Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QCeLT32TJH0BUjUrilhb7chA7xQ.roa
File: QCeLT32TJH0BUjUrilhb7chA7xQ.roa (raw, json)
Hash identifier: F/9NdtpeCDeb/lM2ZGhLi9OKN6meb7oC3ZPfJfW/F4c=
Subject key identifier: 40:27:8B:4F:7D:93:24:7D:01:52:35:2B:8A:58:5B:ED:C8:40:EF:14
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 019CD88B9AC76F71AB4C49A02CCA82B136CD
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QCeLT32TJH0BUjUrilhb7chA7xQ.roa
Signing time: Tue 10 Mar 2026 16:19:13 +0000
ROA not before: Tue 10 Mar 2026 16:19:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12430
IP address blocks: 2.154.0.0/15 maxlen: 16
2.154.0.0/16 maxlen: 16
2.154.192.0/18 maxlen: 18
2.155.0.0/16 maxlen: 16
5.40.0.0/16 maxlen: 16
62.42.0.0/15 maxlen: 16
62.57.0.0/16 maxlen: 16
62.81.0.0/16 maxlen: 24
62.82.0.0/15 maxlen: 16
62.100.96.0/19 maxlen: 19
62.117.128.0/17 maxlen: 17
62.174.0.0/15 maxlen: 19
81.60.0.0/15 maxlen: 18
81.184.0.0/16 maxlen: 16
81.202.0.0/16 maxlen: 16
82.159.0.0/16 maxlen: 16
82.213.128.0/18 maxlen: 18
83.173.128.0/18 maxlen: 18
84.120.0.0/13 maxlen: 19
84.127.229.0/24 maxlen: 24
85.219.0.0/17 maxlen: 17
85.251.0.0/16 maxlen: 17
89.140.0.0/16 maxlen: 16
89.141.0.0/16 maxlen: 16
95.39.0.0/16 maxlen: 19
185.128.128.0/22 maxlen: 24
194.106.0.0/19 maxlen: 19
194.140.128.0/18 maxlen: 18
194.149.192.0/19 maxlen: 19
212.21.224.0/19 maxlen: 19
212.40.224.0/19 maxlen: 19
212.40.224.0/24 maxlen: 24
212.78.128.0/19 maxlen: 19
212.79.128.0/19 maxlen: 19
212.95.192.0/19 maxlen: 19
212.97.160.0/19 maxlen: 19
212.183.192.0/18 maxlen: 18
213.37.0.0/16 maxlen: 16
213.201.0.0/17 maxlen: 17
213.227.0.0/18 maxlen: 18
213.231.64.0/18 maxlen: 18
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Mar 2026 21:05:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d8:8b:9a:c7:6f:71:ab:4c:49:a0:2c:ca:82:b1:36:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Mar 10 16:19:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=40278b4f7d93247d0152352b8a585bedc840ef14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e7:a9:37:59:a1:a2:01:bd:b1:59:07:82:a9:
19:e4:3a:66:4c:db:4e:16:4b:eb:ab:43:08:38:57:
ab:30:ea:69:b9:56:9b:a1:e4:5e:29:41:2a:69:dd:
64:8d:76:ab:18:61:20:e4:14:d3:62:d7:9f:f7:0b:
33:3f:6d:d8:cf:5d:9f:46:f2:2b:9b:05:79:76:1f:
97:4c:12:97:0c:60:ba:0e:ad:72:2f:7b:3d:c8:96:
7c:cf:24:b2:7d:7f:72:7b:da:90:f1:32:bd:ad:e6:
79:60:b2:ba:9c:8f:e3:7a:3e:34:cd:b6:e7:55:18:
5c:3e:55:1f:d0:8e:ec:b8:80:db:39:a9:c2:19:00:
e6:3b:d0:d1:db:5d:e7:76:b2:ef:51:60:44:ef:a7:
d0:1d:53:98:f2:f7:30:8c:2a:9f:e1:37:71:d7:5f:
88:bd:ee:64:83:5c:8c:5d:1c:d6:9b:bb:2f:84:a8:
24:96:ff:31:b3:f7:65:58:c3:22:1b:d7:3b:2c:fe:
66:65:6f:6b:d5:22:6b:4f:e4:f8:cb:42:38:ba:4b:
17:29:c2:1f:20:b8:13:66:76:7e:72:a8:eb:38:de:
c1:69:df:a6:ce:78:ac:58:62:93:7a:0e:32:a2:a2:
4e:e3:76:53:48:98:af:59:e4:1a:26:56:5c:fd:45:
a5:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:27:8B:4F:7D:93:24:7D:01:52:35:2B:8A:58:5B:ED:C8:40:EF:14
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QCeLT32TJH0BUjUrilhb7chA7xQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.154.0.0/15
5.40.0.0/16
62.42.0.0/15
62.57.0.0/16
62.81.0.0-62.83.255.255
62.100.96.0/19
62.117.128.0/17
62.174.0.0/15
81.60.0.0/15
81.184.0.0/16
81.202.0.0/16
82.159.0.0/16
82.213.128.0/18
83.173.128.0/18
84.120.0.0/13
85.219.0.0/17
85.251.0.0/16
89.140.0.0/15
95.39.0.0/16
185.128.128.0/22
194.106.0.0/19
194.140.128.0/18
194.149.192.0/19
212.21.224.0/19
212.40.224.0/19
212.78.128.0/19
212.79.128.0/19
212.95.192.0/19
212.97.160.0/19
212.183.192.0/18
213.37.0.0/16
213.201.0.0/17
213.227.0.0/18
213.231.64.0/18
Signature Algorithm: sha256WithRSAEncryption
7c:a8:77:51:d3:14:8a:cd:82:f3:d6:f5:19:85:8f:ec:9b:2e:
3f:c5:d1:b7:ef:e8:d5:20:f9:b5:dd:c3:77:9d:d2:2f:9a:11:
37:8e:31:e9:e1:26:c9:57:8b:10:05:83:a7:ad:97:ee:ad:2a:
50:9a:4c:7b:66:c2:2b:a0:cc:c5:b7:1e:9d:aa:65:0b:f9:f1:
6e:1e:cb:38:96:06:cb:ed:af:bb:8b:49:92:7a:de:02:b3:cf:
ac:aa:55:3e:b4:30:aa:ad:ce:39:dc:f5:d8:9a:23:59:f6:b2:
08:39:e9:c0:88:3a:27:da:e1:49:ae:fc:29:30:58:91:78:b2:
8f:e1:15:f0:44:f3:a2:1c:af:3c:80:71:2e:e3:cb:ff:f8:94:
0d:b7:05:e5:4d:6b:3b:02:09:8e:60:41:0d:f8:b4:26:34:c1:
0d:51:0a:d7:ff:d5:b6:73:32:0c:63:1c:c1:3d:9e:b4:a2:5c:
03:89:a3:13:8e:89:ea:3e:cc:09:03:2f:88:ae:ed:f4:10:d1:
ff:67:f5:94:ce:62:04:bd:27:86:17:e4:38:43:a4:9f:ee:c7:
50:5a:06:2b:54:35:5a:28:54:75:bf:01:96:78:9f:b9:c2:aa:
70:1b:04:76:6c:05:21:ab:55:7a:46:68:0f:ca:54:61:b8:f0:
1c:a3:1a:b3
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZzYi5rHb3GrTEmgLMqCsTbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjYwMzEwMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDI3OGI0ZjdkOTMyNDdkMDE1MjM1MmI4YTU4NWJlZGM4NDBlZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuepN1mhogG9sVkHgqkZ5DpmTNtO
Fkvrq0MIOFerMOppuVaboeReKUEqad1kjXarGGEg5BTTYtef9wszP23Yz12fRvIr
mwV5dh+XTBKXDGC6Dq1yL3s9yJZ8zySyfX9ye9qQ8TK9reZ5YLK6nI/jej40zbbn
VRhcPlUf0I7suIDbOanCGQDmO9DR213ndrLvUWBE76fQHVOY8vcwjCqf4Tdx11+I
ve5kg1yMXRzWm7svhKgklv8xs/dlWMMiG9c7LP5mZW9r1SJrT+T4y0I4uksXKcIf
ILgTZnZ+cqjrON7Bad+mznisWGKTeg4yoqJO43ZTSJivWeQaJlZc/UWl7wIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFEAni099kyR9AVI1K4pYW+3IQO8UMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvUUNlTFQzMlRKSDBCVWpVcmlsaGI3Y2hBN3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAEwgcQDAwEC
mgMDAAUoAwMBPioDAwA+OTAKAwMAPlEDAwI+UAMEBT5kYAMEBz51gAMDAT6uAwMB
UTwDAwBRuAMDAFHKAwMAUp8DBAZS1YADBAZTrYADAwNUeAMEB1XbAAMDAFX7AwMB
WYwDAwBfJwMEArmAgAMEBcJqAAMEBsKMgAMEBcKVwAMEBdQV4AMEBdQo4AMEBdRO
gAMEBdRPgAMEBdRfwAMEBdRhoAMEBtS3wAMDANUlAwQH1ckAAwQG1eMAAwQG1edA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8qHdR0xSKzYLz1vUZhY/smy4/xdG37+jVIPm1
3cN3ndIvmhE3jjHp4SbJV4sQBYOnrZfurSpQmkx7ZsIroMzFtx6dqmUL+fFuHss4
lgbL7a+7i0mSet4Cs8+sqlU+tDCqrc453PXYmiNZ9rIIOenAiDon2uFJrvwpMFiR
eLKP4RXwRPOiHK88gHEu48v/+JQNtwXlTWs7AgmOYEEN+LQmNMENUQrX/9W2czIM
YxzBPZ60olwDiaMTjonqPswJAy+Iru30ENH/Z/WUzmIEvSeGF+Q4Q6Sf7sdQWgYr
VDVaKFR1vwGWeJ+5wqpwGwR2bAUhq1V6RmgPylRhuPAcoxqz
-----END CERTIFICATE-----
Generated at Fri Mar 13 05:34:24 2026 by rpki-client