Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/lpxyiakpbRTIUo2enZ3s4fYROM4.roa
File: lpxyiakpbRTIUo2enZ3s4fYROM4.roa (raw, json)
Hash identifier: Mb9/ObCKM9DfZRe9GVLf6ZU5PIlqLwTAzoyTNFiylcI=
Subject key identifier: 96:9C:72:89:A9:29:6D:14:C8:52:8D:9E:9D:9D:EC:E1:F6:11:38:CE
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 019DB57EEA8D9546E2E1FF64440E4A6F8637
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/lpxyiakpbRTIUo2enZ3s4fYROM4.roa
Signing time: Wed 22 Apr 2026 14:01:26 +0000
ROA not before: Wed 22 Apr 2026 14:01:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 45.117.53.0/24 maxlen: 24
45.123.145.0/24 maxlen: 24
72.63.110.0/23 maxlen: 23
189.81.0.0/23 maxlen: 23
189.81.26.0/23 maxlen: 23
189.81.32.0/23 maxlen: 23
189.81.60.0/23 maxlen: 23
189.81.68.0/23 maxlen: 23
189.81.104.0/23 maxlen: 23
189.81.140.0/23 maxlen: 23
189.81.168.0/23 maxlen: 23
189.81.202.0/23 maxlen: 23
189.81.232.0/23 maxlen: 23
189.104.2.0/23 maxlen: 23
189.104.12.0/23 maxlen: 23
189.104.32.0/23 maxlen: 23
189.104.64.0/23 maxlen: 23
189.104.96.0/23 maxlen: 23
189.104.98.0/23 maxlen: 23
189.104.112.0/23 maxlen: 23
189.104.130.0/23 maxlen: 23
189.104.170.0/23 maxlen: 23
189.104.200.0/23 maxlen: 23
189.104.254.0/23 maxlen: 23
203.78.166.0/23 maxlen: 23
205.188.4.0/23 maxlen: 23
205.188.12.0/22 maxlen: 22
205.188.24.0/22 maxlen: 22
205.188.28.0/22 maxlen: 22
205.188.32.0/22 maxlen: 22
205.188.36.0/22 maxlen: 22
205.188.40.0/22 maxlen: 22
205.188.48.0/22 maxlen: 22
205.188.56.0/22 maxlen: 22
205.188.64.0/22 maxlen: 22
205.188.68.0/22 maxlen: 22
205.188.72.0/22 maxlen: 22
205.188.76.0/23 maxlen: 23
205.188.78.0/23 maxlen: 23
205.188.84.0/22 maxlen: 22
205.188.88.0/22 maxlen: 22
205.188.94.0/23 maxlen: 23
205.188.124.0/22 maxlen: 22
205.188.132.0/22 maxlen: 22
205.188.214.0/23 maxlen: 23
205.188.240.0/22 maxlen: 22
205.188.252.0/22 maxlen: 22
2a0d:3900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 04:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b5:7e:ea:8d:95:46:e2:e1:ff:64:44:0e:4a:6f:86:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Apr 22 14:01:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=969c7289a9296d14c8528d9e9d9dece1f61138ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d3:9c:3b:e1:83:67:88:fd:f3:48:6e:d0:db:
ac:d3:e9:75:07:51:e6:b5:a4:21:51:53:75:0f:96:
31:c5:73:a5:32:97:0b:65:32:00:4a:d0:bf:74:dd:
7b:e2:24:4c:ec:6e:5f:97:96:08:f2:26:32:5a:08:
f5:35:20:77:d6:cb:0a:59:91:99:67:94:21:29:3e:
de:ab:f4:b1:93:c9:ee:9a:90:7b:6c:a0:06:43:1c:
64:2b:9d:67:00:87:53:c4:4a:62:f0:b9:ce:f2:d5:
ed:ab:74:45:37:82:a2:6c:43:66:4d:e7:0f:63:d0:
a0:b8:22:a2:76:a9:46:f7:09:51:25:6b:4c:a7:fa:
75:5c:35:d9:d8:e9:70:93:22:68:01:f5:9c:40:2e:
69:52:5d:93:d0:84:53:16:7c:cb:7c:6a:3c:ee:a7:
2a:2d:f9:db:7e:d7:74:ec:ff:e6:a5:c0:b3:bb:fe:
68:88:18:57:55:96:6d:0a:6b:12:59:7a:65:54:9d:
83:fc:07:40:8a:26:28:e7:42:53:ac:12:6a:af:88:
39:54:1c:80:61:42:93:5b:cf:6c:8e:80:37:63:50:
05:27:e8:cb:ad:32:c8:98:c3:7b:f5:f4:2a:0e:d9:
e7:71:58:51:69:ee:a4:4b:ef:ad:a4:98:58:95:93:
1c:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:9C:72:89:A9:29:6D:14:C8:52:8D:9E:9D:9D:EC:E1:F6:11:38:CE
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/lpxyiakpbRTIUo2enZ3s4fYROM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.117.53.0/24
45.123.145.0/24
72.63.110.0/23
189.81.0.0/23
189.81.26.0/23
189.81.32.0/23
189.81.60.0/23
189.81.68.0/23
189.81.104.0/23
189.81.140.0/23
189.81.168.0/23
189.81.202.0/23
189.81.232.0/23
189.104.2.0/23
189.104.12.0/23
189.104.32.0/23
189.104.64.0/23
189.104.96.0/22
189.104.112.0/23
189.104.130.0/23
189.104.170.0/23
189.104.200.0/23
189.104.254.0/23
203.78.166.0/23
205.188.4.0/23
205.188.12.0/22
205.188.24.0-205.188.43.255
205.188.48.0/22
205.188.56.0/22
205.188.64.0/20
205.188.84.0-205.188.91.255
205.188.94.0/23
205.188.124.0/22
205.188.132.0/22
205.188.214.0/23
205.188.240.0/22
205.188.252.0/22
IPv6:
2a0d:3900::/29
Signature Algorithm: sha256WithRSAEncryption
89:4b:4f:86:de:15:9c:30:48:57:32:20:e7:be:f2:33:87:1a:
9e:e4:53:ad:97:e8:ff:e9:43:b7:31:16:d3:6f:ac:ab:3b:71:
87:2c:43:ca:bb:77:6a:a2:31:d1:a9:28:a8:1d:ae:51:0a:69:
85:0f:c7:45:56:36:bb:e2:cb:85:d2:6e:70:f2:2e:48:b1:7b:
86:af:c4:f5:ce:bb:0b:99:1f:a8:b4:fe:d8:ff:a5:e0:45:2f:
e5:ef:11:17:13:ab:77:6b:e6:1c:5a:8d:d4:6a:59:92:eb:bb:
a1:e0:a9:63:76:55:76:2b:6e:5c:c4:5e:49:78:39:20:bc:56:
8c:69:52:e4:04:9c:93:80:8c:c4:8c:d9:e2:38:a2:c5:8a:ba:
f7:8f:49:67:5d:5d:4a:7b:2c:e5:cb:c1:63:64:3d:65:38:40:
94:bf:6c:31:db:83:cd:b2:a6:01:54:b2:67:91:e9:5d:b8:98:
ca:0d:e2:05:95:95:08:c9:36:71:17:41:83:cd:c7:c8:f6:ce:
c7:99:ff:ab:72:71:48:e5:03:8f:f4:92:fb:4a:70:70:1c:f4:
58:38:70:33:24:74:8b:f5:87:02:6b:bd:89:96:e9:a3:1c:96:
57:35:74:8c:c9:74:ea:d9:84:2c:4f:59:0f:73:07:62:f5:e5:
59:c0:14:90
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZ21fuqNlUbi4f9kRA5Kb4Y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwNDIyMTQwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjljNzI4OWE5Mjk2ZDE0Yzg1MjhkOWU5ZDlkZWNlMWY2MTEzOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9OcO+GDZ4j980hu0Nus0+l1B1Hm
taQhUVN1D5YxxXOlMpcLZTIAStC/dN174iRM7G5fl5YI8iYyWgj1NSB31ssKWZGZ
Z5QhKT7eq/Sxk8numpB7bKAGQxxkK51nAIdTxEpi8LnO8tXtq3RFN4KibENmTecP
Y9CguCKidqlG9wlRJWtMp/p1XDXZ2OlwkyJoAfWcQC5pUl2T0IRTFnzLfGo87qcq
Lfnbftd07P/mpcCzu/5oiBhXVZZtCmsSWXplVJ2D/AdAiiYo50JTrBJqr4g5VByA
YUKTW89sjoA3Y1AFJ+jLrTLImMN79fQqDtnncVhRae6kS++tpJhYlZMcvwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFJaccompKW0UyFKNnp2d7OH2ETjOMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvbHB4eWlha3BiUlRJVW8yZW5aM3M0ZllST000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCB9QQCAAEwge4D
BAAtdTUDBAAte5EDBAFIP24DBAG9UQADBAG9URoDBAG9USADBAG9UTwDBAG9UUQD
BAG9UWgDBAG9UYwDBAG9UagDBAG9UcoDBAG9UegDBAG9aAIDBAG9aAwDBAG9aCAD
BAG9aEADBAK9aGADBAG9aHADBAG9aIIDBAG9aKoDBAG9aMgDBAG9aP4DBAHLTqYD
BAHNvAQDBALNvAwwDAMEA828GAMEAs28KAMEAs28MAMEAs28OAMEBM28QDAMAwQC
zbxUAwQCzbxYAwQBzbxeAwQCzbx8AwQCzbyEAwQBzbzWAwQCzbzwAwQCzbz8MA0E
AgACMAcDBQMqDTkAMA0GCSqGSIb3DQEBCwUAA4IBAQCJS0+G3hWcMEhXMiDnvvIz
hxqe5FOtl+j/6UO3MRbTb6yrO3GHLEPKu3dqojHRqSioHa5RCmmFD8dFVja74suF
0m5w8i5IsXuGr8T1zrsLmR+otP7Y/6XgRS/l7xEXE6t3a+YcWo3UalmS67uh4Klj
dlV2K25cxF5JeDkgvFaMaVLkBJyTgIzEjNniOKLFirr3j0lnXV1Keyzly8FjZD1l
OECUv2wx24PNsqYBVLJnkelduJjKDeIFlZUIyTZxF0GDzcfI9s7Hmf+rcnFI5QOP
9JL7SnBwHPRYOHAzJHSL9YcCa72JlumjHJZXNXSMyXTq2YQsT1kPcwdi9eVZwBSQ
-----END CERTIFICATE-----
Generated at Mon Apr 27 10:38:31 2026 by rpki-client