Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/Q-T2DLNauDmK_Iqh59GjreXa38w.roa
File: Q-T2DLNauDmK_Iqh59GjreXa38w.roa (raw, json)
Hash identifier: uPePlPFzm6ziY/l/eHIwOr20eT7Zlr7i15yqJaVaHCI=
Subject key identifier: 43:E4:F6:0C:B3:5A:B8:39:8A:FC:8A:A1:E7:D1:A3:AD:E5:DA:DF:CC
Certificate issuer: /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial: 019DD93E1597EDC2ED52DFF197925C5AB373
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/Q-T2DLNauDmK_Iqh59GjreXa38w.roa
Signing time: Wed 29 Apr 2026 12:36:57 +0000
ROA not before: Wed 29 Apr 2026 12:36:57 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34383
IP address blocks: 85.117.128.0/19 maxlen: 19
85.192.192.0/18 maxlen: 18
89.170.0.0/16 maxlen: 16
95.136.128.0/17 maxlen: 17
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 06:33:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d9:3e:15:97:ed:c2:ed:52:df:f1:97:92:5c:5a:b3:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Validity
Not Before: Apr 29 12:36:57 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=43e4f60cb35ab8398afc8aa1e7d1a3ade5dadfcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:41:50:4d:4a:f5:69:75:b2:96:a3:df:99:e9:
e8:4a:71:15:20:bb:33:b0:6c:5f:ec:d7:95:c6:30:
b0:41:30:cb:1b:2b:f6:8e:a2:4e:f3:d2:77:3b:bc:
2e:55:1d:5b:fb:5b:47:d0:3b:4f:07:2c:ff:cb:1a:
db:4c:bb:29:c1:44:c1:8e:34:80:ab:05:d3:dc:6b:
e3:6d:ca:e4:1b:12:91:b8:90:25:5f:2b:78:e5:03:
78:93:b4:75:4e:0d:2a:a1:3a:9c:98:cd:37:17:9b:
da:11:0e:6d:23:26:83:6a:6b:aa:67:70:e6:8c:f1:
a0:67:57:c4:39:1e:19:be:e1:cf:78:d9:4e:0a:27:
ce:c1:b8:46:ac:c6:c5:88:dd:b5:80:61:fb:0c:98:
8d:ff:64:8e:0b:ef:73:42:e6:b7:01:54:55:af:a9:
2d:f9:9b:07:41:0e:e5:6c:53:85:f2:73:6f:c2:34:
1e:16:84:d1:f8:ac:41:ea:9b:f6:56:2a:93:f3:d6:
21:aa:df:57:bb:4b:93:12:69:97:cf:f9:59:c6:b8:
4e:0b:c8:ff:54:fc:fd:b1:de:7a:e2:dc:4e:0b:5c:
e3:49:62:6f:4a:e2:b2:39:47:a9:86:57:c6:d9:34:
ce:be:7f:65:9e:92:f0:e3:a4:d7:a6:8a:da:17:ef:
dd:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:E4:F6:0C:B3:5A:B8:39:8A:FC:8A:A1:E7:D1:A3:AD:E5:DA:DF:CC
X509v3 Authority Key Identifier:
keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/Q-T2DLNauDmK_Iqh59GjreXa38w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.128.0/19
85.192.192.0/18
89.170.0.0/16
95.136.128.0/17
Signature Algorithm: sha256WithRSAEncryption
7a:a8:6e:7f:6a:18:29:da:0d:3c:22:08:82:d5:c7:fd:d6:43:
88:4d:61:bf:65:c7:b8:e7:14:6a:7c:cc:16:ad:ec:e1:95:5f:
b5:4a:40:29:be:47:f7:73:73:ef:3d:71:09:4f:88:4a:0a:0c:
be:eb:f2:f6:a1:b7:f0:35:52:a5:1a:1e:fd:02:7b:39:a4:00:
09:65:7a:21:dc:79:a1:7e:1e:4f:55:fc:42:fb:94:b1:33:93:
cb:2b:40:d6:46:07:3e:75:61:64:bf:fb:89:9f:8d:e6:ab:b3:
1d:71:7f:99:70:21:a9:ce:c2:de:0b:3f:34:95:8e:8a:cc:b3:
19:19:48:a5:ee:14:02:68:58:54:b0:bc:b4:4e:f9:8f:62:e7:
3a:77:83:d6:66:98:7b:67:c7:f0:60:e5:9f:99:85:2b:92:a9:
fc:56:41:c9:f3:30:e1:00:43:80:0a:05:ff:2d:30:c1:0f:e8:
44:86:66:da:cf:ed:89:b3:97:e0:84:4f:f3:67:64:0c:d5:d7:
57:af:4c:c5:fa:d1:b0:a6:3d:86:f7:52:22:af:91:65:08:0a:
f8:90:e1:aa:ed:bc:fe:c0:4b:47:ad:68:ce:92:1c:90:05:38:
ff:92:01:5e:04:5f:13:7a:60:3d:45:40:79:e0:0c:d5:a7:b9:
ae:8b:65:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ3ZPhWX7cLtUt/xl5JcWrNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjYwNDI5MTIzNjU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U0ZjYwY2IzNWFiODM5OGFmYzhhYTFlN2QxYTNhZGU1ZGFkZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokFQTUr1aXWylqPfmenoSnEVILsz
sGxf7NeVxjCwQTDLGyv2jqJO89J3O7wuVR1b+1tH0DtPByz/yxrbTLspwUTBjjSA
qwXT3GvjbcrkGxKRuJAlXyt45QN4k7R1Tg0qoTqcmM03F5vaEQ5tIyaDamuqZ3Dm
jPGgZ1fEOR4ZvuHPeNlOCifOwbhGrMbFiN21gGH7DJiN/2SOC+9zQua3AVRVr6kt
+ZsHQQ7lbFOF8nNvwjQeFoTR+KxB6pv2ViqT89Yhqt9Xu0uTEmmXz/lZxrhOC8j/
VPz9sd564txOC1zjSWJvSuKyOUephlfG2TTOvn9lnpLw46TXporaF+/dbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEPk9gyzWrg5ivyKoefRo63l2t/MMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvUS1UMkRMTmF1RG1LX0lxaDU5R2pyZVhhMzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwQFVXWAAwQG
VcDAAwMAWaoDBAdfiIAwDQYJKoZIhvcNAQELBQADggEBAHqobn9qGCnaDTwiCILV
x/3WQ4hNYb9lx7jnFGp8zBat7OGVX7VKQCm+R/dzc+89cQlPiEoKDL7r8vaht/A1
UqUaHv0CezmkAAlleiHceaF+Hk9V/EL7lLEzk8srQNZGBz51YWS/+4mfjearsx1x
f5lwIanOwt4LPzSVjorMsxkZSKXuFAJoWFSwvLRO+Y9i5zp3g9ZmmHtnx/Bg5Z+Z
hSuSqfxWQcnzMOEAQ4AKBf8tMMEP6ESGZtrP7Ymzl+CET/NnZAzV11evTMX60bCm
PYb3UiKvkWUICviQ4artvP7AS0etaM6SHJAFOP+SAV4EXxN6YD1FQHngDNWnua6L
ZS8=
-----END CERTIFICATE-----
Generated at Wed May 13 13:44:35 2026 by rpki-client