Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/QpgRqR4ONpEAldJV9RdLVieuB30.roa
File: QpgRqR4ONpEAldJV9RdLVieuB30.roa (raw, json)
Hash identifier: O7WrNb/BN4tdedokbnfczoEsP+osybSj8/C29gRLRWE=
Subject key identifier: 42:98:11:A9:1E:0E:36:91:00:95:D2:55:F5:17:4B:56:27:AE:07:7D
Certificate issuer: /CN=14afffe07ef296ec8cd252bcb2088b1baa8fbabd
Certificate serial: 019D33E98F350CE2FA6265EBA6855A61A04C
Authority key identifier: 14:AF:FF:E0:7E:F2:96:EC:8C:D2:52:BC:B2:08:8B:1B:AA:8F:BA:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FK__4H7yluyM0lK8sgiLG6qPur0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/QpgRqR4ONpEAldJV9RdLVieuB30.roa
Signing time: Sat 28 Mar 2026 10:07:17 +0000
ROA not before: Sat 28 Mar 2026 10:07:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62099
IP address blocks: 176.98.248.0/22 maxlen: 22
176.98.252.0/22 maxlen: 22
185.47.220.0/22 maxlen: 22
185.91.168.0/22 maxlen: 22
2a01:9420::/29 maxlen: 29
2a01:9420::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/FK__4H7yluyM0lK8sgiLG6qPur0.crl
rsync://rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/FK__4H7yluyM0lK8sgiLG6qPur0.mft
rsync://rpki.ripe.net/repository/DEFAULT/FK__4H7yluyM0lK8sgiLG6qPur0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 13:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:33:e9:8f:35:0c:e2:fa:62:65:eb:a6:85:5a:61:a0:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=14afffe07ef296ec8cd252bcb2088b1baa8fbabd
Validity
Not Before: Mar 28 10:07:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=429811a91e0e36910095d255f5174b5627ae077d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:ca:44:02:1b:8b:0b:0a:0d:b3:90:66:b6:3c:
be:cb:e5:4b:67:0c:83:ef:ac:b7:fd:76:2f:02:70:
96:ab:6e:2d:5b:9a:e4:11:c0:25:43:15:2b:65:65:
e2:a7:a2:d0:49:8f:77:59:b3:ac:dd:26:50:ab:37:
a4:e6:0f:bc:c6:5d:ca:a4:3f:f8:f1:3f:3f:42:0f:
25:0c:1c:7c:03:52:2b:9c:2c:89:00:17:a2:9b:e2:
f8:7c:99:46:f7:d2:c2:2f:dc:67:cc:b4:1e:60:60:
5b:e7:e2:44:9b:df:29:e3:f6:bd:47:b0:da:63:7c:
65:98:e8:b5:6b:3c:14:41:24:d3:df:8e:46:ed:21:
a7:16:24:bb:42:7c:79:cf:ee:ef:18:54:ec:83:e6:
2a:9b:4d:4d:cc:35:b3:0a:e1:fe:9e:32:5a:05:6a:
1a:de:74:95:fa:d1:1c:78:56:24:fc:e6:77:b0:69:
39:5b:be:21:27:e4:02:b1:f4:7b:de:2e:f0:cc:87:
54:e9:e1:11:95:91:2d:42:a2:1e:c3:b2:ed:cb:f4:
01:25:70:43:56:ce:fd:2b:0c:8b:7f:23:69:32:fe:
09:f5:43:07:08:28:21:b8:83:a1:4d:0c:11:f8:b4:
be:02:b3:46:ba:b5:20:06:a2:eb:31:ed:fc:7e:06:
0b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:98:11:A9:1E:0E:36:91:00:95:D2:55:F5:17:4B:56:27:AE:07:7D
X509v3 Authority Key Identifier:
keyid:14:AF:FF:E0:7E:F2:96:EC:8C:D2:52:BC:B2:08:8B:1B:AA:8F:BA:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FK__4H7yluyM0lK8sgiLG6qPur0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/QpgRqR4ONpEAldJV9RdLVieuB30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/b03a50-ecc9-4631-be3e-75254e8dc117/1/FK__4H7yluyM0lK8sgiLG6qPur0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.248.0/21
185.47.220.0/22
185.91.168.0/22
IPv6:
2a01:9420::/29
Signature Algorithm: sha256WithRSAEncryption
2d:36:26:29:31:56:fc:9d:aa:3c:74:44:d7:17:bb:2b:8a:8c:
93:b2:e1:0c:db:4c:9b:43:51:fb:03:d4:c5:40:21:de:70:81:
01:8a:f0:3e:a0:12:92:18:78:12:cd:5d:51:ef:2a:4f:67:82:
ad:1b:4d:a0:8e:b6:b5:7d:8a:71:0a:6a:b9:14:63:f7:6a:b2:
3f:61:c4:90:71:4e:b5:05:38:7e:86:87:b4:b6:b4:2f:fe:a1:
18:c9:b0:53:e6:f6:d5:e6:44:62:f5:14:ec:a9:af:ca:d8:0c:
64:35:99:2f:39:39:fe:4b:37:70:ce:cd:ee:17:4a:0d:4c:36:
8d:09:f6:30:fa:d6:f1:38:ef:f0:34:42:bf:ec:ff:e0:bf:c6:
09:36:fe:0f:03:7a:b9:02:15:a1:9e:b9:8a:9a:6f:54:b6:b0:
7c:91:da:78:40:9a:a9:43:e2:0b:d5:a4:d3:9c:fd:a4:05:7a:
26:3c:c7:3c:5c:01:02:61:10:e3:c1:d0:a4:a6:81:92:46:69:
8c:16:c7:2e:8e:0b:2f:6e:fb:d7:7d:4c:8e:9f:7a:65:cb:d2:
d7:53:d1:d3:a2:47:8e:3a:54:8c:46:53:13:60:11:84:94:a0:
70:87:7f:28:c8:ae:ae:14:f6:62:52:b5:d4:e1:96:c2:28:a6:
f4:0a:1e:0b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ0z6Y81DOL6YmXrpoVaYaBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YWZmZmUwN2VmMjk2ZWM4Y2QyNTJiY2IyMDg4YjFiYWE4
ZmJhYmQwHhcNMjYwMzI4MTAwNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjk4MTFhOTFlMGUzNjkxMDA5NWQyNTVmNTE3NGI1NjI3YWUwNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8pEAhuLCwoNs5Bmtjy+y+VLZwyD
76y3/XYvAnCWq24tW5rkEcAlQxUrZWXip6LQSY93WbOs3SZQqzek5g+8xl3KpD/4
8T8/Qg8lDBx8A1IrnCyJABeim+L4fJlG99LCL9xnzLQeYGBb5+JEm98p4/a9R7Da
Y3xlmOi1azwUQSTT345G7SGnFiS7Qnx5z+7vGFTsg+Yqm01NzDWzCuH+njJaBWoa
3nSV+tEceFYk/OZ3sGk5W74hJ+QCsfR73i7wzIdU6eERlZEtQqIew7Lty/QBJXBD
Vs79KwyLfyNpMv4J9UMHCCghuIOhTQwR+LS+ArNGurUgBqLrMe38fgYLSQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEKYEakeDjaRAJXSVfUXS1Ynrgd9MB8GA1UdIwQY
MBaAFBSv/+B+8pbsjNJSvLIIixuqj7q9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRktfXzRIN3lsdXlNMGxLOHNnaUxHNnFQdXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9iMDNhNTAtZWNjOS00NjMxLWJlM2Ut
NzUyNTRlOGRjMTE3LzEvUXBnUnFSNE9OcEVBbGRKVjlSZExWaWV1QjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9iMDNhNTAtZWNjOS00NjMxLWJlM2UtNzUyNTRlOGRjMTE3
LzEvRktfXzRIN3lsdXlNMGxLOHNnaUxHNnFQdXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDsGL4AwQC
uS/cAwQCuVuoMA0EAgACMAcDBQMqAZQgMA0GCSqGSIb3DQEBCwUAA4IBAQAtNiYp
MVb8nao8dETXF7srioyTsuEM20ybQ1H7A9TFQCHecIEBivA+oBKSGHgSzV1R7ypP
Z4KtG02gjra1fYpxCmq5FGP3arI/YcSQcU61BTh+hoe0trQv/qEYybBT5vbV5kRi
9RTsqa/K2AxkNZkvOTn+Szdwzs3uF0oNTDaNCfYw+tbxOO/wNEK/7P/gv8YJNv4P
A3q5AhWhnrmKmm9UtrB8kdp4QJqpQ+IL1aTTnP2kBXomPMc8XAECYRDjwdCkpoGS
RmmMFscujgsvbvvXfUyOn3ply9LXU9HTokeOOlSMRlMTYBGElKBwh38oyK6uFPZi
UrXU4ZbCKKb0Ch4L
-----END CERTIFICATE-----
Generated at Sun Mar 29 20:26:24 2026 by rpki-client