Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/TQhyBdChk9_Rhmq0Oldtic0fnDg.roa
File: TQhyBdChk9_Rhmq0Oldtic0fnDg.roa (raw, json)
Hash identifier: c+9ScdzkUwx5Y7oDpf+Ep09dPjsRmf9SsgMbyHlrEYk=
Subject key identifier: 4D:08:72:05:D0:A1:93:DF:D1:86:6A:B4:3A:57:6D:89:CD:1F:9C:38
Certificate issuer: /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial: 019D24A668F6E9059454E19E95789848CF26
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/TQhyBdChk9_Rhmq0Oldtic0fnDg.roa
Signing time: Wed 25 Mar 2026 10:59:38 +0000
ROA not before: Wed 25 Mar 2026 10:59:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 89.44.240.0/24 maxlen: 24
89.44.241.0/24 maxlen: 24
89.44.242.0/24 maxlen: 24
109.122.244.0/24 maxlen: 24
109.122.247.0/24 maxlen: 24
109.122.248.0/24 maxlen: 24
109.122.249.0/24 maxlen: 24
109.122.250.0/24 maxlen: 24
109.122.253.0/24 maxlen: 24
109.122.254.0/24 maxlen: 24
109.122.255.0/24 maxlen: 24
185.239.1.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:24:a6:68:f6:e9:05:94:54:e1:9e:95:78:98:48:cf:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Validity
Not Before: Mar 25 10:59:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4d087205d0a193dfd1866ab43a576d89cd1f9c38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ab:a4:5a:89:64:10:37:6a:78:da:17:c9:7b:
d7:8c:bc:dc:a1:14:fb:f9:78:cc:0e:11:fa:04:72:
68:ef:67:bf:c3:a7:32:8d:71:f6:11:e8:05:89:1a:
19:60:f7:fe:a9:84:6f:2a:a2:27:a6:1b:60:f1:9a:
e6:8c:24:ef:9e:64:15:de:79:bc:cf:84:ec:af:7b:
d8:10:fa:a6:fe:c7:8b:0a:6d:ba:73:17:05:f7:8e:
53:5d:c9:05:b6:80:d7:52:f7:83:b9:e7:31:9b:99:
66:dd:19:92:2b:7a:55:11:63:8f:8a:a4:2d:8d:3b:
1e:03:30:63:e0:2d:14:65:dc:40:dd:53:d7:99:19:
a7:22:0d:0c:37:50:1c:02:00:3e:9c:d0:31:b3:77:
cf:b7:6d:e4:ab:3a:33:32:5b:9b:df:79:09:15:f1:
76:12:d1:24:87:34:75:8e:50:6a:81:c0:c4:c2:84:
cd:50:b4:a5:b6:87:bb:1e:4c:6e:62:df:44:bd:18:
46:44:da:45:15:a4:ef:24:08:66:fb:21:1b:c1:db:
67:d7:a5:dc:b9:e7:e4:d1:97:c5:2e:c3:28:6f:f6:
d6:b4:61:41:b2:2d:cf:fe:3f:d0:59:a4:20:e8:53:
26:91:38:42:45:85:e7:f5:d8:6c:33:34:9e:97:75:
88:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:08:72:05:D0:A1:93:DF:D1:86:6A:B4:3A:57:6D:89:CD:1F:9C:38
X509v3 Authority Key Identifier:
keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/TQhyBdChk9_Rhmq0Oldtic0fnDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.44.240.0-89.44.242.255
109.122.244.0/24
109.122.247.0-109.122.250.255
109.122.253.0-109.122.255.255
185.239.1.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:0b:e3:ae:fd:33:ab:48:61:c1:1d:4f:71:78:00:07:87:0b:
91:41:57:85:71:61:7b:68:fc:47:c9:8f:04:8d:dc:d5:fc:c7:
8a:28:eb:6f:6d:e9:4b:af:1e:37:d4:e7:21:c6:b3:fa:b1:6c:
86:4f:42:8c:d1:ac:f5:f3:6a:c5:f8:9e:60:d7:01:28:5e:c2:
6a:5a:e3:d8:e6:80:d3:11:6a:52:77:eb:3e:d1:21:e8:b4:94:
ba:18:f3:b8:81:76:82:be:8d:a7:79:d9:a0:e4:42:61:e6:b7:
54:07:0c:a2:1d:07:18:93:aa:92:5f:cf:9f:0e:4e:09:ad:fa:
b2:db:a7:b0:5e:bc:79:67:3a:91:48:40:ce:73:d8:83:42:3f:
99:b9:b9:ec:78:90:ca:62:22:72:d6:0c:9c:8d:57:0c:7f:58:
d6:5a:c6:02:ce:bc:17:08:1f:fc:4b:b4:2b:c4:4c:ec:bc:49:
8c:a7:a0:62:49:2a:5c:c1:08:1b:2b:27:ea:6f:32:46:d0:4d:
91:c3:4a:b2:2f:d6:31:75:db:20:4d:41:99:6b:65:07:e3:7b:
fd:b3:bc:5a:5b:e2:25:e6:28:82:d8:60:6f:96:89:7f:6e:6a:
3e:ea:49:fd:54:08:44:6a:4c:f1:55:22:e6:a0:04:43:61:ff:
25:a5:d7:9e
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZ0kpmj26QWUVOGelXiYSM8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMzI1MTA1OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDA4NzIwNWQwYTE5M2RmZDE4NjZhYjQzYTU3NmQ4OWNkMWY5YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaukWolkEDdqeNoXyXvXjLzcoRT7
+XjMDhH6BHJo72e/w6cyjXH2EegFiRoZYPf+qYRvKqInphtg8ZrmjCTvnmQV3nm8
z4Tsr3vYEPqm/seLCm26cxcF945TXckFtoDXUveDuecxm5lm3RmSK3pVEWOPiqQt
jTseAzBj4C0UZdxA3VPXmRmnIg0MN1AcAgA+nNAxs3fPt23kqzozMlub33kJFfF2
EtEkhzR1jlBqgcDEwoTNULSltoe7HkxuYt9EvRhGRNpFFaTvJAhm+yEbwdtn16Xc
uefk0ZfFLsMob/bWtGFBsi3P/j/QWaQg6FMmkThCRYXn9dhsMzSel3WIKwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFE0IcgXQoZPf0YZqtDpXbYnNH5w4MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvVFFoeUJkQ2hrOV9SaG1xME9sZHRpYzBmbkRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1MAwDBARZLPAD
BABZLPIDBABtevQwDAMEAG169wMEAG16+jALAwQAbXr9AwMAbXoDBAC57wEwDQYJ
KoZIhvcNAQELBQADggEBAB4L4679M6tIYcEdT3F4AAeHC5FBV4VxYXto/EfJjwSN
3NX8x4oo629t6UuvHjfU5yHGs/qxbIZPQozRrPXzasX4nmDXAShewmpa49jmgNMR
alJ36z7RIei0lLoY87iBdoK+jad52aDkQmHmt1QHDKIdBxiTqpJfz58OTgmt+rLb
p7BevHlnOpFIQM5z2INCP5m5uex4kMpiInLWDJyNVwx/WNZaxgLOvBcIH/xLtCvE
TOy8SYynoGJJKlzBCBsrJ+pvMkbQTZHDSrIv1jF12yBNQZlrZQfje/2zvFpb4iXm
KILYYG+WiX9uaj7qSf1UCERqTPFVIuagBENh/yWl154=
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:15:42 2026 by rpki-client