Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/QE7hnRKM-pIX463UZ_tra0EKYOg.roa
File: QE7hnRKM-pIX463UZ_tra0EKYOg.roa (raw, json)
Hash identifier: fsT9JglSf+xfQNMVUetiVbQpKYSJUuYkpRqKMcd4NGU=
Subject key identifier: 40:4E:E1:9D:12:8C:FA:92:17:E3:AD:D4:67:FB:6B:6B:41:0A:60:E8
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 019D4DE5E8DFBCC7392B9E82DCB6EF851AC1
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/QE7hnRKM-pIX463UZ_tra0EKYOg.roa
Signing time: Thu 02 Apr 2026 11:13:26 +0000
ROA not before: Thu 02 Apr 2026 11:13:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202561
IP address blocks: 131.222.248.0/24 maxlen: 24
131.222.249.0/24 maxlen: 24
131.222.250.0/24 maxlen: 24
131.222.251.0/24 maxlen: 24
131.222.252.0/24 maxlen: 24
131.222.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4d:e5:e8:df:bc:c7:39:2b:9e:82:dc:b6:ef:85:1a:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Apr 2 11:13:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=404ee19d128cfa9217e3add467fb6b6b410a60e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:57:c2:4b:cc:87:6f:e7:a2:ff:55:de:e3:39:
97:90:0a:8c:98:cf:05:a4:37:b2:4e:4a:a9:6f:1d:
3e:51:b1:8c:42:c5:7e:72:b6:0b:f8:81:4c:56:d5:
79:1e:9a:0d:75:57:68:2d:01:d0:62:4e:e5:e0:67:
31:14:33:8e:f0:f8:e6:57:1b:f9:04:ac:19:f9:e3:
00:35:47:10:31:6b:f6:cd:db:75:69:57:15:e1:b2:
4e:f5:fe:74:6e:66:0a:4a:50:87:fd:c7:83:57:82:
ad:8e:dd:59:58:53:5b:f8:a4:85:18:92:cd:54:10:
34:80:d0:9d:ab:64:f1:8f:29:9d:c5:e3:69:ce:60:
bb:1f:dd:ef:15:a0:67:06:5a:fb:8e:e1:69:91:a0:
2a:92:46:b9:ed:fd:70:2e:a6:84:32:c0:bf:1b:b5:
b2:4b:6d:bb:50:2a:b1:dd:fc:2d:36:91:3c:45:3e:
76:42:b5:b7:f9:ba:fc:37:54:34:f2:cf:00:27:cc:
16:3e:27:57:de:8e:f4:6e:71:72:21:7e:76:26:32:
14:09:b9:30:3a:e4:fb:15:9a:51:0e:37:38:db:84:
e7:18:f5:d8:98:96:ac:70:d9:b5:a0:76:94:2c:c5:
2e:f1:27:bd:08:56:bd:64:cd:d6:c6:b6:db:5a:b6:
f2:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:4E:E1:9D:12:8C:FA:92:17:E3:AD:D4:67:FB:6B:6B:41:0A:60:E8
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/QE7hnRKM-pIX463UZ_tra0EKYOg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.222.248.0-131.222.253.255
Signature Algorithm: sha256WithRSAEncryption
41:cd:7a:96:6c:51:9b:5f:6c:30:3f:73:91:dd:57:ee:d5:9f:
23:c2:0d:be:53:f4:2e:77:35:ba:93:4f:a5:2e:f5:67:48:9a:
11:d8:fa:26:2a:cf:b7:93:e1:69:23:6e:44:79:8f:aa:d8:6a:
e5:4a:1d:fc:4e:05:78:21:61:b6:05:63:ac:07:f2:57:79:72:
0f:b3:3d:dd:8f:a9:1d:b3:43:b3:f2:9f:da:9d:d8:1a:4b:2b:
2e:73:33:c7:20:90:ab:2a:a2:9a:e7:41:ba:0d:df:e9:21:67:
04:22:c1:8d:e6:c2:3a:08:7d:e5:73:91:dc:ca:8d:27:d0:79:
56:5e:e2:1c:31:2c:74:0e:4f:25:f8:b1:a9:7e:fa:4a:5f:55:
22:32:15:44:73:1a:fe:74:99:80:fd:17:86:b7:e4:84:c5:17:
a6:b4:82:bc:55:ac:b4:19:60:22:25:4f:d9:34:35:43:8c:96:
97:42:9d:a5:0b:26:10:51:84:c1:6a:52:ba:23:be:15:a3:a2:
52:14:f5:41:02:c8:b7:b5:07:88:b5:52:d8:a5:53:76:e1:b7:
72:b8:14:e7:e0:db:e6:a0:58:47:10:d9:65:78:da:7c:f6:4b:
53:2a:51:18:1c:bc:8e:fb:6a:d2:6a:28:63:8d:a1:bf:ea:d2:
e8:35:64:f9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ1N5ejfvMc5K56C3LbvhRrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNDAyMTExMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRlZTE5ZDEyOGNmYTkyMTdlM2FkZDQ2N2ZiNmI2YjQxMGE2MGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVfCS8yHb+ei/1Xe4zmXkAqMmM8F
pDeyTkqpbx0+UbGMQsV+crYL+IFMVtV5HpoNdVdoLQHQYk7l4GcxFDOO8PjmVxv5
BKwZ+eMANUcQMWv2zdt1aVcV4bJO9f50bmYKSlCH/ceDV4Ktjt1ZWFNb+KSFGJLN
VBA0gNCdq2TxjymdxeNpzmC7H93vFaBnBlr7juFpkaAqkka57f1wLqaEMsC/G7Wy
S227UCqx3fwtNpE8RT52QrW3+br8N1Q08s8AJ8wWPidX3o70bnFyIX52JjIUCbkw
OuT7FZpRDjc424TnGPXYmJascNm1oHaULMUu8Se9CFa9ZM3WxrbbWrby5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEBO4Z0SjPqSF+Ot1Gf7a2tBCmDoMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvUUU3aG5SS00tcElYNDYzVVpfdHJhMEVLWU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAOD3vgD
BAGD3vwwDQYJKoZIhvcNAQELBQADggEBAEHNepZsUZtfbDA/c5HdV+7VnyPCDb5T
9C53NbqTT6Uu9WdImhHY+iYqz7eT4WkjbkR5j6rYauVKHfxOBXghYbYFY6wH8ld5
cg+zPd2PqR2zQ7Pyn9qd2BpLKy5zM8cgkKsqoprnQboN3+khZwQiwY3mwjoIfeVz
kdzKjSfQeVZe4hwxLHQOTyX4sal++kpfVSIyFURzGv50mYD9F4a35ITFF6a0grxV
rLQZYCIlT9k0NUOMlpdCnaULJhBRhMFqUrojvhWjolIU9UECyLe1B4i1UtilU3bh
t3K4FOfg2+agWEcQ2WV42nz2S1MqURgcvI77atJqKGONob/q0ug1ZPk=
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:54:56 2026 by rpki-client