Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-ql_fnYgpdf4VXWTZCUzujwW4VI.roa
File: 1-ql_fnYgpdf4VXWTZCUzujwW4VI.roa (raw, json)
Hash identifier: hrqA2ePB/pnDh1DiLuFuZmt1WslLWy+LjiDJfnzCwoI=
Subject key identifier: FA:A9:7F:7E:76:20:A5:D7:F8:55:75:93:64:25:33:BA:3C:16:E1:52
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019CE252A03B83BA47AB6B2B11D1559BA661
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-ql_fnYgpdf4VXWTZCUzujwW4VI.roa
Signing time: Thu 12 Mar 2026 13:53:11 +0000
ROA not before: Thu 12 Mar 2026 13:53:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8434
IP address blocks: 192.36.37.0/24 maxlen: 24
192.71.97.0/24 maxlen: 24
192.71.158.0/24 maxlen: 24
192.121.21.0/24 maxlen: 24
192.121.172.0/24 maxlen: 24
192.121.192.0/24 maxlen: 24
192.165.65.0/24 maxlen: 24
192.165.86.0/24 maxlen: 24
193.180.61.0/24 maxlen: 24
193.181.0.0/24 maxlen: 24
193.181.187.0/24 maxlen: 24
193.183.3.0/24 maxlen: 24
193.183.118.0/24 maxlen: 24
193.234.220.0/23 maxlen: 23
193.234.237.0/24 maxlen: 24
193.235.142.0/23 maxlen: 24
194.14.129.0/24 maxlen: 24
194.14.212.0/24 maxlen: 24
194.68.56.0/23 maxlen: 23
194.68.99.0/24 maxlen: 24
194.68.126.0/24 maxlen: 24
194.68.194.0/23 maxlen: 23
194.71.27.0/24 maxlen: 24
194.71.83.0/24 maxlen: 24
194.71.140.0/23 maxlen: 23
194.71.168.0/24 maxlen: 24
194.103.50.0/24 maxlen: 24
194.132.108.0/23 maxlen: 24
194.132.174.0/24 maxlen: 24
194.132.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 13:53:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e2:52:a0:3b:83:ba:47:ab:6b:2b:11:d1:55:9b:a6:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Mar 12 13:53:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=faa97f7e7620a5d7f8557593642533ba3c16e152
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:8c:9e:c0:25:77:d7:48:91:c7:c5:83:be:b5:
61:be:90:f2:a8:9d:5f:1c:b9:a0:cd:e7:3a:a1:45:
87:77:88:bb:eb:bc:13:a6:5a:79:3e:55:21:91:1f:
f8:f5:fe:66:d1:11:27:42:17:23:08:5b:a9:b1:4c:
3a:46:35:1b:5a:f7:fa:ba:e2:72:18:3b:c3:74:0f:
0d:d5:0b:d5:69:19:d6:b6:cf:66:75:8f:15:fb:09:
d8:8f:66:9b:57:94:8a:f2:a1:a0:5c:0a:bd:55:00:
e2:b5:1f:25:2a:00:53:78:bc:9d:99:9b:91:b9:dd:
7c:1c:61:01:b7:c7:40:79:5b:31:46:f7:d8:89:45:
1f:38:c3:49:2e:96:9a:21:f2:ba:48:18:a7:78:76:
39:bf:ab:dd:f8:62:dd:5e:18:70:28:bf:02:79:23:
21:eb:a2:8e:f1:ef:5c:43:af:e7:e2:09:e8:6b:38:
7e:2c:46:37:34:1e:36:92:c0:c2:d4:f5:06:ba:6b:
cb:24:32:c5:b7:32:1e:54:2a:48:37:c0:24:24:4a:
43:42:e0:13:c4:fa:c6:4b:24:e1:0e:fd:c6:24:73:
70:1c:87:09:e1:c4:bc:29:94:4f:8b:de:72:30:28:
70:98:ec:97:67:c6:c1:f1:df:5b:fa:e6:da:de:3b:
49:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:A9:7F:7E:76:20:A5:D7:F8:55:75:93:64:25:33:BA:3C:16:E1:52
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1-ql_fnYgpdf4VXWTZCUzujwW4VI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.37.0/24
192.71.97.0/24
192.71.158.0/24
192.121.21.0/24
192.121.172.0/24
192.121.192.0/24
192.165.65.0/24
192.165.86.0/24
193.180.61.0/24
193.181.0.0/24
193.181.187.0/24
193.183.3.0/24
193.183.118.0/24
193.234.220.0/23
193.234.237.0/24
193.235.142.0/23
194.14.129.0/24
194.14.212.0/24
194.68.56.0/23
194.68.99.0/24
194.68.126.0/24
194.68.194.0/23
194.71.27.0/24
194.71.83.0/24
194.71.140.0/23
194.71.168.0/24
194.103.50.0/24
194.132.108.0/23
194.132.174.0/23
Signature Algorithm: sha256WithRSAEncryption
59:10:51:b0:7e:f5:b7:69:b4:01:28:b1:b8:74:7d:df:3b:c7:
bf:7b:03:a4:ff:d5:9c:c2:1e:45:78:30:0a:a2:cb:05:81:70:
89:fd:ca:11:e5:06:ab:5a:cf:81:7c:82:d8:ed:f0:fc:05:4a:
a7:2f:31:4e:50:39:1e:72:81:3e:72:3e:20:d3:93:9e:ed:0b:
4a:84:19:88:88:90:0a:a4:2c:ad:df:be:6d:85:d7:60:9c:f2:
0e:79:a3:c6:85:30:8c:ea:cd:da:ad:8d:57:d3:4f:17:7f:7d:
cb:d3:39:c3:cc:33:c6:50:d4:90:4d:7a:8d:cd:49:49:4c:c7:
4e:1f:32:ce:d6:5b:62:55:ee:d0:78:eb:27:1e:38:83:c2:fc:
3b:4f:d8:91:2c:52:d7:8b:c2:61:38:6f:17:5a:43:59:a9:8e:
52:97:fd:87:0e:38:1d:ff:00:ad:1b:20:3c:a6:f2:dc:a4:05:
6a:67:cd:c8:89:09:a5:77:58:1b:09:05:db:cb:19:b5:ea:36:
e2:9e:58:81:80:56:96:0f:78:b5:22:54:f0:1f:9c:aa:b3:1e:
02:06:ec:6b:1b:54:e7:b8:7f:0b:bf:3c:00:fd:a8:e3:3d:b0:
0e:c4:78:e3:70:da:c3:21:b4:96:3e:84:f0:3a:af:e9:72:fe:
72:eb:d5:31
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAZziUqA7g7pHq2srEdFVm6ZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMzEyMTM1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWE5N2Y3ZTc2MjBhNWQ3Zjg1NTc1OTM2NDI1MzNiYTNjMTZlMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYyewCV310iRx8WDvrVhvpDyqJ1f
HLmgzec6oUWHd4i767wTplp5PlUhkR/49f5m0REnQhcjCFupsUw6RjUbWvf6uuJy
GDvDdA8N1QvVaRnWts9mdY8V+wnYj2abV5SK8qGgXAq9VQDitR8lKgBTeLydmZuR
ud18HGEBt8dAeVsxRvfYiUUfOMNJLpaaIfK6SBineHY5v6vd+GLdXhhwKL8CeSMh
66KO8e9cQ6/n4gnoazh+LEY3NB42ksDC1PUGumvLJDLFtzIeVCpIN8AkJEpDQuAT
xPrGSyThDv3GJHNwHIcJ4cS8KZRPi95yMChwmOyXZ8bB8d9b+uba3jtJvwIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFPqpf352IKXX+FV1k2QlM7o8FuFSMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMS1xbF9mbllncGRmNFZYV1RaQ1V6dWp3VzRWSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDkvNjgwYjc4LTk2YWYtNGE4NS1hYzAyLTk0M2QwMzMyMTMy
Ni8xL0lUWEg5WEh1X3JaMEJLdHNSZjFIVlZHdHJ4cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBywYIKwYBBQUHAQcBAf8EgbswgbgwgbUEAgABMIGuAwQA
wCQlAwQAwEdhAwQAwEeeAwQAwHkVAwQAwHmsAwQAwHnAAwQAwKVBAwQAwKVWAwQA
wbQ9AwQAwbUAAwQAwbW7AwQAwbcDAwQAwbd2AwQBwercAwQAwertAwQBweuOAwQA
wg6BAwQAwg7UAwQBwkQ4AwQAwkRjAwQAwkR+AwQBwkTCAwQAwkcbAwQAwkdTAwQB
wkeMAwQAwkeoAwQAwmcyAwQBwoRsAwQBwoSuMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
EFGwfvW3abQBKLG4dH3fO8e/ewOk/9Wcwh5FeDAKossFgXCJ/coR5QarWs+BfILY
7fD8BUqnLzFOUDkecoE+cj4g05Oe7QtKhBmIiJAKpCyt375thddgnPIOeaPGhTCM
6s3arY1X008Xf33L0znDzDPGUNSQTXqNzUlJTMdOHzLO1ltiVe7QeOsnHjiDwvw7
T9iRLFLXi8JhOG8XWkNZqY5Sl/2HDjgd/wCtGyA8pvLcpAVqZ83IiQmld1gbCQXb
yxm16jbinliBgFaWD3i1IlTwH5yqsx4CBuxrG1TnuH8LvzwA/ajjPbAOxHjjcNrD
IbSWPoTwOq/pcv5y69Ux
-----END CERTIFICATE-----
Generated at Thu Mar 12 21:36:34 2026 by rpki-client