Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/qALn9gqzSG2sWHjlwEpfBVz6XHw.roa
File: qALn9gqzSG2sWHjlwEpfBVz6XHw.roa (raw, json)
Hash identifier: /P0a4k08c7gRHw6tH90mR+C7VwWiM7eRL8Ct7d9zsTY=
Subject key identifier: A8:02:E7:F6:0A:B3:48:6D:AC:58:78:E5:C0:4A:5F:05:5C:FA:5C:7C
Certificate issuer: /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial: 019B7A5B41866A747B9705501E5B660DE598
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/qALn9gqzSG2sWHjlwEpfBVz6XHw.roa
Signing time: Thu 01 Jan 2026 16:19:19 +0000
ROA not before: Thu 01 Jan 2026 16:19:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44193
IP address blocks: 91.223.19.0/24 maxlen: 24
185.158.208.0/22 maxlen: 24
194.110.204.0/24 maxlen: 24
195.234.112.0/22 maxlen: 24
2a02:2278:ff00::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.mft
rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:5b:41:86:6a:74:7b:97:05:50:1e:5b:66:0d:e5:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Validity
Not Before: Jan 1 16:19:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a802e7f60ab3486dac5878e5c04a5f055cfa5c7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:69:c8:b8:51:db:07:0f:58:38:11:72:82:88:
8f:95:41:88:9e:58:9f:c1:e5:e2:d0:79:a3:84:8c:
84:dd:4a:42:23:83:86:ea:78:ac:65:ba:32:a9:94:
7f:e4:76:55:06:8c:4d:c5:03:3b:5f:09:63:eb:ec:
04:51:91:2e:e4:75:2f:31:24:f2:69:e8:dd:95:c7:
9e:64:70:fd:59:1d:ae:56:7a:4e:9b:57:33:ca:ad:
76:80:1c:0e:2b:f8:3f:15:ad:f9:0c:ed:8d:30:50:
aa:33:5e:fc:14:96:92:c4:83:8c:11:13:28:9a:48:
89:90:6f:45:b5:b1:d6:34:13:27:41:b2:4c:cc:dd:
ac:ea:bf:b9:4e:dd:66:b6:1a:05:51:07:b9:da:bb:
47:5d:bc:7a:de:10:4e:b2:9b:4b:b1:eb:13:2a:14:
fc:af:42:96:7f:95:80:b6:88:5d:79:00:03:f4:28:
37:74:38:e9:63:53:c7:a6:bd:de:26:e8:1e:20:60:
89:ba:26:eb:11:32:ce:86:02:07:ae:1d:cf:3e:6b:
b6:b5:67:a8:e2:55:9c:01:ed:71:cb:27:e3:36:d2:
14:df:5b:3e:fc:f4:74:0f:eb:0f:78:72:75:50:7f:
0e:91:53:78:da:1a:8b:0c:6e:8c:e3:6a:56:fb:e4:
15:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:02:E7:F6:0A:B3:48:6D:AC:58:78:E5:C0:4A:5F:05:5C:FA:5C:7C
X509v3 Authority Key Identifier:
keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/qALn9gqzSG2sWHjlwEpfBVz6XHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.19.0/24
185.158.208.0/22
194.110.204.0/24
195.234.112.0/22
IPv6:
2a02:2278:ff00::/40
Signature Algorithm: sha256WithRSAEncryption
c3:3b:8e:46:5e:42:26:2c:7b:97:d7:9b:9d:e2:3c:49:a9:92:
3b:00:2e:57:dd:b1:80:77:a2:98:a1:fe:0b:bc:e7:a2:ad:ba:
47:9f:c4:fc:5e:07:2f:55:5a:db:48:f3:2d:8e:61:c9:49:4d:
8b:62:26:8b:90:6c:3f:bd:f1:75:5b:e3:03:82:d3:2d:22:c7:
ab:73:90:f6:fb:47:e0:e8:8a:f7:ef:6e:ce:b5:c6:50:7b:62:
61:26:12:19:d7:a8:ae:c1:ab:dd:a3:98:59:3f:33:d6:0b:02:
0f:2b:6c:40:22:22:cf:6b:f8:e5:42:40:b2:9d:51:d6:91:53:
d3:58:d9:fc:31:7c:04:4a:6d:5a:55:14:2c:76:3e:d5:71:29:
0b:92:a4:1c:03:42:01:54:eb:46:5b:a7:f1:9f:a3:26:dd:0d:
20:d1:86:e2:32:8f:56:71:88:fb:a5:d9:53:38:c1:ef:df:c8:
c0:6c:99:43:39:ed:7d:35:d3:f1:0d:b0:02:58:36:a3:2e:5c:
d1:94:18:b0:a4:c4:32:5d:a4:f3:1d:2e:1b:3b:13:74:9a:c5:
b3:2d:62:c7:46:87:f2:74:46:27:5e:72:50:45:5e:d4:89:45:
d6:7d:13:31:db:3f:b9:21:6f:7f:12:76:ab:69:37:c3:ba:ee:
29:72:6b:2d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZt6W0GGanR7lwVQHltmDeWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjYwMTAxMTYxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODAyZTdmNjBhYjM0ODZkYWM1ODc4ZTVjMDRhNWYwNTVjZmE1YzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGnIuFHbBw9YOBFygoiPlUGInlif
weXi0HmjhIyE3UpCI4OG6nisZboyqZR/5HZVBoxNxQM7Xwlj6+wEUZEu5HUvMSTy
aejdlceeZHD9WR2uVnpOm1czyq12gBwOK/g/Fa35DO2NMFCqM178FJaSxIOMERMo
mkiJkG9FtbHWNBMnQbJMzN2s6r+5Tt1mthoFUQe52rtHXbx63hBOsptLsesTKhT8
r0KWf5WAtohdeQAD9Cg3dDjpY1PHpr3eJugeIGCJuibrETLOhgIHrh3PPmu2tWeo
4lWcAe1xyyfjNtIU31s+/PR0D+sPeHJ1UH8OkVN42hqLDG6M42pW++QVxQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKgC5/YKs0htrFh45cBKXwVc+lx8MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvcUFMbjlncXpTRzJzV0hqbHdFcGZCVno2WEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQAW98TAwQC
uZ7QAwQAwm7MAwQCw+pwMA4EAgACMAgDBgAqAiJ4/zANBgkqhkiG9w0BAQsFAAOC
AQEAwzuORl5CJix7l9ebneI8SamSOwAuV92xgHeimKH+C7znoq26R5/E/F4HL1Va
20jzLY5hyUlNi2Imi5BsP73xdVvjA4LTLSLHq3OQ9vtH4OiK9+9uzrXGUHtiYSYS
GdeorsGr3aOYWT8z1gsCDytsQCIiz2v45UJAsp1R1pFT01jZ/DF8BEptWlUULHY+
1XEpC5KkHANCAVTrRlun8Z+jJt0NINGG4jKPVnGI+6XZUzjB79/IwGyZQzntfTXT
8Q2wAlg2oy5c0ZQYsKTEMl2k8x0uGzsTdJrFsy1ix0aH8nRGJ15yUEVe1IlF1n0T
Mds/uSFvfxJ2q2k3w7ruKXJrLQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 23:34:12 2026 by rpki-client