Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/PQMmqX4LyjBtiwehm3-35M_iY_s.roa
File: PQMmqX4LyjBtiwehm3-35M_iY_s.roa (raw, json)
Hash identifier: 5x6NL36XOsWXmw9Wc19Fb/wIhrdul+w6sP8u4xbetBg=
Subject key identifier: 3D:03:26:A9:7E:0B:CA:30:6D:8B:07:A1:9B:7F:B7:E4:CF:E2:63:FB
Certificate issuer: /CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Certificate serial: 019D2609A262BDD6B0C7ECBF44FD516DD5F9
Authority key identifier: 60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/PQMmqX4LyjBtiwehm3-35M_iY_s.roa
Signing time: Wed 25 Mar 2026 17:27:38 +0000
ROA not before: Wed 25 Mar 2026 17:27:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 931
IP address blocks: 5.252.164.0/24 maxlen: 24
5.252.165.0/24 maxlen: 24
5.252.166.0/24 maxlen: 24
5.252.167.0/24 maxlen: 24
31.216.59.0/24 maxlen: 24
45.87.60.0/24 maxlen: 24
45.87.61.0/24 maxlen: 24
45.87.62.0/24 maxlen: 24
45.87.63.0/24 maxlen: 24
45.130.152.0/24 maxlen: 24
45.130.153.0/24 maxlen: 24
45.130.154.0/24 maxlen: 24
45.130.155.0/24 maxlen: 24
45.143.144.0/24 maxlen: 24
45.143.145.0/24 maxlen: 24
45.143.146.0/24 maxlen: 24
45.143.147.0/24 maxlen: 24
89.36.230.0/24 maxlen: 24
89.37.100.0/24 maxlen: 24
89.46.43.0/24 maxlen: 24
94.154.8.0/24 maxlen: 24
103.104.248.0/24 maxlen: 24
103.104.249.0/24 maxlen: 24
103.104.250.0/24 maxlen: 24
103.104.251.0/24 maxlen: 24
103.202.52.0/24 maxlen: 24
103.202.53.0/24 maxlen: 24
103.202.54.0/24 maxlen: 24
103.202.55.0/24 maxlen: 24
135.84.209.0/24 maxlen: 24
135.84.210.0/24 maxlen: 24
135.84.211.0/24 maxlen: 24
135.84.212.0/24 maxlen: 24
135.84.213.0/24 maxlen: 24
135.136.128.0/19 maxlen: 32
135.136.128.0/24 maxlen: 24
135.136.129.0/24 maxlen: 24
135.136.130.0/24 maxlen: 24
135.136.131.0/24 maxlen: 24
135.136.132.0/24 maxlen: 24
135.136.134.0/24 maxlen: 24
135.136.135.0/24 maxlen: 24
135.136.136.0/24 maxlen: 24
135.136.137.0/24 maxlen: 24
135.136.138.0/24 maxlen: 24
135.136.139.0/24 maxlen: 24
135.136.142.0/24 maxlen: 24
135.136.143.0/24 maxlen: 32
178.211.157.0/24 maxlen: 24
185.162.74.0/24 maxlen: 24
185.162.75.0/24 maxlen: 24
185.234.115.0/24 maxlen: 24
188.210.236.0/24 maxlen: 24
194.49.68.0/24 maxlen: 24
194.49.69.0/24 maxlen: 24
194.49.78.0/24 maxlen: 24
194.49.79.0/24 maxlen: 24
207.189.0.0/19 maxlen: 32
207.189.0.0/24 maxlen: 24
207.189.1.0/24 maxlen: 24
207.189.2.0/24 maxlen: 24
207.189.3.0/24 maxlen: 24
207.189.4.0/24 maxlen: 24
207.189.5.0/24 maxlen: 24
207.189.6.0/24 maxlen: 24
207.189.7.0/24 maxlen: 24
207.189.8.0/24 maxlen: 24
207.189.9.0/24 maxlen: 24
207.189.10.0/24 maxlen: 24
207.189.11.0/24 maxlen: 24
207.189.12.0/24 maxlen: 24
207.189.13.0/24 maxlen: 24
207.189.14.0/24 maxlen: 24
207.189.15.0/24 maxlen: 24
207.189.26.0/24 maxlen: 24
207.189.27.0/24 maxlen: 24
207.189.30.0/24 maxlen: 24
207.189.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 11:01:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:26:09:a2:62:bd:d6:b0:c7:ec:bf:44:fd:51:6d:d5:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Validity
Not Before: Mar 25 17:27:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3d0326a97e0bca306d8b07a19b7fb7e4cfe263fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5b:e9:cd:bb:db:08:d7:d6:da:44:a5:90:ba:
9e:43:df:d8:fb:ae:67:e2:7c:bd:af:95:79:dd:56:
30:16:4d:34:9b:35:33:27:5d:e8:79:ec:01:12:d9:
00:48:0f:cb:75:07:e8:15:3c:c6:5d:32:ff:2b:18:
19:a6:73:71:2c:d2:37:81:57:14:77:d6:4d:d0:7e:
6e:de:27:7d:99:f3:e3:6e:52:4b:65:9f:29:44:50:
9a:fe:9e:41:d7:3e:e2:5b:28:de:49:9b:bb:b6:80:
4e:25:72:0d:3d:de:65:88:77:9c:1f:cf:71:92:77:
44:0a:b8:c3:b3:7a:6c:5f:3f:e2:96:4c:be:5a:f6:
4f:ea:de:23:9d:52:15:db:18:a7:00:2f:b9:98:81:
45:73:25:b9:b0:95:6a:ad:bc:b5:03:b5:c2:58:31:
4d:1e:22:b6:78:76:5b:0f:4f:c2:dc:6d:d7:77:82:
36:e6:a8:77:b2:64:bf:0d:e0:78:a5:eb:59:91:71:
74:16:17:d9:76:2c:54:f3:2a:f3:fd:58:6b:b3:95:
7c:23:fd:e9:49:ac:c5:4e:58:92:b9:66:cb:be:f5:
7b:e3:64:97:21:8f:8e:f5:74:52:6f:6b:8b:11:01:
f9:c0:d1:d1:44:7d:fe:a9:dd:d1:03:e5:57:e8:40:
31:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:03:26:A9:7E:0B:CA:30:6D:8B:07:A1:9B:7F:B7:E4:CF:E2:63:FB
X509v3 Authority Key Identifier:
keyid:60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/PQMmqX4LyjBtiwehm3-35M_iY_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.164.0/22
31.216.59.0/24
45.87.60.0/22
45.130.152.0/22
45.143.144.0/22
89.36.230.0/24
89.37.100.0/24
89.46.43.0/24
94.154.8.0/24
103.104.248.0/22
103.202.52.0/22
135.84.209.0-135.84.213.255
135.136.128.0/19
178.211.157.0/24
185.162.74.0/23
185.234.115.0/24
188.210.236.0/24
194.49.68.0/23
194.49.78.0/23
207.189.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1f:28:27:c6:c4:ac:28:4e:b7:f1:07:3b:58:67:3d:44:e2:5a:
75:13:d3:7c:16:24:6c:5b:da:c6:62:3d:e2:0a:a9:bd:39:b7:
72:0a:f1:ff:5d:a0:f7:f6:f0:51:f7:6f:f5:a3:54:a6:a2:02:
99:e8:e0:8b:64:09:ec:b1:61:14:92:63:b3:47:b6:4c:b3:fe:
10:cf:09:b6:39:96:90:9e:df:7b:10:f8:6e:90:2e:84:e5:78:
8d:1c:57:b2:90:03:9f:53:04:c2:f9:07:9c:09:c4:e8:12:e4:
0d:b9:5c:24:50:fd:bc:17:ba:ee:25:5e:4f:ce:b1:6d:de:35:
11:6f:90:a7:23:23:6b:ae:2e:49:a6:5c:77:f2:de:95:18:f6:
6f:e3:7e:2d:db:47:c0:67:f3:51:3d:06:26:40:de:a3:f6:59:
18:81:1a:5e:a0:49:77:f9:3a:25:87:51:20:90:2a:08:dc:ac:
32:3e:e1:5c:5d:c8:a4:07:dc:bd:15:ac:2d:51:35:2d:95:28:
bb:f6:5e:3a:f7:10:89:17:42:94:ef:98:f7:49:ce:36:d1:13:
dc:e5:c7:3f:80:ac:9b:ad:20:2c:e3:00:4e:08:1c:95:06:af:
ac:ea:f9:60:74:79:39:90:61:94:f6:fe:33:77:41:0c:93:40:
67:42:52:56
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAZ0mCaJivdawx+y/RP1RbdX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTU0MGNlNDUwNDU2MzQ1ZWM4ZTA5OGVmNGY1MzYzNGQ3
NGJmMWYwHhcNMjYwMzI1MTcyNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDAzMjZhOTdlMGJjYTMwNmQ4YjA3YTE5YjdmYjdlNGNmZTI2M2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1vpzbvbCNfW2kSlkLqeQ9/Y+65n
4ny9r5V53VYwFk00mzUzJ13oeewBEtkASA/LdQfoFTzGXTL/KxgZpnNxLNI3gVcU
d9ZN0H5u3id9mfPjblJLZZ8pRFCa/p5B1z7iWyjeSZu7toBOJXINPd5liHecH89x
kndECrjDs3psXz/ilky+WvZP6t4jnVIV2xinAC+5mIFFcyW5sJVqrby1A7XCWDFN
HiK2eHZbD0/C3G3Xd4I25qh3smS/DeB4petZkXF0FhfZdixU8yrz/Vhrs5V8I/3p
SazFTliSuWbLvvV742SXIY+O9XRSb2uLEQH5wNHRRH3+qd3RA+VX6EAxtQIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFD0DJql+C8owbYsHoZt/t+TP4mP7MB8GA1UdIwQY
MBaAFGClQM5FBFY0XsjgmO9PU2NNdL8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEt
ZTQ3MzUzMWY2ZmU4LzEvUFFNbXFYNEx5akJ0aXdlaG0zLTM1TV9pWV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEtZTQ3MzUzMWY2ZmU4
LzEvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAIF
/KQDBAAf2DsDBAItVzwDBAItgpgDBAItj5ADBABZJOYDBABZJWQDBABZLisDBABe
mggDBAJnaPgDBAJnyjQwDAMEAIdU0QMEAYdU1AMEBYeIgAMEALLTnQMEAbmiSgME
ALnqcwMEALzS7AMEAcIxRAMEAcIxTgMEBc+9ADANBgkqhkiG9w0BAQsFAAOCAQEA
HygnxsSsKE638Qc7WGc9ROJadRPTfBYkbFvaxmI94gqpvTm3cgrx/12g9/bwUfdv
9aNUpqICmejgi2QJ7LFhFJJjs0e2TLP+EM8JtjmWkJ7fexD4bpAuhOV4jRxXspAD
n1MEwvkHnAnE6BLkDblcJFD9vBe67iVeT86xbd41EW+QpyMja64uSaZcd/LelRj2
b+N+LdtHwGfzUT0GJkDeo/ZZGIEaXqBJd/k6JYdRIJAqCNysMj7hXF3IpAfcvRWs
LVE1LZUou/ZeOvcQiRdClO+Y90nONtET3OXHP4Csm60gLOMATggclQavrOr5YHR5
OZBhlPb+M3dBDJNAZ0JSVg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 22:52:58 2026 by rpki-client