Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/qhrFDF2N9P-DSl7QdTShxOTMpGA.roa
File: qhrFDF2N9P-DSl7QdTShxOTMpGA.roa (raw, json)
Hash identifier: Su+QNGIdR5cFHBOaO84honpjK8HUibgIUYb7+1xR83U=
Subject key identifier: AA:1A:C5:0C:5D:8D:F4:FF:83:4A:5E:D0:75:34:A1:C4:E4:CC:A4:60
Certificate issuer: /CN=a633725cd5dd91cf190ab3a99526e898357856ef
Certificate serial: 019DF7B63EE8D3537E4B98289A26CC4A8D9B
Authority key identifier: A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/qhrFDF2N9P-DSl7QdTShxOTMpGA.roa
Signing time: Tue 05 May 2026 10:36:49 +0000
ROA not before: Tue 05 May 2026 10:36:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15495
IP address blocks: 141.6.0.0/16 maxlen: 24
193.23.152.0/22 maxlen: 24
195.234.178.0/24 maxlen: 24
2a03:5680::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.mft
rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f7:b6:3e:e8:d3:53:7e:4b:98:28:9a:26:cc:4a:8d:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a633725cd5dd91cf190ab3a99526e898357856ef
Validity
Not Before: May 5 10:36:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=aa1ac50c5d8df4ff834a5ed07534a1c4e4cca460
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:82:b9:a5:99:ca:e4:4b:52:b5:b1:d5:53:88:
5c:3a:cf:82:8b:ed:4f:92:b7:4f:a0:48:3e:bc:5a:
a3:5e:bb:08:7d:d8:dd:6b:81:72:a3:7b:52:8b:14:
31:85:2c:1f:cd:67:bf:d6:f5:af:3b:d4:50:c6:76:
98:e7:06:31:75:09:35:80:c3:0a:6d:67:78:2b:76:
64:3c:4b:99:12:65:23:e0:0a:d4:ba:64:7a:6c:e7:
5d:f2:b4:4c:fc:87:16:cf:c7:fb:e4:e5:71:31:4d:
03:02:c4:20:8a:13:05:92:ec:eb:e5:b5:25:23:be:
a1:e3:12:28:e6:d3:5c:e6:b9:f8:f9:9d:b5:0a:e0:
f9:10:57:ca:30:4f:b9:78:16:93:66:3b:dd:d0:7e:
16:b6:a5:cb:dd:f9:66:3f:b0:5d:4e:f5:f5:4b:c3:
e0:89:80:88:13:54:22:45:0c:61:39:d1:1a:36:bc:
f7:64:b5:af:30:b0:07:22:f7:c0:7f:fc:b2:48:f6:
e9:da:90:e7:2b:51:34:3f:92:1c:c9:45:cc:81:89:
9f:40:78:b8:99:4d:ec:d6:7a:63:66:45:e9:46:d6:
47:ea:17:e6:de:45:c0:7e:5c:32:81:f6:43:5e:a9:
49:7f:ab:38:cb:d6:18:59:8d:ff:63:8a:61:3a:f6:
c3:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:1A:C5:0C:5D:8D:F4:FF:83:4A:5E:D0:75:34:A1:C4:E4:CC:A4:60
X509v3 Authority Key Identifier:
keyid:A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/qhrFDF2N9P-DSl7QdTShxOTMpGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.6.0.0/16
193.23.152.0/22
195.234.178.0/24
IPv6:
2a03:5680::/32
Signature Algorithm: sha256WithRSAEncryption
75:c3:ef:4b:ad:65:c1:98:05:fc:c9:ea:6e:60:47:97:4e:8e:
7d:eb:26:97:8f:ff:5b:7a:6a:99:6c:4b:de:dc:1a:3e:33:ff:
86:bc:16:29:7a:68:52:71:7f:8b:30:4a:00:2d:db:d5:a3:75:
37:5e:e3:d2:7c:5c:9c:50:52:a0:b7:00:51:1d:d8:56:1c:f7:
dc:ab:ff:ba:76:3e:54:44:6e:3a:8b:7c:7a:f4:16:1c:38:86:
6a:0c:0b:f6:48:c1:87:c2:2c:e8:74:14:3c:6d:d3:97:6e:18:
46:30:75:89:90:ee:dd:47:3d:64:c6:b0:8f:8e:fb:d5:f3:f2:
be:73:c0:b7:93:0e:e0:b3:56:c1:d5:8d:b4:e9:4e:c6:67:4d:
3f:1c:32:9a:07:e0:e1:34:33:9f:3d:c9:59:1b:2e:40:05:dc:
49:1a:aa:b9:77:93:f8:20:64:fc:8b:60:2f:55:eb:b1:93:8f:
16:d2:f7:32:d7:fe:35:98:36:a3:72:84:9f:b1:f4:01:de:ad:
dd:db:71:21:96:69:a8:70:6d:d5:fb:8f:55:90:62:f9:9a:9b:
04:12:9b:f2:91:d6:a3:c5:78:1c:4a:18:e8:30:ca:3b:f3:f9:
7e:e2:ce:60:f3:7c:e1:a0:63:d5:01:6f:14:57:79:81:e7:a5:
f0:ba:8b:52
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ33tj7o01N+S5gomibMSo2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MzM3MjVjZDVkZDkxY2YxOTBhYjNhOTk1MjZlODk4MzU3
ODU2ZWYwHhcNMjYwNTA1MTAzNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFhYzUwYzVkOGRmNGZmODM0YTVlZDA3NTM0YTFjNGU0Y2NhNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4K5pZnK5EtStbHVU4hcOs+Ci+1P
krdPoEg+vFqjXrsIfdjda4Fyo3tSixQxhSwfzWe/1vWvO9RQxnaY5wYxdQk1gMMK
bWd4K3ZkPEuZEmUj4ArUumR6bOdd8rRM/IcWz8f75OVxMU0DAsQgihMFkuzr5bUl
I76h4xIo5tNc5rn4+Z21CuD5EFfKME+5eBaTZjvd0H4WtqXL3flmP7BdTvX1S8Pg
iYCIE1QiRQxhOdEaNrz3ZLWvMLAHIvfAf/yySPbp2pDnK1E0P5IcyUXMgYmfQHi4
mU3s1npjZkXpRtZH6hfm3kXAflwygfZDXqlJf6s4y9YYWY3/Y4phOvbDjwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKoaxQxdjfT/g0pe0HU0ocTkzKRgMB8GA1UdIwQY
MBaAFKYzclzV3ZHPGQqzqZUm6Jg1eFbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAt
YzBiODEzYjRlYzdlLzEvcWhyRkRGMk45UC1EU2w3UWRUU2h4T1RNcEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAtYzBiODEzYjRlYzdl
LzEvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwMAjQYDBALB
F5gDBADD6rIwDQQCAAIwBwMFACoDVoAwDQYJKoZIhvcNAQELBQADggEBAHXD70ut
ZcGYBfzJ6m5gR5dOjn3rJpeP/1t6aplsS97cGj4z/4a8Fil6aFJxf4swSgAt29Wj
dTde49J8XJxQUqC3AFEd2FYc99yr/7p2PlREbjqLfHr0Fhw4hmoMC/ZIwYfCLOh0
FDxt05duGEYwdYmQ7t1HPWTGsI+O+9Xz8r5zwLeTDuCzVsHVjbTpTsZnTT8cMpoH
4OE0M589yVkbLkAF3Ekaqrl3k/ggZPyLYC9V67GTjxbS9zLX/jWYNqNyhJ+x9AHe
rd3bcSGWaahwbdX7j1WQYvmamwQSm/KR1qPFeBxKGOgwyjvz+X7izmDzfOGgY9UB
bxRXeYHnpfC6i1I=
-----END CERTIFICATE-----
Generated at Wed May 13 02:41:37 2026 by rpki-client