Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nrs2AW_1W34W4yVaQNbZaYmdsXY.roa
File: nrs2AW_1W34W4yVaQNbZaYmdsXY.roa (raw, json)
Hash identifier: tu5x+Vgc2AKcsvGLH5aaNO01V0Hxqv1twbI0j4bcYDA=
Subject key identifier: 9E:BB:36:01:6F:F5:5B:7E:16:E3:25:5A:40:D6:D9:69:89:9D:B1:76
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019EB69F476491C3A470F306F189DEE24F5F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nrs2AW_1W34W4yVaQNbZaYmdsXY.roa
Signing time: Thu 11 Jun 2026 12:19:12 +0000
ROA not before: Thu 11 Jun 2026 12:19:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3301
IP address blocks: 192.36.96.0/24 maxlen: 24
192.71.33.0/24 maxlen: 24
192.121.40.0/24 maxlen: 24
192.121.50.0/23 maxlen: 23
192.121.52.0/24 maxlen: 24
192.121.109.0/24 maxlen: 24
192.121.115.0/24 maxlen: 24
192.121.229.0/24 maxlen: 24
192.165.8.0/24 maxlen: 24
192.165.12.0/24 maxlen: 24
192.165.31.0/24 maxlen: 24
192.165.95.0/24 maxlen: 24
192.165.173.0/24 maxlen: 24
192.165.180.0/24 maxlen: 24
192.165.229.0/24 maxlen: 24
192.176.124.0/24 maxlen: 24
193.180.7.0/24 maxlen: 24
193.180.175.0/24 maxlen: 24
193.180.176.0/24 maxlen: 24
193.181.72.0/24 maxlen: 24
193.181.73.0/24 maxlen: 24
193.181.74.0/24 maxlen: 24
193.181.184.0/23 maxlen: 23
193.182.107.0/24 maxlen: 24
193.182.126.0/24 maxlen: 24
193.182.152.0/23 maxlen: 23
193.182.152.0/24 maxlen: 24
193.182.153.0/24 maxlen: 24
193.182.188.0/24 maxlen: 24
193.182.190.0/24 maxlen: 24
193.183.228.0/23 maxlen: 23
193.183.230.0/23 maxlen: 23
193.183.236.0/23 maxlen: 23
193.234.184.0/24 maxlen: 24
193.234.185.0/24 maxlen: 24
193.235.152.0/24 maxlen: 24
194.14.8.0/24 maxlen: 24
194.14.154.0/24 maxlen: 24
194.14.155.0/24 maxlen: 24
194.14.156.0/24 maxlen: 24
194.14.245.0/24 maxlen: 24
194.68.72.0/22 maxlen: 22
194.68.76.0/23 maxlen: 23
194.68.79.0/24 maxlen: 24
194.68.94.0/24 maxlen: 24
194.68.127.0/24 maxlen: 24
194.71.132.0/22 maxlen: 22
194.103.240.0/21 maxlen: 21
194.132.95.0/24 maxlen: 24
194.132.188.0/23 maxlen: 23
194.132.190.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 12:19:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:b6:9f:47:64:91:c3:a4:70:f3:06:f1:89:de:e2:4f:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Jun 11 12:19:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9ebb36016ff55b7e16e3255a40d6d969899db176
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:8d:e9:dc:55:ac:b9:39:30:a8:73:5c:5c:81:
09:60:f6:d6:80:07:79:0f:d6:00:c5:a1:07:28:cc:
f4:7c:59:24:6b:d7:4c:88:59:b0:ba:13:f5:09:74:
93:cf:9e:96:08:e2:65:80:0a:33:bf:6e:f6:fb:14:
19:cf:d5:14:a6:fa:03:7e:7e:b1:45:40:0a:ce:9b:
35:27:17:13:13:6b:6c:34:2b:8e:cf:90:ac:b6:cc:
ad:e2:ff:e9:1b:64:6f:1c:a5:63:6d:94:61:38:4b:
10:d1:8f:56:16:18:29:40:cf:91:14:36:48:dc:8d:
5b:fa:ff:e5:6d:b9:65:c9:d9:ec:61:b4:f7:d7:39:
9c:18:d0:2a:ac:02:c1:ef:e5:c8:39:4f:4b:a6:62:
2a:27:e4:c7:20:47:af:c3:62:bf:d9:d2:bd:d1:6b:
19:11:33:07:78:34:e6:80:d4:90:83:94:20:43:e4:
99:a4:46:82:e6:29:bf:76:94:90:61:89:d5:60:a1:
a1:73:fc:2a:5e:28:a4:de:92:ef:bc:e3:a6:71:80:
72:91:b3:c6:76:a1:ce:3c:4d:84:d8:13:fe:fd:6c:
f7:df:ce:d7:3c:f5:89:8a:ee:a6:96:cc:d7:92:f5:
96:e8:84:c6:1c:a6:b7:94:20:57:2d:85:f4:e2:d0:
c9:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:BB:36:01:6F:F5:5B:7E:16:E3:25:5A:40:D6:D9:69:89:9D:B1:76
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nrs2AW_1W34W4yVaQNbZaYmdsXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.96.0/24
192.71.33.0/24
192.121.40.0/24
192.121.50.0-192.121.52.255
192.121.109.0/24
192.121.115.0/24
192.121.229.0/24
192.165.8.0/24
192.165.12.0/24
192.165.31.0/24
192.165.95.0/24
192.165.173.0/24
192.165.180.0/24
192.165.229.0/24
192.176.124.0/24
193.180.7.0/24
193.180.175.0-193.180.176.255
193.181.72.0-193.181.74.255
193.181.184.0/23
193.182.107.0/24
193.182.126.0/24
193.182.152.0/23
193.182.188.0/24
193.182.190.0/24
193.183.228.0/22
193.183.236.0/23
193.234.184.0/23
193.235.152.0/24
194.14.8.0/24
194.14.154.0-194.14.156.255
194.14.245.0/24
194.68.72.0-194.68.77.255
194.68.79.0/24
194.68.94.0/24
194.68.127.0/24
194.71.132.0/22
194.103.240.0/21
194.132.95.0/24
194.132.188.0/22
Signature Algorithm: sha256WithRSAEncryption
71:56:8a:02:97:2d:69:57:4f:9e:d6:94:c6:51:52:89:da:ed:
f6:1a:88:f1:72:09:70:50:01:41:10:62:95:03:f8:5e:a5:fd:
ee:8e:25:12:4b:24:59:41:e4:f2:3b:d5:07:ab:66:06:35:1f:
6a:67:76:00:54:91:cf:41:9a:0b:14:f7:11:3b:e1:c7:8e:08:
0b:bf:e9:e4:04:1f:cd:a2:c4:c1:cf:90:e1:33:3c:59:f1:46:
d6:59:d5:77:85:15:da:60:c6:13:03:7c:a2:ae:66:f0:e9:ff:
c0:bb:f2:ee:b2:42:00:62:14:b3:54:fa:11:26:ac:99:c8:f5:
24:55:39:46:b6:38:97:a1:86:85:8a:3f:e6:b2:d1:86:f9:9d:
15:39:c8:0a:af:31:c0:2a:91:53:24:ec:3d:e4:55:c6:72:57:
f7:b8:82:04:ee:d0:cb:44:8a:69:59:2d:e7:ae:8c:95:7b:ce:
f2:2c:47:72:b1:cc:f4:99:1f:75:13:54:1b:c3:26:9d:41:00:
79:b4:32:6b:2c:73:66:1d:d4:14:a7:a3:0c:07:b8:8b:6b:db:
72:7a:e7:9c:c6:53:f4:77:b2:85:04:1b:7c:08:f4:69:8c:30:
a8:9d:f0:94:2c:7c:27:57:5d:33:1e:ab:04:17:e2:2f:1b:fe:
58:f4:54:5f
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAZ62n0dkkcOkcPMG8Yne4k9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwNjExMTIxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWJiMzYwMTZmZjU1YjdlMTZlMzI1NWE0MGQ2ZDk2OTg5OWRiMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o3p3FWsuTkwqHNcXIEJYPbWgAd5
D9YAxaEHKMz0fFkka9dMiFmwuhP1CXSTz56WCOJlgAozv272+xQZz9UUpvoDfn6x
RUAKzps1JxcTE2tsNCuOz5Cstsyt4v/pG2RvHKVjbZRhOEsQ0Y9WFhgpQM+RFDZI
3I1b+v/lbbllydnsYbT31zmcGNAqrALB7+XIOU9LpmIqJ+THIEevw2K/2dK90WsZ
ETMHeDTmgNSQg5QgQ+SZpEaC5im/dpSQYYnVYKGhc/wqXiik3pLvvOOmcYBykbPG
dqHOPE2E2BP+/Wz3387XPPWJiu6mlszXkvWW6ITGHKa3lCBXLYX04tDJQwIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFJ67NgFv9Vt+FuMlWkDW2WmJnbF2MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvbnJzMkFXXzFXMzRXNHlWYVFOYlphWW1kc1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMwYIKwYBBQUHAQcBAf8EggEiMIIBHjCCARoEAgABMIIB
EgMEAMAkYAMEAMBHIQMEAMB5KDAMAwQBwHkyAwQAwHk0AwQAwHltAwQAwHlzAwQA
wHnlAwQAwKUIAwQAwKUMAwQAwKUfAwQAwKVfAwQAwKWtAwQAwKW0AwQAwKXlAwQA
wLB8AwQAwbQHMAwDBADBtK8DBADBtLAwDAMEA8G1SAMEAMG1SgMEAcG1uAMEAMG2
awMEAMG2fgMEAcG2mAMEAMG2vAMEAMG2vgMEAsG35AMEAcG37AMEAcHquAMEAMHr
mAMEAMIOCDAMAwQBwg6aAwQAwg6cAwQAwg71MAwDBAPCREgDBAHCREwDBADCRE8D
BADCRF4DBADCRH8DBALCR4QDBAPCZ/ADBADChF8DBALChLwwDQYJKoZIhvcNAQEL
BQADggEBAHFWigKXLWlXT57WlMZRUona7fYaiPFyCXBQAUEQYpUD+F6l/e6OJRJL
JFlB5PI71QerZgY1H2pndgBUkc9BmgsU9xE74ceOCAu/6eQEH82ixMHPkOEzPFnx
RtZZ1XeFFdpgxhMDfKKuZvDp/8C78u6yQgBiFLNU+hEmrJnI9SRVOUa2OJehhoWK
P+ay0Yb5nRU5yAqvMcAqkVMk7D3kVcZyV/e4ggTu0MtEimlZLeeujJV7zvIsR3Kx
zPSZH3UTVBvDJp1BAHm0Mmssc2Yd1BSnowwHuItr23J655zGU/R3soUEG3wI9GmM
MKid8JQsfCdXXTMeqwQX4i8b/lj0VF8=
-----END CERTIFICATE-----
Generated at Thu Jun 11 16:26:14 2026 by rpki-client