Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/iCTaAMs05oLhbwtXWXpZQJoU3k0.roa
File: iCTaAMs05oLhbwtXWXpZQJoU3k0.roa (raw, json)
Hash identifier: usJINLMRL56l8UXnLdaOyblHK8idpM1v2JOHfQZdpJo=
Subject key identifier: 88:24:DA:00:CB:34:E6:82:E1:6F:0B:57:59:7A:59:40:9A:14:DE:4D
Certificate issuer: /CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Certificate serial: 019D0B411C5753A4ECCF9F1DE0907A2BBC85
Authority key identifier: 9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/iCTaAMs05oLhbwtXWXpZQJoU3k0.roa
Signing time: Fri 20 Mar 2026 12:38:29 +0000
ROA not before: Fri 20 Mar 2026 12:38:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209854
IP address blocks: 92.249.36.0/24 maxlen: 24
92.249.37.0/24 maxlen: 24
92.249.38.0/24 maxlen: 24
92.249.39.0/24 maxlen: 24
172.216.0.0/16 maxlen: 16
172.216.0.0/24 maxlen: 24
172.216.1.0/24 maxlen: 24
172.216.2.0/24 maxlen: 24
172.216.3.0/24 maxlen: 24
172.216.4.0/24 maxlen: 24
172.216.5.0/24 maxlen: 24
172.216.6.0/24 maxlen: 24
172.216.7.0/24 maxlen: 24
172.216.8.0/24 maxlen: 24
172.216.9.0/24 maxlen: 24
172.216.10.0/24 maxlen: 24
172.216.11.0/24 maxlen: 24
172.216.12.0/24 maxlen: 24
172.216.13.0/24 maxlen: 24
172.216.14.0/24 maxlen: 24
172.216.15.0/24 maxlen: 24
172.216.16.0/24 maxlen: 24
172.216.17.0/24 maxlen: 24
203.21.66.0/24 maxlen: 24
2a09:a700::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.mft
rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 02:18:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:41:1c:57:53:a4:ec:cf:9f:1d:e0:90:7a:2b:bc:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a24b27d9f3df6e14ebc79e146e8be32754bf800
Validity
Not Before: Mar 20 12:38:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8824da00cb34e682e16f0b57597a59409a14de4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ed:f4:a9:27:f2:56:eb:8a:f7:87:50:ed:11:
14:94:bc:ec:8a:27:b4:f3:22:78:55:3b:ea:69:4a:
44:5d:46:f0:84:b0:4c:ed:98:e0:87:4f:12:48:b6:
78:79:79:af:39:ee:9a:80:d6:35:50:1c:c6:14:43:
b7:39:2d:33:ad:de:c1:9b:4b:23:f5:58:4d:7e:ad:
4d:45:66:f3:c3:34:92:78:b1:59:48:e5:33:ba:99:
8e:0a:0c:4a:43:62:bc:ae:a8:e3:03:e8:95:9f:4e:
55:f5:73:be:88:8e:8a:98:34:4a:aa:47:3f:9a:f4:
cc:67:f8:dc:f9:c4:09:59:1e:5c:31:24:a2:c3:75:
cc:49:28:9c:04:14:14:8a:39:d5:3b:cc:de:a7:62:
fb:41:0e:f1:41:59:f7:f5:6a:2c:12:d7:f2:b6:4f:
4d:29:89:92:a3:7c:12:36:74:14:1b:e8:31:57:ae:
6a:6c:24:30:df:1a:c2:f4:46:c5:6b:00:da:6d:f6:
09:a4:cb:45:a8:76:07:c9:5f:14:3d:e8:e2:af:ac:
76:ab:33:28:f7:a5:bc:2e:30:46:bf:77:65:41:e5:
bb:a0:05:0f:db:b5:59:a0:b5:45:27:47:a8:54:5f:
83:61:9c:ae:0b:6d:a0:89:c2:25:9e:a7:73:d3:21:
8a:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:24:DA:00:CB:34:E6:82:E1:6F:0B:57:59:7A:59:40:9A:14:DE:4D
X509v3 Authority Key Identifier:
keyid:9A:24:B2:7D:9F:3D:F6:E1:4E:BC:79:E1:46:E8:BE:32:75:4B:F8:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miSyfZ899uFOvHnhRui-MnVL-AA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/iCTaAMs05oLhbwtXWXpZQJoU3k0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/0251f2-a1bb-44fb-b908-48d5ff4ba255/1/miSyfZ899uFOvHnhRui-MnVL-AA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.249.36.0/22
172.216.0.0/16
203.21.66.0/24
IPv6:
2a09:a700::/29
Signature Algorithm: sha256WithRSAEncryption
26:d2:96:a7:13:b4:01:83:53:e0:f5:f7:8b:fa:0e:da:a5:89:
23:61:a4:27:6c:16:59:e8:3a:23:4c:ab:f9:68:6c:0c:cf:f0:
9d:21:1d:37:43:5a:b1:af:28:98:e0:c6:9d:5f:f5:f9:75:ee:
75:22:c1:c6:5d:36:c3:c2:05:93:d3:b2:9e:0b:c1:a6:d7:9c:
ba:c8:aa:e4:c5:d0:3f:0b:f4:d5:b9:05:c3:6d:39:73:38:3c:
32:9b:b2:3a:97:61:01:70:3f:58:d0:89:db:1b:a9:00:7e:28:
51:50:c0:d5:1d:c8:88:13:f9:1e:1d:e4:ad:67:6c:eb:15:92:
15:8e:15:8e:24:39:33:63:5b:2d:79:32:dd:83:85:8d:2e:2b:
04:66:68:84:20:56:d8:82:42:75:63:f6:45:c8:5d:92:d7:56:
1d:e2:e1:8d:73:f3:83:6e:78:85:35:6f:d5:10:3d:9d:7f:6b:
e0:7b:62:05:2a:31:01:3d:95:4f:e3:e8:81:6c:af:61:0b:2c:
85:21:0b:85:01:f2:01:63:a7:d6:96:13:7a:84:2d:41:6e:3e:
c1:93:dc:ab:20:cc:5a:c4:73:f2:be:8e:5e:35:d3:50:ff:51:
32:16:5f:dc:20:7e:35:e8:fc:c7:df:5f:b9:da:09:1a:94:4a:
46:20:92:9b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0LQRxXU6Tsz58d4JB6K7yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjRiMjdkOWYzZGY2ZTE0ZWJjNzllMTQ2ZThiZTMyNzU0
YmY4MDAwHhcNMjYwMzIwMTIzODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI0ZGEwMGNiMzRlNjgyZTE2ZjBiNTc1OTdhNTk0MDlhMTRkZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu30qSfyVuuK94dQ7REUlLzsiie0
8yJ4VTvqaUpEXUbwhLBM7Zjgh08SSLZ4eXmvOe6agNY1UBzGFEO3OS0zrd7Bm0sj
9VhNfq1NRWbzwzSSeLFZSOUzupmOCgxKQ2K8rqjjA+iVn05V9XO+iI6KmDRKqkc/
mvTMZ/jc+cQJWR5cMSSiw3XMSSicBBQUijnVO8zep2L7QQ7xQVn39WosEtfytk9N
KYmSo3wSNnQUG+gxV65qbCQw3xrC9EbFawDabfYJpMtFqHYHyV8UPejir6x2qzMo
96W8LjBGv3dlQeW7oAUP27VZoLVFJ0eoVF+DYZyuC22gicIlnqdz0yGKVwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIgk2gDLNOaC4W8LV1l6WUCaFN5NMB8GA1UdIwQY
MBaAFJoksn2fPfbhTrx54UbovjJ1S/gAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgt
NDhkNWZmNGJhMjU1LzEvaUNUYUFNczA1b0xoYnd0WFdYcFpRSm9VM2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjUxZjItYTFiYi00NGZiLWI5MDgtNDhkNWZmNGJhMjU1
LzEvbWlTeWZaODk5dUZPdkhuaFJ1aS1NblZMLUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQCXPkkAwMA
rNgDBADLFUIwDQQCAAIwBwMFAyoJpwAwDQYJKoZIhvcNAQELBQADggEBACbSlqcT
tAGDU+D194v6DtqliSNhpCdsFlnoOiNMq/lobAzP8J0hHTdDWrGvKJjgxp1f9fl1
7nUiwcZdNsPCBZPTsp4LwabXnLrIquTF0D8L9NW5BcNtOXM4PDKbsjqXYQFwP1jQ
idsbqQB+KFFQwNUdyIgT+R4d5K1nbOsVkhWOFY4kOTNjWy15Mt2DhY0uKwRmaIQg
VtiCQnVj9kXIXZLXVh3i4Y1z84NueIU1b9UQPZ1/a+B7YgUqMQE9lU/j6IFsr2EL
LIUhC4UB8gFjp9aWE3qELUFuPsGT3KsgzFrEc/K+jl4101D/UTIWX9wgfjXo/Mff
X7naCRqUSkYgkps=
-----END CERTIFICATE-----
Generated at Sat Mar 21 09:17:02 2026 by rpki-client