Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/irA0JceEuEodl99Q_dZTTdY7HaA.roa
File: irA0JceEuEodl99Q_dZTTdY7HaA.roa (raw, json)
Hash identifier: VyxTOx+3wVfafkLhbAvwOmaRgP56DMjB9J1S/JOzUO4=
Subject key identifier: 8A:B0:34:25:C7:84:B8:4A:1D:97:DF:50:FD:D6:53:4D:D6:3B:1D:A0
Certificate issuer: /CN=85aaadc568f6c928fd764d421d42c71cf5791954
Certificate serial: 019CD394CFABB7A9B324B582C8A6FD6ABF2D
Authority key identifier: 85:AA:AD:C5:68:F6:C9:28:FD:76:4D:42:1D:42:C7:1C:F5:79:19:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/haqtxWj2ySj9dk1CHULHHPV5GVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/irA0JceEuEodl99Q_dZTTdY7HaA.roa
Signing time: Mon 09 Mar 2026 17:11:10 +0000
ROA not before: Mon 09 Mar 2026 17:11:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44092
IP address blocks: 31.25.32.0/21 maxlen: 24
45.145.200.0/22 maxlen: 22
45.145.200.0/24 maxlen: 24
45.145.201.0/24 maxlen: 24
45.145.202.0/24 maxlen: 24
45.145.203.0/24 maxlen: 24
77.242.128.0/20 maxlen: 24
77.242.128.0/24 maxlen: 24
77.242.129.0/24 maxlen: 24
77.242.130.0/24 maxlen: 24
77.242.131.0/24 maxlen: 24
77.242.132.0/24 maxlen: 24
77.242.133.0/24 maxlen: 24
77.242.134.0/24 maxlen: 24
77.242.135.0/24 maxlen: 24
77.242.136.0/24 maxlen: 24
77.242.137.0/24 maxlen: 24
77.242.138.0/24 maxlen: 24
77.242.139.0/24 maxlen: 24
77.242.140.0/24 maxlen: 24
77.242.141.0/24 maxlen: 24
77.242.142.0/24 maxlen: 24
77.242.143.0/24 maxlen: 24
79.108.152.0/21 maxlen: 24
79.108.208.0/21 maxlen: 24
85.208.200.0/22 maxlen: 22
85.208.200.0/24 maxlen: 24
85.208.201.0/24 maxlen: 24
85.208.202.0/24 maxlen: 24
85.208.203.0/24 maxlen: 24
89.37.70.0/23 maxlen: 24
89.37.70.0/24 maxlen: 24
89.37.71.0/24 maxlen: 24
178.23.8.0/21 maxlen: 24
178.210.232.0/21 maxlen: 24
185.56.156.0/22 maxlen: 24
185.71.244.0/22 maxlen: 24
185.71.244.0/24 maxlen: 24
185.71.246.0/24 maxlen: 24
185.171.232.0/22 maxlen: 22
185.171.232.0/24 maxlen: 24
185.171.233.0/24 maxlen: 24
185.171.234.0/24 maxlen: 24
185.171.235.0/24 maxlen: 24
185.178.252.0/22 maxlen: 24
185.191.104.0/22 maxlen: 22
185.191.104.0/24 maxlen: 24
185.191.105.0/24 maxlen: 24
185.191.106.0/24 maxlen: 24
185.191.107.0/24 maxlen: 24
185.215.144.0/22 maxlen: 22
185.215.144.0/24 maxlen: 24
185.215.145.0/24 maxlen: 24
185.215.146.0/24 maxlen: 24
185.215.147.0/24 maxlen: 24
185.219.116.0/22 maxlen: 22
185.219.116.0/24 maxlen: 24
185.219.117.0/24 maxlen: 24
185.219.118.0/24 maxlen: 24
185.219.119.0/24 maxlen: 24
185.236.48.0/23 maxlen: 23
185.248.227.0/24 maxlen: 24
185.255.29.0/24 maxlen: 24
188.191.56.0/22 maxlen: 24
188.191.56.0/24 maxlen: 24
188.191.57.0/24 maxlen: 24
188.191.58.0/24 maxlen: 24
188.191.59.0/24 maxlen: 24
212.28.168.0/21 maxlen: 21
217.28.64.0/22 maxlen: 22
217.28.64.0/24 maxlen: 24
217.28.65.0/24 maxlen: 24
217.28.66.0/24 maxlen: 24
217.28.67.0/24 maxlen: 24
2a02:53e0::/32 maxlen: 32
2a05:3680::/29 maxlen: 29
2a0b:7b80::/29 maxlen: 29
2a0f:de80::/29 maxlen: 29
2a13:56c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/haqtxWj2ySj9dk1CHULHHPV5GVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/haqtxWj2ySj9dk1CHULHHPV5GVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/haqtxWj2ySj9dk1CHULHHPV5GVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 09:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d3:94:cf:ab:b7:a9:b3:24:b5:82:c8:a6:fd:6a:bf:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85aaadc568f6c928fd764d421d42c71cf5791954
Validity
Not Before: Mar 9 17:11:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8ab03425c784b84a1d97df50fdd6534dd63b1da0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:72:b6:bb:f0:0e:c6:e1:23:10:29:c1:d9:5e:
de:15:25:1d:74:84:d8:91:a1:00:39:62:b0:d9:66:
b6:38:19:4c:b3:21:41:07:b3:ce:01:ae:03:ec:7a:
41:6a:37:08:8a:8f:b4:8b:6b:92:8c:59:64:31:7c:
00:d4:f4:69:73:66:c4:7a:a6:cb:1c:6d:27:a6:44:
00:06:7e:4b:dd:c1:c4:03:29:61:02:7f:f5:3e:a2:
42:43:ab:37:93:e8:00:b8:42:fc:0a:52:4d:71:b8:
5b:a0:aa:06:bf:bf:4b:bb:fb:57:66:6c:da:b6:0b:
49:ed:d1:24:4a:94:15:27:75:29:06:cf:5c:09:1e:
0d:02:bd:76:1a:17:d0:dd:bd:15:d4:81:b8:71:03:
c8:81:0e:e5:e0:1f:63:81:30:ce:d4:08:7e:a4:38:
c1:0f:42:4c:7a:9c:0a:bd:13:94:b3:89:55:d0:b8:
da:78:57:66:1f:5e:6d:4e:db:19:b9:9b:d8:54:0e:
5d:6f:52:55:90:ea:d0:51:a7:e3:86:87:ae:63:ff:
3c:78:1d:a3:c3:c5:c1:08:0b:70:2b:98:c7:e9:b3:
48:f7:87:fe:1b:e9:05:6f:d8:9a:8a:5f:a5:0b:32:
87:87:e1:a0:36:be:9b:35:ba:46:fe:b3:76:ce:de:
34:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:B0:34:25:C7:84:B8:4A:1D:97:DF:50:FD:D6:53:4D:D6:3B:1D:A0
X509v3 Authority Key Identifier:
keyid:85:AA:AD:C5:68:F6:C9:28:FD:76:4D:42:1D:42:C7:1C:F5:79:19:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/haqtxWj2ySj9dk1CHULHHPV5GVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/irA0JceEuEodl99Q_dZTTdY7HaA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/0ebdd4-2617-4d31-a8c3-45ea38da2218/1/haqtxWj2ySj9dk1CHULHHPV5GVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.32.0/21
45.145.200.0/22
77.242.128.0/20
79.108.152.0/21
79.108.208.0/21
85.208.200.0/22
89.37.70.0/23
178.23.8.0/21
178.210.232.0/21
185.56.156.0/22
185.71.244.0/22
185.171.232.0/22
185.178.252.0/22
185.191.104.0/22
185.215.144.0/22
185.219.116.0/22
185.236.48.0/23
185.248.227.0/24
185.255.29.0/24
188.191.56.0/22
212.28.168.0/21
217.28.64.0/22
IPv6:
2a02:53e0::/32
2a05:3680::/29
2a0b:7b80::/29
2a0f:de80::/29
2a13:56c0::/29
Signature Algorithm: sha256WithRSAEncryption
a8:5b:6b:e6:c5:4f:f7:47:7e:e5:6e:69:57:6e:39:09:02:70:
67:a0:5a:79:16:5c:85:eb:ba:6c:62:40:85:00:f2:9b:96:51:
57:4b:56:f7:49:c3:69:15:24:8c:0c:fb:e4:32:c2:e4:50:10:
5d:18:a6:bb:df:27:61:a4:7c:71:5a:88:60:79:eb:e5:42:5d:
5c:67:b7:ff:94:8b:34:08:d2:73:b7:49:ad:7f:b7:be:e1:18:
fc:6a:da:35:e3:64:b6:f9:5e:8a:97:ab:6f:60:b3:60:1d:90:
7b:7b:4b:58:9a:1c:f2:63:59:29:27:d4:cb:cf:90:95:63:7f:
c5:74:5e:ce:10:6b:e5:20:94:ee:80:3c:c6:4f:e1:72:b0:12:
25:96:2e:dd:13:2b:4b:a5:ed:da:5b:57:03:20:4d:15:eb:d6:
0a:49:42:0f:7a:09:7c:b3:9c:74:4d:4b:83:88:e0:ae:ad:e9:
33:34:89:f8:ff:53:36:76:0e:fc:4c:9b:08:a6:2d:04:61:f5:
e8:53:70:66:80:17:c6:9a:d1:3d:9b:92:14:78:bd:ca:bc:90:
a0:53:23:53:a1:3c:e1:66:41:37:64:61:fd:78:c9:1d:b7:87:
f7:c7:f2:95:8a:18:03:4b:60:b8:1f:0f:38:9f:78:1a:65:7d:
24:bb:bc:22
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAZzTlM+rt6mzJLWCyKb9ar8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWFhZGM1NjhmNmM5MjhmZDc2NGQ0MjFkNDJjNzFjZjU3
OTE5NTQwHhcNMjYwMzA5MTcxMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWIwMzQyNWM3ODRiODRhMWQ5N2RmNTBmZGQ2NTM0ZGQ2M2IxZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3K2u/AOxuEjECnB2V7eFSUddITY
kaEAOWKw2Wa2OBlMsyFBB7POAa4D7HpBajcIio+0i2uSjFlkMXwA1PRpc2bEeqbL
HG0npkQABn5L3cHEAylhAn/1PqJCQ6s3k+gAuEL8ClJNcbhboKoGv79Lu/tXZmza
tgtJ7dEkSpQVJ3UpBs9cCR4NAr12GhfQ3b0V1IG4cQPIgQ7l4B9jgTDO1Ah+pDjB
D0JMepwKvROUs4lV0LjaeFdmH15tTtsZuZvYVA5db1JVkOrQUafjhoeuY/88eB2j
w8XBCAtwK5jH6bNI94f+G+kFb9iail+lCzKHh+GgNr6bNbpG/rN2zt40EQIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFIqwNCXHhLhKHZffUP3WU03WOx2gMB8GA1UdIwQY
MBaAFIWqrcVo9sko/XZNQh1Cxxz1eRlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGFxdHhXajJ5U2o5ZGsxQ0hVTEhIUFY1R1ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8wZWJkZDQtMjYxNy00ZDMxLWE4YzMt
NDVlYTM4ZGEyMjE4LzEvaXJBMEpjZUV1RW9kbDk5UV9kWlRUZFk3SGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8wZWJkZDQtMjYxNy00ZDMxLWE4YzMtNDVlYTM4ZGEyMjE4
LzEvaGFxdHhXajJ5U2o5ZGsxQ0hVTEhIUFY1R1ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHMBggrBgEFBQcBBwEB/wSBvDCBuTCBiwQCAAEwgYQDBAMf
GSADBAItkcgDBARN8oADBANPbJgDBANPbNADBAJV0MgDBAFZJUYDBAOyFwgDBAOy
0ugDBAK5OJwDBAK5R/QDBAK5q+gDBAK5svwDBAK5v2gDBAK515ADBAK523QDBAG5
7DADBAC5+OMDBAC5/x0DBAK8vzgDBAPUHKgDBALZHEAwKQQCAAIwIwMFACoCU+AD
BQMqBTaAAwUDKgt7gAMFAyoP3oADBQMqE1bAMA0GCSqGSIb3DQEBCwUAA4IBAQCo
W2vmxU/3R37lbmlXbjkJAnBnoFp5FlyF67psYkCFAPKbllFXS1b3ScNpFSSMDPvk
MsLkUBBdGKa73ydhpHxxWohgeevlQl1cZ7f/lIs0CNJzt0mtf7e+4Rj8ato142S2
+V6Kl6tvYLNgHZB7e0tYmhzyY1kpJ9TLz5CVY3/FdF7OEGvlIJTugDzGT+FysBIl
li7dEytLpe3aW1cDIE0V69YKSUIPegl8s5x0TUuDiOCurekzNIn4/1M2dg78TJsI
pi0EYfXoU3BmgBfGmtE9m5IUeL3KvJCgUyNToTzhZkE3ZGH9eMkdt4f3x/KVihgD
S2C4Hw84n3gaZX0ku7wi
-----END CERTIFICATE-----
Generated at Fri Mar 13 16:21:02 2026 by rpki-client