Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/b85WZYesEi0RQp9NdWYFgrB9Lz8.roa
File: b85WZYesEi0RQp9NdWYFgrB9Lz8.roa (raw, json)
Hash identifier: rwTbd19P+92X2bz5SdKeDNmZF+ZDVA4/K+B8Mfkklco=
Subject key identifier: 6F:CE:56:65:87:AC:12:2D:11:42:9F:4D:75:66:05:82:B0:7D:2F:3F
Certificate issuer: /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial: 019DB52AAF5FA3A2105A4CC4304D778BF68D
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/b85WZYesEi0RQp9NdWYFgrB9Lz8.roa
Signing time: Wed 22 Apr 2026 12:29:26 +0000
ROA not before: Wed 22 Apr 2026 12:29:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2116
IP address blocks: 31.185.24.0/21 maxlen: 21
37.191.128.0/17 maxlen: 17
62.63.0.0/18 maxlen: 18
62.101.192.0/18 maxlen: 18
64.28.0.0/19 maxlen: 19
77.40.128.0/17 maxlen: 17
77.88.64.0/18 maxlen: 18
77.234.48.0/21 maxlen: 21
77.241.96.0/20 maxlen: 20
78.24.144.0/21 maxlen: 21
79.135.0.0/19 maxlen: 19
80.64.192.0/20 maxlen: 20
80.241.80.0/20 maxlen: 20
81.0.128.0/18 maxlen: 18
81.175.0.0/20 maxlen: 20
81.175.20.0/22 maxlen: 22
81.175.24.0/21 maxlen: 21
81.175.32.0/19 maxlen: 19
81.191.0.0/16 maxlen: 16
82.196.192.0/19 maxlen: 19
84.20.96.0/19 maxlen: 19
85.112.128.0/19 maxlen: 19
85.196.64.0/18 maxlen: 18
85.221.0.0/17 maxlen: 17
85.252.0.0/16 maxlen: 16
86.62.128.0/18 maxlen: 18
87.118.0.0/18 maxlen: 18
88.84.160.0/19 maxlen: 19
89.191.0.0/19 maxlen: 19
91.135.32.0/20 maxlen: 20
91.202.80.0/22 maxlen: 22
109.199.192.0/19 maxlen: 19
178.74.0.0/18 maxlen: 18
185.8.16.0/22 maxlen: 22
185.35.80.0/22 maxlen: 22
185.67.116.0/22 maxlen: 22
185.67.116.0/24 maxlen: 24
185.129.156.0/22 maxlen: 22
193.69.0.0/16 maxlen: 16
193.71.0.0/16 maxlen: 16
193.75.0.0/17 maxlen: 17
193.90.0.0/16 maxlen: 16
193.91.128.0/17 maxlen: 17
194.19.0.0/17 maxlen: 17
194.29.200.0/22 maxlen: 22
194.54.96.0/19 maxlen: 19
195.0.128.0/17 maxlen: 17
195.1.0.0/16 maxlen: 16
195.18.128.0/17 maxlen: 17
195.139.0.0/16 maxlen: 16
195.159.0.0/16 maxlen: 16
195.204.0.0/16 maxlen: 16
212.62.224.0/19 maxlen: 19
212.71.64.0/19 maxlen: 19
213.52.0.0/17 maxlen: 17
213.151.128.0/19 maxlen: 19
213.158.224.0/19 maxlen: 19
213.160.224.0/20 maxlen: 20
213.160.240.0/21 maxlen: 21
213.172.192.0/19 maxlen: 19
213.239.64.0/18 maxlen: 18
217.8.128.0/19 maxlen: 19
217.14.0.0/20 maxlen: 20
217.77.32.0/20 maxlen: 20
217.118.32.0/19 maxlen: 19
217.144.224.0/19 maxlen: 19
2001:840::/29 maxlen: 29
2001:8c0::/29 maxlen: 29
2001:8c0:a906::/48 maxlen: 48
2001:4dd8::/29 maxlen: 29
2a00:c440::/29 maxlen: 29
2a01:520::/29 maxlen: 29
2a02:270::/29 maxlen: 29
2a03:c000::/29 maxlen: 29
2a04:6340::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Apr 2026 23:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b5:2a:af:5f:a3:a2:10:5a:4c:c4:30:4d:77:8b:f6:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Validity
Not Before: Apr 22 12:29:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6fce566587ac122d11429f4d75660582b07d2f3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fd:a6:10:b2:5d:25:b7:b7:dd:7e:24:43:04:
82:b9:8c:ef:ed:07:d6:62:c7:ae:d6:ec:44:4f:34:
de:0d:ea:76:80:ef:10:35:04:50:ce:b3:c2:3e:ca:
e3:34:4f:37:37:45:4d:50:8d:16:9e:b0:71:ff:58:
e9:84:66:6b:de:b3:3c:be:64:00:fc:1b:8a:4c:73:
89:c0:1c:b0:10:d3:dc:8a:79:36:20:f0:84:6c:14:
ef:a7:46:e2:67:05:ad:ef:ca:b7:6f:eb:75:f3:2a:
43:bf:e2:2f:f0:62:54:10:8c:49:9e:e2:38:5e:f5:
42:1e:08:af:71:5b:f1:7b:f0:41:a6:98:d4:35:90:
61:3c:be:8b:14:9f:6b:16:0e:2b:50:e3:f1:bb:5e:
5c:16:2b:f9:17:17:10:b6:c5:21:29:7e:40:d2:68:
ca:26:9e:96:97:be:6d:31:b2:83:d5:2c:b1:a7:94:
3f:24:50:09:1d:f0:47:e7:ca:24:f9:e6:b9:e4:c9:
90:1c:e7:33:0f:2f:d3:62:64:6d:de:10:bd:ce:8d:
06:fb:68:e1:eb:53:da:98:1d:61:2c:92:28:bf:53:
63:4a:47:2c:48:97:62:c3:c2:c8:38:da:f1:48:aa:
65:28:7b:d3:67:1e:2a:b7:a4:42:c2:43:ea:88:22:
4f:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:CE:56:65:87:AC:12:2D:11:42:9F:4D:75:66:05:82:B0:7D:2F:3F
X509v3 Authority Key Identifier:
keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/b85WZYesEi0RQp9NdWYFgrB9Lz8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.185.24.0/21
37.191.128.0/17
62.63.0.0/18
62.101.192.0/18
64.28.0.0/19
77.40.128.0/17
77.88.64.0/18
77.234.48.0/21
77.241.96.0/20
78.24.144.0/21
79.135.0.0/19
80.64.192.0/20
80.241.80.0/20
81.0.128.0/18
81.175.0.0/20
81.175.20.0-81.175.63.255
81.191.0.0/16
82.196.192.0/19
84.20.96.0/19
85.112.128.0/19
85.196.64.0/18
85.221.0.0/17
85.252.0.0/16
86.62.128.0/18
87.118.0.0/18
88.84.160.0/19
89.191.0.0/19
91.135.32.0/20
91.202.80.0/22
109.199.192.0/19
178.74.0.0/18
185.8.16.0/22
185.35.80.0/22
185.67.116.0/22
185.129.156.0/22
193.69.0.0/16
193.71.0.0/16
193.75.0.0/17
193.90.0.0/16
193.91.128.0/17
194.19.0.0/17
194.29.200.0/22
194.54.96.0/19
195.0.128.0-195.1.255.255
195.18.128.0/17
195.139.0.0/16
195.159.0.0/16
195.204.0.0/16
212.62.224.0/19
212.71.64.0/19
213.52.0.0/17
213.151.128.0/19
213.158.224.0/19
213.160.224.0-213.160.247.255
213.172.192.0/19
213.239.64.0/18
217.8.128.0/19
217.14.0.0/20
217.77.32.0/20
217.118.32.0/19
217.144.224.0/19
IPv6:
2001:840::/29
2001:8c0::/29
2001:4dd8::/29
2a00:c440::/29
2a01:520::/29
2a02:270::/29
2a03:c000::/29
2a04:6340::/29
Signature Algorithm: sha256WithRSAEncryption
00:41:6b:59:68:d3:a6:f5:b9:dd:84:7c:4e:8d:58:7b:f4:ad:
a7:65:b7:60:ae:43:bd:1e:15:8a:bf:e7:ac:ec:4c:f3:9c:5f:
9b:8d:c0:55:a0:21:53:09:c3:be:fb:24:93:30:4c:9f:78:4b:
b6:94:1a:c9:cb:9d:d1:0b:ae:65:b5:a9:c4:8c:df:51:d1:79:
32:2e:ee:7e:e6:f0:6e:72:9f:ea:f2:8e:06:2f:1d:97:0d:39:
00:d3:97:19:94:d1:f5:c8:65:65:ed:89:43:16:7d:70:8d:1d:
58:46:7c:9b:65:df:69:c4:bc:aa:cb:5e:3a:a5:13:43:54:f4:
2f:56:6c:a3:1b:81:4f:a4:2e:2d:27:b1:80:96:42:78:85:4d:
d4:8b:9e:03:5b:50:ff:61:8c:31:f1:bd:21:66:08:0b:35:58:
15:c8:bb:11:39:09:f4:13:c6:2c:b2:3b:d9:ff:e9:6b:67:51:
e6:e9:ac:aa:eb:42:c8:1a:a0:3f:24:32:87:21:d4:8f:5f:92:
a6:18:47:8e:eb:35:d1:77:90:98:2d:9f:9b:a9:8c:3f:2c:96:
6d:33:d9:6c:2e:27:bb:57:8f:b6:67:e0:26:e6:b7:8a:8c:47:
95:d5:77:ae:38:0e:bd:ae:dc:56:9f:4f:7c:a9:21:ff:2b:aa:
e8:17:f3:04
-----BEGIN CERTIFICATE-----
MIIGvjCCBaagAwIBAgISAZ21Kq9fo6IQWkzEME13i/aNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjYwNDIyMTIyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNlNTY2NTg3YWMxMjJkMTE0MjlmNGQ3NTY2MDU4MmIwN2QyZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf2mELJdJbe33X4kQwSCuYzv7QfW
Yseu1uxETzTeDep2gO8QNQRQzrPCPsrjNE83N0VNUI0WnrBx/1jphGZr3rM8vmQA
/BuKTHOJwBywENPcink2IPCEbBTvp0biZwWt78q3b+t18ypDv+Iv8GJUEIxJnuI4
XvVCHgivcVvxe/BBppjUNZBhPL6LFJ9rFg4rUOPxu15cFiv5FxcQtsUhKX5A0mjK
Jp6Wl75tMbKD1Syxp5Q/JFAJHfBH58ok+ea55MmQHOczDy/TYmRt3hC9zo0G+2jh
61PamB1hLJIov1NjSkcsSJdiw8LIONrxSKplKHvTZx4qt6RCwkPqiCJPgwIDAQAB
o4IDyjCCA8YwHQYDVR0OBBYEFG/OVmWHrBItEUKfTXVmBYKwfS8/MB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvYjg1V1pZZXNFaTBSUXA5TmRXWUZnckI5THo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB3gYIKwYBBQUHAQcBAf8EggHNMIIByTCCAYUEAgABMIIB
fQMEAx+5GAMEByW/gAMEBj4/AAMEBj5lwAMEBUAcAAMEB00ogAMEBk1YQAMEA03q
MAMEBE3xYAMEA04YkAMEBU+HAAMEBFBAwAMEBFDxUAMEBlEAgAMEBFGvADAMAwQC
Ua8UAwQGUa8AAwMAUb8DBAVSxMADBAVUFGADBAVVcIADBAZVxEADBAdV3QADAwBV
/AMEBlY+gAMEBld2AAMEBVhUoAMEBVm/AAMEBFuHIAMEAlvKUAMEBW3HwAMEBrJK
AAMEArkIEAMEArkjUAMEArlDdAMEArmBnAMDAMFFAwMAwUcDBAfBSwADAwDBWgME
B8FbgAMEB8ITAAMEAsIdyAMEBcI2YDALAwQHwwCAAwMBwwADBAfDEoADAwDDiwMD
AMOfAwMAw8wDBAXUPuADBAXUR0ADBAfVNAADBAXVl4ADBAXVnuAwDAMEBdWg4AME
A9Wg8AMEBdWswAMEBtXvQAMEBdkIgAMEBNkOAAMEBNlNIAMEBdl2IAMEBdmQ4DA+
BAIAAjA4AwUDIAEIQAMFAyABCMADBQMgAU3YAwUDKgDEQAMFAyoBBSADBQMqAgJw
AwUDKgPAAAMFAyoEY0AwDQYJKoZIhvcNAQELBQADggEBAABBa1lo06b1ud2EfE6N
WHv0radlt2CuQ70eFYq/56zsTPOcX5uNwFWgIVMJw777JJMwTJ94S7aUGsnLndEL
rmW1qcSM31HReTIu7n7m8G5yn+ryjgYvHZcNOQDTlxmU0fXIZWXtiUMWfXCNHVhG
fJtl32nEvKrLXjqlE0NU9C9WbKMbgU+kLi0nsYCWQniFTdSLngNbUP9hjDHxvSFm
CAs1WBXIuxE5CfQTxiyyO9n/6WtnUebprKrrQsgaoD8kMoch1I9fkqYYR47rNdF3
kJgtn5upjD8slm0z2WwuJ7tXj7Zn4Cbmt4qMR5XVd644Dr2u3FafT3ypIf8rqugX
8wQ=
-----END CERTIFICATE-----
Generated at Mon Apr 27 07:55:12 2026 by rpki-client