Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/Q3-sU-GYPpAGQxcQjINmgHQ1wSE.roa
File: Q3-sU-GYPpAGQxcQjINmgHQ1wSE.roa (raw, json)
Hash identifier: rYj0bj0I+s315HlLhZKfLrpr9fkPJ+X9pfvhpS9BAws=
Subject key identifier: 43:7F:AC:53:E1:98:3E:90:06:43:17:10:8C:83:66:80:74:35:C1:21
Certificate issuer: /CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
Certificate serial: 019B7C7FED2407548D0C166F146F0A8CC514
Authority key identifier: F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/Q3-sU-GYPpAGQxcQjINmgHQ1wSE.roa
Signing time: Fri 02 Jan 2026 02:18:37 +0000
ROA not before: Fri 02 Jan 2026 02:18:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202448
IP address blocks: 2.56.212.0/24 maxlen: 24
2.56.213.0/24 maxlen: 24
2.56.214.0/24 maxlen: 24
2.56.215.0/24 maxlen: 24
31.14.238.0/24 maxlen: 24
31.222.229.0/24 maxlen: 24
45.137.148.0/24 maxlen: 32
45.137.149.0/24 maxlen: 24
45.137.150.0/24 maxlen: 24
45.137.151.0/24 maxlen: 24
45.153.184.0/24 maxlen: 24
45.153.185.0/24 maxlen: 24
45.153.186.0/24 maxlen: 24
45.153.187.0/24 maxlen: 24
62.3.32.0/24 maxlen: 24
84.238.132.0/24 maxlen: 24
86.105.252.0/24 maxlen: 24
86.106.181.0/24 maxlen: 24
86.107.197.0/24 maxlen: 24
89.38.128.0/24 maxlen: 24
89.38.129.0/24 maxlen: 24
89.38.130.0/24 maxlen: 24
89.38.131.0/24 maxlen: 24
89.38.135.0/24 maxlen: 32
89.43.33.0/24 maxlen: 24
91.227.40.0/24 maxlen: 24
91.227.41.0/24 maxlen: 24
91.236.195.0/24 maxlen: 24
91.250.248.0/24 maxlen: 32
91.250.249.0/24 maxlen: 32
93.114.128.0/24 maxlen: 24
93.114.133.0/24 maxlen: 24
93.115.16.0/24 maxlen: 24
93.115.17.0/24 maxlen: 24
93.115.18.0/24 maxlen: 24
93.115.19.0/24 maxlen: 24
93.115.20.0/24 maxlen: 24
93.115.21.0/24 maxlen: 24
93.115.22.0/24 maxlen: 24
93.115.23.0/24 maxlen: 24
94.176.182.0/24 maxlen: 24
94.231.205.0/24 maxlen: 24
95.169.192.0/24 maxlen: 24
95.169.201.0/24 maxlen: 24
95.169.204.0/24 maxlen: 24
95.169.205.0/24 maxlen: 24
178.157.82.0/24 maxlen: 24
178.157.90.0/24 maxlen: 24
178.157.91.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
185.96.163.0/24 maxlen: 24
185.170.212.0/24 maxlen: 24
185.170.213.0/24 maxlen: 24
185.170.214.0/24 maxlen: 24
185.170.215.0/24 maxlen: 24
185.177.73.0/24 maxlen: 24
185.234.52.0/24 maxlen: 32
185.243.214.0/24 maxlen: 32
185.243.215.0/24 maxlen: 24
188.212.124.0/24 maxlen: 24
188.212.125.0/24 maxlen: 24
193.24.232.0/24 maxlen: 24
193.24.233.0/24 maxlen: 24
193.24.234.0/24 maxlen: 24
193.24.235.0/24 maxlen: 24
193.201.15.0/24 maxlen: 24
194.26.213.0/24 maxlen: 24
194.32.76.0/24 maxlen: 24
194.32.77.0/24 maxlen: 24
194.32.78.0/24 maxlen: 24
194.32.79.0/24 maxlen: 24
194.63.145.0/24 maxlen: 24
194.99.20.0/24 maxlen: 24
194.99.21.0/24 maxlen: 24
194.99.22.0/24 maxlen: 24
194.99.23.0/24 maxlen: 24
195.14.9.0/24 maxlen: 24
2a05:8280::/32 maxlen: 32
2a09:cd40::/32 maxlen: 32
2a09:cd41::/32 maxlen: 32
2a09:cd42::/32 maxlen: 32
2a09:cd43::/32 maxlen: 32
2a09:cd44::/32 maxlen: 32
2a09:cd45::/32 maxlen: 32
2a09:cd46::/32 maxlen: 32
2a0c:b9c0::/32 maxlen: 32
2a0c:b9c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.mft
rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:7f:ed:24:07:54:8d:0c:16:6f:14:6f:0a:8c:c5:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
Validity
Not Before: Jan 2 02:18:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=437fac53e1983e90064317108c8366807435c121
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:42:8e:21:8d:ae:89:4b:92:7a:97:6f:21:12:
48:e6:c6:77:8b:74:4e:e8:ad:1d:71:8b:b7:cc:49:
eb:f0:8b:e8:27:d7:bb:23:5a:4b:86:3e:a5:ab:6c:
bb:4f:a4:84:f1:07:4d:15:ce:c0:ea:56:7c:71:41:
63:8a:b7:86:80:77:94:a8:6d:65:ae:a6:12:82:af:
3c:80:7a:4d:59:07:a7:1d:20:24:8e:cc:e2:e9:8a:
9d:8c:e2:77:24:df:e6:4e:00:4d:01:75:36:bd:10:
da:c3:ff:fb:a8:3e:87:f3:0f:1d:ed:9c:13:80:95:
94:f9:b8:23:89:20:92:7d:d0:f5:57:86:ec:0d:10:
43:9f:cc:0a:a6:bd:b4:46:0d:94:54:5d:4a:88:2e:
93:e0:1b:02:ef:0c:0a:de:57:0e:f6:86:f7:9c:38:
6b:31:58:39:71:88:2c:17:e9:71:79:4e:9d:a4:1d:
86:30:97:bd:62:96:c2:e9:a4:92:5d:ea:6d:db:9c:
29:da:61:e4:49:3d:ae:ae:95:2f:7d:c3:c5:ee:80:
7a:24:f6:ca:17:d9:2d:36:46:16:59:9a:d9:e1:32:
d7:1b:d1:75:8f:95:05:db:98:cc:25:40:33:2a:01:
ef:b3:39:d9:f4:48:88:63:7d:8b:bf:bc:c2:09:e8:
af:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:7F:AC:53:E1:98:3E:90:06:43:17:10:8C:83:66:80:74:35:C1:21
X509v3 Authority Key Identifier:
keyid:F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/Q3-sU-GYPpAGQxcQjINmgHQ1wSE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.212.0/22
31.14.238.0/24
31.222.229.0/24
45.137.148.0/22
45.153.184.0/22
62.3.32.0/24
84.238.132.0/24
86.105.252.0/24
86.106.181.0/24
86.107.197.0/24
89.38.128.0/22
89.38.135.0/24
89.43.33.0/24
91.227.40.0/23
91.236.195.0/24
91.250.248.0/23
93.114.128.0/24
93.114.133.0/24
93.115.16.0/21
94.176.182.0/24
94.231.205.0/24
95.169.192.0/24
95.169.201.0/24
95.169.204.0/23
178.157.82.0/24
178.157.90.0/23
178.215.237.0/24
185.96.163.0/24
185.170.212.0/22
185.177.73.0/24
185.234.52.0/24
185.243.214.0/23
188.212.124.0/23
193.24.232.0/22
193.201.15.0/24
194.26.213.0/24
194.32.76.0/22
194.63.145.0/24
194.99.20.0/22
195.14.9.0/24
IPv6:
2a05:8280::/32
2a09:cd40::-2a09:cd46:ffff:ffff:ffff:ffff:ffff:ffff
2a0c:b9c0::/31
Signature Algorithm: sha256WithRSAEncryption
71:29:71:ca:e4:81:3f:99:d5:30:55:9c:f0:9b:f0:b6:92:0a:
fc:88:e5:13:c2:0d:5b:bf:af:df:84:6b:28:07:30:3a:47:46:
4d:7b:e8:98:4a:44:91:9c:79:2b:a0:39:60:dd:be:f8:0c:a0:
e6:84:5a:c7:85:8e:22:54:c7:23:b8:1a:10:fb:e9:2d:1d:b1:
ef:f4:f1:cf:8b:03:58:6d:b1:f1:1e:8a:f1:f9:fc:ac:ba:93:
b5:ba:78:30:6d:e1:31:db:bd:36:f9:c3:0b:f7:a3:33:8e:02:
28:77:1d:51:02:49:53:41:b8:8d:89:dc:1c:d1:cf:6e:b8:19:
dc:b0:07:30:b9:65:23:29:3c:78:cf:d2:2a:01:00:41:9c:19:
73:b0:7d:ae:00:55:20:d2:7e:d6:bd:c3:fc:6b:21:2c:95:a1:
e6:ce:93:a6:ed:39:d2:33:a5:c9:77:fa:bf:f1:d2:43:53:7d:
78:b3:02:69:03:84:b6:01:ae:dc:51:87:6f:14:1d:39:b4:7a:
9e:fb:ff:18:d1:b8:7f:ac:a4:eb:5e:d0:95:03:37:b7:31:71:
b5:d0:2e:4c:99:35:f1:c9:2d:a3:11:ba:f8:2f:5d:c7:6b:e2:
ab:39:b3:2a:11:be:2a:17:82:a7:cb:2b:26:ad:fb:13:50:e1:
c9:6c:0e:ed
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAZt8f+0kB1SNDBZvFG8KjMUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0M2JmOTA4MDhhZTdlY2EwNjNmNzQ2YThmMWQ4ODg2NTcz
NGM4YTMwHhcNMjYwMTAyMDIxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdmYWM1M2UxOTgzZTkwMDY0MzE3MTA4YzgzNjY4MDc0MzVjMTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUKOIY2uiUuSepdvIRJI5sZ3i3RO
6K0dcYu3zEnr8IvoJ9e7I1pLhj6lq2y7T6SE8QdNFc7A6lZ8cUFjireGgHeUqG1l
rqYSgq88gHpNWQenHSAkjszi6YqdjOJ3JN/mTgBNAXU2vRDaw//7qD6H8w8d7ZwT
gJWU+bgjiSCSfdD1V4bsDRBDn8wKpr20Rg2UVF1KiC6T4BsC7wwK3lcO9ob3nDhr
MVg5cYgsF+lxeU6dpB2GMJe9YpbC6aSSXept25wp2mHkST2urpUvfcPF7oB6JPbK
F9ktNkYWWZrZ4TLXG9F1j5UF25jMJUAzKgHvsznZ9EiIY32Lv7zCCeivxwIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFEN/rFPhmD6QBkMXEIyDZoB0NcEhMB8GA1UdIwQY
MBaAFPQ7+QgIrn7KBj90ao8diIZXNMijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAt
Mzg5MTk1YzRmMDdiLzEvUTMtc1UtR1lQcEFHUXhjUWpJTm1nSFExd1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAtMzg5MTk1YzRmMDdi
LzEvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCB9wQCAAEwgfAD
BAICONQDBAAfDu4DBAAf3uUDBAItiZQDBAItmbgDBAA+AyADBABU7oQDBABWafwD
BABWarUDBABWa8UDBAJZJoADBABZJocDBABZKyEDBAFb4ygDBABb7MMDBAFb+vgD
BABdcoADBABdcoUDBANdcxADBABesLYDBABe580DBABfqcADBABfqckDBAFfqcwD
BACynVIDBAGynVoDBACy1+0DBAC5YKMDBAK5qtQDBAC5sUkDBAC56jQDBAG589YD
BAG81HwDBALBGOgDBADByQ8DBADCGtUDBALCIEwDBADCP5EDBALCYxQDBADDDgkw
JAQCAAIwHgMFACoFgoAwDgMFBioJzUADBQAqCc1GAwUBKgy5wDANBgkqhkiG9w0B
AQsFAAOCAQEAcSlxyuSBP5nVMFWc8JvwtpIK/IjlE8INW7+v34RrKAcwOkdGTXvo
mEpEkZx5K6A5YN2++Ayg5oRax4WOIlTHI7gaEPvpLR2x7/Txz4sDWG2x8R6K8fn8
rLqTtbp4MG3hMdu9NvnDC/ejM44CKHcdUQJJU0G4jYncHNHPbrgZ3LAHMLllIyk8
eM/SKgEAQZwZc7B9rgBVINJ+1r3D/GshLJWh5s6Tpu050jOlyXf6v/HSQ1N9eLMC
aQOEtgGu3FGHbxQdObR6nvv/GNG4f6yk617QlQM3tzFxtdAuTJk18cktoxG6+C9d
x2viqzmzKhG+KheCp8srJq37E1DhyWwO7Q==
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:38:00 2026 by rpki-client