Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/3icyqMRyF07fP-RxdVUnoaWnivQ.roa
File: 3icyqMRyF07fP-RxdVUnoaWnivQ.roa (raw, json)
Hash identifier: IR/JrGZ5RG8UbNwfnBd1Iq6Q3uAPql2TC4EcXRy5H24=
Subject key identifier: DE:27:32:A8:C4:72:17:4E:DF:3F:E4:71:75:55:27:A1:A5:A7:8A:F4
Certificate issuer: /CN=70e5b30272e43053208978dbe44bfee10a5d007e
Certificate serial: 019DB3B6FB369331D38066BB53A528ED19F7
Authority key identifier: 70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/3icyqMRyF07fP-RxdVUnoaWnivQ.roa
Signing time: Wed 22 Apr 2026 05:43:26 +0000
ROA not before: Wed 22 Apr 2026 05:43:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44051
IP address blocks: 2.58.64.0/24 maxlen: 24
2.58.65.0/24 maxlen: 24
2.58.66.0/24 maxlen: 24
2.58.67.0/24 maxlen: 24
5.187.0.0/24 maxlen: 24
5.187.1.0/24 maxlen: 24
5.187.2.0/24 maxlen: 24
5.187.3.0/24 maxlen: 24
5.187.4.0/24 maxlen: 24
5.187.5.0/24 maxlen: 24
5.187.6.0/24 maxlen: 24
5.187.7.0/24 maxlen: 24
31.172.68.0/24 maxlen: 24
31.172.70.0/24 maxlen: 24
31.172.71.0/24 maxlen: 24
31.172.72.0/24 maxlen: 24
31.172.73.0/24 maxlen: 24
31.172.75.0/24 maxlen: 24
31.172.77.0/24 maxlen: 24
79.132.136.0/24 maxlen: 24
79.132.138.0/24 maxlen: 24
79.132.140.0/24 maxlen: 24
79.132.142.0/24 maxlen: 24
79.132.143.0/24 maxlen: 24
89.127.192.0/24 maxlen: 24
89.127.194.0/24 maxlen: 24
89.127.200.0/24 maxlen: 24
89.127.203.0/24 maxlen: 24
89.127.208.0/24 maxlen: 24
91.228.152.0/22 maxlen: 22
91.228.152.0/24 maxlen: 24
91.228.153.0/24 maxlen: 24
91.228.154.0/24 maxlen: 24
91.228.155.0/24 maxlen: 24
103.75.124.0/24 maxlen: 24
103.75.127.0/24 maxlen: 24
103.228.168.0/24 maxlen: 24
103.228.169.0/24 maxlen: 24
103.228.170.0/24 maxlen: 24
103.228.171.0/24 maxlen: 24
162.248.160.0/24 maxlen: 24
162.248.164.0/24 maxlen: 24
162.248.165.0/24 maxlen: 24
162.248.166.0/24 maxlen: 24
162.248.167.0/24 maxlen: 24
185.21.8.0/24 maxlen: 24
185.44.206.0/24 maxlen: 24
185.44.207.0/24 maxlen: 24
194.154.24.0/24 maxlen: 24
194.154.30.0/24 maxlen: 24
195.26.237.0/24 maxlen: 24
212.2.234.0/24 maxlen: 24
212.2.235.0/24 maxlen: 24
213.239.156.0/24 maxlen: 24
217.177.10.0/24 maxlen: 24
217.177.72.0/24 maxlen: 24
2a02:6b40::/32 maxlen: 32
2a02:6b40::/48 maxlen: 48
2a02:6b40:1::/48 maxlen: 48
2a02:6b40:1000::/48 maxlen: 48
2a02:6b40:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.mft
rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b3:b6:fb:36:93:31:d3:80:66:bb:53:a5:28:ed:19:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70e5b30272e43053208978dbe44bfee10a5d007e
Validity
Not Before: Apr 22 05:43:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=de2732a8c472174edf3fe471755527a1a5a78af4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:96:00:af:42:b6:f1:0b:8b:9c:f9:01:44:1c:
ee:e6:45:6a:6c:84:6c:77:ef:a1:1b:27:6c:5c:f5:
09:bd:46:d5:a9:af:78:b1:88:39:32:51:4d:d9:4d:
f2:76:bf:9c:ae:2e:5e:93:bf:ff:ab:63:39:d1:10:
d6:9a:e2:66:c5:eb:a0:05:b8:61:1b:a3:2c:1f:f3:
6c:c2:7b:b8:2a:1d:27:5c:3a:19:a1:e1:b1:0a:19:
d8:ef:d2:81:c1:82:0e:fa:75:f4:4e:38:fd:84:3c:
02:cc:7f:de:34:a4:da:15:5f:b8:78:af:15:2d:ff:
fa:f3:0c:28:72:39:aa:c1:ed:0d:9e:a6:68:9c:77:
f1:75:01:ae:01:bc:01:58:15:71:9a:64:7b:96:e0:
6e:d3:20:7c:03:0d:27:df:ab:1f:17:39:2a:a4:29:
bf:c9:31:05:6e:a8:cd:d4:8b:b9:e1:84:05:29:d2:
7d:6c:14:6e:08:5d:ed:41:ef:6d:c0:17:61:44:54:
2c:a3:06:60:be:66:b0:8d:2d:4b:af:1c:b3:a3:1a:
f8:c8:39:84:48:46:a1:fc:23:9b:f2:87:f2:68:86:
4f:b4:76:95:ec:42:37:b8:2d:03:f0:18:d6:d6:00:
69:37:c7:b6:80:58:7c:e1:14:ae:2a:e7:2f:84:47:
78:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:27:32:A8:C4:72:17:4E:DF:3F:E4:71:75:55:27:A1:A5:A7:8A:F4
X509v3 Authority Key Identifier:
keyid:70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/3icyqMRyF07fP-RxdVUnoaWnivQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.64.0/22
5.187.0.0/21
31.172.68.0/24
31.172.70.0-31.172.73.255
31.172.75.0/24
31.172.77.0/24
79.132.136.0/24
79.132.138.0/24
79.132.140.0/24
79.132.142.0/23
89.127.192.0/24
89.127.194.0/24
89.127.200.0/24
89.127.203.0/24
89.127.208.0/24
91.228.152.0/22
103.75.124.0/24
103.75.127.0/24
103.228.168.0/22
162.248.160.0/24
162.248.164.0/22
185.21.8.0/24
185.44.206.0/23
194.154.24.0/24
194.154.30.0/24
195.26.237.0/24
212.2.234.0/23
213.239.156.0/24
217.177.10.0/24
217.177.72.0/24
IPv6:
2a02:6b40::/32
Signature Algorithm: sha256WithRSAEncryption
8a:92:d3:a4:b9:85:6c:32:21:0e:cf:40:ab:5f:9f:3c:8d:66:
66:10:8d:f4:14:e7:cb:0f:16:46:bd:4e:cc:88:13:6e:bd:8b:
62:1b:f5:9e:3d:29:84:b0:e1:26:10:c9:b5:dc:4d:65:47:cc:
8f:c1:4c:28:d6:7a:03:5b:b9:60:9f:60:da:85:47:e3:3b:14:
b9:87:1b:07:45:09:df:47:68:98:ad:5b:e2:43:6a:5a:05:70:
9e:a5:a7:31:f1:59:56:58:66:53:00:e4:87:0f:64:3d:c8:d0:
19:df:90:f9:da:79:c3:b3:c0:98:ad:91:c7:5c:c5:c1:25:92:
e2:52:ad:6b:09:14:3e:11:ed:1f:9d:1f:de:d4:7d:6a:72:30:
a8:6c:57:5b:39:01:d9:46:0a:ef:cf:89:da:d1:6b:88:87:1d:
4e:64:19:62:b8:26:57:9c:53:dd:63:56:3d:22:aa:c7:73:e2:
2f:82:93:9b:37:da:ee:0c:f3:4e:06:d9:1d:c5:12:72:fc:d9:
c2:f5:e1:65:00:50:7e:d0:be:9c:dd:49:c0:20:8b:1e:0e:63:
9c:c0:a0:ee:eb:54:d6:89:41:50:59:01:2c:8e:a0:be:45:f3:
2f:83:98:99:93:68:59:86:fe:45:34:ce:73:08:fd:d5:dd:71:
71:66:2e:b1
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAZ2ztvs2kzHTgGa7U6Uo7Rn3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTViMzAyNzJlNDMwNTMyMDg5NzhkYmU0NGJmZWUxMGE1
ZDAwN2UwHhcNMjYwNDIyMDU0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI3MzJhOGM0NzIxNzRlZGYzZmU0NzE3NTU1MjdhMWE1YTc4YWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZYAr0K28QuLnPkBRBzu5kVqbIRs
d++hGydsXPUJvUbVqa94sYg5MlFN2U3ydr+cri5ek7//q2M50RDWmuJmxeugBbhh
G6MsH/Nswnu4Kh0nXDoZoeGxChnY79KBwYIO+nX0Tjj9hDwCzH/eNKTaFV+4eK8V
Lf/68wwocjmqwe0NnqZonHfxdQGuAbwBWBVxmmR7luBu0yB8Aw0n36sfFzkqpCm/
yTEFbqjN1Iu54YQFKdJ9bBRuCF3tQe9twBdhRFQsowZgvmawjS1Lrxyzoxr4yDmE
SEah/COb8ofyaIZPtHaV7EI3uC0D8BjW1gBpN8e2gFh84RSuKucvhEd44QIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFN4nMqjEchdO3z/kcXVVJ6Glp4r0MB8GA1UdIwQY
MBaAFHDlswJy5DBTIIl42+RL/uEKXQB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEt
MWZiYzY0MWI1MGIxLzEvM2ljeXFNUnlGMDdmUC1SeGRWVW5vYVduaXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEtMWZiYzY0MWI1MGIx
LzEvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHoBggrBgEFBQcBBwEB/wSB2DCB1TCBwwQCAAEwgbwDBAIC
OkADBAMFuwADBAAfrEQwDAMEAR+sRgMEAR+sSAMEAB+sSwMEAB+sTQMEAE+EiAME
AE+EigMEAE+EjAMEAU+EjgMEAFl/wAMEAFl/wgMEAFl/yAMEAFl/ywMEAFl/0AME
AlvkmAMEAGdLfAMEAGdLfwMEAmfkqAMEAKL4oAMEAqL4pAMEALkVCAMEAbkszgME
AMKaGAMEAMKaHgMEAMMa7QMEAdQC6gMEANXvnAMEANmxCgMEANmxSDANBAIAAjAH
AwUAKgJrQDANBgkqhkiG9w0BAQsFAAOCAQEAipLTpLmFbDIhDs9Aq1+fPI1mZhCN
9BTnyw8WRr1OzIgTbr2LYhv1nj0phLDhJhDJtdxNZUfMj8FMKNZ6A1u5YJ9g2oVH
4zsUuYcbB0UJ30domK1b4kNqWgVwnqWnMfFZVlhmUwDkhw9kPcjQGd+Q+dp5w7PA
mK2Rx1zFwSWS4lKtawkUPhHtH50f3tR9anIwqGxXWzkB2UYK78+J2tFriIcdTmQZ
YrgmV5xT3WNWPSKqx3PiL4KTmzfa7gzzTgbZHcUScvzZwvXhZQBQftC+nN1JwCCL
Hg5jnMCg7utU1olBUFkBLI6gvkXzL4OYmZNoWYb+RTTOcwj91d1xcWYusQ==
-----END CERTIFICATE-----
Generated at Mon Apr 27 13:54:41 2026 by rpki-client