Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/DQ38TRCVnXEsSBsusAK4wA5cM7E.roa
File: DQ38TRCVnXEsSBsusAK4wA5cM7E.roa (raw, json)
Hash identifier: LYfpTTUhsNjJzAKWOxzbHYKnI3ctEnoDEml27mltRUs=
Subject key identifier: 0D:0D:FC:4D:10:95:9D:71:2C:48:1B:2E:B0:02:B8:C0:0E:5C:33:B1
Certificate issuer: /CN=94447eb3197aa31e7e6849f16af55ab25301fa82
Certificate serial: 019CDD7000CA4C1FE1AE947CC8C80AF926CC
Authority key identifier: 94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/DQ38TRCVnXEsSBsusAK4wA5cM7E.roa
Signing time: Wed 11 Mar 2026 15:07:10 +0000
ROA not before: Wed 11 Mar 2026 15:07:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215311
IP address blocks: 150.251.112.0/22 maxlen: 22
193.56.135.0/24 maxlen: 24
194.150.166.0/24 maxlen: 24
2a14:4200::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.mft
rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Mar 2026 12:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dd:70:00:ca:4c:1f:e1:ae:94:7c:c8:c8:0a:f9:26:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94447eb3197aa31e7e6849f16af55ab25301fa82
Validity
Not Before: Mar 11 15:07:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0d0dfc4d10959d712c481b2eb002b8c00e5c33b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9f:32:e3:96:c9:58:f9:aa:83:2b:32:16:0a:
7c:89:12:46:49:91:35:6d:33:9e:58:c2:bd:a0:19:
29:9f:67:70:c3:cb:2c:cb:22:03:2b:f3:34:7f:c6:
04:0c:31:dc:53:88:b2:81:fe:db:10:96:ef:57:50:
4e:8c:43:60:4d:f7:df:1d:81:25:46:fa:09:0a:2c:
82:a0:0b:f6:f8:5f:db:50:a4:96:f5:43:63:0e:22:
2b:4c:ed:c4:74:72:95:c6:3b:69:f2:14:ad:0e:77:
95:23:d7:0d:73:cd:af:f4:39:61:ae:b3:21:43:ca:
ac:0c:5b:1a:0c:34:56:44:47:9b:48:b5:5a:78:16:
85:f1:17:5b:37:df:af:93:6e:17:63:fe:90:3c:7e:
d8:00:10:ab:79:e6:f7:4b:35:63:15:3e:e1:96:85:
c0:46:7c:ca:60:fb:71:93:85:07:51:3f:cd:17:35:
75:34:53:47:b2:a7:43:ae:8d:f4:c9:59:fa:af:70:
c1:91:17:4e:51:e5:30:34:93:ed:46:85:c6:79:93:
27:be:be:5a:07:eb:65:04:ce:40:3b:a0:56:b5:44:
3b:5c:c4:0f:b9:1e:40:2b:ff:95:26:ee:1d:78:98:
b0:27:61:5b:7a:50:9d:98:2b:1c:a4:c8:17:76:8f:
4c:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:0D:FC:4D:10:95:9D:71:2C:48:1B:2E:B0:02:B8:C0:0E:5C:33:B1
X509v3 Authority Key Identifier:
keyid:94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/DQ38TRCVnXEsSBsusAK4wA5cM7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
150.251.112.0/22
193.56.135.0/24
194.150.166.0/24
IPv6:
2a14:4200::/29
Signature Algorithm: sha256WithRSAEncryption
d2:92:68:f4:da:61:f2:4e:a1:21:69:76:38:c2:20:58:fa:91:
8f:c6:e4:e6:d2:5a:8e:52:6a:9e:ef:d1:0f:a0:fe:90:e7:ce:
db:80:87:d7:af:e0:8a:61:ca:d5:43:bd:ab:fc:02:a7:69:8b:
75:ac:39:24:a5:c8:27:60:26:17:45:82:fb:97:b5:90:01:ea:
98:19:91:57:03:04:4d:c6:20:9e:93:ee:9b:b3:15:87:6e:29:
aa:40:7f:76:13:db:5a:9d:01:be:af:a0:d2:84:90:bb:42:6d:
d1:4d:de:76:06:66:64:d3:37:a1:36:93:b1:41:3d:44:b0:06:
4a:e2:ff:c4:c8:44:74:88:33:77:a8:a5:5a:25:57:04:89:32:
19:05:40:23:77:d8:d9:c0:20:64:86:85:ac:69:a5:3d:9c:df:
32:db:16:35:ec:72:97:2a:b9:9f:f4:ba:dc:c3:20:69:09:6a:
99:90:01:e5:75:27:05:d9:ed:43:8f:e9:dc:d0:e5:64:24:78:
6e:c7:a9:f2:d1:48:eb:74:8b:7d:f3:b4:93:cf:92:7d:1e:c4:
86:90:4b:31:20:e8:77:b4:1a:7e:97:54:2a:ae:54:ef:f7:1a:
33:bd:de:95:c5:56:0a:9a:ae:2f:e5:fb:a1:56:07:a9:9a:f1:
7f:ee:7f:60
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZzdcADKTB/hrpR8yMgK+SbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NDQ3ZWIzMTk3YWEzMWU3ZTY4NDlmMTZhZjU1YWIyNTMw
MWZhODIwHhcNMjYwMzExMTUwNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDBkZmM0ZDEwOTU5ZDcxMmM0ODFiMmViMDAyYjhjMDBlNWMzM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ8y45bJWPmqgysyFgp8iRJGSZE1
bTOeWMK9oBkpn2dww8ssyyIDK/M0f8YEDDHcU4iygf7bEJbvV1BOjENgTfffHYEl
RvoJCiyCoAv2+F/bUKSW9UNjDiIrTO3EdHKVxjtp8hStDneVI9cNc82v9DlhrrMh
Q8qsDFsaDDRWREebSLVaeBaF8RdbN9+vk24XY/6QPH7YABCreeb3SzVjFT7hloXA
RnzKYPtxk4UHUT/NFzV1NFNHsqdDro30yVn6r3DBkRdOUeUwNJPtRoXGeZMnvr5a
B+tlBM5AO6BWtUQ7XMQPuR5AK/+VJu4deJiwJ2FbelCdmCscpMgXdo9MOwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFA0N/E0QlZ1xLEgbLrACuMAOXDOxMB8GA1UdIwQY
MBaAFJREfrMZeqMefmhJ8Wr1WrJTAfqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQt
MjM4YmRlMGUxZWY3LzEvRFEzOFRSQ1ZuWEVzU0JzdXNBSzR3QTVjTTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQtMjM4YmRlMGUxZWY3
LzEvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQClvtwAwQA
wTiHAwQAwpamMA0EAgACMAcDBQMqFEIAMA0GCSqGSIb3DQEBCwUAA4IBAQDSkmj0
2mHyTqEhaXY4wiBY+pGPxuTm0lqOUmqe79EPoP6Q587bgIfXr+CKYcrVQ72r/AKn
aYt1rDkkpcgnYCYXRYL7l7WQAeqYGZFXAwRNxiCek+6bsxWHbimqQH92E9tanQG+
r6DShJC7Qm3RTd52BmZk0zehNpOxQT1EsAZK4v/EyER0iDN3qKVaJVcEiTIZBUAj
d9jZwCBkhoWsaaU9nN8y2xY17HKXKrmf9LrcwyBpCWqZkAHldScF2e1Dj+nc0OVk
JHhux6ny0UjrdIt987STz5J9HsSGkEsxIOh3tBp+l1QqrlTv9xozvd6VxVYKmq4v
5fuhVgepmvF/7n9g
-----END CERTIFICATE-----
Generated at Thu Mar 19 23:04:47 2026 by rpki-client