Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/qxKkXUKEb_RmYwj64WILdO86YXg.roa
File: qxKkXUKEb_RmYwj64WILdO86YXg.roa (raw, json)
Hash identifier: OlMznN7mGZobtXI40d2HQSpq6oX2XRgwBJrJMz7Rp1w=
Subject key identifier: AB:12:A4:5D:42:84:6F:F4:66:63:08:FA:E1:62:0B:74:EF:3A:61:78
Certificate issuer: /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial: 019E441AA2C0EB9987876B90702682FC9894
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/qxKkXUKEb_RmYwj64WILdO86YXg.roa
Signing time: Wed 20 May 2026 06:37:36 +0000
ROA not before: Wed 20 May 2026 06:37:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202940
IP address blocks: 89.208.0.0/21 maxlen: 24
89.208.4.0/22 maxlen: 24
89.208.56.0/21 maxlen: 24
89.208.128.0/21 maxlen: 24
89.208.134.0/23 maxlen: 24
141.226.120.0/23 maxlen: 23
141.226.122.0/24 maxlen: 24
147.234.23.0/24 maxlen: 24
147.236.104.0/23 maxlen: 24
147.236.106.0/24 maxlen: 24
147.236.108.0/23 maxlen: 24
147.236.110.0/23 maxlen: 24
147.236.116.0/23 maxlen: 24
147.236.120.0/21 maxlen: 24
147.236.125.0/24 maxlen: 24
147.236.148.0/22 maxlen: 24
147.236.152.0/23 maxlen: 23
147.236.154.0/24 maxlen: 24
147.236.176.0/20 maxlen: 24
147.236.183.0/24 maxlen: 24
185.108.80.0/22 maxlen: 24
185.149.252.0/22 maxlen: 24
185.167.108.0/22 maxlen: 24
185.175.32.0/22 maxlen: 24
185.180.100.0/22 maxlen: 24
185.180.100.0/24 maxlen: 24
185.180.100.0/27 maxlen: 32
185.180.102.0/24 maxlen: 24
185.180.103.0/24 maxlen: 24
185.182.76.0/22 maxlen: 24
185.184.244.0/22 maxlen: 24
188.191.224.0/21 maxlen: 24
188.191.224.0/22 maxlen: 22
188.191.224.0/24 maxlen: 24
188.191.224.0/27 maxlen: 32
188.191.228.0/22 maxlen: 22
217.175.80.0/20 maxlen: 24
217.175.84.0/22 maxlen: 22
217.175.88.0/21 maxlen: 23
2a00:7c40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 15:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:44:1a:a2:c0:eb:99:87:87:6b:90:70:26:82:fc:98:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Validity
Not Before: May 20 06:37:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ab12a45d42846ff4666308fae1620b74ef3a6178
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:6d:bc:4c:cc:7b:2f:c2:01:be:a8:a4:be:66:
bc:28:65:08:63:dc:65:c3:19:b1:a7:45:5c:05:34:
5d:51:6d:13:4f:d5:bf:86:02:55:7c:d0:6a:e0:37:
d4:dd:88:fe:9b:ef:fc:e6:89:a8:17:b3:bc:7e:bf:
48:e9:bf:b4:d6:0d:6e:88:3d:c4:4d:ee:f5:17:b8:
bd:ec:30:cf:69:d0:3a:07:0f:95:3b:72:2f:87:7d:
13:65:e4:e9:cf:61:4a:0c:40:1a:36:49:49:39:22:
fc:c9:a9:eb:09:bd:4d:63:68:2b:75:af:ad:be:e0:
f2:40:38:03:b1:50:50:7d:85:d8:e4:54:b1:52:60:
93:63:07:78:f4:96:b7:15:65:8c:0d:7a:0c:83:89:
e2:e3:c9:9d:6d:ca:c0:83:d2:fc:79:58:37:dd:8d:
b7:c8:5f:f7:ec:05:b1:a1:f9:61:8a:13:9c:29:3b:
4a:a3:63:9a:69:5a:bf:ac:54:f3:bf:5c:a2:5b:2c:
b8:67:ea:0d:d7:46:98:01:ac:41:fd:c8:f9:cf:44:
c3:89:ae:7c:8d:0f:84:28:ca:92:72:56:de:83:33:
22:36:60:4d:40:cd:ee:4a:17:8c:d8:88:c9:54:41:
e5:9b:65:e0:3f:74:7a:2b:a3:97:a6:4e:d8:6d:52:
08:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:12:A4:5D:42:84:6F:F4:66:63:08:FA:E1:62:0B:74:EF:3A:61:78
X509v3 Authority Key Identifier:
keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/qxKkXUKEb_RmYwj64WILdO86YXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.208.0.0/21
89.208.56.0/21
89.208.128.0/21
141.226.120.0-141.226.122.255
147.234.23.0/24
147.236.104.0-147.236.106.255
147.236.108.0/22
147.236.116.0/23
147.236.120.0/21
147.236.148.0-147.236.154.255
147.236.176.0/20
185.108.80.0/22
185.149.252.0/22
185.167.108.0/22
185.175.32.0/22
185.180.100.0/22
185.182.76.0/22
185.184.244.0/22
188.191.224.0/21
217.175.80.0/20
IPv6:
2a00:7c40::/29
Signature Algorithm: sha256WithRSAEncryption
16:26:a1:81:ca:0b:b6:74:c1:56:9e:62:6a:8d:c8:18:7c:5f:
0e:a7:88:86:28:82:ab:de:2c:a3:5d:b3:28:c1:17:e1:9c:b9:
18:f3:95:53:20:52:ba:1b:ac:2a:ae:57:b7:f6:25:04:e6:df:
55:c9:b3:d6:f0:41:1a:bc:0f:9b:b9:6a:28:c7:b4:9c:52:42:
57:36:6b:3f:f8:60:44:2d:6d:79:59:46:3f:73:19:ab:f9:45:
a1:79:e1:84:ec:a9:0d:69:bd:7b:2c:04:f6:06:79:a9:7f:06:
02:dd:55:7b:39:f6:bc:b4:5d:e1:8f:70:49:2e:85:0d:f0:22:
58:82:f1:e1:9b:3b:4d:3c:fa:1f:cd:e1:56:ef:a9:d7:b1:86:
93:18:41:c6:ad:3d:de:41:58:3e:9b:83:3a:d9:36:57:5f:ad:
47:3a:08:e0:c7:39:fa:ac:68:7c:62:8e:b5:98:e7:12:c7:42:
81:d4:b7:e1:cb:dc:20:25:5a:86:47:69:05:22:01:9e:b8:2f:
6d:58:15:b5:bb:d8:c7:92:d6:19:21:c4:cc:42:10:bc:8d:d5:
cf:4c:ac:a8:4f:24:eb:70:c9:d0:40:f9:fe:c0:82:fb:87:d6:
2a:6a:36:a1:95:e7:17:41:35:41:a0:c9:df:7a:9b:5e:55:a3:
f6:64:4c:11
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISAZ5EGqLA65mHh2uQcCaC/JiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjYwNTIwMDYzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjEyYTQ1ZDQyODQ2ZmY0NjY2MzA4ZmFlMTYyMGI3NGVmM2E2MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW28TMx7L8IBvqikvma8KGUIY9xl
wxmxp0VcBTRdUW0TT9W/hgJVfNBq4DfU3Yj+m+/85omoF7O8fr9I6b+01g1uiD3E
Te71F7i97DDPadA6Bw+VO3Ivh30TZeTpz2FKDEAaNklJOSL8yanrCb1NY2grda+t
vuDyQDgDsVBQfYXY5FSxUmCTYwd49Ja3FWWMDXoMg4ni48mdbcrAg9L8eVg33Y23
yF/37AWxoflhihOcKTtKo2OaaVq/rFTzv1yiWyy4Z+oN10aYAaxB/cj5z0TDia58
jQ+EKMqSclbegzMiNmBNQM3uSheM2IjJVEHlm2XgP3R6K6OXpk7YbVIIXQIDAQAB
o4ICpzCCAqMwHQYDVR0OBBYEFKsSpF1ChG/0ZmMI+uFiC3TvOmF4MB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvcXhLa1hVS0ViX1JtWXdqNjRXSUxkTzg2WVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG8BggrBgEFBQcBBwEB/wSBrDCBqTCBlwQCAAEwgZADBANZ
0AADBANZ0DgDBANZ0IAwDAMEA43ieAMEAI3iegMEAJPqFzAMAwQDk+xoAwQAk+xq
AwQCk+xsAwQBk+x0AwQDk+x4MAwDBAKT7JQDBACT7JoDBAST7LADBAK5bFADBAK5
lfwDBAK5p2wDBAK5ryADBAK5tGQDBAK5tkwDBAK5uPQDBAO8v+ADBATZr1AwDQQC
AAIwBwMFAyoAfEAwDQYJKoZIhvcNAQELBQADggEBABYmoYHKC7Z0wVaeYmqNyBh8
Xw6niIYogqveLKNdsyjBF+GcuRjzlVMgUrobrCquV7f2JQTm31XJs9bwQRq8D5u5
aijHtJxSQlc2az/4YEQtbXlZRj9zGav5RaF54YTsqQ1pvXssBPYGeal/BgLdVXs5
9ry0XeGPcEkuhQ3wIliC8eGbO008+h/N4VbvqdexhpMYQcatPd5BWD6bgzrZNldf
rUc6CODHOfqsaHxijrWY5xLHQoHUt+HL3CAlWoZHaQUiAZ64L21YFbW72MeS1hkh
xMxCELyN1c9MrKhPJOtwydBA+f7AgvuH1ipqNqGV5xdBNUGgyd96m15Vo/ZkTBE=
-----END CERTIFICATE-----
Generated at Sun Jun 14 00:03:10 2026 by rpki-client