Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/DwQ0VzEpgtSpM5yRg_MsiGpLHbQ.roa
File: DwQ0VzEpgtSpM5yRg_MsiGpLHbQ.roa (raw, json)
Hash identifier: 8B6LMRCNYRSlMwJmgvrQgb9+1S4Eo+ZqnOoIsP4WvDo=
Subject key identifier: 0F:04:34:57:31:29:82:D4:A9:33:9C:91:83:F3:2C:88:6A:4B:1D:B4
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019E474F93B26FEF1848997812F4F71DDFF5
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/DwQ0VzEpgtSpM5yRg_MsiGpLHbQ.roa
Signing time: Wed 20 May 2026 21:34:17 +0000
ROA not before: Wed 20 May 2026 21:34:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 87.58.64.0/24 maxlen: 24
87.58.65.0/24 maxlen: 24
137.31.4.0/24 maxlen: 24
137.31.5.0/24 maxlen: 24
137.31.6.0/24 maxlen: 24
137.31.7.0/24 maxlen: 24
137.31.96.0/24 maxlen: 24
137.31.97.0/24 maxlen: 24
159.254.0.0/24 maxlen: 24
159.254.1.0/24 maxlen: 24
159.254.2.0/24 maxlen: 24
159.254.3.0/24 maxlen: 24
159.254.4.0/24 maxlen: 24
159.254.5.0/24 maxlen: 24
159.254.6.0/24 maxlen: 24
159.254.7.0/24 maxlen: 24
159.254.8.0/24 maxlen: 24
159.254.9.0/24 maxlen: 24
159.254.10.0/24 maxlen: 24
159.254.11.0/24 maxlen: 24
159.254.12.0/24 maxlen: 24
159.254.80.0/24 maxlen: 24
159.254.81.0/24 maxlen: 24
159.254.82.0/24 maxlen: 24
159.254.186.0/24 maxlen: 24
159.254.187.0/24 maxlen: 24
159.254.188.0/24 maxlen: 24
159.254.189.0/24 maxlen: 24
159.254.190.0/24 maxlen: 24
159.254.191.0/24 maxlen: 24
159.254.200.0/24 maxlen: 24
159.254.201.0/24 maxlen: 24
159.254.207.0/24 maxlen: 24
159.254.208.0/24 maxlen: 24
194.9.116.0/24 maxlen: 24
2a03:eec0:3601::/48 maxlen: 48
2a03:eec0:3602::/48 maxlen: 48
2a03:eec0:3603::/48 maxlen: 48
2a03:eec0:3604::/48 maxlen: 48
2a03:eec0:3605::/48 maxlen: 48
2a03:eec0:3606::/48 maxlen: 48
2a03:eec0:3607::/48 maxlen: 48
2a03:eec0:3608::/48 maxlen: 48
2a03:eec0:3609::/48 maxlen: 48
2a03:eec0:360a::/48 maxlen: 48
2a03:eec0:360b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:47:4f:93:b2:6f:ef:18:48:99:78:12:f4:f7:1d:df:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: May 20 21:34:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0f043457312982d4a9339c9183f32c886a4b1db4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:4e:77:f2:9c:92:7e:29:b4:5b:72:be:a7:ca:
66:bc:e2:84:4f:1d:20:8c:bd:a8:12:73:b9:59:ec:
bc:9e:51:f2:7a:a3:6a:03:09:c9:de:1d:75:89:07:
9d:94:f9:6d:ee:78:b7:c0:6a:fa:6e:61:29:bf:28:
83:4c:4e:1a:81:49:72:d8:e4:4d:9c:1a:c2:cc:34:
57:2a:8f:bc:7f:d8:15:5d:72:06:20:72:1e:5b:46:
2d:9c:0e:c7:5c:95:ff:9e:4c:6e:bc:ad:86:d1:af:
43:8a:d5:c7:14:76:1a:d0:09:9c:01:1e:f0:9b:7a:
2b:31:77:8a:02:5c:cd:7d:67:9b:ee:fa:a8:bd:d3:
f7:48:d9:19:f7:d8:ee:2f:a2:d6:1f:36:33:1e:ee:
d8:96:66:41:f7:bb:c9:21:88:cd:66:af:16:d4:33:
b7:a3:01:83:71:ce:ff:cf:85:b2:55:bd:30:79:b8:
8b:a8:1c:7b:7d:05:d0:84:f2:91:ff:33:f2:55:43:
0e:ca:1f:79:70:12:05:d4:ad:3d:ef:4a:c0:ef:cf:
34:ed:57:5a:a4:3c:e8:2f:42:8d:27:7e:ef:25:2b:
24:2f:e6:d3:94:ae:d2:44:3e:16:55:75:a4:86:40:
28:b0:6a:35:ed:7a:1a:47:79:e4:cb:b6:08:ca:bb:
2d:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:04:34:57:31:29:82:D4:A9:33:9C:91:83:F3:2C:88:6A:4B:1D:B4
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/DwQ0VzEpgtSpM5yRg_MsiGpLHbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.58.64.0/23
137.31.4.0/22
137.31.96.0/23
159.254.0.0-159.254.12.255
159.254.80.0-159.254.82.255
159.254.186.0-159.254.191.255
159.254.200.0/23
159.254.207.0-159.254.208.255
194.9.116.0/24
IPv6:
2a03:eec0:3601::-2a03:eec0:360b:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5c:88:50:36:da:53:3b:ce:76:9e:70:e6:0c:c3:85:6d:0e:c3:
cd:2f:8d:43:af:88:86:8b:da:69:ab:3a:98:89:0e:8c:1a:5a:
aa:72:36:2f:ec:40:c1:6b:c5:17:62:17:6d:d7:1d:05:1c:ca:
3e:27:66:c9:a0:a1:05:88:6a:a7:2d:37:72:a5:aa:12:b9:87:
d4:7a:ce:ce:bc:25:8b:e4:5a:47:c4:62:6b:80:70:b5:61:47:
55:a4:64:ac:57:a7:ce:5f:4e:b9:b1:ad:72:7c:16:c0:4c:1f:
61:5f:0b:5f:bd:d8:07:36:8e:82:2b:29:b2:49:8b:68:ba:78:
2d:9c:76:e6:46:35:d1:0b:57:54:03:b6:17:a8:38:91:51:d4:
f4:fb:d6:21:cc:6c:d0:31:fb:27:05:86:cf:5e:a3:9d:c1:1c:
df:3f:b0:8c:7d:83:6e:95:e0:3a:9c:7a:4e:3e:9c:55:97:85:
93:ba:ff:1d:dd:b5:ed:59:25:41:6a:70:ed:7b:05:f8:ce:22:
ee:0c:1b:f3:93:8e:2d:af:8c:94:9a:b5:a8:3a:37:a9:d4:76:
25:00:56:18:57:05:76:03:a2:95:b1:dc:b5:43:8b:c5:67:a2:
7d:0c:42:f7:87:50:34:60:be:38:66:a1:a9:05:9f:e1:f0:18:
5a:06:3e:a8
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAZ5HT5Oyb+8YSJl4EvT3Hd/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwNTIwMjEzNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjA0MzQ1NzMxMjk4MmQ0YTkzMzljOTE4M2YzMmM4ODZhNGIxZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E538pySfim0W3K+p8pmvOKETx0g
jL2oEnO5Wey8nlHyeqNqAwnJ3h11iQedlPlt7ni3wGr6bmEpvyiDTE4agUly2ORN
nBrCzDRXKo+8f9gVXXIGIHIeW0YtnA7HXJX/nkxuvK2G0a9DitXHFHYa0AmcAR7w
m3orMXeKAlzNfWeb7vqovdP3SNkZ99juL6LWHzYzHu7YlmZB97vJIYjNZq8W1DO3
owGDcc7/z4WyVb0webiLqBx7fQXQhPKR/zPyVUMOyh95cBIF1K0970rA78807Vda
pDzoL0KNJ37vJSskL+bTlK7SRD4WVXWkhkAosGo17XoaR3nky7YIyrstcwIDAQAB
o4ICdTCCAnEwHQYDVR0OBBYEFA8ENFcxKYLUqTOckYPzLIhqSx20MB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvRHdRMFZ6RXBndFNwTTV5UmdfTXNpR3BMSGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGKBggrBgEFBQcBBwEB/wR7MHkwWwQCAAEwVQMEAVc6QAME
AokfBAMEAYkfYDALAwMBn/4DBACf/gwwDAMEBJ/+UAMEAJ/+UjAMAwQBn/66AwQG
n/6AAwQBn/7IMAwDBACf/s8DBACf/tADBADCCXQwGgQCAAIwFDASAwcAKgPuwDYB
AwcCKgPuwDYIMA0GCSqGSIb3DQEBCwUAA4IBAQBciFA22lM7znaecOYMw4VtDsPN
L41Dr4iGi9ppqzqYiQ6MGlqqcjYv7EDBa8UXYhdt1x0FHMo+J2bJoKEFiGqnLTdy
paoSuYfUes7OvCWL5FpHxGJrgHC1YUdVpGSsV6fOX065sa1yfBbATB9hXwtfvdgH
No6CKymySYtoungtnHbmRjXRC1dUA7YXqDiRUdT0+9YhzGzQMfsnBYbPXqOdwRzf
P7CMfYNuleA6nHpOPpxVl4WTuv8d3bXtWSVBanDtewX4ziLuDBvzk44tr4yUmrWo
Ojep1HYlAFYYVwV2A6KVsdy1Q4vFZ6J9DEL3h1A0YL44ZqGpBZ/h8BhaBj6o
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:11 2026 by rpki-client