Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/4NIgVNVxtvl1Le7xM9tk07FEDr0.roa
File: 4NIgVNVxtvl1Le7xM9tk07FEDr0.roa (raw, json)
Hash identifier: D8yrqmJYc77fPtZi/3U1V+IUlhSOYsgr+HPqobUY/Dk=
Subject key identifier: E0:D2:20:54:D5:71:B6:F9:75:2D:EE:F1:33:DB:64:D3:B1:44:0E:BD
Certificate issuer: /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial: 019E6B304A76D891FD12F2D2F56BFA936771
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/4NIgVNVxtvl1Le7xM9tk07FEDr0.roa
Signing time: Wed 27 May 2026 20:46:27 +0000
ROA not before: Wed 27 May 2026 20:46:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62240
IP address blocks: 152.234.160.0/24 maxlen: 24
152.234.161.0/24 maxlen: 24
152.234.164.0/24 maxlen: 24
152.234.167.0/24 maxlen: 24
152.234.168.0/24 maxlen: 24
152.234.169.0/24 maxlen: 24
152.234.171.0/24 maxlen: 24
152.234.173.0/24 maxlen: 24
152.234.174.0/24 maxlen: 24
152.234.175.0/24 maxlen: 24
177.1.48.0/24 maxlen: 24
177.1.49.0/24 maxlen: 24
177.1.51.0/24 maxlen: 24
177.1.52.0/24 maxlen: 24
177.1.55.0/24 maxlen: 24
177.1.56.0/24 maxlen: 24
177.1.57.0/24 maxlen: 24
177.1.59.0/24 maxlen: 24
177.1.61.0/24 maxlen: 24
177.1.62.0/24 maxlen: 24
177.1.63.0/24 maxlen: 24
177.202.192.0/24 maxlen: 24
177.202.193.0/24 maxlen: 24
177.202.195.0/24 maxlen: 24
177.202.196.0/24 maxlen: 24
177.202.199.0/24 maxlen: 24
177.202.200.0/24 maxlen: 24
177.202.201.0/24 maxlen: 24
177.202.203.0/24 maxlen: 24
177.202.205.0/24 maxlen: 24
177.202.206.0/24 maxlen: 24
177.202.207.0/24 maxlen: 24
186.240.176.0/24 maxlen: 24
186.240.177.0/24 maxlen: 24
186.240.179.0/24 maxlen: 24
186.240.180.0/24 maxlen: 24
186.240.181.0/24 maxlen: 24
186.240.182.0/24 maxlen: 24
186.240.185.0/24 maxlen: 24
186.240.186.0/24 maxlen: 24
187.52.192.0/24 maxlen: 24
187.52.193.0/24 maxlen: 24
187.52.195.0/24 maxlen: 24
187.52.197.0/24 maxlen: 24
187.52.199.0/24 maxlen: 24
187.52.200.0/24 maxlen: 24
187.52.203.0/24 maxlen: 24
187.52.205.0/24 maxlen: 24
187.52.206.0/24 maxlen: 24
187.52.207.0/24 maxlen: 24
187.126.32.0/24 maxlen: 24
187.126.33.0/24 maxlen: 24
187.126.35.0/24 maxlen: 24
187.126.37.0/24 maxlen: 24
187.126.39.0/24 maxlen: 24
187.126.40.0/24 maxlen: 24
187.126.41.0/24 maxlen: 24
187.126.43.0/24 maxlen: 24
187.126.45.0/24 maxlen: 24
187.126.47.0/24 maxlen: 24
200.225.160.0/24 maxlen: 24
200.225.161.0/24 maxlen: 24
200.225.162.0/24 maxlen: 24
200.225.163.0/24 maxlen: 24
200.225.165.0/24 maxlen: 24
200.225.167.0/24 maxlen: 24
200.225.168.0/24 maxlen: 24
200.225.174.0/24 maxlen: 24
200.225.175.0/24 maxlen: 24
200.225.176.0/24 maxlen: 24
200.225.177.0/24 maxlen: 24
200.225.184.0/24 maxlen: 24
200.225.187.0/24 maxlen: 24
200.225.189.0/24 maxlen: 24
200.225.190.0/24 maxlen: 24
200.225.191.0/24 maxlen: 24
201.4.96.0/24 maxlen: 24
201.4.97.0/24 maxlen: 24
201.4.98.0/24 maxlen: 24
201.4.99.0/24 maxlen: 24
201.4.101.0/24 maxlen: 24
201.4.103.0/24 maxlen: 24
201.4.110.0/24 maxlen: 24
201.4.111.0/24 maxlen: 24
201.4.112.0/24 maxlen: 24
201.4.113.0/24 maxlen: 24
201.4.114.0/24 maxlen: 24
201.4.120.0/24 maxlen: 24
201.4.123.0/24 maxlen: 24
201.4.125.0/24 maxlen: 24
201.4.126.0/24 maxlen: 24
201.4.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Jun 2026 22:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:6b:30:4a:76:d8:91:fd:12:f2:d2:f5:6b:fa:93:67:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Validity
Not Before: May 27 20:46:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e0d22054d571b6f9752deef133db64d3b1440ebd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f3:c9:15:c1:fb:16:fc:7e:dd:ab:62:70:98:
e8:61:43:e2:9e:8b:c5:a6:78:d3:60:17:5d:e4:5a:
19:82:2d:d4:90:53:4c:b9:0b:50:a7:47:6b:9b:c5:
82:e6:9a:04:8f:08:05:68:2f:0c:80:a3:44:61:e5:
4c:ff:a5:e2:6d:4e:8d:15:5a:0a:b9:18:8c:19:7f:
f4:e8:62:71:41:0a:b1:5d:ee:f0:33:31:a6:26:94:
a7:5d:5f:95:fb:c0:21:be:fe:72:d7:39:70:dd:81:
70:5f:5f:3b:5b:fd:4f:12:09:c1:2d:9b:90:2e:d2:
33:c5:a8:c7:43:ea:04:c0:8c:ce:e0:3a:a4:f4:d5:
45:cd:03:09:6c:b1:50:dd:88:6b:8c:65:75:1c:56:
82:c4:90:62:a7:2c:28:e3:64:64:50:e9:00:33:a0:
3c:7c:3a:56:d1:25:35:15:f3:48:5e:74:cd:51:fe:
0f:d0:dd:2d:7a:be:49:b2:41:f1:5e:cb:74:20:91:
6a:ff:c9:3c:ca:b3:02:f3:7b:77:1d:4d:44:4e:9b:
02:c8:2b:5f:98:8f:f0:c1:4e:d7:b4:2a:49:2f:1b:
04:94:44:3d:ca:31:d9:c0:14:01:4d:82:85:a4:1f:
64:67:1d:09:d5:e4:6d:0c:fd:09:d2:36:3b:82:1c:
85:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:D2:20:54:D5:71:B6:F9:75:2D:EE:F1:33:DB:64:D3:B1:44:0E:BD
X509v3 Authority Key Identifier:
keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/4NIgVNVxtvl1Le7xM9tk07FEDr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.234.160.0/23
152.234.164.0/24
152.234.167.0-152.234.169.255
152.234.171.0/24
152.234.173.0-152.234.175.255
177.1.48.0/23
177.1.51.0-177.1.52.255
177.1.55.0-177.1.57.255
177.1.59.0/24
177.1.61.0-177.1.63.255
177.202.192.0/23
177.202.195.0-177.202.196.255
177.202.199.0-177.202.201.255
177.202.203.0/24
177.202.205.0-177.202.207.255
186.240.176.0/23
186.240.179.0-186.240.182.255
186.240.185.0-186.240.186.255
187.52.192.0/23
187.52.195.0/24
187.52.197.0/24
187.52.199.0-187.52.200.255
187.52.203.0/24
187.52.205.0-187.52.207.255
187.126.32.0/23
187.126.35.0/24
187.126.37.0/24
187.126.39.0-187.126.41.255
187.126.43.0/24
187.126.45.0/24
187.126.47.0/24
200.225.160.0/22
200.225.165.0/24
200.225.167.0-200.225.168.255
200.225.174.0-200.225.177.255
200.225.184.0/24
200.225.187.0/24
200.225.189.0-200.225.191.255
201.4.96.0/22
201.4.101.0/24
201.4.103.0/24
201.4.110.0-201.4.114.255
201.4.120.0/24
201.4.123.0/24
201.4.125.0-201.4.127.255
Signature Algorithm: sha256WithRSAEncryption
72:fc:21:48:cd:3c:d3:99:16:a1:00:ad:d6:96:29:18:2e:de:
48:f0:bf:d5:d9:84:71:c8:34:82:4c:33:46:3e:48:73:c2:60:
ed:03:58:23:f4:f7:32:7a:f0:a0:db:62:d0:22:0a:c8:4a:e3:
84:0b:ef:4e:53:f9:7c:0b:bf:79:42:47:17:46:10:fe:70:27:
3a:42:e3:69:21:e3:e0:21:ca:1b:a1:75:a8:76:94:04:88:bc:
fa:a6:d0:29:b0:2d:51:de:f9:c1:68:c6:92:17:a8:a8:3b:b2:
b7:c7:50:d3:24:56:de:3b:ed:ae:a3:ec:b4:5f:30:cf:70:50:
63:c0:a5:41:dc:72:98:59:97:c9:d4:ff:01:92:dc:53:0d:5c:
2f:36:41:6a:89:c7:1f:0b:18:9f:9d:5a:30:6c:e0:cc:90:34:
a5:81:69:31:b0:ef:a5:b4:d4:e5:ee:5d:a6:e5:71:7d:e2:20:
b5:80:48:49:33:f9:c0:ac:af:a1:35:1d:de:1a:12:d8:c1:0e:
28:14:11:52:41:bb:26:04:4e:b3:a2:87:64:b8:7d:f5:32:e8:
26:7a:d0:c2:f7:a5:c8:6b:59:b8:1b:e4:a5:18:01:97:6f:be:
15:19:3f:98:19:63:61:b4:57:60:5c:7b:fc:53:a1:16:98:19:
44:ca:e9:57
-----BEGIN CERTIFICATE-----
MIIGnzCCBYegAwIBAgISAZ5rMEp22JH9EvLS9Wv6k2dxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNTI3MjA0NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQyMjA1NGQ1NzFiNmY5NzUyZGVlZjEzM2RiNjRkM2IxNDQwZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfPJFcH7Fvx+3aticJjoYUPinovF
pnjTYBdd5FoZgi3UkFNMuQtQp0drm8WC5poEjwgFaC8MgKNEYeVM/6XibU6NFVoK
uRiMGX/06GJxQQqxXe7wMzGmJpSnXV+V+8Ahvv5y1zlw3YFwX187W/1PEgnBLZuQ
LtIzxajHQ+oEwIzO4Dqk9NVFzQMJbLFQ3YhrjGV1HFaCxJBipywo42RkUOkAM6A8
fDpW0SU1FfNIXnTNUf4P0N0ter5JskHxXst0IJFq/8k8yrMC83t3HU1ETpsCyCtf
mI/wwU7XtCpJLxsElEQ9yjHZwBQBTYKFpB9kZx0J1eRtDP0J0jY7ghyFsQIDAQAB
o4IDqzCCA6cwHQYDVR0OBBYEFODSIFTVcbb5dS3u8TPbZNOxRA69MB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvNE5JZ1ZOVnh0dmwxTGU3eE05dGswN0ZFRHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBvwYIKwYBBQUHAQcBAf8EggGuMIIBqjCCAaYEAgABMIIB
ngMEAZjqoAMEAJjqpDAMAwQAmOqnAwQBmOqoAwQAmOqrMAwDBACY6q0DBASY6qAD
BAGxATAwDAMEALEBMwMEALEBNDAMAwQAsQE3AwQBsQE4AwQAsQE7MAwDBACxAT0D
BAaxAQADBAGxysAwDAMEALHKwwMEALHKxDAMAwQAscrHAwQBscrIAwQAscrLMAwD
BACxys0DBASxysADBAG68LAwDAMEALrwswMEALrwtjAMAwQAuvC5AwQAuvC6AwQB
uzTAAwQAuzTDAwQAuzTFMAwDBAC7NMcDBAC7NMgDBAC7NMswDAMEALs0zQMEBLs0
wAMEAbt+IAMEALt+IwMEALt+JTAMAwQAu34nAwQBu34oAwQAu34rAwQAu34tAwQA
u34vAwQCyOGgAwQAyOGlMAwDBADI4acDBADI4agwDAMEAcjhrgMEAcjhsAMEAMjh
uAMEAMjhuzAMAwQAyOG9AwQGyOGAAwQCyQRgAwQAyQRlAwQAyQRnMAwDBAHJBG4D
BADJBHIDBADJBHgDBADJBHswDAMEAMkEfQMEB8kEADANBgkqhkiG9w0BAQsFAAOC
AQEAcvwhSM0805kWoQCt1pYpGC7eSPC/1dmEccg0gkwzRj5Ic8Jg7QNYI/T3Mnrw
oNti0CIKyErjhAvvTlP5fAu/eUJHF0YQ/nAnOkLjaSHj4CHKG6F1qHaUBIi8+qbQ
KbAtUd75wWjGkheoqDuyt8dQ0yRW3jvtrqPstF8wz3BQY8ClQdxymFmXydT/AZLc
Uw1cLzZBaonHHwsYn51aMGzgzJA0pYFpMbDvpbTU5e5dpuVxfeIgtYBISTP5wKyv
oTUd3hoS2MEOKBQRUkG7JgROs6KHZLh99TLoJnrQwvelyGtZuBvkpRgBl2++FRk/
mBljYbRXYFx7/FOhFpgZRMrpVw==
-----END CERTIFICATE-----
Generated at Thu Jun 4 08:55:51 2026 by rpki-client