Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/0JJLH92b9ei-F5PriA5OhqGX8Qo.roa
File: 0JJLH92b9ei-F5PriA5OhqGX8Qo.roa (raw, json)
Hash identifier: OAXwMMCwshgUyLp7eBhzKer8vE/aXd3f9yTsDMZAMuA=
Subject key identifier: D0:92:4B:1F:DD:9B:F5:E8:BE:17:93:EB:88:0E:4E:86:A1:97:F1:0A
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019D30A3DAE422581BD0FEA9987BC6C2F691
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/0JJLH92b9ei-F5PriA5OhqGX8Qo.roa
Signing time: Fri 27 Mar 2026 18:52:17 +0000
ROA not before: Fri 27 Mar 2026 18:52:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 22616
IP address blocks: 137.31.15.0/24 maxlen: 24
147.161.128.0/23 maxlen: 24
159.254.58.0/23 maxlen: 24
159.254.60.0/23 maxlen: 24
159.254.64.0/23 maxlen: 24
159.254.66.0/23 maxlen: 24
159.254.69.0/24 maxlen: 24
159.254.84.0/24 maxlen: 24
159.254.85.0/24 maxlen: 24
159.254.86.0/24 maxlen: 24
159.254.92.0/24 maxlen: 24
159.254.93.0/24 maxlen: 24
159.254.94.0/24 maxlen: 24
159.254.95.0/24 maxlen: 24
159.254.96.0/24 maxlen: 24
159.254.97.0/24 maxlen: 24
159.254.99.0/24 maxlen: 24
159.254.100.0/24 maxlen: 24
159.254.182.0/23 maxlen: 24
159.254.184.0/23 maxlen: 24
159.254.202.0/24 maxlen: 24
159.254.209.0/24 maxlen: 24
159.254.217.0/24 maxlen: 24
159.254.220.0/24 maxlen: 24
159.254.221.0/24 maxlen: 24
159.254.240.0/24 maxlen: 24
159.254.241.0/24 maxlen: 24
164.137.4.0/24 maxlen: 24
164.137.5.0/24 maxlen: 24
164.137.6.0/24 maxlen: 24
164.137.7.0/24 maxlen: 24
164.137.8.0/24 maxlen: 24
164.137.9.0/24 maxlen: 24
164.137.10.0/24 maxlen: 24
164.137.11.0/24 maxlen: 24
164.137.12.0/24 maxlen: 24
164.137.13.0/24 maxlen: 24
164.137.14.0/24 maxlen: 24
164.137.15.0/24 maxlen: 24
164.137.16.0/24 maxlen: 24
164.137.17.0/24 maxlen: 24
164.137.18.0/24 maxlen: 24
164.137.19.0/24 maxlen: 24
164.137.20.0/24 maxlen: 24
164.137.21.0/24 maxlen: 24
164.137.22.0/24 maxlen: 24
164.137.23.0/24 maxlen: 24
164.137.24.0/24 maxlen: 24
164.137.25.0/24 maxlen: 24
164.137.26.0/24 maxlen: 24
164.137.27.0/24 maxlen: 24
164.137.28.0/24 maxlen: 24
164.137.29.0/24 maxlen: 24
164.137.30.0/24 maxlen: 24
164.137.31.0/24 maxlen: 24
164.137.32.0/24 maxlen: 24
164.137.33.0/24 maxlen: 24
164.137.34.0/24 maxlen: 24
164.137.35.0/24 maxlen: 24
164.137.36.0/24 maxlen: 24
164.137.37.0/24 maxlen: 24
164.137.38.0/24 maxlen: 24
164.137.39.0/24 maxlen: 24
164.137.40.0/24 maxlen: 24
164.137.41.0/24 maxlen: 24
164.137.42.0/24 maxlen: 24
164.137.43.0/24 maxlen: 24
164.137.44.0/24 maxlen: 24
164.137.45.0/24 maxlen: 24
164.137.46.0/24 maxlen: 24
164.137.47.0/24 maxlen: 24
164.137.48.0/24 maxlen: 24
164.137.49.0/24 maxlen: 24
164.137.50.0/24 maxlen: 24
164.137.51.0/24 maxlen: 24
164.137.52.0/24 maxlen: 24
164.137.53.0/24 maxlen: 24
220.42.0.0/16 maxlen: 24
220.43.0.0/16 maxlen: 24
2a03:eec0:3212::/48 maxlen: 48
2a03:eec0:321b::/48 maxlen: 48
2a03:eec0:322b::/48 maxlen: 48
2a03:eec0:322c::/48 maxlen: 48
2a03:eec0:322d::/48 maxlen: 48
2a03:eec0:322e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 15:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:30:a3:da:e4:22:58:1b:d0:fe:a9:98:7b:c6:c2:f6:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Mar 27 18:52:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d0924b1fdd9bf5e8be1793eb880e4e86a197f10a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:c6:c6:12:85:f6:c8:4f:44:f7:58:33:29:ce:
6f:ff:62:0f:9e:d2:e4:42:6b:1d:07:41:72:a1:52:
fd:22:f4:08:26:39:34:77:38:47:5b:e6:30:3c:7b:
49:de:19:2f:dd:02:61:41:0f:88:f8:09:15:af:5c:
4d:23:14:02:f7:fc:ed:56:7f:de:89:50:9d:a7:b1:
f7:37:f2:e9:63:cd:19:40:48:17:8b:a3:ff:04:47:
8e:a0:5e:6c:f8:40:44:52:c2:0d:c6:02:9a:28:64:
b5:9c:46:86:a6:b6:8d:5b:8b:f7:af:54:fe:93:a6:
4d:9e:79:1d:23:b5:8b:7c:8a:1c:80:1b:c3:80:35:
09:cc:1f:a8:09:ad:91:6b:c6:f2:8f:fb:74:1b:f8:
14:3a:ff:60:ee:8b:5a:08:1e:59:56:b3:d7:a7:13:
a4:fe:83:8a:0d:3d:f7:77:e9:77:71:2d:47:aa:d2:
a7:5a:f9:8a:a4:9d:f1:ef:55:b0:11:e8:97:86:15:
71:2a:5c:e2:9e:33:84:56:c3:2c:b5:06:b9:8f:ef:
1f:6b:f8:4d:3d:22:a1:a3:b8:f9:31:55:5b:76:b6:
cb:b4:8b:1d:16:4a:40:d6:bf:bd:db:c8:2d:79:4c:
bc:07:fd:d0:dc:aa:cb:ce:83:da:00:51:ad:bc:47:
c9:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:92:4B:1F:DD:9B:F5:E8:BE:17:93:EB:88:0E:4E:86:A1:97:F1:0A
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/0JJLH92b9ei-F5PriA5OhqGX8Qo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.31.15.0/24
147.161.128.0/23
159.254.58.0-159.254.61.255
159.254.64.0/22
159.254.69.0/24
159.254.84.0-159.254.86.255
159.254.92.0-159.254.97.255
159.254.99.0-159.254.100.255
159.254.182.0-159.254.185.255
159.254.202.0/24
159.254.209.0/24
159.254.217.0/24
159.254.220.0/23
159.254.240.0/23
164.137.4.0-164.137.53.255
220.42.0.0/15
IPv6:
2a03:eec0:3212::/48
2a03:eec0:321b::/48
2a03:eec0:322b::-2a03:eec0:322e:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
7e:d6:ec:f2:26:94:48:d7:ac:6b:af:ba:39:40:83:33:50:fd:
3f:68:42:62:3e:c4:3a:15:3c:70:2c:7c:ec:ee:f4:30:f4:bf:
ab:a4:d8:81:f8:f7:45:dc:cc:e9:f2:5d:1b:cc:5b:ce:2f:c2:
6b:96:d3:b1:a7:ce:e2:45:df:ce:65:aa:f8:34:1c:ab:de:3a:
cd:e1:e0:3a:99:9b:71:9b:fe:1e:82:eb:c9:f5:8d:cc:4e:a2:
3f:06:d7:01:3a:e7:96:30:da:e7:0a:68:d7:88:a8:5a:25:0b:
e2:5f:46:26:48:dc:25:6b:ad:a8:9e:a0:04:2b:51:86:91:4c:
56:5a:5f:64:56:46:30:af:8a:03:be:18:b6:31:8e:80:82:18:
7d:d8:d3:0e:81:34:55:95:2b:3f:e3:fe:46:2e:bc:a3:c0:75:
bd:2c:ac:6f:bd:b5:34:f7:9d:3e:b8:34:f0:b7:2a:73:0b:bd:
ad:74:78:b4:20:2f:35:6d:b9:af:82:81:e0:56:43:92:b9:46:
1e:72:54:23:86:05:5a:c4:c7:53:d7:bd:72:fa:69:ff:7c:44:
94:b7:98:3c:88:bf:36:8c:3b:b5:6e:6f:88:c8:4c:4e:03:b9:
5f:8d:7a:b6:49:c2:74:0c:44:ea:d2:ea:87:df:54:88:7d:15:
70:54:88:6b
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgISAZ0wo9rkIlgb0P6pmHvGwvaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwMzI3MTg1MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDkyNGIxZmRkOWJmNWU4YmUxNzkzZWI4ODBlNGU4NmExOTdmMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMbGEoX2yE9E91gzKc5v/2IPntLk
QmsdB0FyoVL9IvQIJjk0dzhHW+YwPHtJ3hkv3QJhQQ+I+AkVr1xNIxQC9/ztVn/e
iVCdp7H3N/LpY80ZQEgXi6P/BEeOoF5s+EBEUsINxgKaKGS1nEaGpraNW4v3r1T+
k6ZNnnkdI7WLfIocgBvDgDUJzB+oCa2Ra8byj/t0G/gUOv9g7otaCB5ZVrPXpxOk
/oOKDT33d+l3cS1HqtKnWvmKpJ3x71WwEeiXhhVxKlzinjOEVsMstQa5j+8fa/hN
PSKho7j5MVVbdrbLtIsdFkpA1r+928gteUy8B/3Q3KrLzoPaAFGtvEfJTQIDAQAB
o4ICxTCCAsEwHQYDVR0OBBYEFNCSSx/dm/XovheT64gOToahl/EKMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvMEpKTEg5MmI5ZWktRjVQcmlBNU9ocUdYOFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHaBggrBgEFBQcBBwEB/wSByjCBxzCBlgQCAAEwgY8DBACJ
Hw8DBAGToYAwDAMEAZ/+OgMEAZ/+PAMEAp/+QAMEAJ/+RTAMAwQCn/5UAwQAn/5W
MAwDBAKf/lwDBAGf/mAwDAMEAJ/+YwMEAJ/+ZDAMAwQBn/62AwQBn/64AwQAn/7K
AwQAn/7RAwQAn/7ZAwQBn/7cAwQBn/7wMAwDBAKkiQQDBAGkiTQDAwHcKjAsBAIA
AjAmAwcAKgPuwDISAwcAKgPuwDIbMBIDBwAqA+7AMisDBwAqA+7AMi4wDQYJKoZI
hvcNAQELBQADggEBAH7W7PImlEjXrGuvujlAgzNQ/T9oQmI+xDoVPHAsfOzu9DD0
v6uk2IH490XczOnyXRvMW84vwmuW07GnzuJF385lqvg0HKveOs3h4DqZm3Gb/h6C
68n1jcxOoj8G1wE655Yw2ucKaNeIqFolC+JfRiZI3CVrraieoAQrUYaRTFZaX2RW
RjCvigO+GLYxjoCCGH3Y0w6BNFWVKz/j/kYuvKPAdb0srG+9tTT3nT64NPC3KnML
va10eLQgLzVtua+CgeBWQ5K5Rh5yVCOGBVrEx1PXvXL6af98RJS3mDyIvzaMO7Vu
b4jITE4DuV+NerZJwnQMROrS6offVIh9FXBUiGs=
-----END CERTIFICATE-----
Generated at Sun Mar 29 22:37:23 2026 by rpki-client