Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/Q2lWhlnKZ6G7eyDXOunv3m467VA.roa
File: Q2lWhlnKZ6G7eyDXOunv3m467VA.roa (raw, json)
Hash identifier: ixUhZUmTO8/j2Eee8CMz97Hq3qnYKzXvs7vLViv2jf0=
Subject key identifier: 43:69:56:86:59:CA:67:A1:BB:7B:20:D7:3A:E9:EF:DE:6E:3A:ED:50
Certificate issuer: /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial: 019E40871BFD86442DED6D430FC0BAA1A016
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/Q2lWhlnKZ6G7eyDXOunv3m467VA.roa
Signing time: Tue 19 May 2026 13:57:36 +0000
ROA not before: Tue 19 May 2026 13:57:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213220
IP address blocks: 84.252.100.0/23 maxlen: 24
185.243.243.0/24 maxlen: 24
185.245.40.0/24 maxlen: 24
185.245.42.0/23 maxlen: 24
185.245.43.0/24 maxlen: 24
212.115.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:40:87:1b:fd:86:44:2d:ed:6d:43:0f:c0:ba:a1:a0:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
Validity
Not Before: May 19 13:57:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4369568659ca67a1bb7b20d73ae9efde6e3aed50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:7c:b0:f7:90:b9:1f:b2:f6:16:ab:63:4c:20:
09:f2:e0:b0:09:95:e7:b7:2a:86:27:ab:b4:8e:c2:
08:02:3c:48:4d:27:f5:20:cc:d7:67:ac:93:f8:4f:
20:61:20:38:89:fc:9e:15:4f:1d:ea:51:93:72:19:
dc:02:18:ef:8b:c1:e2:c9:86:ad:2b:7b:fb:27:93:
b7:e4:21:02:a4:49:0f:58:46:e8:61:5e:d3:47:83:
e9:67:2d:93:ca:a0:98:c1:f9:a2:cf:8a:46:57:a3:
3e:b2:4c:11:3a:a0:c9:b3:9f:7a:d0:7a:f0:20:54:
40:b6:fb:8a:e3:f9:c0:c9:5a:cd:7c:6b:70:17:f9:
ca:64:22:76:d1:b7:92:af:5c:52:5a:9d:33:09:ad:
39:74:9a:a5:da:48:da:34:c4:51:cd:2c:fd:f5:6e:
ee:df:fb:7a:2f:23:4c:56:7b:b6:6e:10:84:f8:71:
1f:65:6a:22:00:d9:ca:ce:2c:f1:6c:e5:51:46:0f:
c0:91:ad:c0:6e:50:2c:fa:c2:3e:cc:26:6e:08:03:
de:70:68:8a:ef:96:4a:af:d9:3e:78:93:20:07:bb:
44:2f:c7:da:bb:04:ff:9a:9b:95:a0:19:8d:19:2d:
c5:30:4e:9e:26:87:f9:a8:68:f3:f4:2f:59:31:b0:
81:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:69:56:86:59:CA:67:A1:BB:7B:20:D7:3A:E9:EF:DE:6E:3A:ED:50
X509v3 Authority Key Identifier:
keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/Q2lWhlnKZ6G7eyDXOunv3m467VA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.100.0/23
185.243.243.0/24
185.245.40.0/24
185.245.42.0/23
212.115.55.0/24
Signature Algorithm: sha256WithRSAEncryption
88:e1:53:96:52:7c:17:41:40:de:50:b2:63:32:5a:e7:e4:3e:
51:c0:87:99:bf:0d:0f:0e:5a:fd:5e:72:9b:80:c5:56:fc:43:
63:6a:31:62:4e:28:51:31:4e:b1:e1:9d:52:d4:03:e2:96:62:
15:ba:f8:26:b1:9e:09:45:ba:1d:b7:7a:bb:37:46:77:17:b6:
21:63:73:ab:08:19:b6:15:7b:95:36:ac:c1:3f:34:38:5f:93:
ba:11:6c:f8:c3:fe:0f:de:57:d9:33:85:ae:32:19:ad:cc:fa:
88:31:c4:b9:5c:00:62:b6:5c:47:d0:6f:4c:9b:17:c1:ea:1c:
30:19:54:64:f2:29:a1:7a:5f:ef:d6:03:6a:84:ba:c8:fe:a8:
a2:dd:96:f7:58:27:a7:cc:49:5e:6b:5f:0e:eb:d9:6c:75:14:
3d:82:78:85:c1:d1:de:c0:1a:55:fa:c7:09:f2:a5:fb:46:3c:
78:44:d9:53:80:fa:b1:ef:e1:11:3d:11:c4:d2:0f:92:9d:45:
f2:f2:c7:83:fd:5d:be:d5:5d:16:6e:13:d2:d4:bc:a1:11:b2:
f6:e9:c7:10:dc:a2:0f:32:b6:58:22:07:a5:aa:9f:e4:65:dd:
3b:e8:07:5d:27:06:fe:ea:90:bf:54:49:33:25:f0:8d:8f:e5:
62:e6:e1:21
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ5Ahxv9hkQt7W1DD8C6oaAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwNTE5MTM1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY5NTY4NjU5Y2E2N2ExYmI3YjIwZDczYWU5ZWZkZTZlM2FlZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnyw95C5H7L2FqtjTCAJ8uCwCZXn
tyqGJ6u0jsIIAjxITSf1IMzXZ6yT+E8gYSA4ifyeFU8d6lGTchncAhjvi8HiyYat
K3v7J5O35CECpEkPWEboYV7TR4PpZy2TyqCYwfmiz4pGV6M+skwROqDJs5960Hrw
IFRAtvuK4/nAyVrNfGtwF/nKZCJ20beSr1xSWp0zCa05dJql2kjaNMRRzSz99W7u
3/t6LyNMVnu2bhCE+HEfZWoiANnKzizxbOVRRg/Aka3AblAs+sI+zCZuCAPecGiK
75ZKr9k+eJMgB7tEL8fauwT/mpuVoBmNGS3FME6eJof5qGjz9C9ZMbCBCQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFENpVoZZymehu3sg1zrp795uOu1QMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvUTJsV2hsbktaNkc3ZXlEWE91bnYzbTQ2N1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBVPxkAwQA
ufPzAwQAufUoAwQBufUqAwQA1HM3MA0GCSqGSIb3DQEBCwUAA4IBAQCI4VOWUnwX
QUDeULJjMlrn5D5RwIeZvw0PDlr9XnKbgMVW/ENjajFiTihRMU6x4Z1S1APilmIV
uvgmsZ4JRbodt3q7N0Z3F7YhY3OrCBm2FXuVNqzBPzQ4X5O6EWz4w/4P3lfZM4Wu
MhmtzPqIMcS5XABitlxH0G9MmxfB6hwwGVRk8imhel/v1gNqhLrI/qii3Zb3WCen
zElea18O69lsdRQ9gniFwdHewBpV+scJ8qX7Rjx4RNlTgPqx7+ERPRHE0g+SnUXy
8seD/V2+1V0WbhPS1LyhEbL26ccQ3KIPMrZYIgelqp/kZd076AddJwb+6pC/VEkz
JfCNj+Vi5uEh
-----END CERTIFICATE-----
Generated at Thu Jun 11 21:37:33 2026 by rpki-client