1:65:36:E5:64:0B:55:68:4D:5D:35:04
X509v3 Authority Key Identifier:
keyid:AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/X4D9lHTk8PnxZTblZAtVaE1dNQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.25.80.0/21
46.217.0.0/16
62.77.136.0/21
62.162.0.0/16
62.220.192.0/19
77.28.0.0/15
79.125.128.0/17
95.156.0.0/18
195.26.128.0/19
IPv6:
2a00:5c40::/29
Signature Algorithm: sha256WithRSAEncryption
b6:92:50:93:74:45:26:fe:56:3f:c9:31:fd:1a:33:b7:2e:4c:
19:d9:25:72:b2:8d:a7:dc:8c:78:5d:1b:49:0c:3a:07:ca:23:
c6:95:1e:e9:21:f3:5f:bd:95:c0:a0:26:a6:02:03:e9:13:cb:
f1:93:7a:04:7e:4e:2b:bb:6a:9a:75:c9:c7:aa:78:eb:43:b8:
e9:42:20:79:d7:de:12:1f:99:c9:5c:b9:ec:fe:fa:25:eb:63:
35:2d:5e:5b:b3:19:b7:fa:ae:78:df:7a:ae:99:5f:83:64:4b:
bc:62:fa:77:b2:23:8d:72:1e:b6:5c:06:0b:3d:70:a4:fe:7d:
e9:0e:de:bf:ca:74:4b:49:1e:51:e1:0b:27:3c:31:7c:35:12:
8f:42:2b:98:e4:2d:63:38:1e:a3:5e:2b:69:a2:26:d4:9a:ac:
59:c7:6a:3b:c4:ba:0b:0b:11:e5:74:e9:33:80:53:55:43:cc:
f0:be:60:80:bd:d2:4e:41:d2:42:33:d0:81:83:6d:92:26:6a:
dd:c9:b7:db:11:56:0a:26:62:07:0b:e4:ce:4a:2c:ec:61:79:
07:30:8b:7f:b0:50:27:da:c5:95:15:a4:89:3a:65:02:32:18:
1a:fc:cb:45:97:c7:0a:7e:39:6a:5e:65:c2:31:02:5a:39:c4:
72:04:0e:66
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZ2Vd1xbMYE6yIHfTrxv+qinMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjYxYThkZjUzMjkyYzczMGUyYWUxZGZjZmM0ZmUzZmY3
NmIxZDAwHhcNMjYwNDE2MDg0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjgwZmQ5NDc0ZTRmMGY5ZjE2NTM2ZTU2NDBiNTU2ODRkNWQzNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5N04FGhPJ7gGyQP9o3mgUYgi8uG
hPlsAnLUljrLhI8s0zE4aFP/KBr5/SXxTQMDAqo7EpRmvKVgd/5r57z+q2PbWId8
gX/1yCCEQkHr1ifLrPh81DWfbwet46OkwW8BeiDU22WW6A1Y4Ci56UFoBeh4UWN0
tD+Qrb1b8K58w6Ezojl5d/G+L0zaRnuKXSaUyTCwsB1Ildbyvgv+ktXFhRt1Tgqb
Nd8LfpaLt7E7xnRaYMuvqAVLqQYTUkckMXJvu49CCpj6gXd2Fiu5/KvVHVLlu7Og
OGHSdbDHGZufvGuFlkvfsQXNsg+efHSeqcY78WmHQQZ8UvGa/EdR3y1jpwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFF+A/ZR05PD58WU25WQLVWhNXTUEMB8GA1UdIwQY
MBaAFK4mGo31MpLHMOKuHfz8T+P/drHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQt
NTY5NWQ4OWQ3YjM2LzEvWDREOWxIVGs4UG54WlRibFpBdFZhRTFkTlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQtNTY5NWQ4OWQ3YjM2
LzEvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA5BAIAATAzAwQDJRlQAwMA
LtkDBAM+TYgDAwA+ogMEBT7cwAMDAU0cAwQHT32AAwQGX5wAAwQFwxqAMA0EAgAC
MAcDBQMqAFxAMA0GCSqGSIb3DQEBCwUAA4IBAQC2klCTdEUm/lY/yTH9GjO3LkwZ
2SVyso2n3Ix4XRtJDDoHyiPGlR7pIfNfvZXAoCamAgPpE8vxk3oEfk4ru2qadcnH
qnjrQ7jpQiB5194SH5nJXLns/vol62M1LV5bsxm3+q5433qumV+DZEu8Yvp3siON
ch62XAYLPXCk/n3pDt6/ynRLSR5R4QsnPDF8NRKPQiuY5C1jOB6jXitpoibUmqxZ
x2o7xLoLCxHldOkzgFNVQ8zwvmCAvdJOQdJCM9CBg22SJmrdybfbEVYKJmIHC+TO
SizsYXkHMIt/sFAn2sWVFaSJOmUCMhga/MtFl8cKfjlqXmXCMQJaOcRyBA5m
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:31:14 2026 by rpki-client