Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q0h8BY_mAlBuzj5_nC7_EGi7zqY.roa
File: q0h8BY_mAlBuzj5_nC7_EGi7zqY.roa (raw, json)
Hash identifier: Eh94r3msV6eYMjrnPctFMOoYvzGvnpyuLE5ywcrZgyE=
Subject key identifier: AB:48:7C:05:8F:E6:02:50:6E:CE:3E:7F:9C:2E:FF:10:68:BB:CE:A6
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 019D33CD2F57780106F355A52804512B79C2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q0h8BY_mAlBuzj5_nC7_EGi7zqY.roa
Signing time: Sat 28 Mar 2026 09:36:18 +0000
ROA not before: Sat 28 Mar 2026 09:36:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 2.58.168.0/24 maxlen: 24
5.182.112.0/24 maxlen: 24
77.242.146.0/23 maxlen: 24
77.242.156.0/24 maxlen: 24
83.137.153.0/24 maxlen: 24
83.137.158.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.198.0/24 maxlen: 24
88.209.201.0/24 maxlen: 24
88.209.209.0/24 maxlen: 24
88.209.226.0/24 maxlen: 24
88.209.227.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
88.209.247.0/24 maxlen: 24
88.209.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 31 Mar 2026 14:02:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:33:cd:2f:57:78:01:06:f3:55:a5:28:04:51:2b:79:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Mar 28 09:36:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ab487c058fe602506ece3e7f9c2eff1068bbcea6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:4c:47:e4:f2:83:9c:1d:08:2b:1b:12:5d:6a:
ce:c6:95:c9:59:e9:5b:a9:c1:e8:7e:62:d5:2b:f3:
96:77:43:37:32:6f:22:6d:59:de:5a:80:35:3e:78:
6c:c4:05:60:b7:9c:05:26:b0:86:8b:f7:2a:f5:92:
85:99:a8:1e:a6:08:00:af:f4:bb:db:72:19:83:0c:
8c:ca:3e:91:eb:3a:bb:9e:d1:7c:49:2a:fa:55:19:
5a:c6:e4:54:6d:e2:49:d9:27:c2:88:d0:62:96:f3:
de:0f:55:9f:eb:82:ce:f4:f0:e0:bc:07:3c:3d:9b:
3a:6a:f3:9f:69:85:19:f2:1f:3d:53:b3:23:e6:54:
ff:eb:c4:9a:71:37:99:8d:60:3e:ed:a1:31:a2:1f:
c5:24:49:e2:70:a1:7e:af:d3:cd:a1:ec:ae:f1:74:
7d:ed:5c:ac:74:de:6c:58:82:06:17:ce:fe:b1:0e:
1b:8c:73:73:88:78:9a:a2:e8:3e:b0:86:1f:55:4e:
29:b2:eb:1c:aa:88:8c:9b:96:b6:32:24:a1:29:0d:
94:b5:91:99:c0:bf:31:11:76:92:ba:7c:11:49:86:
26:9a:5d:61:78:f8:6a:12:bf:20:88:f9:9b:6d:62:
23:08:54:be:7c:53:8e:71:ae:1b:2c:47:6f:30:1c:
ef:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:48:7C:05:8F:E6:02:50:6E:CE:3E:7F:9C:2E:FF:10:68:BB:CE:A6
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q0h8BY_mAlBuzj5_nC7_EGi7zqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/24
5.182.112.0/24
77.242.146.0/23
77.242.156.0/24
83.137.153.0/24
83.137.158.0/24
88.151.56.0/23
88.209.198.0/24
88.209.201.0/24
88.209.209.0/24
88.209.226.0/23
88.209.232.0/22
88.209.247.0/24
88.209.254.0/24
Signature Algorithm: sha256WithRSAEncryption
11:8d:2d:55:db:4e:49:05:1f:1e:eb:f3:63:97:fb:4e:24:35:
b7:82:5d:78:f9:3f:d1:3a:54:68:58:fc:fe:4d:25:48:c9:66:
3c:ab:07:74:fa:fa:a1:98:cb:ae:05:a1:61:ca:19:f3:99:a6:
cd:2f:78:81:a2:1d:bd:14:a5:7e:13:12:c3:d9:fb:b1:86:85:
7e:41:d5:12:56:71:25:dc:32:18:12:79:fc:65:a6:09:62:86:
16:2a:9b:a9:84:e0:52:f3:54:13:98:2a:f8:c0:b1:d8:e0:90:
56:97:2e:d1:aa:89:6b:18:4a:bc:28:60:45:60:b7:2c:6e:7d:
81:77:9c:2b:a6:04:f0:2f:8f:26:e6:53:3b:8c:27:76:b4:b3:
28:62:11:2a:65:28:66:97:93:a0:6d:0f:0a:80:19:7c:0d:09:
44:ea:f4:44:b6:d0:b3:3a:79:e2:b7:be:73:d5:5b:31:d0:84:
d6:e3:2c:9b:9c:7a:d7:58:8f:3f:19:25:4d:5e:72:48:45:a7:
a1:18:d6:13:7e:ba:a8:0a:e3:8f:bc:9e:07:47:41:7c:5f:ff:
c1:23:27:90:85:e3:bc:58:e0:eb:33:be:59:fa:8b:a5:4c:64:
3f:e2:e5:34:7d:3b:f9:88:36:82:29:18:81:41:7c:71:e0:ec:
3a:36:c1:47
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZ0zzS9XeAEG81WlKARRK3nCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwMzI4MDkzNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ4N2MwNThmZTYwMjUwNmVjZTNlN2Y5YzJlZmYxMDY4YmJjZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtExH5PKDnB0IKxsSXWrOxpXJWelb
qcHofmLVK/OWd0M3Mm8ibVneWoA1PnhsxAVgt5wFJrCGi/cq9ZKFmagepggAr/S7
23IZgwyMyj6R6zq7ntF8SSr6VRlaxuRUbeJJ2SfCiNBilvPeD1Wf64LO9PDgvAc8
PZs6avOfaYUZ8h89U7Mj5lT/68SacTeZjWA+7aExoh/FJEnicKF+r9PNoeyu8XR9
7VysdN5sWIIGF87+sQ4bjHNziHiaoug+sIYfVU4psuscqoiMm5a2MiShKQ2UtZGZ
wL8xEXaSunwRSYYmml1hePhqEr8giPmbbWIjCFS+fFOOca4bLEdvMBzvRwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKtIfAWP5gJQbs4+f5wu/xBou86mMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcTBoOEJZX21BbEJ1emo1X25DN19FR2k3enFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAAjqoAwQA
BbZwAwQBTfKSAwQATfKcAwQAU4mZAwQAU4meAwQBWJc4AwQAWNHGAwQAWNHJAwQA
WNHRAwQBWNHiAwQCWNHoAwQAWNH3AwQAWNH+MA0GCSqGSIb3DQEBCwUAA4IBAQAR
jS1V205JBR8e6/Njl/tOJDW3gl14+T/ROlRoWPz+TSVIyWY8qwd0+vqhmMuuBaFh
yhnzmabNL3iBoh29FKV+ExLD2fuxhoV+QdUSVnEl3DIYEnn8ZaYJYoYWKpuphOBS
81QTmCr4wLHY4JBWly7RqolrGEq8KGBFYLcsbn2Bd5wrpgTwL48m5lM7jCd2tLMo
YhEqZShml5OgbQ8KgBl8DQlE6vREttCzOnnit75z1Vsx0ITW4yybnHrXWI8/GSVN
XnJIRaehGNYTfrqoCuOPvJ4HR0F8X//BIyeQheO8WODrM75Z+oulTGQ/4uU0fTv5
iDaCKRiBQXxx4Ow6NsFH
-----END CERTIFICATE-----
Generated at Mon Mar 30 23:23:22 2026 by rpki-client