Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/DEFfBNh248XHDVu-BwTd6VMfFV8.roa
File: DEFfBNh248XHDVu-BwTd6VMfFV8.roa (raw, json)
Hash identifier: 1e5rZ3fBzGEwRGyr2Q3kLvg86EH9L/cUWkBLg+rj2hY=
Subject key identifier: 0C:41:5F:04:D8:76:E3:C5:C7:0D:5B:BE:07:04:DD:E9:53:1F:15:5F
Certificate issuer: /CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Certificate serial: 019DAA60725318CD059E8F4CCFDF04EF00C6
Authority key identifier: 87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/DEFfBNh248XHDVu-BwTd6VMfFV8.roa
Signing time: Mon 20 Apr 2026 10:12:20 +0000
ROA not before: Mon 20 Apr 2026 10:12:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 132839
IP address blocks: 2.59.100.0/22 maxlen: 24
2.59.100.0/24 maxlen: 24
2.59.101.0/24 maxlen: 24
2.59.102.0/24 maxlen: 24
2.59.103.0/24 maxlen: 24
45.8.28.0/22 maxlen: 24
45.9.108.0/22 maxlen: 24
45.10.208.0/22 maxlen: 24
45.13.160.0/22 maxlen: 24
45.66.188.0/22 maxlen: 24
45.80.112.0/22 maxlen: 24
45.87.228.0/22 maxlen: 24
45.93.64.0/22 maxlen: 24
45.93.64.0/24 maxlen: 24
45.93.65.0/24 maxlen: 24
45.93.66.0/24 maxlen: 24
45.93.67.0/24 maxlen: 24
45.131.156.0/22 maxlen: 24
45.131.156.0/24 maxlen: 24
45.131.157.0/24 maxlen: 24
45.131.158.0/24 maxlen: 24
45.131.159.0/24 maxlen: 24
45.142.76.0/22 maxlen: 24
45.142.77.0/24 maxlen: 24
45.142.78.0/24 maxlen: 24
45.142.79.0/24 maxlen: 24
45.147.212.0/22 maxlen: 24
45.147.213.0/24 maxlen: 24
45.147.214.0/24 maxlen: 24
45.147.215.0/24 maxlen: 24
45.149.68.0/22 maxlen: 24
45.156.168.0/22 maxlen: 24
45.156.169.0/24 maxlen: 24
45.156.171.0/24 maxlen: 24
45.156.216.0/22 maxlen: 24
45.158.220.0/22 maxlen: 24
45.158.221.0/24 maxlen: 24
45.158.223.0/24 maxlen: 24
62.192.188.0/22 maxlen: 24
62.192.188.0/24 maxlen: 24
62.192.189.0/24 maxlen: 24
62.192.190.0/24 maxlen: 24
62.192.191.0/24 maxlen: 24
83.150.224.0/22 maxlen: 24
83.150.224.0/24 maxlen: 24
83.150.225.0/24 maxlen: 24
85.208.56.0/22 maxlen: 24
85.208.56.0/24 maxlen: 24
85.208.57.0/24 maxlen: 24
85.208.58.0/24 maxlen: 24
85.208.59.0/24 maxlen: 24
92.118.144.0/22 maxlen: 24
92.118.144.0/24 maxlen: 24
92.118.145.0/24 maxlen: 24
92.118.146.0/24 maxlen: 24
92.118.147.0/24 maxlen: 24
185.51.164.0/22 maxlen: 24
185.51.164.0/24 maxlen: 24
185.51.167.0/24 maxlen: 24
186.240.0.0/17 maxlen: 24
186.240.0.0/19 maxlen: 24
186.240.32.0/19 maxlen: 24
186.240.64.0/19 maxlen: 24
186.240.96.0/19 maxlen: 24
186.241.192.0/18 maxlen: 24
186.241.192.0/19 maxlen: 24
186.241.224.0/19 maxlen: 24
186.243.64.0/18 maxlen: 24
186.243.64.0/19 maxlen: 24
186.243.96.0/19 maxlen: 24
193.42.15.0/24 maxlen: 24
193.42.132.0/24 maxlen: 24
193.42.135.0/24 maxlen: 24
193.42.149.0/24 maxlen: 24
193.108.46.0/23 maxlen: 24
193.108.96.0/23 maxlen: 24
193.164.222.0/23 maxlen: 24
193.168.4.0/23 maxlen: 24
193.168.4.0/24 maxlen: 24
194.146.84.0/22 maxlen: 24
194.146.84.0/24 maxlen: 24
194.146.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.mft
rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 18:48:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:aa:60:72:53:18:cd:05:9e:8f:4c:cf:df:04:ef:00:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Validity
Not Before: Apr 20 10:12:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0c415f04d876e3c5c70d5bbe0704dde9531f155f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:28:c6:2b:8a:01:4d:00:92:b9:d2:ec:7b:9c:
a2:74:8b:e2:8c:ac:82:9c:90:be:aa:b8:6e:71:e2:
aa:eb:e7:98:8a:04:02:1d:69:46:45:03:fd:61:14:
c4:23:4f:7b:76:3e:da:d5:70:3f:73:78:56:af:d8:
91:91:dd:4e:d0:4d:72:78:c1:e3:c7:f7:fe:01:61:
d9:88:fc:b3:36:55:97:12:ef:59:0a:37:a1:7b:18:
cf:26:5d:62:9a:a6:0f:f6:8b:33:cf:9b:85:a8:1a:
17:5b:ed:c1:05:9b:cd:aa:55:b5:ce:28:3d:82:94:
23:e7:29:c6:95:7b:38:0b:3f:d3:a5:e8:a5:5c:34:
83:57:db:5e:19:71:31:1d:6e:6d:2c:88:9c:10:f8:
8a:c7:ca:52:62:9e:d2:0b:af:92:e8:b7:d6:e8:7f:
46:06:23:d7:b5:4c:e5:5c:bd:7a:f5:82:8e:ec:8d:
01:5b:31:cf:61:e1:e4:a1:df:a4:b9:cc:5a:ed:77:
52:b4:ea:91:82:e7:29:71:ee:2f:a2:f1:81:5a:1b:
6a:d8:49:55:a2:a7:a8:c2:0f:32:02:c5:d2:18:38:
32:f4:c9:5b:bd:21:d4:40:e6:46:36:cb:8c:33:23:
a2:f0:45:11:bd:c6:ae:a0:68:9a:42:7d:87:bb:05:
87:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:41:5F:04:D8:76:E3:C5:C7:0D:5B:BE:07:04:DD:E9:53:1F:15:5F
X509v3 Authority Key Identifier:
keyid:87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/DEFfBNh248XHDVu-BwTd6VMfFV8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.100.0/22
45.8.28.0/22
45.9.108.0/22
45.10.208.0/22
45.13.160.0/22
45.66.188.0/22
45.80.112.0/22
45.87.228.0/22
45.93.64.0/22
45.131.156.0/22
45.142.76.0/22
45.147.212.0/22
45.149.68.0/22
45.156.168.0/22
45.156.216.0/22
45.158.220.0/22
62.192.188.0/22
83.150.224.0/22
85.208.56.0/22
92.118.144.0/22
185.51.164.0/22
186.240.0.0/17
186.241.192.0/18
186.243.64.0/18
193.42.15.0/24
193.42.132.0/24
193.42.135.0/24
193.42.149.0/24
193.108.46.0/23
193.108.96.0/23
193.164.222.0/23
193.168.4.0/23
194.146.84.0/22
Signature Algorithm: sha256WithRSAEncryption
a4:88:40:07:16:04:e0:96:6d:af:da:ca:86:15:2a:95:dd:89:
81:67:2f:5b:33:f9:4b:be:08:8c:33:0e:e8:98:65:bf:63:f3:
f5:cc:92:1d:53:d2:98:1d:ae:e3:89:cf:e2:e3:39:03:54:72:
c9:5c:2b:bf:e0:ab:61:e3:c5:a0:cb:fa:b0:ea:27:24:64:77:
ce:a8:43:55:db:95:75:ce:bb:16:50:4b:08:47:66:44:1b:f5:
cb:44:0c:b1:42:43:36:8a:22:6d:21:84:90:0a:29:aa:33:a6:
6a:75:7d:05:00:bb:11:63:0a:fe:8a:ba:64:66:7f:41:82:1e:
53:c2:7d:19:a9:fd:e8:6f:2d:83:6b:d6:90:42:a7:e2:13:49:
5f:ae:89:68:1f:cd:44:ee:da:09:61:73:69:61:24:4b:04:ba:
6d:59:bf:38:28:0d:bc:8b:3c:8f:ef:17:45:b2:5c:d1:a9:61:
81:90:a3:c3:cd:95:12:9e:14:5e:17:49:0f:44:09:0b:91:57:
ac:4b:9f:8f:7b:18:42:06:83:17:e1:96:fd:5d:56:1e:46:cd:
4d:e3:51:4b:e5:cc:bc:8f:f1:fb:d2:2b:6c:bd:83:25:a4:2b:
0a:32:52:7d:41:ec:bc:7f:b1:38:e5:ed:63:2a:29:ff:56:a7:
04:e1:f7:c2
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgISAZ2qYHJTGM0Fno9Mz98E7wDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGFiYjI5OTc3YTY1YjE0MGNhY2I2ZTcyYWIyNGNlZGRk
NGU4YzUwHhcNMjYwNDIwMTAxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQxNWYwNGQ4NzZlM2M1YzcwZDViYmUwNzA0ZGRlOTUzMWYxNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyjGK4oBTQCSudLse5yidIvijKyC
nJC+qrhuceKq6+eYigQCHWlGRQP9YRTEI097dj7a1XA/c3hWr9iRkd1O0E1yeMHj
x/f+AWHZiPyzNlWXEu9ZCjehexjPJl1imqYP9oszz5uFqBoXW+3BBZvNqlW1zig9
gpQj5ynGlXs4Cz/TpeilXDSDV9teGXExHW5tLIicEPiKx8pSYp7SC6+S6LfW6H9G
BiPXtUzlXL169YKO7I0BWzHPYeHkod+kucxa7XdStOqRgucpce4vovGBWhtq2ElV
oqeowg8yAsXSGDgy9MlbvSHUQOZGNsuMMyOi8EURvcauoGiaQn2HuwWH5wIDAQAB
o4ICzjCCAsowHQYDVR0OBBYEFAxBXwTYduPFxw1bvgcE3elTHxVfMB8GA1UdIwQY
MBaAFIeKuymXemWxQMrLbnKrJM7d1OjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2Et
YWM4NjQ3ZDA1NThhLzEvREVGZkJOaDI0OFhIRFZ1LUJ3VGQ2Vk1mRlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2EtYWM4NjQ3ZDA1NThh
LzEvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHjBggrBgEFBQcBBwEB/wSB0zCB0DCBzQQCAAEwgcYDBAIC
O2QDBAItCBwDBAItCWwDBAItCtADBAItDaADBAItQrwDBAItUHADBAItV+QDBAIt
XUADBAItg5wDBAItjkwDBAItk9QDBAItlUQDBAItnKgDBAItnNgDBAItntwDBAI+
wLwDBAJTluADBAJV0DgDBAJcdpADBAK5M6QDBAe68AADBAa68cADBAa680ADBADB
Kg8DBADBKoQDBADBKocDBADBKpUDBAHBbC4DBAHBbGADBAHBpN4DBAHBqAQDBALC
klQwDQYJKoZIhvcNAQELBQADggEBAKSIQAcWBOCWba/ayoYVKpXdiYFnL1sz+Uu+
CIwzDuiYZb9j8/XMkh1T0pgdruOJz+LjOQNUcslcK7/gq2HjxaDL+rDqJyRkd86o
Q1XblXXOuxZQSwhHZkQb9ctEDLFCQzaKIm0hhJAKKaozpmp1fQUAuxFjCv6KumRm
f0GCHlPCfRmp/ehvLYNr1pBCp+ITSV+uiWgfzUTu2glhc2lhJEsEum1ZvzgoDbyL
PI/vF0WyXNGpYYGQo8PNlRKeFF4XSQ9ECQuRV6xLn497GEIGgxfhlv1dVh5GzU3j
UUvlzLyP8fvSK2y9gyWkKwoyUn1B7Lx/sTjl7WMqKf9WpwTh98I=
-----END CERTIFICATE-----
Generated at Wed May 6 01:05:09 2026 by rpki-client