Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ajchcB005SwdhHOonkg_FPYCObk.roa
File: ajchcB005SwdhHOonkg_FPYCObk.roa (raw, json)
Hash identifier: iRaNo1hXeWmGHavpqJaMPyQrwMjNl6Bwb7CatuzhcAo=
Subject key identifier: 6A:37:21:70:1D:34:E5:2C:1D:84:73:A8:9E:48:3F:14:F6:02:39:B9
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 019E35B715E71C90FC2C83E70EF7300C2F13
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ajchcB005SwdhHOonkg_FPYCObk.roa
Signing time: Sun 17 May 2026 11:34:11 +0000
ROA not before: Sun 17 May 2026 11:34:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3301
IP address blocks: 2.248.0.0/14 maxlen: 14
2.252.0.0/15 maxlen: 15
2.254.0.0/16 maxlen: 16
2.255.0.0/17 maxlen: 17
2.255.128.0/18 maxlen: 18
2.255.190.0/24 maxlen: 24
2.255.191.0/24 maxlen: 24
62.20.0.0/16 maxlen: 16
77.110.0.0/18 maxlen: 18
78.64.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
81.228.4.0/23 maxlen: 23
81.228.4.0/24 maxlen: 24
81.228.5.0/24 maxlen: 24
82.214.0.0/18 maxlen: 18
85.11.0.0/18 maxlen: 18
90.224.0.0/12 maxlen: 12
92.254.128.0/17 maxlen: 17
95.109.0.0/17 maxlen: 17
95.192.0.0/12 maxlen: 12
131.115.52.0/24 maxlen: 24
185.103.208.0/22 maxlen: 22
185.103.208.0/24 maxlen: 24
188.126.224.0/19 maxlen: 19
188.126.233.0/24 maxlen: 24
188.126.240.0/23 maxlen: 23
192.16.152.0/23 maxlen: 23
192.16.153.0/24 maxlen: 24
192.150.58.0/23 maxlen: 23
192.150.60.0/22 maxlen: 22
192.150.64.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
192.150.80.0/23 maxlen: 23
193.44.0.0/15 maxlen: 15
194.16.0.0/15 maxlen: 15
194.18.0.0/16 maxlen: 16
194.22.0.0/15 maxlen: 15
194.218.0.0/16 maxlen: 16
194.236.0.0/15 maxlen: 15
195.67.0.0/16 maxlen: 16
195.198.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
212.28.192.0/19 maxlen: 19
212.181.0.0/16 maxlen: 16
213.64.0.0/14 maxlen: 14
217.208.0.0/13 maxlen: 13
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 10:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:35:b7:15:e7:1c:90:fc:2c:83:e7:0e:f7:30:0c:2f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: May 17 11:34:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6a3721701d34e52c1d8473a89e483f14f60239b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:7b:c8:ed:89:89:05:23:62:42:39:83:c9:68:
fd:67:a8:92:15:8b:99:52:60:0e:49:43:d9:f0:be:
b6:80:c5:6f:c9:02:fc:ec:9f:28:10:2e:6b:cd:ca:
54:c1:2f:df:dd:47:f5:31:19:c1:3e:65:10:90:a3:
f6:f4:bc:26:cc:7f:9b:53:11:21:d6:6a:31:03:99:
2b:b2:d1:82:46:80:d9:54:b5:39:b8:30:a1:98:b0:
51:68:c1:f9:dd:3a:59:df:fc:5a:8a:d2:28:25:ae:
80:63:a1:3c:7b:75:5d:4c:23:d1:39:30:17:3c:9c:
14:3b:64:fd:c5:5f:96:ca:4c:82:1d:8b:10:53:69:
e1:12:10:e6:56:cf:9d:9d:04:7c:d6:23:1d:ba:39:
37:9e:e7:93:c7:55:9e:d1:78:48:21:15:17:1d:2a:
c5:98:d4:a4:13:f0:ba:1c:1d:3f:3d:2a:41:5a:04:
a9:3b:c7:88:23:72:61:c3:f5:97:6f:47:82:82:01:
66:53:f6:12:fd:1a:49:22:10:3b:0a:78:b4:79:93:
83:2b:cc:f3:50:32:13:81:70:84:5d:4f:e4:a0:6f:
b2:84:54:de:b4:60:16:0e:27:6d:d0:ff:52:78:b1:
6d:b7:b7:c7:df:75:f9:0b:58:bd:c0:3b:9d:bf:65:
ad:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:37:21:70:1D:34:E5:2C:1D:84:73:A8:9E:48:3F:14:F6:02:39:B9
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ajchcB005SwdhHOonkg_FPYCObk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0-2.255.191.255
62.20.0.0/16
77.110.0.0/18
78.64.0.0/12
81.224.0.0/12
82.214.0.0/18
85.11.0.0/18
90.224.0.0/12
92.254.128.0/17
95.109.0.0/17
95.192.0.0/12
131.115.52.0/24
185.103.208.0/22
188.126.224.0/19
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.81.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
6f:a6:41:12:fa:3c:22:1f:9c:2d:6d:87:be:ef:82:aa:aa:b1:
7d:d9:a1:d8:1d:d6:a6:0b:16:2d:ac:85:bb:6c:fe:87:b0:69:
1b:21:d7:d2:64:bf:89:b8:8b:f9:fc:ac:2e:12:39:96:6d:72:
7e:a8:a7:87:54:2c:7c:cb:c0:69:6d:af:19:33:97:a7:a3:3d:
61:c6:99:1a:dd:24:42:77:36:41:fb:b2:c5:d8:d9:49:5c:ce:
be:8b:a3:75:9d:6f:15:34:a0:13:41:de:a7:4c:6c:e3:2e:10:
86:f3:8f:7f:de:ec:ad:9e:fb:2e:bd:38:0c:b6:8f:17:eb:1a:
91:79:c1:f8:be:ba:46:a5:49:ae:1a:6c:84:cd:98:9e:2b:2d:
b2:70:7d:1c:a1:7d:e8:a4:cf:03:91:c4:77:79:ba:1a:d2:d3:
92:06:83:23:59:60:91:cb:2b:6e:eb:0c:3a:de:f6:8b:7b:fe:
69:d7:aa:32:07:60:84:80:d3:8e:b1:14:dc:a5:29:80:19:29:
19:96:83:fe:8f:14:79:d2:86:fa:60:fe:dc:77:9b:db:b9:ed:
f7:33:2e:a3:c2:32:10:ed:3e:33:73:4c:07:a7:31:d9:32:0c:
87:f3:f0:da:df:09:4c:c0:c2:fe:3d:2c:11:eb:49:05:6a:1f:
dd:4e:6f:86
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgISAZ41txXnHJD8LIPnDvcwDC8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwNTE3MTEzNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTM3MjE3MDFkMzRlNTJjMWQ4NDczYTg5ZTQ4M2YxNGY2MDIzOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnvI7YmJBSNiQjmDyWj9Z6iSFYuZ
UmAOSUPZ8L62gMVvyQL87J8oEC5rzcpUwS/f3Uf1MRnBPmUQkKP29LwmzH+bUxEh
1moxA5krstGCRoDZVLU5uDChmLBRaMH53TpZ3/xaitIoJa6AY6E8e3VdTCPROTAX
PJwUO2T9xV+WykyCHYsQU2nhEhDmVs+dnQR81iMdujk3nueTx1We0XhIIRUXHSrF
mNSkE/C6HB0/PSpBWgSpO8eII3Jhw/WXb0eCggFmU/YS/RpJIhA7Cni0eZODK8zz
UDITgXCEXU/koG+yhFTetGAWDidt0P9SeLFtt7fH33X5C1i9wDudv2WtdQIDAQAB
o4ICxTCCAsEwHQYDVR0OBBYEFGo3IXAdNOUsHYRzqJ5IPxT2Ajm5MB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvYWpjaGNCMDA1U3dkaEhPb25rZ19GUFlDT2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHaBggrBgEFBQcBBwEB/wSByjCBxzCBxAQCAAEwgb0wCwMD
AwL4AwQGAv+AAwMAPhQDBAZNbgADAwROQAMDBFHgAwQGUtYAAwQGVQsAAwMEWuAD
BAdc/oADBAdfbQADAwRfwAMEAINzNAMEArln0AMEBbx+4AMEAcAQmDAMAwQBwJY6
AwQBwJZEMAwDBAHAlk4DBAHAllADAwHBLDAKAwMEwhADAwDCEgMDAcIWAwMAwtoD
AwHC7AMDAMNDAwMAw8YDBAXD/CADBAXUHMADAwDUtQMDAtVAAwMD2dAwDQYJKoZI
hvcNAQELBQADggEBAG+mQRL6PCIfnC1th77vgqqqsX3Zodgd1qYLFi2shbts/oew
aRsh19Jkv4m4i/n8rC4SOZZtcn6op4dULHzLwGltrxkzl6ejPWHGmRrdJEJ3NkH7
ssXY2Ulczr6Lo3WdbxU0oBNB3qdMbOMuEIbzj3/e7K2e+y69OAy2jxfrGpF5wfi+
ukalSa4abITNmJ4rLbJwfRyhfeikzwORxHd5uhrS05IGgyNZYJHLK27rDDre9ot7
/mnXqjIHYISA046xFNylKYAZKRmWg/6PFHnShvpg/tx3m9u57fczLqPCMhDtPjNz
TAenMdkyDIfz8NrfCUzAwv49LBHrSQVqH91Ob4Y=
-----END CERTIFICATE-----
Generated at Thu Jun 11 16:26:06 2026 by rpki-client