Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cD2COEhWqNo5yp4vCeMl7hW-eQM.roa
File: cD2COEhWqNo5yp4vCeMl7hW-eQM.roa (raw, json)
Hash identifier: 4UYXi9S7C8C0UsDyWgF+v61Gg+AakXXjWmGnRepiQPU=
Subject key identifier: 70:3D:82:38:48:56:A8:DA:39:CA:9E:2F:09:E3:25:EE:15:BE:79:03
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 019C2B07B91DBC16FF792900B771B87A3524
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cD2COEhWqNo5yp4vCeMl7hW-eQM.roa
Signing time: Wed 04 Feb 2026 23:40:52 +0000
ROA not before: Wed 04 Feb 2026 23:40:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215540
IP address blocks: 138.124.62.0/24 maxlen: 24
138.124.63.0/24 maxlen: 24
138.124.64.0/24 maxlen: 24
138.124.65.0/24 maxlen: 24
138.124.66.0/24 maxlen: 24
138.124.67.0/24 maxlen: 24
138.124.79.0/24 maxlen: 24
138.124.80.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 18 Feb 2026 08:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2b:07:b9:1d:bc:16:ff:79:29:00:b7:71:b8:7a:35:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Feb 4 23:40:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=703d82384856a8da39ca9e2f09e325ee15be7903
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:4a:4c:5d:87:8e:5b:40:bc:e2:c9:4f:67:82:
01:12:cb:be:ad:d9:36:38:7b:08:82:63:11:6e:b9:
c6:2f:c4:2d:8f:d8:8c:f2:dd:85:48:c1:8a:a2:d5:
a7:a9:08:07:27:d2:6d:b2:69:f4:36:da:bb:eb:b6:
a7:76:96:13:5e:7c:02:ec:a7:1d:11:1c:a6:a0:b2:
73:ba:c5:75:a1:36:fc:1f:a3:aa:b3:b8:ab:d4:32:
ea:ac:41:f3:c2:b4:89:5e:5c:77:73:a5:57:47:a5:
d1:9a:db:97:18:11:3e:01:3d:7b:18:cf:6b:59:92:
6c:cc:74:45:af:d8:aa:b5:ab:b0:10:81:f6:e2:bd:
36:14:00:13:02:0a:22:96:3a:c9:79:88:ab:82:ff:
e8:3d:bd:1c:b8:27:66:ec:21:5e:51:f4:ad:e8:70:
29:8c:23:57:8c:2b:97:83:e7:c2:f2:6c:c4:da:70:
9b:c3:ba:16:1b:ed:4f:43:3d:e5:37:dc:38:01:1b:
1f:97:ed:b9:f0:c4:8f:ce:bd:61:1b:95:ce:ee:40:
ed:e7:46:f3:f4:85:38:3e:d0:be:9f:5c:bd:9e:3e:
4b:cc:f2:79:43:ef:db:25:ac:dc:00:57:5d:ed:55:
85:2e:f5:57:ee:38:0d:d4:c4:60:80:84:bd:38:52:
6b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:3D:82:38:48:56:A8:DA:39:CA:9E:2F:09:E3:25:EE:15:BE:79:03
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/cD2COEhWqNo5yp4vCeMl7hW-eQM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.62.0-138.124.67.255
138.124.79.0-138.124.80.255
Signature Algorithm: sha256WithRSAEncryption
69:54:39:8d:e5:93:82:fa:11:1c:c7:b2:06:24:1c:85:4d:ec:
00:db:af:b9:95:f1:37:cc:a2:a5:7b:cd:ed:37:3c:2c:42:e9:
3d:35:d4:52:96:c1:47:ca:0d:3f:01:9b:c6:06:96:d4:46:c3:
cf:e8:6d:df:6d:15:e9:07:ff:72:39:77:4a:91:ad:4e:e8:0d:
ef:f9:b4:9b:3d:d6:9f:4f:cf:09:ce:66:9b:41:56:be:78:8d:
25:27:ab:da:24:cc:cf:c3:86:7a:7d:9e:13:7e:8a:62:50:f6:
3a:f3:7a:dc:e0:45:52:a4:2b:db:23:af:52:a3:f7:e1:1d:ee:
a4:34:59:a4:40:dd:c3:ba:16:52:7b:f1:42:bf:e3:36:12:0b:
3a:3d:65:48:93:cc:13:7c:6a:00:85:0e:ae:17:0a:a0:e7:5e:
05:de:32:0c:57:b2:e5:b8:98:b9:8a:c5:fe:d2:2d:db:c9:d2:
17:31:85:35:b0:e0:24:12:13:bd:f8:9a:73:00:e8:b3:1b:ae:
63:96:3f:18:1b:98:bd:2c:43:a6:b8:2a:e7:6f:47:68:9e:a5:
cc:8f:4f:3f:82:ad:4b:42:99:15:72:70:1f:ff:15:dc:db:c1:
f0:fa:4f:ef:ed:f4:19:7a:46:9e:1d:26:f2:16:99:6d:6e:25:
3d:0b:c6:9d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZwrB7kdvBb/eSkAt3G4ejUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMjA0MjM0MDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNkODIzODQ4NTZhOGRhMzljYTllMmYwOWUzMjVlZTE1YmU3OTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEpMXYeOW0C84slPZ4IBEsu+rdk2
OHsIgmMRbrnGL8Qtj9iM8t2FSMGKotWnqQgHJ9Jtsmn0Ntq767andpYTXnwC7Kcd
ERymoLJzusV1oTb8H6Oqs7ir1DLqrEHzwrSJXlx3c6VXR6XRmtuXGBE+AT17GM9r
WZJszHRFr9iqtauwEIH24r02FAATAgoiljrJeYirgv/oPb0cuCdm7CFeUfSt6HAp
jCNXjCuXg+fC8mzE2nCbw7oWG+1PQz3lN9w4ARsfl+258MSPzr1hG5XO7kDt50bz
9IU4PtC+n1y9nj5LzPJ5Q+/bJazcAFdd7VWFLvVX7jgN1MRggIS9OFJrMwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHA9gjhIVqjaOcqeLwnjJe4VvnkDMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvY0QyQ09FaFdxTm81eXA0dkNlTWw3aFctZVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAGKfD4D
BAKKfEAwDAMEAIp8TwMEAIp8UDANBgkqhkiG9w0BAQsFAAOCAQEAaVQ5jeWTgvoR
HMeyBiQchU3sANuvuZXxN8yipXvN7Tc8LELpPTXUUpbBR8oNPwGbxgaW1EbDz+ht
320V6Qf/cjl3SpGtTugN7/m0mz3Wn0/PCc5mm0FWvniNJSer2iTMz8OGen2eE36K
YlD2OvN63OBFUqQr2yOvUqP34R3upDRZpEDdw7oWUnvxQr/jNhILOj1lSJPME3xq
AIUOrhcKoOdeBd4yDFey5biYuYrF/tIt28nSFzGFNbDgJBITvfiacwDosxuuY5Y/
GBuYvSxDprgq529HaJ6lzI9PP4KtS0KZFXJwH/8V3NvB8PpP7+30GXpGnh0m8haZ
bW4lPQvGnQ==
-----END CERTIFICATE-----
Generated at Tue Feb 17 14:00:47 2026 by rpki-client