Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/CW-qcI1ohMNZFrtxwKP6h3IuUsY.roa
File: CW-qcI1ohMNZFrtxwKP6h3IuUsY.roa (raw, json)
Hash identifier: Q0m3SYkmGKp057as4cDbrXW6Plo1d3nxk1JPEsbDaPY=
Subject key identifier: 09:6F:AA:70:8D:68:84:C3:59:16:BB:71:C0:A3:FA:87:72:2E:52:C6
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 019CAA7393D006D1D03CA15209FC6C4D7610
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/CW-qcI1ohMNZFrtxwKP6h3IuUsY.roa
Signing time: Sun 01 Mar 2026 17:30:27 +0000
ROA not before: Sun 01 Mar 2026 17:30:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216050
IP address blocks: 37.49.146.0/24 maxlen: 24
37.49.149.0/24 maxlen: 24
94.74.140.0/24 maxlen: 24
109.203.162.0/24 maxlen: 24
109.203.164.0/24 maxlen: 24
109.203.165.0/24 maxlen: 24
109.203.167.0/24 maxlen: 24
176.46.128.0/24 maxlen: 24
176.46.131.0/24 maxlen: 24
185.34.160.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:30:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:aa:73:93:d0:06:d1:d0:3c:a1:52:09:fc:6c:4d:76:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Mar 1 17:30:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=096faa708d6884c35916bb71c0a3fa87722e52c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:a8:8f:c8:61:d9:23:f2:71:3e:26:48:9c:6e:
fe:57:b4:a5:01:35:da:2d:b3:1c:3c:3b:b2:35:88:
fe:6c:4e:73:14:d0:0d:5d:75:80:30:81:c2:40:e7:
8e:98:3b:8f:0b:3f:be:a5:0c:3e:8a:ef:ec:c7:ba:
0e:75:74:e3:04:8c:c6:21:19:f8:ec:1d:7c:3d:c7:
0b:d7:01:10:45:d0:45:58:66:b7:74:b2:17:6a:ef:
83:e8:5d:69:ed:80:09:90:d1:1b:7c:00:a8:3b:68:
c6:b8:1d:9b:35:7a:09:b1:73:2c:b0:4e:10:d1:28:
1f:3e:7f:d5:62:4e:df:f0:f9:79:be:82:a0:2d:9f:
8d:c5:de:2f:8d:fa:8e:e2:2a:a0:fb:5f:10:44:e9:
0c:1a:bc:ba:46:fb:f1:f5:90:07:80:74:53:b5:18:
1a:f9:cb:cb:df:b2:85:19:06:ce:7d:f0:f4:76:ca:
e3:b7:a9:68:62:d3:fd:fa:ef:77:45:ce:82:40:66:
aa:fa:59:95:a1:0c:5a:8c:6c:1f:e0:3c:4f:8c:46:
53:32:d7:55:1c:c5:c7:cd:c3:27:60:58:e5:33:e8:
80:0c:9d:06:cc:29:8b:4d:fc:2b:03:1a:87:95:85:
55:af:48:71:c8:23:c3:40:2e:bd:00:b9:dc:0c:57:
18:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:6F:AA:70:8D:68:84:C3:59:16:BB:71:C0:A3:FA:87:72:2E:52:C6
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/CW-qcI1ohMNZFrtxwKP6h3IuUsY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.146.0/24
37.49.149.0/24
94.74.140.0/24
109.203.162.0/24
109.203.164.0/23
109.203.167.0/24
176.46.128.0/24
176.46.131.0/24
185.34.160.0/22
Signature Algorithm: sha256WithRSAEncryption
ab:a9:de:13:93:39:8b:03:8b:43:d4:6b:60:e9:11:d8:82:6d:
c4:33:08:ed:12:0c:b6:c0:19:7e:df:0a:2d:37:07:6f:cd:22:
07:b6:f3:1f:25:3c:97:ce:0c:f3:3e:5a:72:c5:72:07:d5:77:
ec:0c:2c:45:67:d3:1f:4e:f2:a6:38:c2:2a:b5:c5:bc:49:8d:
0f:e4:75:cc:b2:7f:de:95:5a:9d:46:3a:dd:73:f5:d9:02:43:
a4:d4:0c:13:64:e4:12:cb:bb:90:91:ba:2b:7a:6a:d2:cc:ac:
9d:fd:96:0a:83:a1:4e:7a:34:47:50:3d:fe:1a:f9:02:a8:74:
0f:b1:cc:0b:fc:ba:fd:7f:00:7e:19:b3:5d:d8:cd:d9:bb:ff:
09:45:c8:f9:5f:1a:a2:c5:e8:3b:68:e7:96:72:5f:cd:4d:77:
7e:ab:ea:a1:4f:4d:7e:f0:a0:90:e5:8d:c2:02:c8:38:6f:3e:
3d:74:20:d7:f7:d9:1d:57:d8:8c:6c:23:37:d7:04:37:5a:8b:
38:75:e7:e2:f9:ed:42:4d:a7:7a:49:65:c7:d8:bc:e9:8e:7b:
f6:1f:78:e0:96:f5:47:ed:2e:e4:cc:64:18:50:a0:50:bf:86:
0b:6d:21:49:26:0f:1a:d3:72:ca:75:a1:23:f0:65:5a:ba:7d:
a3:fc:e9:02
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZyqc5PQBtHQPKFSCfxsTXYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjYwMzAxMTczMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZmYWE3MDhkNjg4NGMzNTkxNmJiNzFjMGEzZmE4NzcyMmU1MmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+6iPyGHZI/JxPiZInG7+V7SlATXa
LbMcPDuyNYj+bE5zFNANXXWAMIHCQOeOmDuPCz++pQw+iu/sx7oOdXTjBIzGIRn4
7B18PccL1wEQRdBFWGa3dLIXau+D6F1p7YAJkNEbfACoO2jGuB2bNXoJsXMssE4Q
0SgfPn/VYk7f8Pl5voKgLZ+Nxd4vjfqO4iqg+18QROkMGry6Rvvx9ZAHgHRTtRga
+cvL37KFGQbOffD0dsrjt6loYtP9+u93Rc6CQGaq+lmVoQxajGwf4DxPjEZTMtdV
HMXHzcMnYFjlM+iADJ0GzCmLTfwrAxqHlYVVr0hxyCPDQC69ALncDFcYtQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAlvqnCNaITDWRa7ccCj+odyLlLGMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvQ1ctcWNJMW9oTU5aRnJ0eHdLUDZoM0l1VXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJTGSAwQA
JTGVAwQAXkqMAwQAbcuiAwQBbcukAwQAbcunAwQAsC6AAwQAsC6DAwQCuSKgMA0G
CSqGSIb3DQEBCwUAA4IBAQCrqd4TkzmLA4tD1Gtg6RHYgm3EMwjtEgy2wBl+3wot
NwdvzSIHtvMfJTyXzgzzPlpyxXIH1XfsDCxFZ9MfTvKmOMIqtcW8SY0P5HXMsn/e
lVqdRjrdc/XZAkOk1AwTZOQSy7uQkboremrSzKyd/ZYKg6FOejRHUD3+GvkCqHQP
scwL/Lr9fwB+GbNd2M3Zu/8JRcj5Xxqixeg7aOeWcl/NTXd+q+qhT01+8KCQ5Y3C
Asg4bz49dCDX99kdV9iMbCM31wQ3Wos4defi+e1CTad6SWXH2Lzpjnv2H3jglvVH
7S7kzGQYUKBQv4YLbSFJJg8a03LKdaEj8GVaun2j/OkC
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:25:08 2026 by rpki-client