Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/oUQL-BPbmDqxVZmkCaGdKm7s_IQ.roa
File: oUQL-BPbmDqxVZmkCaGdKm7s_IQ.roa (raw, json)
Hash identifier: Knekm2B9Tf+o8d3IgT1lCEWtc1x7O8kMEGxUrkoF5Ww=
Subject key identifier: A1:44:0B:F8:13:DB:98:3A:B1:55:99:A4:09:A1:9D:2A:6E:EC:FC:84
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019C4D228410685BD311C784D49F076D0A0D
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/oUQL-BPbmDqxVZmkCaGdKm7s_IQ.roa
Signing time: Wed 11 Feb 2026 14:37:13 +0000
ROA not before: Wed 11 Feb 2026 14:37:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29802
IP address blocks: 45.91.9.0/24 maxlen: 24
77.83.192.0/24 maxlen: 24
146.255.185.0/24 maxlen: 24
193.19.191.0/24 maxlen: 24
194.156.126.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4d:22:84:10:68:5b:d3:11:c7:84:d4:9f:07:6d:0a:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Feb 11 14:37:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a1440bf813db983ab15599a409a19d2a6eecfc84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:8f:83:74:ac:c5:65:c6:d9:94:54:8c:b4:ea:
94:99:f1:83:ed:0c:58:24:af:de:90:78:1c:42:84:
5e:46:bb:fe:f5:c0:94:3e:7b:a3:b1:cc:d6:2d:09:
84:da:66:7b:99:33:99:c6:74:31:84:57:0c:0d:cc:
32:ab:fd:69:12:d8:5a:87:b2:95:fe:0d:c4:1a:ed:
15:23:b3:aa:f4:f1:4f:50:01:25:df:ae:1f:0a:97:
55:8f:39:99:4e:d5:f3:a4:ee:95:d9:40:3f:00:ec:
dd:26:ec:1b:25:49:47:78:97:3c:87:04:54:f0:37:
27:15:90:8c:60:02:98:04:24:07:ec:51:66:9d:e5:
13:22:7f:31:e4:bc:8f:73:9e:d2:b6:e1:a4:f0:e7:
62:14:c8:75:d1:73:93:7a:89:30:c4:1e:64:6e:6e:
fe:14:5e:1e:31:25:b4:87:22:54:d2:a2:c7:8e:cc:
8a:da:64:02:38:7f:1a:ad:86:12:2d:b6:5a:b6:f0:
bc:7c:e3:4c:17:38:e5:76:8c:ff:f1:d9:04:79:f8:
92:4d:6f:07:76:d4:f0:08:bc:c5:b2:24:2b:c0:0b:
17:77:f9:e6:82:fe:2a:d1:8d:60:2f:f1:64:bc:3e:
ab:11:05:24:81:74:95:0b:70:51:0b:67:1e:07:f3:
92:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:44:0B:F8:13:DB:98:3A:B1:55:99:A4:09:A1:9D:2A:6E:EC:FC:84
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/oUQL-BPbmDqxVZmkCaGdKm7s_IQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.9.0/24
77.83.192.0/24
146.255.185.0/24
193.19.191.0/24
194.156.126.0/24
Signature Algorithm: sha256WithRSAEncryption
38:f0:69:5a:73:a9:22:15:5f:d9:4c:d8:c1:17:2a:fc:a0:c2:
41:95:db:32:cb:54:10:ab:0d:ad:ba:41:c8:c6:e5:ca:01:56:
77:24:bd:19:c1:0f:9d:cf:01:86:5b:cc:9e:97:cd:7a:a8:32:
b2:83:b9:1c:69:a1:50:41:12:07:35:2a:90:51:d9:92:7d:1d:
ee:88:17:32:82:c0:a5:cd:fc:f1:07:af:f9:1b:07:67:be:0e:
42:65:b5:d5:6e:5f:8f:5d:6d:52:7a:46:04:6b:7b:ce:20:de:
20:3b:25:63:9f:bc:82:d8:f4:60:7d:1c:ee:a4:76:d6:26:5d:
50:01:1e:70:ed:83:7e:31:f5:a4:d1:36:90:33:35:78:7b:fd:
f5:53:93:48:a0:84:1d:d0:db:6c:8c:5e:f9:2f:40:f2:f9:af:
21:3a:89:1a:7e:dd:12:27:39:42:05:d3:41:98:93:ea:79:18:
64:9f:d0:9b:cd:1c:a9:65:52:b6:34:a7:ad:2b:59:2e:aa:18:
29:10:f6:90:db:50:ad:00:00:41:09:ec:19:95:23:82:11:1a:
7a:6a:84:b1:63:81:15:4a:cf:30:a2:97:16:95:1e:ec:7c:3a:
e9:81:9b:d9:dd:0a:ad:e5:42:53:a6:04:9f:c9:5b:bc:30:0a:
5d:6c:73:9a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZxNIoQQaFvTEceE1J8HbQoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMjExMTQzNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ0MGJmODEzZGI5ODNhYjE1NTk5YTQwOWExOWQyYTZlZWNmYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwY+DdKzFZcbZlFSMtOqUmfGD7QxY
JK/ekHgcQoReRrv+9cCUPnujsczWLQmE2mZ7mTOZxnQxhFcMDcwyq/1pEthah7KV
/g3EGu0VI7Oq9PFPUAEl364fCpdVjzmZTtXzpO6V2UA/AOzdJuwbJUlHeJc8hwRU
8DcnFZCMYAKYBCQH7FFmneUTIn8x5LyPc57StuGk8OdiFMh10XOTeokwxB5kbm7+
FF4eMSW0hyJU0qLHjsyK2mQCOH8arYYSLbZatvC8fONMFzjldoz/8dkEefiSTW8H
dtTwCLzFsiQrwAsXd/nmgv4q0Y1gL/FkvD6rEQUkgXSVC3BRC2ceB/OS1wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKFEC/gT25g6sVWZpAmhnSpu7PyEMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvb1VRTC1CUGJtRHF4Vlpta0NhR2RLbTdzX0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALVsJAwQA
TVPAAwQAkv+5AwQAwRO/AwQAwpx+MA0GCSqGSIb3DQEBCwUAA4IBAQA48Glac6ki
FV/ZTNjBFyr8oMJBldsyy1QQqw2tukHIxuXKAVZ3JL0ZwQ+dzwGGW8yel816qDKy
g7kcaaFQQRIHNSqQUdmSfR3uiBcygsClzfzxB6/5Gwdnvg5CZbXVbl+PXW1SekYE
a3vOIN4gOyVjn7yC2PRgfRzupHbWJl1QAR5w7YN+MfWk0TaQMzV4e/31U5NIoIQd
0NtsjF75L0Dy+a8hOokaft0SJzlCBdNBmJPqeRhkn9CbzRypZVK2NKetK1kuqhgp
EPaQ21CtAABBCewZlSOCERp6aoSxY4EVSs8wopcWlR7sfDrpgZvZ3Qqt5UJTpgSf
yVu8MApdbHOa
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:32:17 2026 by rpki-client