Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/BQ0RNeEd2nooqfArADd8yM6I_Io.roa
File: BQ0RNeEd2nooqfArADd8yM6I_Io.roa (raw, json)
Hash identifier: ZaT427CaBzYZ0RQvh3ehzT3L35vHp5zYW9kBnpxxtjQ=
Subject key identifier: 05:0D:11:35:E1:1D:DA:7A:28:A9:F0:2B:00:37:7C:C8:CE:88:FC:8A
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 019D6B139ACDD1C4D9CF4568EA47F38F16C1
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/BQ0RNeEd2nooqfArADd8yM6I_Io.roa
Signing time: Wed 08 Apr 2026 03:12:20 +0000
ROA not before: Wed 08 Apr 2026 03:12:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20115
IP address blocks: 9.249.28.0/22 maxlen: 22
138.226.214.0/23 maxlen: 23
151.145.128.0/20 maxlen: 20
151.145.128.0/24 maxlen: 24
151.145.144.0/20 maxlen: 20
158.120.48.0/24 maxlen: 24
158.120.50.0/24 maxlen: 24
158.120.52.0/24 maxlen: 24
158.120.54.0/24 maxlen: 24
158.120.56.0/24 maxlen: 24
158.120.58.0/24 maxlen: 24
158.120.60.0/24 maxlen: 24
158.120.62.0/24 maxlen: 24
170.100.148.0/22 maxlen: 22
170.100.204.0/24 maxlen: 24
170.100.206.0/23 maxlen: 23
192.6.64.0/22 maxlen: 22
192.6.172.0/22 maxlen: 22
192.6.252.0/22 maxlen: 22
192.25.180.0/22 maxlen: 22
192.25.200.0/22 maxlen: 22
192.25.208.0/22 maxlen: 22
192.25.232.0/22 maxlen: 22
192.25.244.0/22 maxlen: 22
192.137.24.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 18:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6b:13:9a:cd:d1:c4:d9:cf:45:68:ea:47:f3:8f:16:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Apr 8 03:12:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=050d1135e11dda7a28a9f02b00377cc8ce88fc8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:0c:49:ff:65:1e:56:45:78:9c:a2:89:0f:49:
2d:b0:48:80:70:05:c3:6c:9f:49:3e:0b:5c:9a:1d:
fa:54:a9:56:d6:59:b9:52:c4:4a:a4:e2:e7:ef:ee:
2e:53:10:0e:30:0d:37:cc:52:e9:c4:09:ef:d2:5c:
33:28:b4:65:46:81:fe:1d:d6:d3:d4:01:e0:b3:a6:
d0:4f:a1:d1:d1:51:e3:8c:08:f2:75:39:cc:82:0a:
ad:a5:95:9b:e9:95:39:f6:70:95:47:71:53:21:c0:
eb:bf:37:b1:c6:19:96:4f:33:7b:34:b0:e6:84:5f:
4a:a3:b0:b5:10:d7:24:4f:a6:f5:06:54:a7:ef:9d:
c4:0d:84:2b:65:71:8f:85:82:04:e5:71:dc:66:f9:
3b:74:75:ee:6d:78:8a:04:af:28:49:2a:6d:b1:83:
bb:b2:0c:48:47:28:d1:a3:d4:f9:46:1e:f1:05:06:
76:ec:e8:47:3b:f0:48:35:cf:7d:88:71:1e:d1:56:
34:12:76:64:e2:f8:ed:92:67:f6:76:11:e1:cb:d4:
90:08:15:5d:60:a8:8f:3b:d9:93:dd:4c:05:41:69:
94:98:02:8c:13:07:98:49:df:8a:f5:d4:d0:a7:f4:
6d:15:b4:a0:20:3a:db:bf:0e:4f:d1:c3:25:a6:e4:
ed:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:0D:11:35:E1:1D:DA:7A:28:A9:F0:2B:00:37:7C:C8:CE:88:FC:8A
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/BQ0RNeEd2nooqfArADd8yM6I_Io.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
9.249.28.0/22
138.226.214.0/23
151.145.128.0/19
158.120.48.0/24
158.120.50.0/24
158.120.52.0/24
158.120.54.0/24
158.120.56.0/24
158.120.58.0/24
158.120.60.0/24
158.120.62.0/24
170.100.148.0/22
170.100.204.0/24
170.100.206.0/23
192.6.64.0/22
192.6.172.0/22
192.6.252.0/22
192.25.180.0/22
192.25.200.0/22
192.25.208.0/22
192.25.232.0/22
192.25.244.0/22
192.137.24.0/22
Signature Algorithm: sha256WithRSAEncryption
9c:59:73:d1:1e:9a:33:8b:61:6e:c6:34:d1:7f:90:b7:1d:56:
ec:5c:c8:dd:f9:af:53:84:76:96:43:b3:5a:48:63:2c:87:82:
a9:72:10:0c:30:f1:b2:45:62:e0:c2:89:65:be:19:24:e5:a5:
68:29:22:26:c5:c6:41:b7:f2:f5:e6:11:46:d2:50:b4:92:10:
c7:3b:df:56:5e:a2:14:81:90:c8:e0:0b:33:cd:ed:94:c9:ba:
cb:46:59:d6:a5:0e:85:6d:f7:fc:84:5c:73:44:38:cc:80:26:
bd:2f:86:92:db:10:bb:df:d2:8e:57:51:fe:e5:97:13:7e:fd:
22:c7:ad:23:e1:ac:35:5a:5a:af:1a:01:88:69:74:64:38:80:
6e:d2:ee:b9:08:a8:68:9b:d4:ad:5d:0f:ed:2b:74:fe:26:ab:
7c:fb:3d:3b:68:21:1a:e7:11:cb:45:ec:13:79:d3:46:2b:a7:
51:3f:c2:8f:14:e1:e9:86:dc:27:01:d0:cb:e5:24:e6:79:3d:
4f:48:d6:35:b0:c1:6e:4f:e8:43:b9:be:2e:de:a4:4f:ee:b6:
af:ae:79:bc:28:e4:a2:8f:75:18:79:00:c2:b0:d8:dc:2f:b5:
1d:2e:2e:1f:b9:38:99:9a:aa:99:ff:4e:d8:a4:a6:bc:a0:cd:
b9:13:66:51
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZ1rE5rN0cTZz0Vo6kfzjxbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwNDA4MDMxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTBkMTEzNWUxMWRkYTdhMjhhOWYwMmIwMDM3N2NjOGNlODhmYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwxJ/2UeVkV4nKKJD0ktsEiAcAXD
bJ9JPgtcmh36VKlW1lm5UsRKpOLn7+4uUxAOMA03zFLpxAnv0lwzKLRlRoH+HdbT
1AHgs6bQT6HR0VHjjAjydTnMggqtpZWb6ZU59nCVR3FTIcDrvzexxhmWTzN7NLDm
hF9Ko7C1ENckT6b1BlSn753EDYQrZXGPhYIE5XHcZvk7dHXubXiKBK8oSSptsYO7
sgxIRyjRo9T5Rh7xBQZ27OhHO/BINc99iHEe0VY0EnZk4vjtkmf2dhHhy9SQCBVd
YKiPO9mT3UwFQWmUmAKMEweYSd+K9dTQp/RtFbSgIDrbvw5P0cMlpuTtzwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFAUNETXhHdp6KKnwKwA3fMjOiPyKMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvQlEwUk5lRWQybm9vcWZBckFEZDh5TTZJX0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBAIJ
+RwDBAGK4tYDBAWXkYADBACeeDADBACeeDIDBACeeDQDBACeeDYDBACeeDgDBACe
eDoDBACeeDwDBACeeD4DBAKqZJQDBACqZMwDBAGqZM4DBALABkADBALABqwDBALA
BvwDBALAGbQDBALAGcgDBALAGdADBALAGegDBALAGfQDBALAiRgwDQYJKoZIhvcN
AQELBQADggEBAJxZc9EemjOLYW7GNNF/kLcdVuxcyN35r1OEdpZDs1pIYyyHgqly
EAww8bJFYuDCiWW+GSTlpWgpIibFxkG38vXmEUbSULSSEMc731ZeohSBkMjgCzPN
7ZTJustGWdalDoVt9/yEXHNEOMyAJr0vhpLbELvf0o5XUf7llxN+/SLHrSPhrDVa
Wq8aAYhpdGQ4gG7S7rkIqGib1K1dD+0rdP4mq3z7PTtoIRrnEctF7BN500Yrp1E/
wo8U4emG3CcB0MvlJOZ5PU9I1jWwwW5P6EO5vi7epE/utq+uebwo5KKPdRh5AMKw
2NwvtR0uLh+5OJmaqpn/TtikprygzbkTZlE=
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:20:07 2026 by rpki-client