Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/pwt_ioJbMxlvLIPCon7PXpWskZU.roa
File: pwt_ioJbMxlvLIPCon7PXpWskZU.roa (raw, json)
Hash identifier: zcwi8wS4gYFNgtFK2T8uPDXbVbH+F1vwepDSAScp8GU=
Subject key identifier: A7:0B:7F:8A:82:5B:33:19:6F:2C:83:C2:A2:7E:CF:5E:95:AC:91:95
Certificate issuer: /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial: 019CBA59EA4A819EC91913780D478156C134
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/pwt_ioJbMxlvLIPCon7PXpWskZU.roa
Signing time: Wed 04 Mar 2026 19:36:20 +0000
ROA not before: Wed 04 Mar 2026 19:36:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199959
IP address blocks: 2.58.14.0/23 maxlen: 23
5.183.95.0/24 maxlen: 24
45.86.162.0/24 maxlen: 24
45.86.163.0/24 maxlen: 24
46.30.188.0/24 maxlen: 24
46.30.189.0/24 maxlen: 24
46.30.190.0/24 maxlen: 24
46.30.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Mar 2026 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ba:59:ea:4a:81:9e:c9:19:13:78:0d:47:81:56:c1:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Validity
Not Before: Mar 4 19:36:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a70b7f8a825b33196f2c83c2a27ecf5e95ac9195
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:71:4b:28:d9:a6:e5:76:31:44:6b:63:8c:8a:
28:05:d8:14:43:1d:68:37:4e:ef:d8:83:2c:a1:af:
68:a6:0e:90:53:cc:d7:31:1d:9b:96:ab:9f:4b:38:
f7:c7:df:42:11:e7:da:39:8c:41:71:d4:27:9c:a5:
2c:d0:31:fe:ec:d2:18:d7:f0:c7:eb:a9:65:c1:a2:
04:f9:f3:c0:14:14:8e:40:af:49:3b:ee:1a:28:eb:
8f:69:32:c0:8e:c4:20:52:ec:e7:92:d1:cf:eb:d7:
5a:bd:0c:5a:29:1a:18:6e:42:ed:2d:90:e0:d4:04:
70:5b:da:8c:18:a6:7c:ea:ac:87:f4:35:fe:19:0b:
78:63:52:9e:0b:3a:0a:bb:70:31:65:9d:81:9a:09:
1e:73:7e:16:56:7b:be:b2:15:16:96:fe:89:6c:ab:
07:c2:7c:de:d4:ec:b3:5a:60:27:36:5d:b5:c4:fe:
b5:ab:00:19:06:a8:b9:e6:43:bb:bb:78:4a:24:7e:
ab:e4:95:7f:c6:56:26:46:55:a9:8c:b6:3e:08:e0:
72:aa:12:19:36:61:d5:7b:87:df:d1:1f:64:bf:74:
53:5a:af:d2:4a:ce:3f:50:61:4f:44:ce:a5:cd:30:
13:71:89:1a:3d:69:13:56:f0:17:ec:2d:01:7c:74:
a3:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:0B:7F:8A:82:5B:33:19:6F:2C:83:C2:A2:7E:CF:5E:95:AC:91:95
X509v3 Authority Key Identifier:
keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/pwt_ioJbMxlvLIPCon7PXpWskZU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.14.0/23
5.183.95.0/24
45.86.162.0/23
46.30.188.0/22
Signature Algorithm: sha256WithRSAEncryption
ae:df:8d:72:c5:67:b0:03:ce:17:da:2f:f6:80:6d:a3:d6:0f:
86:48:31:ea:29:14:15:05:7f:95:03:c1:46:e1:21:c8:a2:70:
17:cb:a1:68:d1:a5:92:e3:65:bd:98:4b:b8:db:40:fc:c4:c7:
b0:8c:85:ec:79:34:a0:70:cd:db:e2:71:13:50:78:54:71:0e:
7d:17:70:b9:ef:db:10:b9:97:d1:0e:f5:85:90:b0:60:11:25:
b9:47:95:42:6b:38:32:9e:ec:6d:ed:2e:2d:8e:8b:6b:e3:74:
2e:77:ed:fe:23:cc:ab:f9:05:1c:dc:06:2c:6d:22:5e:cc:b2:
44:65:6c:57:31:fd:48:9e:52:bf:da:3a:25:81:ae:9f:44:db:
84:e3:f6:23:07:b4:b6:6a:e0:76:e8:2d:07:a9:de:96:1d:c1:
bc:ca:a5:0f:90:39:de:0b:4f:3f:37:ff:61:46:3d:49:1d:21:
5f:15:8b:1d:ec:ee:2c:f7:19:f6:f0:4d:6d:50:54:c0:c5:ff:
54:fc:08:60:3c:64:45:52:56:36:26:e8:ba:d1:a6:de:a3:b3:
42:8f:9e:89:15:a2:77:99:ed:66:5a:30:91:51:ed:28:f5:a7:
a6:2d:da:d6:2a:95:46:c6:b3:39:7e:1b:ea:42:24:9e:38:55:
83:02:8c:44
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZy6WepKgZ7JGRN4DUeBVsE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjYwMzA0MTkzNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBiN2Y4YTgyNWIzMzE5NmYyYzgzYzJhMjdlY2Y1ZTk1YWM5MTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nFLKNmm5XYxRGtjjIooBdgUQx1o
N07v2IMsoa9opg6QU8zXMR2blqufSzj3x99CEefaOYxBcdQnnKUs0DH+7NIY1/DH
66llwaIE+fPAFBSOQK9JO+4aKOuPaTLAjsQgUuznktHP69davQxaKRoYbkLtLZDg
1ARwW9qMGKZ86qyH9DX+GQt4Y1KeCzoKu3AxZZ2Bmgkec34WVnu+shUWlv6JbKsH
wnze1OyzWmAnNl21xP61qwAZBqi55kO7u3hKJH6r5JV/xlYmRlWpjLY+COByqhIZ
NmHVe4ff0R9kv3RTWq/SSs4/UGFPRM6lzTATcYkaPWkTVvAX7C0BfHSjYwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKcLf4qCWzMZbyyDwqJ+z16VrJGVMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvcHd0X2lvSmJNeGx2TElQQ29uN1BYcFdza1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBAjoOAwQA
BbdfAwQBLVaiAwQCLh68MA0GCSqGSIb3DQEBCwUAA4IBAQCu341yxWewA84X2i/2
gG2j1g+GSDHqKRQVBX+VA8FG4SHIonAXy6Fo0aWS42W9mEu420D8xMewjIXseTSg
cM3b4nETUHhUcQ59F3C579sQuZfRDvWFkLBgESW5R5VCazgynuxt7S4tjotr43Qu
d+3+I8yr+QUc3AYsbSJezLJEZWxXMf1InlK/2jolga6fRNuE4/YjB7S2auB26C0H
qd6WHcG8yqUPkDneC08/N/9hRj1JHSFfFYsd7O4s9xn28E1tUFTAxf9U/AhgPGRF
UlY2Jui60abeo7NCj56JFaJ3me1mWjCRUe0o9aemLdrWKpVGxrM5fhvqQiSeOFWD
AoxE
-----END CERTIFICATE-----
Generated at Wed Mar 11 06:46:54 2026 by rpki-client