Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/qTiRyLsEnxjtY8m64akc8bSBUCQ.roa
File: qTiRyLsEnxjtY8m64akc8bSBUCQ.roa (raw, json)
Hash identifier: y4W4NvBrH8B4WxivgywuyS5lqjtMsvocijUZMFvSjVk=
Subject key identifier: A9:38:91:C8:BB:04:9F:18:ED:63:C9:BA:E1:A9:1C:F1:B4:81:50:24
Certificate issuer: /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial: 019D00806C1141606EA43F40DC7119CAAD38
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/qTiRyLsEnxjtY8m64akc8bSBUCQ.roa
Signing time: Wed 18 Mar 2026 10:31:49 +0000
ROA not before: Wed 18 Mar 2026 10:31:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 158.173.3.0/24 maxlen: 24
158.173.4.0/24 maxlen: 24
158.173.5.0/24 maxlen: 24
158.173.6.0/24 maxlen: 24
158.173.7.0/24 maxlen: 24
158.173.16.0/24 maxlen: 24
158.173.17.0/24 maxlen: 24
158.173.18.0/24 maxlen: 24
158.173.19.0/24 maxlen: 24
158.173.20.0/24 maxlen: 24
158.173.21.0/24 maxlen: 24
158.173.22.0/24 maxlen: 24
158.173.23.0/24 maxlen: 24
158.173.24.0/24 maxlen: 24
158.173.25.0/24 maxlen: 24
158.173.32.0/24 maxlen: 24
158.173.33.0/24 maxlen: 24
158.173.44.0/24 maxlen: 24
158.173.45.0/24 maxlen: 24
158.173.46.0/24 maxlen: 24
158.173.47.0/24 maxlen: 24
158.173.55.0/24 maxlen: 24
158.173.67.0/24 maxlen: 24
158.173.72.0/24 maxlen: 24
158.173.73.0/24 maxlen: 24
158.173.76.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 21 Mar 2026 20:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:80:6c:11:41:60:6e:a4:3f:40:dc:71:19:ca:ad:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Validity
Not Before: Mar 18 10:31:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a93891c8bb049f18ed63c9bae1a91cf1b4815024
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:17:35:cb:24:ef:d2:95:b1:ef:4c:a4:20:cb:
9a:a2:42:17:d8:ce:18:20:b8:38:0a:61:96:92:38:
67:3b:f2:93:e5:8b:14:97:5a:4a:ef:34:38:38:b4:
da:71:9a:c9:f1:c8:8e:f5:4d:2f:77:0f:12:3b:d8:
aa:21:b1:9a:e5:dc:40:94:18:0c:f3:ec:df:e4:a5:
45:3e:37:1b:60:e9:10:a4:b3:d7:ef:31:e1:b9:8d:
cb:b5:ba:04:f9:70:6e:f9:c0:28:5d:56:e4:45:d0:
1b:17:fd:7c:ac:49:ee:0b:d6:09:7c:be:4c:ac:68:
f9:4e:0c:8d:48:1b:79:5a:1d:d7:fa:3f:2f:e8:8c:
8c:47:b8:da:86:a5:bf:20:e4:d9:c9:45:17:8f:5c:
83:f1:d5:39:08:fa:26:0b:8b:80:90:eb:a1:36:ca:
dc:61:33:2d:04:82:4a:46:1a:63:05:61:92:df:16:
80:52:90:29:a4:05:17:fa:11:e5:75:b7:78:7b:27:
bd:d8:54:98:dc:20:81:e1:4d:67:93:44:b5:2a:36:
9b:15:25:f4:5f:c3:2b:49:20:0b:6f:95:a8:29:47:
1f:eb:b0:2e:64:f2:80:c2:57:78:67:37:47:a9:ac:
a8:8c:db:c2:8b:87:0f:4a:f2:f2:c5:67:58:14:3a:
3a:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:38:91:C8:BB:04:9F:18:ED:63:C9:BA:E1:A9:1C:F1:B4:81:50:24
X509v3 Authority Key Identifier:
keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/qTiRyLsEnxjtY8m64akc8bSBUCQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.173.3.0-158.173.7.255
158.173.16.0-158.173.25.255
158.173.32.0/23
158.173.44.0/22
158.173.55.0/24
158.173.67.0/24
158.173.72.0/23
158.173.76.0/24
Signature Algorithm: sha256WithRSAEncryption
07:3c:6a:14:44:66:d5:be:a1:91:52:66:74:1b:23:87:4a:87:
fd:95:f9:93:55:1d:ce:5d:e5:3d:01:40:da:ae:f9:d9:b7:14:
83:90:b6:0e:e2:da:c9:8f:5a:ab:4d:fe:53:6e:e5:48:30:c8:
6e:fc:46:6a:a1:2b:a8:46:c5:b1:6e:12:bb:69:90:bd:07:b9:
78:22:7c:48:04:71:76:40:f3:cf:ba:42:f6:44:a2:ff:65:7d:
76:b2:3d:7c:fd:47:82:fd:b4:27:24:73:88:d3:da:18:bf:40:
b3:f7:74:37:76:5b:38:e7:aa:c7:4e:51:07:c2:b5:53:01:4b:
41:2c:30:33:32:2f:b0:9d:a3:22:55:9b:97:73:ab:5d:6f:b6:
a2:f5:eb:83:32:e9:f4:63:b9:2f:21:ec:2a:82:84:ca:c8:a2:
47:4b:78:cf:c4:db:a2:ad:1e:f7:20:b5:31:22:b8:de:cd:24:
99:51:67:e8:75:60:49:83:41:55:4d:ab:0d:3f:13:81:61:24:
58:e2:73:aa:92:e7:00:14:d4:a5:d1:c7:d5:97:bc:62:fe:b1:
45:14:59:53:4b:b5:b7:4c:31:ee:14:26:71:fe:20:88:85:46:
6c:05:b5:9c:86:05:5d:ec:33:d2:b2:9b:8a:17:7c:a1:f6:ee:
40:45:b1:b6
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZ0AgGwRQWBupD9A3HEZyq04MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMzE4MTAzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM4OTFjOGJiMDQ5ZjE4ZWQ2M2M5YmFlMWE5MWNmMWI0ODE1MDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Rc1yyTv0pWx70ykIMuaokIX2M4Y
ILg4CmGWkjhnO/KT5YsUl1pK7zQ4OLTacZrJ8ciO9U0vdw8SO9iqIbGa5dxAlBgM
8+zf5KVFPjcbYOkQpLPX7zHhuY3LtboE+XBu+cAoXVbkRdAbF/18rEnuC9YJfL5M
rGj5TgyNSBt5Wh3X+j8v6IyMR7jahqW/IOTZyUUXj1yD8dU5CPomC4uAkOuhNsrc
YTMtBIJKRhpjBWGS3xaAUpAppAUX+hHldbd4eye92FSY3CCB4U1nk0S1KjabFSX0
X8MrSSALb5WoKUcf67AuZPKAwld4ZzdHqayojNvCi4cPSvLyxWdYFDo6QwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKk4kci7BJ8Y7WPJuuGpHPG0gVAkMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvcVRpUnlMc0VueGp0WThtNjRha2M4YlNCVUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBACerQMD
BAOerQAwDAMEBJ6tEAMEAZ6tGAMEAZ6tIAMEAp6tLAMEAJ6tNwMEAJ6tQwMEAZ6t
SAMEAJ6tTDANBgkqhkiG9w0BAQsFAAOCAQEABzxqFERm1b6hkVJmdBsjh0qH/ZX5
k1Udzl3lPQFA2q752bcUg5C2DuLayY9aq03+U27lSDDIbvxGaqErqEbFsW4Su2mQ
vQe5eCJ8SARxdkDzz7pC9kSi/2V9drI9fP1Hgv20JyRziNPaGL9As/d0N3ZbOOeq
x05RB8K1UwFLQSwwMzIvsJ2jIlWbl3OrXW+2ovXrgzLp9GO5LyHsKoKEysiiR0t4
z8Tboq0e9yC1MSK43s0kmVFn6HVgSYNBVU2rDT8TgWEkWOJzqpLnABTUpdHH1Ze8
Yv6xRRRZU0u1t0wx7hQmcf4giIVGbAW1nIYFXewz0rKbihd8ofbuQEWxtg==
-----END CERTIFICATE-----
Generated at Sat Mar 21 06:49:42 2026 by rpki-client