Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NS1ZBrUo9cL2RzJl2DoZEtlJIgU.roa
File: NS1ZBrUo9cL2RzJl2DoZEtlJIgU.roa (raw, json)
Hash identifier: WlCP3A2g4WxvOy7MlXQKTM7lTwf6ExPkVhpn2oHTNY0=
Subject key identifier: 35:2D:59:06:B5:28:F5:C2:F6:47:32:65:D8:3A:19:12:D9:49:22:05
Certificate issuer: /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial: 019E68AD961EE1E565B77DB781FED9326B01
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NS1ZBrUo9cL2RzJl2DoZEtlJIgU.roa
Signing time: Wed 27 May 2026 09:04:27 +0000
ROA not before: Wed 27 May 2026 09:04:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12430
IP address blocks: 5.224.0.0/15 maxlen: 15
31.4.0.0/16 maxlen: 24
37.222.0.0/15 maxlen: 24
46.24.0.0/14 maxlen: 14
46.25.0.0/21 maxlen: 21
46.25.60.0/22 maxlen: 22
46.136.0.0/16 maxlen: 16
47.58.0.0/16 maxlen: 16
47.59.0.0/16 maxlen: 16
47.60.0.0/16 maxlen: 16
47.61.0.0/16 maxlen: 16
47.62.0.0/16 maxlen: 16
47.63.0.0/16 maxlen: 16
62.87.0.0/17 maxlen: 24
77.208.0.0/14 maxlen: 24
77.224.0.0/13 maxlen: 13
87.124.192.0/18 maxlen: 18
87.125.0.0/16 maxlen: 24
87.235.0.0/16 maxlen: 16
89.6.0.0/15 maxlen: 15
93.113.16.0/21 maxlen: 21
94.248.64.0/18 maxlen: 18
95.60.0.0/14 maxlen: 14
95.60.32.0/21 maxlen: 21
137.101.0.0/16 maxlen: 16
148.3.0.0/16 maxlen: 16
148.56.0.0/16 maxlen: 16
151.182.0.0/16 maxlen: 16
159.147.0.0/16 maxlen: 16
178.57.128.0/18 maxlen: 18
178.139.0.0/16 maxlen: 22
188.84.0.0/14 maxlen: 14
188.86.112.0/22 maxlen: 22
188.211.228.0/22 maxlen: 22
193.125.0.0/16 maxlen: 16
194.220.0.0/16 maxlen: 16
212.73.32.0/19 maxlen: 24
212.145.0.0/16 maxlen: 16
212.166.128.0/17 maxlen: 23
217.130.0.0/16 maxlen: 16
2a01:800::/32 maxlen: 32
2a01:801::/32 maxlen: 32
2a01:807::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 09:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:68:ad:96:1e:e1:e5:65:b7:7d:b7:81:fe:d9:32:6b:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
Validity
Not Before: May 27 09:04:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=352d5906b528f5c2f6473265d83a1912d9492205
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b6:c1:27:09:0a:2e:34:4b:aa:02:7a:38:d1:
08:56:19:00:4b:f1:b5:86:ad:9b:aa:e0:79:2c:d1:
8e:68:08:c4:f8:bf:9d:54:ec:15:57:c3:57:46:12:
cc:a9:16:97:fe:8c:2f:9a:29:0b:f8:11:25:94:55:
27:b0:c6:65:25:ca:ce:21:b3:94:96:e9:1a:9b:11:
15:c5:d9:cd:5b:d1:36:15:aa:ea:9f:d8:95:f7:58:
d5:80:d3:b5:c8:15:84:11:a8:80:64:33:c1:92:c3:
b7:04:0b:d6:10:6e:6a:f4:4f:38:15:a2:0c:bf:a7:
9b:9f:ff:a6:01:a4:d6:f1:a8:ac:9d:16:db:bb:36:
58:b9:37:9d:48:88:fa:27:fe:82:6b:09:21:a8:de:
16:83:90:84:51:e0:cb:8d:c9:b1:76:d6:95:85:1d:
ec:a1:76:eb:f2:2e:b9:a6:08:dd:4b:4b:b6:65:2d:
09:ee:f2:f3:b7:92:7d:76:a8:d9:6d:ad:87:21:95:
86:59:f7:79:6e:a3:b1:2d:7f:55:02:99:5f:8a:11:
79:df:aa:0a:04:4e:c1:a1:60:25:70:e4:e6:cc:24:
24:cf:67:58:d9:29:c5:cf:56:5c:28:71:5e:91:2d:
72:db:b9:02:b8:a6:9b:25:aa:59:31:d3:73:1c:e2:
14:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:2D:59:06:B5:28:F5:C2:F6:47:32:65:D8:3A:19:12:D9:49:22:05
X509v3 Authority Key Identifier:
keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NS1ZBrUo9cL2RzJl2DoZEtlJIgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.224.0.0/15
31.4.0.0/16
37.222.0.0/15
46.24.0.0/14
46.136.0.0/16
47.58.0.0-47.63.255.255
62.87.0.0/17
77.208.0.0/14
77.224.0.0/13
87.124.192.0-87.125.255.255
87.235.0.0/16
89.6.0.0/15
93.113.16.0/21
94.248.64.0/18
95.60.0.0/14
137.101.0.0/16
148.3.0.0/16
148.56.0.0/16
151.182.0.0/16
159.147.0.0/16
178.57.128.0/18
178.139.0.0/16
188.84.0.0/14
188.211.228.0/22
193.125.0.0/16
194.220.0.0/16
212.73.32.0/19
212.145.0.0/16
212.166.128.0/17
217.130.0.0/16
IPv6:
2a01:800::/31
2a01:807::/32
Signature Algorithm: sha256WithRSAEncryption
3d:17:e6:40:fa:38:48:2b:e0:37:a1:44:4d:4f:c7:99:d6:06:
f6:c8:da:46:c2:1f:d9:2c:b8:10:d2:dd:22:71:60:46:59:19:
04:2c:74:c1:45:71:a0:01:a5:3e:c1:d8:7d:c4:2e:f4:2e:f7:
6f:5e:dc:5a:6d:2b:e1:08:5a:a0:2c:50:c2:3f:8f:53:50:76:
18:8a:df:bd:1f:fa:dc:89:73:fe:98:b9:81:73:e4:69:ea:86:
b9:30:bc:03:09:6c:0b:6e:95:11:87:53:fd:b3:8f:2f:11:9c:
42:30:fa:f3:c8:a1:cf:18:49:03:88:fe:f2:f6:92:20:6d:0a:
d7:54:bd:cd:5f:cb:aa:cf:79:d2:af:fc:f0:ed:96:7c:f2:4a:
e0:1c:5d:f5:69:81:ed:02:ad:aa:76:14:d1:8c:48:f9:75:bf:
d4:d0:ef:26:87:d6:31:e6:51:5a:28:56:de:02:01:0a:d9:d2:
d4:95:7f:a4:c1:07:37:4e:e7:72:97:e1:2b:d2:c7:6e:9a:53:
fe:e8:bc:0e:24:ce:af:36:80:60:8d:7d:39:db:ac:78:0a:b5:
18:f4:c3:79:98:49:6b:52:54:ca:68:5d:ef:90:76:21:a0:5e:
a3:19:f6:50:cf:7a:9a:73:75:b5:0f:38:59:25:54:4f:14:0d:
28:2a:04:13
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZ5orZYe4eVlt323gf7ZMmsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjYwNTI3MDkwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJkNTkwNmI1MjhmNWMyZjY0NzMyNjVkODNhMTkxMmQ5NDkyMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LbBJwkKLjRLqgJ6ONEIVhkAS/G1
hq2bquB5LNGOaAjE+L+dVOwVV8NXRhLMqRaX/owvmikL+BEllFUnsMZlJcrOIbOU
lukamxEVxdnNW9E2Farqn9iV91jVgNO1yBWEEaiAZDPBksO3BAvWEG5q9E84FaIM
v6ebn/+mAaTW8aisnRbbuzZYuTedSIj6J/6CawkhqN4Wg5CEUeDLjcmxdtaVhR3s
oXbr8i65pgjdS0u2ZS0J7vLzt5J9dqjZba2HIZWGWfd5bqOxLX9VAplfihF536oK
BE7BoWAlcOTmzCQkz2dY2SnFz1ZcKHFekS1y27kCuKabJapZMdNzHOIU5wIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFDUtWQa1KPXC9kcyZdg6GRLZSSIFMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvTlMxWkJyVW85Y0wyUnpKbDJEb1pFdGxKSWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCBswQCAAEwgawDAwEF
4AMDAB8EAwMBJd4DAwIuGAMDAC6IMAoDAwEvOgMDBi8AAwQHPlcAAwMCTdADAwNN
4DALAwQGV3zAAwMBV3wDAwBX6wMDAVkGAwQDXXEQAwQGXvhAAwMCXzwDAwCJZQMD
AJQDAwMAlDgDAwCXtgMDAJ+TAwQGsjmAAwMAsosDAwK8VAMEArzT5AMDAMF9AwMA
wtwDBAXUSSADAwDUkQMEB9SmgAMDANmCMBQEAgACMA4DBQEqAQgAAwUAKgEIBzAN
BgkqhkiG9w0BAQsFAAOCAQEAPRfmQPo4SCvgN6FETU/HmdYG9sjaRsIf2Sy4ENLd
InFgRlkZBCx0wUVxoAGlPsHYfcQu9C73b17cWm0r4QhaoCxQwj+PU1B2GIrfvR/6
3Ilz/pi5gXPkaeqGuTC8AwlsC26VEYdT/bOPLxGcQjD688ihzxhJA4j+8vaSIG0K
11S9zV/Lqs950q/88O2WfPJK4Bxd9WmB7QKtqnYU0YxI+XW/1NDvJofWMeZRWihW
3gIBCtnS1JV/pMEHN07ncpfhK9LHbppT/ui8DiTOrzaAYI19OduseAq1GPTDeZhJ
a1JUymhd75B2IaBeoxn2UM96mnN1tQ84WSVUTxQNKCoEEw==
-----END CERTIFICATE-----
Generated at Thu Jun 11 16:26:46 2026 by rpki-client