Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1TnMZEQ64_W5HuMznVxKJ5dlFfA.roa
File: 1TnMZEQ64_W5HuMznVxKJ5dlFfA.roa (raw, json)
Hash identifier: LYwc+mOlM01M+unCNznkUkoP96Z79ZkkIc/aLys/JZA=
Subject key identifier: D5:39:CC:64:44:3A:E3:F5:B9:1E:E3:33:9D:5C:4A:27:97:65:15:F0
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 019EFB29B26C68AFBD7601C80032781BDA45
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1TnMZEQ64_W5HuMznVxKJ5dlFfA.roa
Signing time: Wed 24 Jun 2026 19:44:34 +0000
ROA not before: Wed 24 Jun 2026 19:44:34 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
37.97.96.0/20 maxlen: 20
37.139.120.0/21 maxlen: 21
37.139.124.0/24 maxlen: 24
65.39.64.0/19 maxlen: 19
80.251.96.0/20 maxlen: 20
81.93.0.0/19 maxlen: 19
88.213.224.0/19 maxlen: 19
155.2.128.0/19 maxlen: 19
157.143.128.0/17 maxlen: 17
178.174.96.0/20 maxlen: 23
178.255.160.0/21 maxlen: 21
185.6.92.0/22 maxlen: 22
185.8.252.0/22 maxlen: 22
185.24.140.0/22 maxlen: 22
185.32.208.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
185.65.248.0/22 maxlen: 22
185.76.216.0/22 maxlen: 22
185.218.208.0/22 maxlen: 22
185.249.20.0/22 maxlen: 22
195.135.0.0/17 maxlen: 17
195.135.0.0/18 maxlen: 18
195.135.12.0/23 maxlen: 23
195.135.48.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
217.74.96.0/20 maxlen: 20
217.181.128.0/17 maxlen: 17
2a02:6e8::/32 maxlen: 32
2a02:c440::/29 maxlen: 29
2a05:5cc0::/29 maxlen: 29
2a0b:e3c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.mft
rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 Jul 2026 10:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:fb:29:b2:6c:68:af:bd:76:01:c8:00:32:78:1b:da:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jun 24 19:44:34 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d539cc64443ae3f5b91ee3339d5c4a27976515f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:a7:5e:d1:98:f6:0b:bd:85:5a:52:50:f7:85:
f9:db:c2:77:69:d3:e8:9c:02:ef:62:6f:26:11:2c:
82:06:43:7b:20:3c:eb:a9:0a:8b:2e:98:0a:52:ce:
b6:5b:82:c0:7d:81:07:88:23:6d:bf:2e:83:18:fe:
74:63:42:12:4b:b3:08:56:db:96:0c:ad:70:7a:4a:
db:64:88:52:35:73:7e:d0:94:fa:bc:99:53:c8:2a:
c2:02:63:1e:3a:d5:18:e8:fc:fe:0b:3b:ac:9a:f9:
d2:6f:99:d4:10:3f:6e:8a:f0:86:3d:4e:3d:37:53:
d6:4b:0c:9d:5f:6b:70:b5:1e:86:5d:dd:84:7d:a1:
57:a4:9d:46:19:2f:76:9a:c6:12:1e:09:bd:8e:01:
1b:9c:da:01:54:0d:86:c2:18:11:7f:77:13:64:cd:
bf:5a:51:f3:74:32:18:a5:f6:91:86:d6:e3:e1:1a:
16:b8:6d:30:78:a9:ef:e4:2f:a0:73:1a:62:bb:2b:
ed:70:44:b9:a3:9f:30:49:2b:d1:cd:95:72:6a:f9:
73:97:55:b0:a3:52:03:2c:43:d8:8c:14:d5:b7:40:
b9:a3:34:af:3c:40:fa:c2:05:04:18:22:22:71:7b:
b4:ff:a7:19:2e:04:58:95:f9:91:c7:df:c9:38:51:
f1:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:39:CC:64:44:3A:E3:F5:B9:1E:E3:33:9D:5C:4A:27:97:65:15:F0
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/1TnMZEQ64_W5HuMznVxKJ5dlFfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
37.139.120.0/21
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
155.2.128.0/19
157.143.128.0/17
178.174.96.0/20
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
185.76.216.0/22
185.218.208.0/22
185.249.20.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a05:5cc0::/29
2a0b:e3c0::/29
Signature Algorithm: sha256WithRSAEncryption
11:24:21:20:5d:25:d2:ef:d1:b6:8c:0f:ec:d5:a4:32:eb:68:
a4:75:4a:9e:af:64:3c:8e:b6:5a:ba:bf:82:f8:30:2c:40:f0:
a5:ab:98:20:1a:5f:8c:a7:65:08:cd:a6:11:e6:f0:f6:c5:b1:
9c:2c:09:95:f9:21:73:ba:27:84:30:7d:48:51:59:9c:a8:0c:
65:dd:6b:ea:53:a9:88:d1:05:80:16:cb:23:96:b8:09:7d:b0:
a6:85:55:3b:ae:8f:07:ac:26:2f:9c:15:21:67:8c:60:59:15:
d3:80:5b:ea:1d:f0:c3:54:06:2d:ac:b4:ee:69:63:33:34:39:
bb:f2:58:ed:25:1d:2b:ca:e9:a9:9a:c2:08:5f:1e:bf:4b:5f:
01:56:cf:be:48:43:7a:58:ad:82:66:52:e2:e1:3e:66:8e:5b:
34:c6:8f:ef:22:98:16:92:3b:f0:c9:ef:cd:c0:b0:45:60:de:
39:90:68:d9:df:9a:b8:d9:32:bf:33:74:39:20:e0:42:9f:71:
4e:2f:d5:40:77:a2:04:74:2c:48:50:47:04:1f:49:11:5e:40:
f4:2a:0e:29:5a:8b:fd:c5:20:8d:f2:53:23:e0:7b:9e:80:dd:
75:99:7d:2b:f6:a7:9f:13:fb:c4:f4:76:0b:ee:62:27:66:99:
6d:33:c3:7a
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZ77KbJsaK+9dgHIADJ4G9pFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjYwNjI0MTk0NDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTM5Y2M2NDQ0M2FlM2Y1YjkxZWUzMzM5ZDVjNGEyNzk3NjUxNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kde0Zj2C72FWlJQ94X528J3adPo
nALvYm8mESyCBkN7IDzrqQqLLpgKUs62W4LAfYEHiCNtvy6DGP50Y0ISS7MIVtuW
DK1wekrbZIhSNXN+0JT6vJlTyCrCAmMeOtUY6Pz+CzusmvnSb5nUED9uivCGPU49
N1PWSwydX2twtR6GXd2EfaFXpJ1GGS92msYSHgm9jgEbnNoBVA2GwhgRf3cTZM2/
WlHzdDIYpfaRhtbj4RoWuG0weKnv5C+gcxpiuyvtcES5o58wSSvRzZVyavlzl1Ww
o1IDLEPYjBTVt0C5ozSvPED6wgUEGCIicXu0/6cZLgRYlfmRx9/JOFHxQQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFNU5zGREOuP1uR7jM51cSieXZRXwMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvMVRuTVpFUTY0X1c1SHVNem5WeEtKNWRsRmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBkwQCAAEwgYwwDAME
BiVhQAMEBCVhYAMEAyWLeAMEBUEnQAMEBFD7YAMEBVFdAAMEBVjV4AMEBZsCgAME
B52PgAMEBLKuYAMEA7L/oAMEArkGXAMEArkI/AMEArkYjAMEArkg0AMEArkqsAME
ArlB+AMEArlM2AMEArna0AMEArn5FAMEB8OHAAMEBNlKYAMEB9m1gDAiBAIAAjAc
AwUAKgIG6AMFAyoCxEADBQMqBVzAAwUDKgvjwDANBgkqhkiG9w0BAQsFAAOCAQEA
ESQhIF0l0u/RtowP7NWkMutopHVKnq9kPI62Wrq/gvgwLEDwpauYIBpfjKdlCM2m
Eebw9sWxnCwJlfkhc7onhDB9SFFZnKgMZd1r6lOpiNEFgBbLI5a4CX2wpoVVO66P
B6wmL5wVIWeMYFkV04Bb6h3ww1QGLay07mljMzQ5u/JY7SUdK8rpqZrCCF8ev0tf
AVbPvkhDelitgmZS4uE+Zo5bNMaP7yKYFpI78MnvzcCwRWDeOZBo2d+auNkyvzN0
OSDgQp9xTi/VQHeiBHQsSFBHBB9JEV5A9CoOKVqL/cUgjfJTI+B7noDddZl9K/an
nxP7xPR2C+5iJ2aZbTPDeg==
-----END CERTIFICATE-----
Generated at Tue Jun 30 20:12:53 2026 by rpki-client