Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/Dqcp4RvQl7P2OEX63xUaN0DRBVg.roa
File: Dqcp4RvQl7P2OEX63xUaN0DRBVg.roa (raw, json)
Hash identifier: IQ4Oj0h0gSI/GePJB5bn18PdQHZHOsSLQnCDVouxx7g=
Subject key identifier: 0E:A7:29:E1:1B:D0:97:B3:F6:38:45:FA:DF:15:1A:37:40:D1:05:58
Certificate issuer: /CN=1de2fce0859ab7e01b851cb606ebdbd5c0338125
Certificate serial: 019B76EAC6ACD49E99E7148A9A32979A467D
Authority key identifier: 1D:E2:FC:E0:85:9A:B7:E0:1B:85:1C:B6:06:EB:DB:D5:C0:33:81:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HeL84IWat-AbhRy2Buvb1cAzgSU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/Dqcp4RvQl7P2OEX63xUaN0DRBVg.roa
Signing time: Thu 01 Jan 2026 00:17:36 +0000
ROA not before: Thu 01 Jan 2026 00:17:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42707
IP address blocks: 5.45.32.0/22 maxlen: 22
5.57.248.0/21 maxlen: 21
5.206.208.0/20 maxlen: 20
77.75.48.0/22 maxlen: 22
84.39.204.0/22 maxlen: 22
91.189.224.0/21 maxlen: 21
91.195.64.0/22 maxlen: 22
109.207.72.0/22 maxlen: 22
185.148.28.0/22 maxlen: 22
185.229.80.0/22 maxlen: 22
185.231.24.0/22 maxlen: 22
185.231.28.0/22 maxlen: 22
185.233.212.0/22 maxlen: 22
185.236.4.0/22 maxlen: 22
185.245.88.0/22 maxlen: 22
185.247.44.0/22 maxlen: 22
185.247.48.0/22 maxlen: 22
185.248.228.0/22 maxlen: 22
185.250.136.0/22 maxlen: 22
185.252.124.0/22 maxlen: 22
185.254.48.0/22 maxlen: 22
193.33.134.0/23 maxlen: 23
193.36.164.0/22 maxlen: 22
194.49.88.0/22 maxlen: 22
195.42.224.0/22 maxlen: 22
195.42.228.0/23 maxlen: 23
2a00:5140::/32 maxlen: 32
2a00:5141::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/HeL84IWat-AbhRy2Buvb1cAzgSU.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/HeL84IWat-AbhRy2Buvb1cAzgSU.mft
rsync://rpki.ripe.net/repository/DEFAULT/HeL84IWat-AbhRy2Buvb1cAzgSU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:76:ea:c6:ac:d4:9e:99:e7:14:8a:9a:32:97:9a:46:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1de2fce0859ab7e01b851cb606ebdbd5c0338125
Validity
Not Before: Jan 1 00:17:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0ea729e11bd097b3f63845fadf151a3740d10558
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:fd:5f:05:4e:48:93:54:b5:3c:ba:b1:4d:f3:
37:ab:c9:11:fc:fc:a1:b0:15:48:bb:51:e3:9e:cb:
2b:c9:c0:fd:66:51:53:1c:5a:a3:cb:4b:6a:09:a7:
39:be:b1:7a:11:a8:fc:a7:ea:e6:0c:26:2a:a3:52:
4b:8b:c3:c6:a1:35:f6:e9:6a:47:c6:b1:ee:b2:02:
ad:95:ab:b4:a4:bc:1a:90:8e:61:6b:ae:c9:18:a8:
89:ea:12:96:a4:de:0f:05:aa:50:65:66:8f:5b:22:
df:77:6b:91:ba:76:0c:8a:8f:41:db:f9:12:87:8c:
68:71:fc:f0:71:93:6a:76:e2:33:80:ba:1b:49:3e:
d0:c9:03:ec:44:5b:8d:2e:c5:85:73:00:3d:6e:07:
90:3c:f0:b0:e8:d6:ef:e5:5f:72:d2:cd:8f:91:be:
33:0e:40:11:23:7d:87:bb:7e:a9:d9:c6:9a:b5:59:
65:5f:1c:44:46:bb:ad:c2:39:c2:3b:6f:be:26:bb:
63:ab:39:bb:b2:38:e0:cf:c0:db:74:47:97:a2:1f:
c9:5c:15:08:a3:1d:6f:b3:81:c1:b6:db:0e:4b:99:
96:b4:a8:0c:08:85:80:a7:b6:87:32:01:7f:b2:37:
45:19:98:71:be:d9:83:32:c7:6c:3e:19:38:72:55:
86:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A7:29:E1:1B:D0:97:B3:F6:38:45:FA:DF:15:1A:37:40:D1:05:58
X509v3 Authority Key Identifier:
keyid:1D:E2:FC:E0:85:9A:B7:E0:1B:85:1C:B6:06:EB:DB:D5:C0:33:81:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HeL84IWat-AbhRy2Buvb1cAzgSU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/Dqcp4RvQl7P2OEX63xUaN0DRBVg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/HeL84IWat-AbhRy2Buvb1cAzgSU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.32.0/22
5.57.248.0/21
5.206.208.0/20
77.75.48.0/22
84.39.204.0/22
91.189.224.0/21
91.195.64.0/22
109.207.72.0/22
185.148.28.0/22
185.229.80.0/22
185.231.24.0/21
185.233.212.0/22
185.236.4.0/22
185.245.88.0/22
185.247.44.0-185.247.51.255
185.248.228.0/22
185.250.136.0/22
185.252.124.0/22
185.254.48.0/22
193.33.134.0/23
193.36.164.0/22
194.49.88.0/22
195.42.224.0-195.42.229.255
IPv6:
2a00:5140::/31
Signature Algorithm: sha256WithRSAEncryption
99:38:a3:e8:ca:cc:72:df:22:a8:60:6d:b1:f9:f1:09:25:a8:
a4:f1:6e:38:ec:df:f5:10:17:94:0d:30:dc:c0:9a:f4:a3:e1:
b3:6d:fd:3c:5d:a4:d8:d2:4b:b9:86:88:1b:8e:fd:4b:95:53:
44:0c:24:06:90:00:6c:06:d5:73:04:bd:7e:7f:37:79:2c:a1:
75:5b:de:91:13:bc:79:80:ec:52:50:a2:07:18:fa:61:e5:82:
0e:da:77:32:1d:ff:6c:03:06:86:a2:19:3e:71:f7:5e:2d:ae:
26:30:f3:6d:b8:33:63:ab:35:0c:00:9d:63:58:04:98:f1:4e:
94:48:9d:b3:b9:c4:68:7c:19:87:a4:5b:ae:31:f4:89:9d:23:
e0:db:67:b9:25:2c:08:68:6e:89:3c:89:d3:72:30:62:bd:9e:
f9:0b:03:bb:52:c0:f7:ef:ac:17:d3:80:c5:5e:1e:aa:57:39:
63:11:bb:14:79:24:40:07:45:34:f1:9a:b0:86:25:ba:da:8c:
94:22:10:83:ff:c5:a7:44:56:af:74:3c:51:30:d0:36:a6:b7:
94:30:79:48:0b:79:8a:d1:f0:74:50:90:1c:a8:fc:1c:4c:be:
35:9b:c7:2f:4c:1e:5e:92:bb:1b:77:64:99:5d:4a:f4:02:1e:
97:ba:49:5b
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAZt26sas1J6Z5xSKmjKXmkZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZTJmY2UwODU5YWI3ZTAxYjg1MWNiNjA2ZWJkYmQ1YzAz
MzgxMjUwHhcNMjYwMTAxMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE3MjllMTFiZDA5N2IzZjYzODQ1ZmFkZjE1MWEzNzQwZDEwNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhP1fBU5Ik1S1PLqxTfM3q8kR/Pyh
sBVIu1HjnssrycD9ZlFTHFqjy0tqCac5vrF6Eaj8p+rmDCYqo1JLi8PGoTX26WpH
xrHusgKtlau0pLwakI5ha67JGKiJ6hKWpN4PBapQZWaPWyLfd2uRunYMio9B2/kS
h4xocfzwcZNqduIzgLobST7QyQPsRFuNLsWFcwA9bgeQPPCw6Nbv5V9y0s2Pkb4z
DkARI32Hu36p2caatVllXxxERrutwjnCO2++Jrtjqzm7sjjgz8DbdEeXoh/JXBUI
ox1vs4HBttsOS5mWtKgMCIWAp7aHMgF/sjdFGZhxvtmDMsdsPhk4clWGEwIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFA6nKeEb0Jez9jhF+t8VGjdA0QVYMB8GA1UdIwQY
MBaAFB3i/OCFmrfgG4Uctgbr29XAM4ElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGVMODRJV2F0LUFiaFJ5MkJ1dmIxY0F6Z1NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iNjY1NjktMzNkYi00ZDg5LTlhNjct
ZjA2OTM0NWU0MjhjLzEvRHFjcDRSdlFsN1AyT0VYNjN4VWFOMERSQlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iNjY1NjktMzNkYi00ZDg5LTlhNjctZjA2OTM0NWU0Mjhj
LzEvSGVMODRJV2F0LUFiaFJ5MkJ1dmIxY0F6Z1NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHGBggrBgEFBQcBBwEB/wSBtjCBszCBoQQCAAEwgZoDBAIF
LSADBAMFOfgDBAQFztADBAJNSzADBAJUJ8wDBANbveADBAJbw0ADBAJtz0gDBAK5
lBwDBAK55VADBAO55xgDBAK56dQDBAK57AQDBAK59VgwDAMEArn3LAMEArn3MAME
Arn45AMEArn6iAMEArn8fAMEArn+MAMEAcEhhgMEAsEkpAMEAsIxWDAMAwQFwyrg
AwQBwyrkMA0EAgACMAcDBQEqAFFAMA0GCSqGSIb3DQEBCwUAA4IBAQCZOKPoysxy
3yKoYG2x+fEJJaik8W447N/1EBeUDTDcwJr0o+Gzbf08XaTY0ku5hogbjv1LlVNE
DCQGkABsBtVzBL1+fzd5LKF1W96RE7x5gOxSUKIHGPph5YIO2ncyHf9sAwaGohk+
cfdeLa4mMPNtuDNjqzUMAJ1jWASY8U6USJ2zucRofBmHpFuuMfSJnSPg22e5JSwI
aG6JPInTcjBivZ75CwO7UsD376wX04DFXh6qVzljEbsUeSRAB0U08ZqwhiW62oyU
IhCD/8WnRFavdDxRMNA2preUMHlIC3mK0fB0UJAcqPwcTL41m8cvTB5ekrsbd2SZ
XUr0Ah6Xuklb
-----END CERTIFICATE-----
Generated at Tue Mar 3 01:26:39 2026 by rpki-client