Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/T5BOtBOGV7YSfig7esYcJr9yiv8.roa
File: T5BOtBOGV7YSfig7esYcJr9yiv8.roa (raw, json)
Hash identifier: M2l+J2hVPluJURCkR22SlcFHdfiHtwtkgIPvkn8j0qs=
Subject key identifier: 4F:90:4E:B4:13:86:57:B6:12:7E:28:3B:7A:C6:1C:26:BF:72:8A:FF
Certificate issuer: /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial: 019CD7A79944D8F91B9E1FF793E86394005F
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/T5BOtBOGV7YSfig7esYcJr9yiv8.roa
Signing time: Tue 10 Mar 2026 12:10:10 +0000
ROA not before: Tue 10 Mar 2026 12:10:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31500
IP address blocks: 91.108.40.0/24 maxlen: 24
91.108.50.0/24 maxlen: 24
94.124.180.0/23 maxlen: 23
94.124.182.0/24 maxlen: 24
94.124.183.0/24 maxlen: 24
95.140.80.0/20 maxlen: 20
95.140.80.0/24 maxlen: 32
95.140.81.0/24 maxlen: 24
95.140.82.0/24 maxlen: 24
95.140.83.0/24 maxlen: 24
95.140.88.0/24 maxlen: 24
95.140.89.0/24 maxlen: 24
95.140.90.0/24 maxlen: 24
95.140.91.0/24 maxlen: 24
95.140.93.0/24 maxlen: 24
95.140.95.0/24 maxlen: 24
95.161.128.0/24 maxlen: 24
95.161.240.0/20 maxlen: 24
109.239.128.0/24 maxlen: 24
109.239.129.0/24 maxlen: 24
109.239.130.0/24 maxlen: 24
109.239.130.128/25 maxlen: 25
109.239.131.0/24 maxlen: 24
109.239.132.0/24 maxlen: 24
109.239.133.0/24 maxlen: 24
109.239.134.0/24 maxlen: 24
109.239.135.0/24 maxlen: 24
109.239.136.0/23 maxlen: 23
109.239.138.0/24 maxlen: 24
109.239.139.0/24 maxlen: 24
109.239.140.0/24 maxlen: 24
109.239.141.0/24 maxlen: 24
109.239.142.0/24 maxlen: 24
109.239.143.0/24 maxlen: 24
178.18.228.0/24 maxlen: 24
178.18.229.0/24 maxlen: 24
178.18.231.0/24 maxlen: 24
178.18.232.0/24 maxlen: 24
185.26.75.0/24 maxlen: 24
2001:b28::/32 maxlen: 32
2001:b28:4::/48 maxlen: 48
2001:b28:7b0c::/48 maxlen: 48
2001:b28:9999::/48 maxlen: 48
2001:b28:9a9c::/48 maxlen: 48
2001:b28:a451::/48 maxlen: 48
2001:b28:ffff::/48 maxlen: 48
2a03:5f80::/46 maxlen: 46
2a03:5f80:2:10::/64 maxlen: 64
2a03:5f80:8::/46 maxlen: 46
2a03:5f80:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 09:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:a7:99:44:d8:f9:1b:9e:1f:f7:93:e8:63:94:00:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Validity
Not Before: Mar 10 12:10:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4f904eb4138657b6127e283b7ac61c26bf728aff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:9d:2e:a1:c1:43:9b:50:13:c0:2e:7f:1d:5c:
c3:a5:2d:fa:e1:66:39:aa:86:91:5a:87:bc:93:6c:
ea:6f:56:a2:34:e0:e7:67:36:2d:22:d0:59:4f:c0:
4a:f0:ca:84:8c:a0:cb:63:cc:01:6f:d0:6c:f3:58:
dc:98:e2:8b:21:00:5e:73:33:94:db:94:fc:2f:35:
0c:bf:ac:c5:c6:c0:00:dd:f2:27:ef:23:92:4c:ca:
d0:6e:96:ee:a3:4c:00:2a:22:f1:b5:b0:5b:31:b4:
b3:89:5b:ae:5c:86:65:78:39:9b:40:0a:17:70:d6:
28:db:96:1f:d3:a5:7a:25:e4:52:54:fd:e7:02:13:
2a:c1:23:84:27:8a:0e:6b:6d:4d:bc:59:cb:ae:96:
36:10:49:12:eb:e1:8c:4f:00:e4:06:ca:88:c8:96:
7d:42:dd:e2:a2:f1:d5:86:b0:4a:c3:a0:23:65:bf:
8e:3b:8a:96:c0:6d:8f:f1:25:40:66:78:4e:ef:f5:
ec:c7:dd:45:30:0e:6c:6f:5f:a8:2a:69:3e:1f:4f:
6d:7e:7f:8a:78:76:06:6a:fe:db:8b:b4:68:14:6c:
4c:bb:1d:46:76:4f:84:46:b7:92:db:fe:ee:45:73:
2c:8f:12:9e:24:d3:b0:46:c9:01:78:76:eb:63:b8:
c6:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:90:4E:B4:13:86:57:B6:12:7E:28:3B:7A:C6:1C:26:BF:72:8A:FF
X509v3 Authority Key Identifier:
keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/T5BOtBOGV7YSfig7esYcJr9yiv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.40.0/24
91.108.50.0/24
94.124.180.0/22
95.140.80.0/20
95.161.128.0/24
95.161.240.0/20
109.239.128.0/20
178.18.228.0/23
178.18.231.0-178.18.232.255
185.26.75.0/24
IPv6:
2001:b28::/32
2a03:5f80::/46
2a03:5f80:8::/46
Signature Algorithm: sha256WithRSAEncryption
a7:1a:bd:c6:fe:77:79:54:83:04:20:49:46:b5:92:15:5b:63:
9e:be:6c:62:b8:3d:3a:9f:14:1a:36:b7:aa:70:17:8f:00:85:
a9:ac:d2:c4:5d:20:bf:59:2b:2c:ee:06:e5:71:a5:ee:99:51:
dc:2e:32:53:56:b2:70:cb:6d:18:5e:29:5b:ef:23:fc:a7:63:
ef:dc:1f:de:c6:be:fa:5d:f0:0c:5b:a3:8f:ff:72:59:81:ce:
ef:dd:de:59:73:50:d2:0f:ee:3e:da:81:51:9c:d1:a1:31:ea:
5c:05:e5:8e:6f:5f:d7:8e:0d:0d:39:a9:de:c3:0f:47:d0:d7:
a8:74:d7:09:50:c0:67:cf:9f:8c:5d:3e:35:78:6a:ca:54:7a:
d5:87:42:0c:ae:7a:77:a2:76:74:bd:b2:7a:24:36:a8:6a:39:
6f:5c:87:d1:8b:6e:ea:00:96:54:0f:ce:db:9e:de:05:81:c3:
e5:db:2a:38:af:18:e3:96:3b:e3:1c:c7:df:29:d8:c8:fb:fb:
68:5d:f3:14:73:bc:84:b4:90:15:b6:ee:30:f6:34:d4:e0:50:
7a:ab:30:f7:fc:4f:f7:20:04:f8:57:e4:fb:51:5d:a6:5b:6c:
71:96:9c:76:59:84:fd:bb:23:40:09:00:72:2d:9d:63:15:a2:
09:03:38:b3
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZzXp5lE2Pkbnh/3k+hjlABfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjYwMzEwMTIxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjkwNGViNDEzODY1N2I2MTI3ZTI4M2I3YWM2MWMyNmJmNzI4YWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ0uocFDm1ATwC5/HVzDpS364WY5
qoaRWoe8k2zqb1aiNODnZzYtItBZT8BK8MqEjKDLY8wBb9Bs81jcmOKLIQBeczOU
25T8LzUMv6zFxsAA3fIn7yOSTMrQbpbuo0wAKiLxtbBbMbSziVuuXIZleDmbQAoX
cNYo25Yf06V6JeRSVP3nAhMqwSOEJ4oOa21NvFnLrpY2EEkS6+GMTwDkBsqIyJZ9
Qt3iovHVhrBKw6AjZb+OO4qWwG2P8SVAZnhO7/Xsx91FMA5sb1+oKmk+H09tfn+K
eHYGav7bi7RoFGxMux1Gdk+ERreS2/7uRXMsjxKeJNOwRskBeHbrY7jGZwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFE+QTrQThle2En4oO3rGHCa/cor/MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvVDVCT3RCT0dWN1lTZmlnN2VzWWNKcjl5aXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBKBAIAATBEAwQAW2woAwQA
W2wyAwQCXny0AwQEX4xQAwQAX6GAAwQEX6HwAwQEbe+AAwQBshLkMAwDBACyEucD
BACyEugDBAC5GkswHwQCAAIwGQMFACABCygDBwIqA1+AAAADBwIqA1+AAAgwDQYJ
KoZIhvcNAQELBQADggEBAKcavcb+d3lUgwQgSUa1khVbY56+bGK4PTqfFBo2t6pw
F48Ahams0sRdIL9ZKyzuBuVxpe6ZUdwuMlNWsnDLbRheKVvvI/ynY+/cH97Gvvpd
8Axbo4//clmBzu/d3llzUNIP7j7agVGc0aEx6lwF5Y5vX9eODQ05qd7DD0fQ16h0
1wlQwGfPn4xdPjV4aspUetWHQgyueneidnS9snokNqhqOW9ch9GLbuoAllQPztue
3gWBw+XbKjivGOOWO+Mcx98p2Mj7+2hd8xRzvIS0kBW27jD2NNTgUHqrMPf8T/cg
BPhX5PtRXaZbbHGWnHZZhP27I0AJAHItnWMVogkDOLM=
-----END CERTIFICATE-----
Generated at Fri Mar 13 14:49:37 2026 by rpki-client