Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qH_bfMwJBtQIyaHIevre7jevFD0.roa
File: qH_bfMwJBtQIyaHIevre7jevFD0.roa (raw, json)
Hash identifier: nGq9eX8qdOkubDQ7Xm4VRORDs3R5r+h5fpkl77TuE4A=
Subject key identifier: A8:7F:DB:7C:CC:09:06:D4:08:C9:A1:C8:7A:FA:DE:EE:37:AF:14:3D
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019F12440C8A77973326FE4442480800DAB8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qH_bfMwJBtQIyaHIevre7jevFD0.roa
Signing time: Mon 29 Jun 2026 07:24:37 +0000
ROA not before: Mon 29 Jun 2026 07:24:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 174
IP address blocks: 80.240.95.0/24 maxlen: 24
82.152.56.0/24 maxlen: 24
82.152.60.0/24 maxlen: 24
82.152.69.0/24 maxlen: 24
82.152.78.0/24 maxlen: 24
82.152.80.0/24 maxlen: 24
82.152.112.0/24 maxlen: 24
82.152.113.0/24 maxlen: 24
82.152.119.0/24 maxlen: 24
82.152.123.0/24 maxlen: 24
82.152.124.0/24 maxlen: 24
82.152.125.0/24 maxlen: 24
82.152.126.0/24 maxlen: 24
82.152.135.0/24 maxlen: 24
82.152.137.0/24 maxlen: 24
82.152.185.0/24 maxlen: 24
82.152.235.0/24 maxlen: 24
82.152.237.0/24 maxlen: 24
82.152.239.0/24 maxlen: 24
82.153.47.0/24 maxlen: 24
82.153.48.0/24 maxlen: 24
82.153.59.0/24 maxlen: 24
82.153.87.0/24 maxlen: 24
82.153.176.0/24 maxlen: 24
82.153.188.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 01 Jul 2026 07:22:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9f:12:44:0c:8a:77:97:33:26:fe:44:42:48:08:00:da:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 29 07:24:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a87fdb7ccc0906d408c9a1c87afadeee37af143d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:2e:f5:2b:63:cc:25:cd:5e:86:25:df:83:60:
09:c8:71:d6:48:8c:c7:77:5d:5d:e8:3f:cc:5c:06:
b3:07:8e:ac:f1:dd:6a:c2:f4:70:78:29:9b:ba:d4:
12:26:09:87:eb:84:ab:33:ed:19:16:71:5f:7e:de:
fc:6f:a3:f9:8d:31:24:fa:bd:33:19:18:26:5f:79:
8e:60:35:91:62:90:38:8d:99:20:1e:05:c8:3d:9f:
f8:c6:91:69:4f:82:01:cc:d5:1f:3f:95:fc:d3:12:
5b:a0:ce:14:76:ba:04:70:20:a2:20:ec:fe:45:b8:
6f:b7:5e:e4:4f:5d:ba:ef:6d:4c:d9:d2:e4:ca:f1:
ae:ee:f8:9d:1e:a4:48:ad:3c:c9:82:b8:b8:48:19:
9a:c2:3c:76:ca:31:85:0b:77:a0:31:d1:ca:bd:e2:
f2:c9:1b:cb:06:d3:03:f0:8a:0c:5f:b5:dd:a4:75:
e6:86:19:5c:5e:81:b6:9f:9d:57:c3:2d:29:34:fd:
92:a8:e9:f2:af:2b:ca:97:0c:22:d7:04:a1:42:3a:
22:61:47:46:c0:05:1d:38:56:36:63:70:88:44:c6:
38:71:db:70:98:07:dd:e9:95:48:2b:b0:6c:56:e1:
56:f4:f0:0d:a9:44:45:f3:88:64:1d:d1:3a:8a:3d:
23:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:7F:DB:7C:CC:09:06:D4:08:C9:A1:C8:7A:FA:DE:EE:37:AF:14:3D
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qH_bfMwJBtQIyaHIevre7jevFD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.95.0/24
82.152.56.0/24
82.152.60.0/24
82.152.69.0/24
82.152.78.0/24
82.152.80.0/24
82.152.112.0/23
82.152.119.0/24
82.152.123.0-82.152.126.255
82.152.135.0/24
82.152.137.0/24
82.152.185.0/24
82.152.235.0/24
82.152.237.0/24
82.152.239.0/24
82.153.47.0-82.153.48.255
82.153.59.0/24
82.153.87.0/24
82.153.176.0/24
82.153.188.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:82:f0:81:2d:83:bd:95:3c:65:d7:1b:68:ee:38:d7:bf:7d:
0d:e4:a6:a7:ca:ac:68:84:93:b2:f9:a2:10:94:46:2b:f6:95:
58:f1:15:16:b2:04:a5:3d:91:5d:4f:ea:39:38:8d:d8:e8:a9:
f1:97:fd:57:30:f4:12:83:13:59:37:6b:68:c7:01:47:f5:d5:
26:36:0b:0b:55:5e:19:7b:96:e2:64:ff:3b:04:a4:5b:cc:c0:
23:02:ec:b3:85:0c:61:d4:08:82:48:71:c8:a7:94:ef:a8:e4:
42:5e:74:40:72:6f:fe:0d:52:15:06:dd:40:02:ab:4a:4e:02:
cd:bc:ed:9f:85:02:06:fd:7d:a1:5c:6c:5b:fa:a3:80:d7:4d:
e8:6b:e7:a7:ed:99:4f:00:98:7a:b8:f5:ae:b2:24:30:d2:3a:
27:2e:51:45:89:31:f8:96:d0:09:2b:8b:7b:20:42:4c:d9:19:
a8:11:33:91:f0:c1:bc:75:43:81:57:7d:2e:da:30:f4:2a:61:
55:29:76:d7:70:8b:03:a3:1a:12:d0:81:0c:ff:70:77:31:2a:
d0:d8:b6:36:6a:f2:f9:10:2b:08:0f:9f:6e:09:cf:75:e0:4a:
e4:e5:62:53:85:f7:89:3e:f5:c1:a1:20:fc:eb:68:62:47:2a:
f9:3d:4b:75
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZ8SRAyKd5czJv5EQkgIANq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjI5MDcyNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdmZGI3Y2NjMDkwNmQ0MDhjOWExYzg3YWZhZGVlZTM3YWYxNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsS71K2PMJc1ehiXfg2AJyHHWSIzH
d11d6D/MXAazB46s8d1qwvRweCmbutQSJgmH64SrM+0ZFnFfft78b6P5jTEk+r0z
GRgmX3mOYDWRYpA4jZkgHgXIPZ/4xpFpT4IBzNUfP5X80xJboM4UdroEcCCiIOz+
Rbhvt17kT126721M2dLkyvGu7vidHqRIrTzJgri4SBmawjx2yjGFC3egMdHKveLy
yRvLBtMD8IoMX7XdpHXmhhlcXoG2n51Xwy0pNP2SqOnyryvKlwwi1wShQjoiYUdG
wAUdOFY2Y3CIRMY4cdtwmAfd6ZVIK7BsVuFW9PANqURF84hkHdE6ij0j1QIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFKh/23zMCQbUCMmhyHr63u43rxQ9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcUhfYmZNd0pCdFFJeWFISWV2cmU3amV2RkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBABQ
8F8DBABSmDgDBABSmDwDBABSmEUDBABSmE4DBABSmFADBAFSmHADBABSmHcwDAME
AFKYewMEAFKYfgMEAFKYhwMEAFKYiQMEAFKYuQMEAFKY6wMEAFKY7QMEAFKY7zAM
AwQAUpkvAwQAUpkwAwQAUpk7AwQAUplXAwQAUpmwAwQAUpm8MA0GCSqGSIb3DQEB
CwUAA4IBAQCqgvCBLYO9lTxl1xto7jjXv30N5KanyqxohJOy+aIQlEYr9pVY8RUW
sgSlPZFdT+o5OI3Y6Knxl/1XMPQSgxNZN2toxwFH9dUmNgsLVV4Ze5biZP87BKRb
zMAjAuyzhQxh1AiCSHHIp5TvqORCXnRAcm/+DVIVBt1AAqtKTgLNvO2fhQIG/X2h
XGxb+qOA103oa+en7ZlPAJh6uPWusiQw0jonLlFFiTH4ltAJK4t7IEJM2RmoETOR
8MG8dUOBV30u2jD0KmFVKXbXcIsDoxoS0IEM/3B3MSrQ2LY2avL5ECsID59uCc91
4Erk5WJThfeJPvXBoSD862hiRyr5PUt1
-----END CERTIFICATE-----
Generated at Tue Jun 30 10:15:32 2026 by rpki-client