Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/Alqm6hdLImAofyOgSBLXoU01L9c.roa
File: Alqm6hdLImAofyOgSBLXoU01L9c.roa (raw, json)
Hash identifier: CbAWqtGKbTFX20r/jX9Q3U9RdXcetq1ze06n11nz/3w=
Subject key identifier: 02:5A:A6:EA:17:4B:22:60:28:7F:23:A0:48:12:D7:A1:4D:35:2F:D7
Certificate issuer: /CN=c7b727fe642f54291869bcf1f2917e0f53bebd22
Certificate serial: 019CC1E96EFE77331822B3EAFA22B21BCB5A
Authority key identifier: C7:B7:27:FE:64:2F:54:29:18:69:BC:F1:F2:91:7E:0F:53:BE:BD:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x7cn_mQvVCkYabzx8pF-D1O-vSI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/Alqm6hdLImAofyOgSBLXoU01L9c.roa
Signing time: Fri 06 Mar 2026 06:50:26 +0000
ROA not before: Fri 06 Mar 2026 06:50:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 196742
IP address blocks: 37.220.152.0/21 maxlen: 21
46.183.0.0/21 maxlen: 21
109.239.208.0/20 maxlen: 20
128.0.160.0/21 maxlen: 21
158.255.48.0/21 maxlen: 21
185.17.128.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/x7cn_mQvVCkYabzx8pF-D1O-vSI.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/x7cn_mQvVCkYabzx8pF-D1O-vSI.mft
rsync://rpki.ripe.net/repository/DEFAULT/x7cn_mQvVCkYabzx8pF-D1O-vSI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 03:01:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:c1:e9:6e:fe:77:33:18:22:b3:ea:fa:22:b2:1b:cb:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7b727fe642f54291869bcf1f2917e0f53bebd22
Validity
Not Before: Mar 6 06:50:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=025aa6ea174b2260287f23a04812d7a14d352fd7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:46:89:e1:c3:cd:ca:14:5a:c1:d7:9c:09:2c:
51:22:f9:9d:5a:e6:82:4f:04:91:42:54:dd:54:8d:
02:1e:1e:16:45:82:9e:e3:9c:06:c4:72:80:6e:15:
52:0e:04:c9:54:28:7e:c2:c3:39:06:31:81:9b:d4:
dc:7b:97:ef:52:eb:97:36:d4:94:70:57:95:16:ce:
20:2c:c4:8e:97:4a:a9:20:0f:c9:a3:61:80:70:43:
69:dd:64:fa:e6:4e:7f:de:9d:e8:82:24:68:c3:e3:
60:dd:da:6d:dc:94:07:00:5b:40:07:62:d4:63:2a:
9a:a3:06:a1:c6:31:f9:de:48:37:7d:9e:90:bb:67:
2b:8e:c7:c5:8c:c7:6b:2f:e9:fa:43:c3:28:b2:6f:
bc:50:94:20:1c:3c:5a:61:6c:1a:12:10:f8:8c:2b:
61:65:52:8c:7e:7d:6e:1d:57:51:6a:08:a3:bb:8f:
ef:a2:f0:f9:71:60:6f:a8:b1:db:2f:10:95:2e:04:
89:05:4c:9d:5e:59:c9:73:c7:63:22:29:85:7e:0e:
71:fc:29:5e:2d:56:23:1d:10:2e:23:7e:de:a3:e6:
38:78:10:47:e3:15:47:48:97:25:9d:63:9f:ff:17:
62:e7:60:c1:ac:7d:ce:9f:e4:5c:87:14:df:41:80:
9f:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:5A:A6:EA:17:4B:22:60:28:7F:23:A0:48:12:D7:A1:4D:35:2F:D7
X509v3 Authority Key Identifier:
keyid:C7:B7:27:FE:64:2F:54:29:18:69:BC:F1:F2:91:7E:0F:53:BE:BD:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x7cn_mQvVCkYabzx8pF-D1O-vSI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/Alqm6hdLImAofyOgSBLXoU01L9c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/980bfb-c9b4-4433-8927-b667e18fd818/1/x7cn_mQvVCkYabzx8pF-D1O-vSI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.220.152.0/21
46.183.0.0/21
109.239.208.0/20
128.0.160.0/21
158.255.48.0/21
185.17.128.0/22
Signature Algorithm: sha256WithRSAEncryption
a7:75:77:c2:7a:bf:26:3e:08:e4:a3:f6:f5:f8:63:5d:75:00:
72:51:97:f0:da:fa:31:1a:40:e8:3d:91:09:28:65:aa:68:f1:
ae:31:52:17:a5:bb:d3:6e:13:2f:05:ab:c8:a3:f7:44:6e:99:
fc:8e:cc:28:39:d5:09:69:2a:ad:49:bc:8c:38:4b:9b:17:a6:
a5:16:52:67:36:8f:35:4f:1a:9b:44:e2:c5:3f:0e:61:47:6c:
7f:eb:74:66:e8:6f:71:77:71:ea:38:52:9a:f3:f8:5d:ac:85:
bf:18:e6:35:72:e4:33:c9:4c:09:c4:7d:ca:8c:2d:b5:34:eb:
3e:39:33:68:ea:1f:45:22:96:4f:99:a9:7d:02:09:4c:eb:15:
2f:45:84:3d:88:f1:4e:01:89:68:e2:ea:76:99:0f:d7:d0:fe:
82:fa:01:8e:c1:f0:5d:1c:c5:4b:fe:b9:e2:63:f8:59:54:6b:
80:7e:c7:36:e0:ce:ff:01:5d:90:79:17:64:b8:a0:ff:ed:36:
09:4a:7b:df:4a:5c:59:19:6c:4c:80:63:87:72:dd:23:58:97:
5b:ec:1f:48:d7:0d:46:82:a7:9a:72:34:36:c3:d8:6b:25:e9:
f5:ed:e4:d0:1f:24:ac:ea:6b:34:4c:18:16:10:22:52:a3:89:
d8:97:96:47
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZzB6W7+dzMYIrPq+iKyG8taMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YjcyN2ZlNjQyZjU0MjkxODY5YmNmMWYyOTE3ZTBmNTNi
ZWJkMjIwHhcNMjYwMzA2MDY1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjVhYTZlYTE3NGIyMjYwMjg3ZjIzYTA0ODEyZDdhMTRkMzUyZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UaJ4cPNyhRawdecCSxRIvmdWuaC
TwSRQlTdVI0CHh4WRYKe45wGxHKAbhVSDgTJVCh+wsM5BjGBm9Tce5fvUuuXNtSU
cFeVFs4gLMSOl0qpIA/Jo2GAcENp3WT65k5/3p3ogiRow+Ng3dpt3JQHAFtAB2LU
YyqaowahxjH53kg3fZ6Qu2crjsfFjMdrL+n6Q8Mosm+8UJQgHDxaYWwaEhD4jCth
ZVKMfn1uHVdRagiju4/vovD5cWBvqLHbLxCVLgSJBUydXlnJc8djIimFfg5x/Cle
LVYjHRAuI37eo+Y4eBBH4xVHSJclnWOf/xdi52DBrH3On+RchxTfQYCfPQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAJapuoXSyJgKH8joEgS16FNNS/XMB8GA1UdIwQY
MBaAFMe3J/5kL1QpGGm88fKRfg9Tvr0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDdjbl9tUXZWQ2tZYWJ6eDhwRi1EMU8tdlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85ODBiZmItYzliNC00NDMzLTg5Mjct
YjY2N2UxOGZkODE4LzEvQWxxbTZoZExJbUFvZnlPZ1NCTFhvVTAxTDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85ODBiZmItYzliNC00NDMzLTg5MjctYjY2N2UxOGZkODE4
LzEveDdjbl9tUXZWQ2tZYWJ6eDhwRi1EMU8tdlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDJdyYAwQD
LrcAAwQEbe/QAwQDgACgAwQDnv8wAwQCuRGAMA0GCSqGSIb3DQEBCwUAA4IBAQCn
dXfCer8mPgjko/b1+GNddQByUZfw2voxGkDoPZEJKGWqaPGuMVIXpbvTbhMvBavI
o/dEbpn8jswoOdUJaSqtSbyMOEubF6alFlJnNo81TxqbROLFPw5hR2x/63Rm6G9x
d3HqOFKa8/hdrIW/GOY1cuQzyUwJxH3KjC21NOs+OTNo6h9FIpZPmal9AglM6xUv
RYQ9iPFOAYlo4up2mQ/X0P6C+gGOwfBdHMVL/rniY/hZVGuAfsc24M7/AV2QeRdk
uKD/7TYJSnvfSlxZGWxMgGOHct0jWJdb7B9I1w1GgqeacjQ2w9hrJen17eTQHySs
6ms0TBgWECJSo4nYl5ZH
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:15:17 2026 by rpki-client