Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/QKoGnrzZyJUnshjGK5_Jad76Ogw.roa
File: QKoGnrzZyJUnshjGK5_Jad76Ogw.roa (raw, json)
Hash identifier: 0c6MRkupvxvEJxijmnnZObSDqIOoPzyi6m7hObhz2Hs=
Subject key identifier: 40:AA:06:9E:BC:D9:C8:95:27:B2:18:C6:2B:9F:C9:69:DE:FA:3A:0C
Certificate issuer: /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial: 019D0B78F5916D7FFD6FCCBC42AEAF100B19
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/QKoGnrzZyJUnshjGK5_Jad76Ogw.roa
Signing time: Fri 20 Mar 2026 13:39:29 +0000
ROA not before: Fri 20 Mar 2026 13:39:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15703
IP address blocks: 80.247.220.0/24 maxlen: 24
87.233.0.0/16 maxlen: 24
193.28.152.0/24 maxlen: 24
213.193.192.0/21 maxlen: 24
213.193.193.0/24 maxlen: 24
213.193.208.0/21 maxlen: 24
213.193.209.0/24 maxlen: 24
213.193.210.0/24 maxlen: 24
213.193.212.0/24 maxlen: 24
213.193.232.0/21 maxlen: 24
213.193.232.0/24 maxlen: 24
213.193.234.0/24 maxlen: 24
213.193.237.0/24 maxlen: 24
213.193.240.0/21 maxlen: 24
213.239.136.0/24 maxlen: 24
213.239.154.0/24 maxlen: 24
2001:990::/32 maxlen: 32
2001:9a8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.mft
rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 04:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:78:f5:91:6d:7f:fd:6f:cc:bc:42:ae:af:10:0b:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Validity
Not Before: Mar 20 13:39:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=40aa069ebcd9c89527b218c62b9fc969defa3a0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:e7:8c:95:ba:b5:9e:17:78:dc:a5:1d:67:26:
9b:ab:fd:28:48:e3:cb:71:e4:f8:11:05:a1:b1:d5:
f8:a7:d5:28:12:e5:3c:4d:ca:75:1f:89:f8:c9:86:
ae:ff:24:30:16:58:5b:7c:15:09:4e:a9:b7:12:1a:
e0:1d:61:7f:6c:dd:ad:58:61:af:24:a6:93:9d:24:
c3:01:00:7d:1e:d4:03:42:35:74:7c:a9:45:63:ca:
78:5a:e0:ba:91:0c:8f:c1:be:8a:bf:30:ea:02:72:
ad:68:8a:38:87:b0:78:1f:79:b3:c0:d0:62:51:ac:
41:8a:01:63:fb:d0:b0:f0:84:80:c4:de:f0:f6:9f:
0b:39:89:f6:65:c5:be:64:52:cd:2e:cf:ca:fa:bf:
40:ea:07:de:66:fc:ae:6f:32:a2:7e:3c:4d:3a:0d:
0a:45:49:69:fa:9c:7a:f9:6b:60:b0:29:b3:72:13:
cb:ab:db:f9:a2:e3:7b:1f:63:ce:5c:0b:ec:b8:10:
de:9f:f4:da:db:86:79:80:cd:00:df:b8:91:19:38:
67:59:4a:d4:e5:4a:ba:aa:d3:c9:5e:e1:29:28:13:
d3:ad:1c:1b:7c:0f:10:4b:25:39:02:6c:79:85:e6:
77:c9:cb:01:75:24:48:b8:86:a0:0e:4a:61:7f:2d:
5b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:AA:06:9E:BC:D9:C8:95:27:B2:18:C6:2B:9F:C9:69:DE:FA:3A:0C
X509v3 Authority Key Identifier:
keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/QKoGnrzZyJUnshjGK5_Jad76Ogw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.247.220.0/24
87.233.0.0/16
193.28.152.0/24
213.193.192.0/21
213.193.208.0/21
213.193.232.0-213.193.247.255
213.239.136.0/24
213.239.154.0/24
IPv6:
2001:990::/32
2001:9a8::/32
Signature Algorithm: sha256WithRSAEncryption
e4:0b:9e:78:57:8f:2d:f6:ea:42:34:19:44:2a:c7:c8:93:59:
a2:a5:f6:3a:52:55:58:e9:13:44:96:9a:cd:62:ee:d4:de:cd:
a2:aa:29:cd:56:45:bf:77:7c:33:1c:06:a0:a5:96:9c:ed:13:
5e:f9:ec:a5:42:fd:ed:c3:d3:cf:c8:52:48:c9:ad:7f:16:4b:
6f:47:55:51:69:3c:37:29:0e:2f:01:39:c8:97:6e:bb:de:70:
d8:7f:68:6b:e0:cd:9c:97:cd:93:20:67:b9:e9:22:fe:6b:55:
dc:2b:cb:b8:99:7f:c7:81:ce:7a:4f:f9:7d:a9:b5:26:a5:01:
e5:97:8d:c9:06:fe:3c:9f:df:68:58:d6:71:92:17:e7:a5:76:
5e:ec:34:55:be:51:1d:df:0a:18:ee:00:e5:cb:d1:c9:5f:b9:
fc:95:4b:85:38:fc:97:ed:6e:f9:3b:97:3e:88:0d:c9:72:d0:
82:d3:7e:07:a5:51:e1:92:f2:f5:04:ba:8c:2e:9a:20:1e:a0:
1e:ef:ba:e7:8b:cd:be:71:11:b5:d8:2a:fa:bd:f9:cc:17:7f:
8c:f9:6e:c4:b9:ba:b8:00:c8:08:68:55:c0:d1:e6:c6:15:23:
0d:d2:b3:f7:ab:bc:40:e6:f9:7a:ac:a0:39:c0:2f:b3:d3:14:
57:8a:00:23
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZ0LePWRbX/9b8y8Qq6vEAsZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjYwMzIwMTMzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGFhMDY5ZWJjZDljODk1MjdiMjE4YzYyYjlmYzk2OWRlZmEzYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxueMlbq1nhd43KUdZyabq/0oSOPL
ceT4EQWhsdX4p9UoEuU8Tcp1H4n4yYau/yQwFlhbfBUJTqm3EhrgHWF/bN2tWGGv
JKaTnSTDAQB9HtQDQjV0fKlFY8p4WuC6kQyPwb6KvzDqAnKtaIo4h7B4H3mzwNBi
UaxBigFj+9Cw8ISAxN7w9p8LOYn2ZcW+ZFLNLs/K+r9A6gfeZvyubzKifjxNOg0K
RUlp+px6+WtgsCmzchPLq9v5ouN7H2POXAvsuBDen/Ta24Z5gM0A37iRGThnWUrU
5Uq6qtPJXuEpKBPTrRwbfA8QSyU5Amx5heZ3ycsBdSRIuIagDkphfy1b/QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFECqBp682ciVJ7IYxiufyWne+joMMB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvUUtvR25yelp5SlVuc2hqR0s1X0phZDc2T2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA9BAIAATA3AwQAUPfcAwMA
V+kDBADBHJgDBAPVwcADBAPVwdAwDAMEA9XB6AMEA9XB8AMEANXviAMEANXvmjAU
BAIAAjAOAwUAIAEJkAMFACABCagwDQYJKoZIhvcNAQELBQADggEBAOQLnnhXjy32
6kI0GUQqx8iTWaKl9jpSVVjpE0SWms1i7tTezaKqKc1WRb93fDMcBqCllpztE175
7KVC/e3D08/IUkjJrX8WS29HVVFpPDcpDi8BOciXbrvecNh/aGvgzZyXzZMgZ7np
Iv5rVdwry7iZf8eBznpP+X2ptSalAeWXjckG/jyf32hY1nGSF+eldl7sNFW+UR3f
ChjuAOXL0clfufyVS4U4/Jftbvk7lz6IDcly0ILTfgelUeGS8vUEuowumiAeoB7v
uueLzb5xEbXYKvq9+cwXf4z5bsS5urgAyAhoVcDR5sYVIw3Ss/ervEDm+XqsoDnA
L7PTFFeKACM=
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:43:34 2026 by rpki-client