Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/EH4KOFxcs2mIofbNI1ahfqTJYGE.roa
File: EH4KOFxcs2mIofbNI1ahfqTJYGE.roa (raw, json)
Hash identifier: D1AeMO131kzbiuMNmxTtyfBa0NC9RKdmdxddmi5mG60=
Subject key identifier: 10:7E:0A:38:5C:5C:B3:69:88:A1:F6:CD:23:56:A1:7E:A4:C9:60:61
Certificate issuer: /CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Certificate serial: 019EA764031EC6DAC516ECC2080B48E7B3F4
Authority key identifier: CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/EH4KOFxcs2mIofbNI1ahfqTJYGE.roa
Signing time: Mon 08 Jun 2026 13:20:09 +0000
ROA not before: Mon 08 Jun 2026 13:20:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208172
IP address blocks: 72.251.208.0/24 maxlen: 24
72.251.209.0/24 maxlen: 24
72.251.210.0/24 maxlen: 24
72.251.211.0/24 maxlen: 24
72.251.212.0/24 maxlen: 24
72.251.213.0/24 maxlen: 24
72.251.214.0/24 maxlen: 24
72.251.215.0/24 maxlen: 24
72.251.216.0/24 maxlen: 24
72.251.217.0/24 maxlen: 24
72.251.218.0/24 maxlen: 24
72.251.219.0/24 maxlen: 24
72.251.220.0/24 maxlen: 24
72.251.221.0/24 maxlen: 24
72.251.222.0/24 maxlen: 24
81.27.86.0/24 maxlen: 24
134.82.68.0/24 maxlen: 24
134.82.69.0/24 maxlen: 24
134.82.70.0/24 maxlen: 24
134.82.71.0/24 maxlen: 24
134.82.73.0/24 maxlen: 24
134.82.74.0/24 maxlen: 24
134.82.75.0/24 maxlen: 24
159.26.96.0/24 maxlen: 24
159.26.97.0/24 maxlen: 24
159.26.98.0/24 maxlen: 24
159.26.99.0/24 maxlen: 24
159.26.100.0/24 maxlen: 24
159.26.101.0/24 maxlen: 24
159.26.102.0/24 maxlen: 24
159.26.103.0/24 maxlen: 24
159.26.104.0/24 maxlen: 24
159.26.105.0/24 maxlen: 24
159.26.106.0/24 maxlen: 24
159.26.107.0/24 maxlen: 24
159.26.108.0/24 maxlen: 24
159.26.109.0/24 maxlen: 24
159.26.110.0/24 maxlen: 24
159.26.111.0/24 maxlen: 24
159.26.112.0/24 maxlen: 24
159.26.113.0/24 maxlen: 24
159.26.114.0/24 maxlen: 24
159.26.115.0/24 maxlen: 24
159.26.116.0/24 maxlen: 24
159.26.117.0/24 maxlen: 24
159.26.118.0/24 maxlen: 24
159.26.119.0/24 maxlen: 24
159.26.120.0/24 maxlen: 24
159.26.121.0/24 maxlen: 24
159.26.122.0/24 maxlen: 24
159.26.123.0/24 maxlen: 24
159.26.124.0/24 maxlen: 24
159.26.125.0/24 maxlen: 24
159.26.126.0/24 maxlen: 24
159.26.127.0/24 maxlen: 24
205.147.16.0/24 maxlen: 24
205.147.17.0/24 maxlen: 24
205.147.18.0/24 maxlen: 24
205.147.19.0/24 maxlen: 24
205.147.20.0/24 maxlen: 24
205.147.21.0/24 maxlen: 24
205.147.22.0/24 maxlen: 24
205.147.23.0/24 maxlen: 24
205.147.27.0/24 maxlen: 24
205.147.28.0/24 maxlen: 24
205.147.29.0/24 maxlen: 24
205.147.30.0/24 maxlen: 24
205.147.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.mft
rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Jun 2026 19:02:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:a7:64:03:1e:c6:da:c5:16:ec:c2:08:0b:48:e7:b3:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Validity
Not Before: Jun 8 13:20:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=107e0a385c5cb36988a1f6cd2356a17ea4c96061
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:8f:62:44:ca:7c:57:b4:94:8b:02:7f:86:c4:
11:62:19:64:1a:6b:59:66:db:69:16:4b:83:45:f6:
06:9c:d2:2d:32:b0:ec:04:70:80:ca:94:a8:3f:bf:
0d:bc:44:81:ef:cc:77:c1:99:27:32:9f:37:f0:53:
a6:2f:48:e3:9b:d2:6b:d6:fa:63:76:95:78:7e:9d:
9d:70:00:77:0e:48:e4:c6:a7:a3:fc:de:c9:05:e4:
3d:8e:e5:1e:3e:a7:05:03:11:02:b6:23:f0:27:44:
29:05:93:8a:4e:cc:c2:1d:f7:c4:47:0a:4a:b8:6f:
da:74:26:33:49:76:67:99:d7:0f:c6:fc:31:2d:25:
49:50:d0:9c:b2:db:99:49:ae:a2:3f:8b:c6:bf:70:
1f:a1:cb:0d:11:61:6f:ca:4f:c9:d4:6f:0b:ec:ca:
66:e5:15:af:7b:bc:f3:20:38:70:b1:50:64:f3:40:
20:b0:5b:2f:d9:7e:cf:2c:4b:de:a3:ba:31:f7:37:
29:4a:17:2f:b1:b5:41:83:3f:a6:09:2d:e2:c1:c0:
f4:f1:74:e7:a4:ca:b8:81:21:f6:6e:dc:e3:a8:85:
70:73:2b:3e:93:bf:81:21:d4:85:6f:e3:6f:29:00:
2b:82:61:af:bd:5d:7d:a1:c0:93:37:85:ad:0f:27:
f1:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:7E:0A:38:5C:5C:B3:69:88:A1:F6:CD:23:56:A1:7E:A4:C9:60:61
X509v3 Authority Key Identifier:
keyid:CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/EH4KOFxcs2mIofbNI1ahfqTJYGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.251.208.0-72.251.222.255
81.27.86.0/24
134.82.68.0/22
134.82.73.0-134.82.75.255
159.26.96.0/19
205.147.16.0/21
205.147.27.0-205.147.31.255
Signature Algorithm: sha256WithRSAEncryption
a7:97:c9:4f:d7:37:96:5f:93:a5:d5:96:52:f5:60:75:cc:73:
72:de:e0:61:14:73:33:3c:86:47:d8:05:95:60:39:39:93:6a:
d9:d1:95:68:25:ef:a1:df:43:cd:7a:00:1c:f2:0d:c1:35:08:
2a:49:b6:74:e4:13:54:86:de:cd:10:6a:3b:59:f2:5a:ae:47:
e2:bf:a1:e5:2a:d8:a8:ab:7d:9f:0f:fe:f0:25:39:62:25:7e:
67:6f:6c:a2:5a:6d:d5:44:f1:cb:0f:e7:68:a1:96:ec:07:19:
65:7c:22:a5:04:87:a3:bf:18:e3:b7:e4:5b:25:b1:f1:8d:9e:
1f:38:e8:68:6c:58:5c:3f:13:ca:93:39:9e:37:37:48:a8:4b:
70:b0:fb:b8:50:26:b4:78:f1:d7:c4:bd:1a:ab:09:da:66:95:
a4:40:a1:e7:06:ca:5a:3a:f1:e5:b7:a2:7d:ba:39:35:2d:55:
78:a8:11:11:03:0e:31:82:13:fa:ff:20:94:f1:ff:2a:71:d0:
54:97:00:52:c8:30:61:2d:cb:dc:92:2d:26:08:57:ec:c0:c6:
a0:f4:79:8a:9c:b8:0a:62:67:f9:e3:67:90:15:97:11:63:9c:
33:c0:97:89:bb:5f:2e:52:32:52:c6:9a:70:65:8a:a9:15:97:
b7:73:82:fb
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZ6nZAMextrFFuzCCAtI57P0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTc2ZDg3NmUxN2U2N2FhM2IxZjFjMTBkYWIzOWRiMjkz
NWUyMmIwHhcNMjYwNjA4MTMyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdlMGEzODVjNWNiMzY5ODhhMWY2Y2QyMzU2YTE3ZWE0Yzk2MDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI9iRMp8V7SUiwJ/hsQRYhlkGmtZ
ZttpFkuDRfYGnNItMrDsBHCAypSoP78NvESB78x3wZknMp838FOmL0jjm9Jr1vpj
dpV4fp2dcAB3Dkjkxqej/N7JBeQ9juUePqcFAxECtiPwJ0QpBZOKTszCHffERwpK
uG/adCYzSXZnmdcPxvwxLSVJUNCcstuZSa6iP4vGv3AfocsNEWFvyk/J1G8L7Mpm
5RWve7zzIDhwsVBk80AgsFsv2X7PLEveo7ox9zcpShcvsbVBgz+mCS3iwcD08XTn
pMq4gSH2btzjqIVwcys+k7+BIdSFb+NvKQArgmGvvV19ocCTN4WtDyfxTQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBB+CjhcXLNpiKH2zSNWoX6kyWBhMB8GA1UdIwQY
MBaAFM1XbYduF+Z6o7HxwQ2rOdspNeIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMt
MWE4MGEyZjdkN2VhLzEvRUg0S09GeGNzMm1Jb2ZiTkkxYWhmcVRKWUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMtMWE4MGEyZjdkN2Vh
LzEvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBARI+9AD
BABI+94DBABRG1YDBAKGUkQwDAMEAIZSSQMEAoZSSAMEBZ8aYAMEA82TEDAMAwQA
zZMbAwQFzZMAMA0GCSqGSIb3DQEBCwUAA4IBAQCnl8lP1zeWX5Ol1ZZS9WB1zHNy
3uBhFHMzPIZH2AWVYDk5k2rZ0ZVoJe+h30PNegAc8g3BNQgqSbZ05BNUht7NEGo7
WfJarkfiv6HlKtioq32fD/7wJTliJX5nb2yiWm3VRPHLD+dooZbsBxllfCKlBIej
vxjjt+RbJbHxjZ4fOOhobFhcPxPKkzmeNzdIqEtwsPu4UCa0ePHXxL0aqwnaZpWk
QKHnBspaOvHlt6J9ujk1LVV4qBERAw4xghP6/yCU8f8qcdBUlwBSyDBhLcvcki0m
CFfswMag9HmKnLgKYmf542eQFZcRY5wzwJeJu18uUjJSxppwZYqpFZe3c4L7
-----END CERTIFICATE-----
Generated at Sat Jun 20 04:10:42 2026 by rpki-client