Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2Th-QHqRbTUx1bo8OL_y4rE71QY.roa
File: 2Th-QHqRbTUx1bo8OL_y4rE71QY.roa (raw, json)
Hash identifier: qDFOlnsSAQhoUmKjiYGBy0DB0fPPHOY8p5/9qiysLjY=
Subject key identifier: D9:38:7E:40:7A:91:6D:35:31:D5:BA:3C:38:BF:F2:E2:B1:3B:D5:06
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 019C2969C6319AAA8F7457EBD3434D8A5017
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2Th-QHqRbTUx1bo8OL_y4rE71QY.roa
Signing time: Wed 04 Feb 2026 16:08:43 +0000
ROA not before: Wed 04 Feb 2026 16:08:43 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62387
IP address blocks: 79.132.92.0/22 maxlen: 22
85.234.172.0/22 maxlen: 22
85.234.176.0/22 maxlen: 22
89.191.108.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:29:69:c6:31:9a:aa:8f:74:57:eb:d3:43:4d:8a:50:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Feb 4 16:08:43 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d9387e407a916d3531d5ba3c38bff2e2b13bd506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:e9:ce:87:b0:13:12:e5:dc:78:c2:67:56:40:
33:6b:ef:f8:9e:ae:3f:aa:1b:d7:27:7a:cb:67:07:
cb:7e:77:ae:44:75:4f:3f:ac:11:72:e4:fb:77:12:
7a:19:0a:8a:0f:a5:7c:c6:6a:d6:a4:e4:d5:e9:53:
01:19:f5:97:64:ae:89:3a:56:55:56:5c:dd:bb:20:
56:71:25:7f:ef:c9:3a:f3:6e:90:54:ac:e8:d5:f7:
fd:d6:4f:ac:69:bf:e3:48:5d:75:15:b7:8c:12:6d:
3f:fc:a2:a9:40:e8:c2:93:e5:fd:42:12:4a:87:cb:
c0:0c:4a:05:4f:07:5d:5e:1d:d7:61:46:82:02:9f:
82:85:84:dc:0b:2e:f6:29:b4:6a:f1:49:8c:f9:00:
80:cf:e9:ec:0c:db:07:c5:5f:54:92:61:8c:12:7c:
2e:5e:a9:42:79:20:2d:22:04:dd:60:96:fc:ba:1e:
5c:b4:cd:46:6a:2f:5f:b3:79:0a:d4:02:4c:30:01:
25:b4:a4:de:0f:f4:4e:3e:f3:2f:2c:22:e4:c5:01:
28:77:ea:c1:f4:3b:91:9a:aa:9c:eb:42:38:ce:3a:
12:4a:29:67:cf:0d:27:81:6a:46:b9:55:f4:13:63:
f0:2c:b7:9c:46:80:c4:12:39:dc:64:d9:71:9b:2c:
6f:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:38:7E:40:7A:91:6D:35:31:D5:BA:3C:38:BF:F2:E2:B1:3B:D5:06
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/2Th-QHqRbTUx1bo8OL_y4rE71QY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.132.92.0/22
85.234.172.0-85.234.179.255
89.191.108.0/22
Signature Algorithm: sha256WithRSAEncryption
2b:b5:6d:c6:2f:fd:6d:c2:7e:37:65:71:65:dc:d7:47:50:bd:
29:4a:b7:67:66:6f:40:07:1a:14:b0:a6:aa:73:e0:26:ea:dd:
c8:24:82:f6:05:ec:d8:33:6d:9e:bd:13:d1:ac:b4:ad:a7:cb:
8c:ae:09:b7:f2:bd:45:85:2e:f9:21:67:e7:49:31:9f:e2:7e:
4f:65:e7:76:ac:82:46:ea:00:31:dd:07:95:39:51:4d:fa:99:
31:61:27:b5:f1:70:a9:b3:d8:fb:06:1f:94:8a:a7:f1:8e:ee:
08:d9:f8:8e:36:43:62:6b:90:30:06:96:71:c1:c4:56:30:89:
d8:ed:44:bf:e2:2f:1d:aa:33:57:f3:a8:4d:e3:21:67:38:c8:
93:52:d3:27:a0:2f:53:ae:53:1f:70:28:4f:a9:c0:31:a8:b0:
55:c8:b6:2b:b4:53:f9:61:8d:b5:58:eb:ef:d0:16:41:36:b5:
7f:4b:c9:78:0c:36:bd:59:25:75:22:27:b7:fb:60:3b:bf:4d:
a2:92:84:e8:0e:bb:5b:ff:9b:88:fd:d2:9c:47:ae:da:2b:6b:
22:33:cc:f8:8b:99:5c:50:59:c0:90:91:06:98:4f:73:ab:55:
98:17:6f:c9:8b:54:e3:fe:17:f5:92:58:ea:0a:35:a7:13:7d:
60:db:a0:00
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZwpacYxmqqPdFfr00NNilAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMjA0MTYwODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTM4N2U0MDdhOTE2ZDM1MzFkNWJhM2MzOGJmZjJlMmIxM2JkNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+OnOh7ATEuXceMJnVkAza+/4nq4/
qhvXJ3rLZwfLfneuRHVPP6wRcuT7dxJ6GQqKD6V8xmrWpOTV6VMBGfWXZK6JOlZV
VlzduyBWcSV/78k6826QVKzo1ff91k+sab/jSF11FbeMEm0//KKpQOjCk+X9QhJK
h8vADEoFTwddXh3XYUaCAp+ChYTcCy72KbRq8UmM+QCAz+nsDNsHxV9UkmGMEnwu
XqlCeSAtIgTdYJb8uh5ctM1Gai9fs3kK1AJMMAEltKTeD/ROPvMvLCLkxQEod+rB
9DuRmqqc60I4zjoSSilnzw0ngWpGuVX0E2PwLLecRoDEEjncZNlxmyxv/wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNk4fkB6kW01MdW6PDi/8uKxO9UGMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvMlRoLVFIcVJiVFV4MWJvOE9MX3k0ckU3MVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCT4RcMAwD
BAJV6qwDBAJV6rADBAJZv2wwDQYJKoZIhvcNAQELBQADggEBACu1bcYv/W3Cfjdl
cWXc10dQvSlKt2dmb0AHGhSwpqpz4Cbq3cgkgvYF7NgzbZ69E9GstK2ny4yuCbfy
vUWFLvkhZ+dJMZ/ifk9l53asgkbqADHdB5U5UU36mTFhJ7XxcKmz2PsGH5SKp/GO
7gjZ+I42Q2JrkDAGlnHBxFYwidjtRL/iLx2qM1fzqE3jIWc4yJNS0yegL1OuUx9w
KE+pwDGosFXItiu0U/lhjbVY6+/QFkE2tX9LyXgMNr1ZJXUiJ7f7YDu/TaKShOgO
u1v/m4j90pxHrtorayIzzPiLmVxQWcCQkQaYT3OrVZgXb8mLVOP+F/WSWOoKNacT
fWDboAA=
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:04:17 2026 by rpki-client