Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/oKQ5FipG3-zKWR9yp1rYPyiGiUg.roa
File: oKQ5FipG3-zKWR9yp1rYPyiGiUg.roa (raw, json)
Hash identifier: Gn9Duafy7gt9hgIKGMUe6X7DSXUTyv3FG2hDv35Gv+4=
Subject key identifier: A0:A4:39:16:2A:46:DF:EC:CA:59:1F:72:A7:5A:D8:3F:28:86:89:48
Certificate issuer: /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial: 019D2C250B323A1B8B59F25A0DE690DED354
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/oKQ5FipG3-zKWR9yp1rYPyiGiUg.roa
Signing time: Thu 26 Mar 2026 21:55:18 +0000
ROA not before: Thu 26 Mar 2026 21:55:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212667
IP address blocks: 2.59.48.0/24 maxlen: 24
31.222.240.0/24 maxlen: 24
31.222.243.0/24 maxlen: 24
31.222.250.0/24 maxlen: 24
37.221.80.0/24 maxlen: 24
45.11.22.0/24 maxlen: 24
45.14.221.0/24 maxlen: 24
45.89.68.0/24 maxlen: 24
45.89.71.0/24 maxlen: 24
45.147.168.0/22 maxlen: 22
91.188.220.0/24 maxlen: 24
94.158.188.0/24 maxlen: 24
176.56.35.0/24 maxlen: 24
176.56.36.0/24 maxlen: 24
176.124.34.0/24 maxlen: 24
185.212.112.0/24 maxlen: 24
185.234.8.0/24 maxlen: 24
193.201.114.0/24 maxlen: 24
194.32.240.0/24 maxlen: 24
195.69.148.0/24 maxlen: 24
195.69.150.0/24 maxlen: 24
195.96.150.0/24 maxlen: 24
195.225.96.0/24 maxlen: 24
212.18.100.0/24 maxlen: 24
212.18.122.0/24 maxlen: 24
212.52.4.0/24 maxlen: 24
213.109.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 23:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2c:25:0b:32:3a:1b:8b:59:f2:5a:0d:e6:90:de:d3:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Validity
Not Before: Mar 26 21:55:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a0a439162a46dfecca591f72a75ad83f28868948
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d5:34:26:99:19:75:81:79:c5:98:2b:b4:0c:
fc:ce:0d:c6:9b:c7:e1:4e:43:23:9d:e3:e3:4b:bf:
ce:5c:11:c4:04:6e:77:3f:28:49:97:0f:e9:a9:d5:
b5:83:ef:94:4e:a1:19:c3:b8:69:51:7d:c8:64:c0:
70:af:0f:fb:19:49:68:e5:8c:4c:21:af:1c:ee:6e:
2a:0e:c8:26:1c:67:0a:e6:d5:ae:96:c2:bd:08:9d:
ac:25:1e:39:39:19:8a:2a:34:ae:27:18:d7:72:47:
de:7f:d5:90:66:72:3a:13:e4:8d:0a:4f:8e:ae:fb:
e3:e9:53:d0:59:fb:ea:1b:7f:26:60:0e:3b:42:e5:
56:78:d3:43:c7:f1:42:1c:75:66:bb:d4:e9:13:17:
68:3f:f1:72:1f:be:62:99:76:aa:87:c1:5f:9c:ef:
fc:4a:24:d0:ab:74:38:aa:48:10:9e:5b:46:83:08:
20:20:dd:62:80:6d:87:9d:8a:a9:1d:46:b6:df:f6:
db:47:da:9b:42:ce:78:5d:9e:6e:cf:c0:a8:69:63:
20:9b:9c:63:d7:f0:e2:f7:ec:2c:e4:e5:ea:12:cd:
b1:7f:04:a5:30:16:5f:ae:b9:09:ff:8b:c1:97:22:
34:4e:cc:10:fb:63:1f:34:c2:cc:0f:dc:77:de:70:
fb:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:A4:39:16:2A:46:DF:EC:CA:59:1F:72:A7:5A:D8:3F:28:86:89:48
X509v3 Authority Key Identifier:
keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/oKQ5FipG3-zKWR9yp1rYPyiGiUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.48.0/24
31.222.240.0/24
31.222.243.0/24
31.222.250.0/24
37.221.80.0/24
45.11.22.0/24
45.14.221.0/24
45.89.68.0/24
45.89.71.0/24
45.147.168.0/22
91.188.220.0/24
94.158.188.0/24
176.56.35.0-176.56.36.255
176.124.34.0/24
185.212.112.0/24
185.234.8.0/24
193.201.114.0/24
194.32.240.0/24
195.69.148.0/24
195.69.150.0/24
195.96.150.0/24
195.225.96.0/24
212.18.100.0/24
212.18.122.0/24
212.52.4.0/24
213.109.206.0/24
Signature Algorithm: sha256WithRSAEncryption
03:df:3e:d7:b2:b5:48:12:14:ce:8d:df:da:39:45:16:2b:60:
bb:c3:3f:0b:9b:77:2d:61:a8:42:a6:81:a3:64:51:e5:f2:24:
2b:5b:6c:63:33:ef:78:58:94:ef:c8:48:b5:a8:13:29:70:10:
01:0c:82:9f:63:38:02:86:0e:e0:6a:40:00:49:99:5e:40:fd:
d8:69:19:62:a7:99:72:69:ed:df:91:3c:9a:5e:a1:3b:c9:76:
02:fa:61:e4:77:f1:f6:ee:d5:ba:0c:cf:c7:71:5e:eb:41:b2:
4a:41:1e:35:c3:7b:79:43:7b:42:95:36:4c:95:9c:a7:1e:a7:
27:14:7a:f2:04:90:88:9a:c1:b5:6c:84:6c:0f:3b:cf:8e:99:
69:dd:06:0b:ba:c8:23:82:bc:4a:e1:33:cd:e0:13:a1:24:88:
ed:5b:25:24:7a:05:ff:d9:22:b8:17:d3:67:e8:0a:f0:54:13:
69:9c:06:0d:aa:f5:31:48:3f:a0:33:89:6a:6c:f7:a0:b2:b7:
3c:c1:81:fa:ff:a2:aa:3e:36:d6:c7:c1:7a:b0:5f:14:3f:e0:
67:9f:fd:d9:cb:81:6d:51:5a:f8:44:66:2f:f5:74:e6:d5:5f:
7f:0c:b5:85:43:e6:76:e7:03:ae:60:77:7e:7c:04:bc:86:bc:
e4:fa:90:5e
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZ0sJQsyOhuLWfJaDeaQ3tNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzI2MjE1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGE0MzkxNjJhNDZkZmVjY2E1OTFmNzJhNzVhZDgzZjI4ODY4OTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydU0JpkZdYF5xZgrtAz8zg3Gm8fh
TkMjnePjS7/OXBHEBG53PyhJlw/pqdW1g++UTqEZw7hpUX3IZMBwrw/7GUlo5YxM
Ia8c7m4qDsgmHGcK5tWulsK9CJ2sJR45ORmKKjSuJxjXckfef9WQZnI6E+SNCk+O
rvvj6VPQWfvqG38mYA47QuVWeNNDx/FCHHVmu9TpExdoP/FyH75imXaqh8FfnO/8
SiTQq3Q4qkgQnltGgwggIN1igG2HnYqpHUa23/bbR9qbQs54XZ5uz8CoaWMgm5xj
1/Di9+ws5OXqEs2xfwSlMBZfrrkJ/4vBlyI0TswQ+2MfNMLMD9x33nD7DwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFKCkORYqRt/sylkfcqda2D8oholIMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvb0tRNUZpcEczLXpLV1I5eXAxcllQeWlHaVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
OzADBAAf3vADBAAf3vMDBAAf3voDBAAl3VADBAAtCxYDBAAtDt0DBAAtWUQDBAAt
WUcDBAItk6gDBABbvNwDBABenrwwDAMEALA4IwMEALA4JAMEALB8IgMEALnUcAME
ALnqCAMEAMHJcgMEAMIg8AMEAMNFlAMEAMNFlgMEAMNglgMEAMPhYAMEANQSZAME
ANQSegMEANQ0BAMEANVtzjANBgkqhkiG9w0BAQsFAAOCAQEAA98+17K1SBIUzo3f
2jlFFitgu8M/C5t3LWGoQqaBo2RR5fIkK1tsYzPveFiU78hItagTKXAQAQyCn2M4
AoYO4GpAAEmZXkD92GkZYqeZcmnt35E8ml6hO8l2Avph5Hfx9u7VugzPx3Fe60Gy
SkEeNcN7eUN7QpU2TJWcpx6nJxR68gSQiJrBtWyEbA87z46Zad0GC7rII4K8SuEz
zeAToSSI7VslJHoF/9kiuBfTZ+gK8FQTaZwGDar1MUg/oDOJamz3oLK3PMGB+v+i
qj421sfBerBfFD/gZ5/92cuBbVFa+ERmL/V05tVffwy1hUPmducDrmB3fnwEvIa8
5PqQXg==
-----END CERTIFICATE-----
Generated at Sun Mar 29 08:48:35 2026 by rpki-client