Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/6qozrS3zrY_8pOoh8eL5RFBM7uo.roa
File: 6qozrS3zrY_8pOoh8eL5RFBM7uo.roa (raw, json)
Hash identifier: 5zgmfjnL8X4nuxCiox63Cz0SWrk5jCk/rrGA2pbe7J4=
Subject key identifier: EA:AA:33:AD:2D:F3:AD:8F:FC:A4:EA:21:F1:E2:F9:44:50:4C:EE:EA
Certificate issuer: /CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Certificate serial: 019EEF06B4AE0C538491757B2F2E207B9666
Authority key identifier: EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/6qozrS3zrY_8pOoh8eL5RFBM7uo.roa
Signing time: Mon 22 Jun 2026 11:10:54 +0000
ROA not before: Mon 22 Jun 2026 11:10:54 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3356
IP address blocks: 5.134.208.0/21 maxlen: 21
5.134.208.0/24 maxlen: 24
5.134.209.0/24 maxlen: 24
5.134.210.0/24 maxlen: 24
5.134.211.0/24 maxlen: 24
5.134.212.0/24 maxlen: 24
5.134.213.0/24 maxlen: 24
5.134.214.0/24 maxlen: 24
5.134.215.0/24 maxlen: 24
91.194.188.0/23 maxlen: 23
91.194.188.0/24 maxlen: 24
91.194.189.0/24 maxlen: 24
91.207.14.0/23 maxlen: 23
91.207.14.0/24 maxlen: 24
91.207.15.0/24 maxlen: 24
178.21.152.0/21 maxlen: 21
178.21.152.0/24 maxlen: 24
178.21.153.0/24 maxlen: 24
178.21.154.0/24 maxlen: 24
178.21.155.0/24 maxlen: 24
178.21.156.0/24 maxlen: 24
178.21.157.0/24 maxlen: 24
185.31.24.0/22 maxlen: 22
185.31.24.0/24 maxlen: 24
185.31.25.0/24 maxlen: 24
185.31.26.0/24 maxlen: 24
185.31.27.0/24 maxlen: 24
193.23.48.0/24 maxlen: 24
193.203.222.0/23 maxlen: 23
193.203.222.0/24 maxlen: 24
193.203.223.0/24 maxlen: 24
194.0.251.0/24 maxlen: 24
2a02:dc8::/30 maxlen: 30
2a02:dc8::/32 maxlen: 32
2a02:dc8:20::/48 maxlen: 48
2a02:dc8:22::/48 maxlen: 48
2a02:dc8:30::/48 maxlen: 48
2a02:dc8:31::/48 maxlen: 48
2a02:dc8:32::/48 maxlen: 48
2a02:dc8:33::/48 maxlen: 48
2a02:dcc::/32 maxlen: 32
2a02:dcc:20::/48 maxlen: 48
2a02:dcc:22::/48 maxlen: 48
2a02:dcc:30::/48 maxlen: 48
2a02:dcc:31::/48 maxlen: 48
2a02:dcc:32::/48 maxlen: 48
2a02:dcc:33::/48 maxlen: 48
2a02:dcd::/32 maxlen: 32
2a02:dce::/32 maxlen: 32
2a02:dcf::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/7JsJMRGPCL9KNLPgUv2PilweyrA.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/7JsJMRGPCL9KNLPgUv2PilweyrA.mft
rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 21:41:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ef:06:b4:ae:0c:53:84:91:75:7b:2f:2e:20:7b:96:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Validity
Not Before: Jun 22 11:10:54 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=eaaa33ad2df3ad8ffca4ea21f1e2f944504ceeea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:67:34:c6:2b:cb:ec:f3:6b:95:17:5d:67:b8:
a7:08:f7:9e:c8:c9:93:5a:7c:a4:75:8b:b8:37:26:
c6:fd:1f:09:8d:8e:07:a3:50:e4:a9:2d:f4:a0:81:
b1:cf:4d:67:5a:e0:57:11:6a:54:59:9a:56:46:67:
ba:e6:23:08:00:7c:92:0b:42:d7:27:0a:2b:bb:1d:
ed:9b:4c:a8:33:ea:2a:1b:5d:20:90:0f:70:6a:4f:
2c:49:b2:92:e7:23:13:9c:d0:e8:2c:49:bf:58:2d:
ef:9e:34:12:05:83:b3:bd:42:a8:76:40:50:fe:5e:
eb:d7:92:5b:12:6a:96:ad:a2:b7:e5:02:23:ed:d3:
11:85:d6:f3:7b:0d:75:8b:e5:bf:94:5a:40:00:26:
56:e7:68:dd:17:a2:5f:a5:06:2d:40:e2:2f:95:49:
4d:e2:c2:98:fc:2b:32:9c:4a:6d:7e:9b:7a:85:8f:
10:ff:af:02:3e:d4:30:6e:af:44:39:f6:f0:0c:da:
0a:5d:8d:60:99:c9:6e:cb:6a:c6:e1:ec:1e:8d:09:
f7:4e:e9:b4:82:f3:cb:af:ca:79:ce:4f:67:d9:88:
8b:a1:a8:1a:8a:24:6e:02:5d:e3:77:92:7f:57:16:
71:e1:d2:99:18:6e:60:9e:46:3e:7e:59:2f:5f:e9:
7b:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:AA:33:AD:2D:F3:AD:8F:FC:A4:EA:21:F1:E2:F9:44:50:4C:EE:EA
X509v3 Authority Key Identifier:
keyid:EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/6qozrS3zrY_8pOoh8eL5RFBM7uo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/7JsJMRGPCL9KNLPgUv2PilweyrA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.134.208.0/21
91.194.188.0/23
91.207.14.0/23
178.21.152.0/21
185.31.24.0/22
193.23.48.0/24
193.203.222.0/23
194.0.251.0/24
IPv6:
2a02:dc8::/29
Signature Algorithm: sha256WithRSAEncryption
44:50:89:7f:6f:b9:63:9b:f8:c1:0b:f2:7a:8f:03:70:47:bf:
ba:23:e6:d9:46:e6:77:6e:ee:62:03:0b:53:da:76:99:48:4c:
94:50:7c:5b:38:b9:dd:79:d1:c1:0e:86:a3:cc:ce:ca:88:f6:
17:53:f6:fa:8a:e5:55:09:54:41:23:a8:16:97:ce:e3:e6:4e:
f0:af:34:70:03:4c:bf:7a:98:6f:6d:e2:ac:08:2d:e9:15:21:
eb:9d:5c:df:da:51:36:ec:20:41:be:39:5b:65:d3:cc:61:56:
ba:9f:08:74:63:14:c9:3e:75:7d:cd:2b:c6:1c:7b:36:9d:77:
12:98:a1:b8:15:0b:4b:b6:eb:d6:5f:c6:cf:5a:d0:94:e2:d2:
c0:82:bb:3d:f5:cd:72:ef:c7:65:cf:3b:a3:bd:98:d7:23:dc:
fd:a8:55:3a:90:46:3e:07:0e:76:a1:e0:92:fa:f2:50:31:b8:
87:f3:20:ea:ba:36:23:58:08:22:b1:8d:41:49:b2:0c:ab:f0:
3e:34:6b:8e:0e:d3:81:6e:8e:08:ea:97:e3:86:56:f6:f7:50:
e1:a4:c4:3b:c9:2c:d7:42:6c:6c:c6:62:1a:1b:fe:c5:0d:8d:
25:9e:e7:92:4b:b6:3b:88:f7:b2:49:fa:e6:53:03:ca:60:39:
90:6c:d7:bf
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZ7vBrSuDFOEkXV7Ly4ge5ZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWIwOTMxMTE4ZjA4YmY0YTM0YjNlMDUyZmQ4ZjhhNWMx
ZWNhYjAwHhcNMjYwNjIyMTExMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFhMzNhZDJkZjNhZDhmZmNhNGVhMjFmMWUyZjk0NDUwNGNlZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2c0xivL7PNrlRddZ7inCPeeyMmT
WnykdYu4NybG/R8JjY4Ho1DkqS30oIGxz01nWuBXEWpUWZpWRme65iMIAHySC0LX
Jworux3tm0yoM+oqG10gkA9wak8sSbKS5yMTnNDoLEm/WC3vnjQSBYOzvUKodkBQ
/l7r15JbEmqWraK35QIj7dMRhdbzew11i+W/lFpAACZW52jdF6JfpQYtQOIvlUlN
4sKY/CsynEptfpt6hY8Q/68CPtQwbq9EOfbwDNoKXY1gmcluy2rG4ewejQn3Tum0
gvPLr8p5zk9n2YiLoagaiiRuAl3jd5J/VxZx4dKZGG5gnkY+flkvX+l7dQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFOqqM60t862P/KTqIfHi+URQTO7qMB8GA1UdIwQY
MBaAFOybCTERjwi/SjSz4FL9j4pcHsqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAt
NWIzMDRlZWMwMDI1LzEvNnFvenJTM3pyWV84cE9vaDhlTDVSRkJNN3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAtNWIzMDRlZWMwMDI1
LzEvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBYbQAwQB
W8K8AwQBW88OAwQDshWYAwQCuR8YAwQAwRcwAwQBwcveAwQAwgD7MA0EAgACMAcD
BQMqAg3IMA0GCSqGSIb3DQEBCwUAA4IBAQBEUIl/b7ljm/jBC/J6jwNwR7+6I+bZ
RuZ3bu5iAwtT2naZSEyUUHxbOLndedHBDoajzM7KiPYXU/b6iuVVCVRBI6gWl87j
5k7wrzRwA0y/ephvbeKsCC3pFSHrnVzf2lE27CBBvjlbZdPMYVa6nwh0YxTJPnV9
zSvGHHs2nXcSmKG4FQtLtuvWX8bPWtCU4tLAgrs99c1y78dlzzujvZjXI9z9qFU6
kEY+Bw52oeCS+vJQMbiH8yDqujYjWAgisY1BSbIMq/A+NGuODtOBbo4I6pfjhlb2
91DhpMQ7ySzXQmxsxmIaG/7FDY0lnueSS7Y7iPeySfrmUwPKYDmQbNe/
-----END CERTIFICATE-----
Generated at Tue Jun 30 03:10:14 2026 by rpki-client