Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/QWfQGr4z8VEUuY5YGNgr59n5bZA.roa
File: QWfQGr4z8VEUuY5YGNgr59n5bZA.roa (raw, json)
Hash identifier: lETgMikwnnnSO1uZ9XbjvLYBMxyEwNCLWUmrzKcWQbI=
Subject key identifier: 41:67:D0:1A:BE:33:F1:51:14:B9:8E:58:18:D8:2B:E7:D9:F9:6D:90
Certificate issuer: /CN=c87fefb4db5746680ad6036934662e236ca77772
Certificate serial: 019B7FF2BE787FEF0B8616E96842CD730A88
Authority key identifier: C8:7F:EF:B4:DB:57:46:68:0A:D6:03:69:34:66:2E:23:6C:A7:77:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yH_vtNtXRmgK1gNpNGYuI2ynd3I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/QWfQGr4z8VEUuY5YGNgr59n5bZA.roa
Signing time: Fri 02 Jan 2026 18:22:53 +0000
ROA not before: Fri 02 Jan 2026 18:22:53 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20516
IP address blocks: 83.142.232.0/21 maxlen: 21
83.142.232.0/24 maxlen: 24
83.142.233.0/24 maxlen: 24
83.142.234.0/24 maxlen: 24
83.142.235.0/24 maxlen: 24
83.142.236.0/24 maxlen: 24
83.142.237.0/24 maxlen: 24
83.142.238.0/24 maxlen: 24
83.142.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/yH_vtNtXRmgK1gNpNGYuI2ynd3I.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/yH_vtNtXRmgK1gNpNGYuI2ynd3I.mft
rsync://rpki.ripe.net/repository/DEFAULT/yH_vtNtXRmgK1gNpNGYuI2ynd3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:01:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:f2:be:78:7f:ef:0b:86:16:e9:68:42:cd:73:0a:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c87fefb4db5746680ad6036934662e236ca77772
Validity
Not Before: Jan 2 18:22:53 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4167d01abe33f15114b98e5818d82be7d9f96d90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:2a:f3:77:32:bc:bf:37:73:50:66:19:84:27:
8b:8c:e9:4a:55:bd:28:f6:a3:f9:1a:43:3b:53:f9:
9c:64:4c:12:17:f5:93:6a:a3:23:fa:43:bb:17:2c:
56:2a:34:dc:37:1d:2f:19:b5:24:e4:4d:83:2c:bb:
9a:cf:e8:10:ce:e8:b4:dd:ab:eb:2a:41:5b:b0:51:
92:a7:b3:02:f2:d7:5b:0f:0b:c5:21:3a:f3:b6:c0:
bf:d2:44:8c:11:79:7e:96:36:e8:5d:16:d5:3c:44:
6c:a9:b0:ff:14:f7:ca:f9:31:60:d8:db:24:03:48:
cc:c7:34:30:ea:2f:88:d6:78:a8:f7:95:61:6a:5c:
e3:92:b4:13:67:48:3f:6e:42:b4:f0:b7:61:ea:20:
c0:55:3e:76:ca:4f:60:2f:1d:95:a2:a6:4e:fb:4e:
93:a1:91:d1:b1:84:91:61:6f:e0:83:24:1a:c7:f0:
d8:26:f2:ec:66:22:39:18:ca:a2:1c:f6:de:49:be:
65:fb:5b:5c:de:ae:b4:a8:6d:59:7f:f1:c4:e2:90:
34:c3:30:f3:a0:b1:32:6b:b7:13:82:51:d1:8a:5d:
29:70:a7:1c:3c:99:a3:da:02:3b:e5:e3:f6:0e:be:
63:02:6c:d5:76:cd:2f:5a:b8:21:1f:63:95:19:fe:
3f:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:67:D0:1A:BE:33:F1:51:14:B9:8E:58:18:D8:2B:E7:D9:F9:6D:90
X509v3 Authority Key Identifier:
keyid:C8:7F:EF:B4:DB:57:46:68:0A:D6:03:69:34:66:2E:23:6C:A7:77:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yH_vtNtXRmgK1gNpNGYuI2ynd3I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/QWfQGr4z8VEUuY5YGNgr59n5bZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/076838-5547-4b98-82bb-6950c1cb8879/1/yH_vtNtXRmgK1gNpNGYuI2ynd3I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.142.232.0/21
Signature Algorithm: sha256WithRSAEncryption
33:03:10:17:17:34:d6:ee:64:ba:a7:eb:86:03:7d:27:91:7c:
ff:33:ce:4d:1f:45:86:34:03:d4:2c:e9:78:cc:53:b8:e1:19:
46:e7:54:e6:0b:a4:c4:7e:07:f6:31:db:d6:6c:f1:25:e9:ee:
f2:18:66:73:43:cc:c5:66:16:20:d2:77:7c:39:eb:81:53:8a:
c0:af:be:72:d4:8f:59:f2:2f:41:cf:aa:e9:22:02:a2:61:7a:
5b:95:79:c9:7a:ab:91:2e:eb:60:88:ca:78:c9:20:d0:e0:56:
44:45:82:39:e5:9f:2c:73:4e:bd:c2:e3:f1:23:01:af:03:49:
2e:96:7b:7a:e1:0c:7a:7e:6e:55:4c:6d:09:c7:a8:ac:1c:4b:
42:27:d6:f0:75:9c:bb:0a:a8:24:d9:3a:ae:33:84:b0:1a:ac:
68:5b:6c:41:9f:11:b7:0e:72:ea:b6:e5:07:ea:79:59:09:53:
0a:90:b6:1c:54:ef:5c:84:c9:f7:ea:98:41:f2:da:1c:1d:50:
c0:ed:50:e4:60:0d:af:63:17:c1:d1:c4:35:4e:6e:cd:52:f9:
0d:84:a4:69:e8:5a:c2:3c:b6:ed:94:ed:cd:fb:4e:9b:6e:2b:
78:bc:f9:ba:70:05:79:43:46:d0:fd:d8:30:14:ea:cd:7e:31:
77:e7:a9:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8r54f+8LhhbpaELNcwqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4N2ZlZmI0ZGI1NzQ2NjgwYWQ2MDM2OTM0NjYyZTIzNmNh
Nzc3NzIwHhcNMjYwMTAyMTgyMjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY3ZDAxYWJlMzNmMTUxMTRiOThlNTgxOGQ4MmJlN2Q5Zjk2ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4irzdzK8vzdzUGYZhCeLjOlKVb0o
9qP5GkM7U/mcZEwSF/WTaqMj+kO7FyxWKjTcNx0vGbUk5E2DLLuaz+gQzui03avr
KkFbsFGSp7MC8tdbDwvFITrztsC/0kSMEXl+ljboXRbVPERsqbD/FPfK+TFg2Nsk
A0jMxzQw6i+I1nio95VhalzjkrQTZ0g/bkK08Ldh6iDAVT52yk9gLx2VoqZO+06T
oZHRsYSRYW/ggyQax/DYJvLsZiI5GMqiHPbeSb5l+1tc3q60qG1Zf/HE4pA0wzDz
oLEya7cTglHRil0pcKccPJmj2gI75eP2Dr5jAmzVds0vWrghH2OVGf4/zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFn0Bq+M/FRFLmOWBjYK+fZ+W2QMB8GA1UdIwQY
MBaAFMh/77TbV0ZoCtYDaTRmLiNsp3dyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUhfdnROdFhSbWdLMWdOcE5HWXVJMnluZDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8wNzY4MzgtNTU0Ny00Yjk4LTgyYmIt
Njk1MGMxY2I4ODc5LzEvUVdmUUdyNHo4VkVVdVk1WUdOZ3I1OW41YlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8wNzY4MzgtNTU0Ny00Yjk4LTgyYmItNjk1MGMxY2I4ODc5
LzEveUhfdnROdFhSbWdLMWdOcE5HWXVJMnluZDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU47oMA0G
CSqGSIb3DQEBCwUAA4IBAQAzAxAXFzTW7mS6p+uGA30nkXz/M85NH0WGNAPULOl4
zFO44RlG51TmC6TEfgf2MdvWbPEl6e7yGGZzQ8zFZhYg0nd8OeuBU4rAr75y1I9Z
8i9Bz6rpIgKiYXpblXnJequRLutgiMp4ySDQ4FZERYI55Z8sc069wuPxIwGvA0ku
lnt64Qx6fm5VTG0Jx6isHEtCJ9bwdZy7Cqgk2TquM4SwGqxoW2xBnxG3DnLqtuUH
6nlZCVMKkLYcVO9chMn36phB8tocHVDA7VDkYA2vYxfB0cQ1Tm7NUvkNhKRp6FrC
PLbtlO3N+06bbit4vPm6cAV5Q0bQ/dgwFOrNfjF356nZ
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:23:40 2026 by rpki-client