Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qAvYEUc2raLg1W1u4gtV2CLY_qg.roa
File: qAvYEUc2raLg1W1u4gtV2CLY_qg.roa (raw, json)
Hash identifier: 0LT94C9x66hMhihAA1Q6H+3CHVTwh2qLVn1flT7Lppo=
Subject key identifier: A8:0B:D8:11:47:36:AD:A2:E0:D5:6D:6E:E2:0B:55:D8:22:D8:FE:A8
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019C40F3587D58CFC8AFB75032B077A67A2A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qAvYEUc2raLg1W1u4gtV2CLY_qg.roa
Signing time: Mon 09 Feb 2026 05:50:15 +0000
ROA not before: Mon 09 Feb 2026 05:50:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 37.202.201.0/24 maxlen: 24
151.240.45.0/24 maxlen: 24
151.240.163.0/24 maxlen: 24
151.240.173.0/24 maxlen: 24
151.241.30.0/24 maxlen: 24
151.241.39.0/24 maxlen: 24
151.241.50.0/24 maxlen: 24
151.241.64.0/24 maxlen: 24
151.241.67.0/24 maxlen: 24
151.241.70.0/24 maxlen: 24
151.241.71.0/24 maxlen: 24
151.241.73.0/24 maxlen: 24
151.241.77.0/24 maxlen: 24
151.241.95.0/24 maxlen: 24
151.241.115.0/24 maxlen: 24
151.241.160.0/24 maxlen: 24
151.241.176.0/24 maxlen: 24
151.241.204.0/24 maxlen: 24
151.242.45.0/24 maxlen: 24
151.242.158.0/24 maxlen: 24
151.243.2.0/24 maxlen: 24
151.243.105.0/24 maxlen: 24
151.243.137.0/24 maxlen: 24
151.244.5.0/24 maxlen: 24
151.244.57.0/24 maxlen: 24
151.244.111.0/24 maxlen: 24
151.244.114.0/24 maxlen: 24
151.244.115.0/24 maxlen: 24
151.244.131.0/24 maxlen: 24
151.244.191.0/24 maxlen: 24
151.244.193.0/24 maxlen: 24
151.244.198.0/24 maxlen: 24
151.244.201.0/24 maxlen: 24
151.244.212.0/24 maxlen: 24
151.245.3.0/24 maxlen: 24
151.245.28.0/24 maxlen: 24
151.245.70.0/24 maxlen: 24
151.245.76.0/24 maxlen: 24
151.245.78.0/24 maxlen: 24
151.245.104.0/24 maxlen: 24
151.245.195.0/24 maxlen: 24
151.245.201.0/24 maxlen: 24
151.245.212.0/24 maxlen: 24
151.247.120.0/23 maxlen: 24
151.247.122.0/23 maxlen: 24
151.247.124.0/23 maxlen: 24
151.247.126.0/23 maxlen: 24
151.247.188.0/24 maxlen: 24
151.247.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:40:f3:58:7d:58:cf:c8:af:b7:50:32:b0:77:a6:7a:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Feb 9 05:50:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a80bd8114736ada2e0d56d6ee20b55d822d8fea8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:df:bf:8e:02:76:78:a8:0e:92:1c:9b:85:ad:
89:f7:bd:c1:b4:db:be:0d:b4:e5:36:df:be:a0:7f:
43:05:21:45:1c:22:63:bb:b4:12:83:6f:26:c1:2f:
1f:8f:07:00:b8:31:1a:15:e7:1d:9f:d2:83:75:f3:
6c:dd:7f:8d:4e:73:d0:a9:a2:9a:a3:e1:73:e5:b7:
a5:a6:dd:83:3f:fd:64:7a:6b:75:9d:03:48:a5:99:
08:48:53:4b:50:36:d3:d0:d0:e3:db:d9:48:f1:58:
12:45:14:07:1b:24:21:69:1b:f4:3e:1a:01:7e:dd:
95:e8:b2:15:de:99:98:02:5a:5c:1a:15:55:4a:b2:
49:9b:9d:e1:a7:58:14:03:18:7a:6e:d3:b2:5f:c5:
21:9c:2f:96:92:61:7b:0f:7a:0e:77:5a:23:fe:e3:
ee:b4:96:2c:77:2e:2f:28:04:4b:87:f0:4c:f0:5b:
7c:31:5a:56:b9:14:9c:e3:e8:4e:85:a1:fe:ed:70:
95:c6:6a:38:91:15:bb:5a:a0:f5:0d:0f:9f:5b:f6:
76:3d:cf:92:1d:0f:ff:d1:c1:fb:fe:f9:86:1b:70:
39:28:03:27:2c:6c:89:be:68:77:75:3e:1b:07:8d:
31:5f:d8:ed:0f:37:14:0d:f2:0a:42:5b:79:bd:73:
0a:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:0B:D8:11:47:36:AD:A2:E0:D5:6D:6E:E2:0B:55:D8:22:D8:FE:A8
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qAvYEUc2raLg1W1u4gtV2CLY_qg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.201.0/24
151.240.45.0/24
151.240.163.0/24
151.240.173.0/24
151.241.30.0/24
151.241.39.0/24
151.241.50.0/24
151.241.64.0/24
151.241.67.0/24
151.241.70.0/23
151.241.73.0/24
151.241.77.0/24
151.241.95.0/24
151.241.115.0/24
151.241.160.0/24
151.241.176.0/24
151.241.204.0/24
151.242.45.0/24
151.242.158.0/24
151.243.2.0/24
151.243.105.0/24
151.243.137.0/24
151.244.5.0/24
151.244.57.0/24
151.244.111.0/24
151.244.114.0/23
151.244.131.0/24
151.244.191.0/24
151.244.193.0/24
151.244.198.0/24
151.244.201.0/24
151.244.212.0/24
151.245.3.0/24
151.245.28.0/24
151.245.70.0/24
151.245.76.0/24
151.245.78.0/24
151.245.104.0/24
151.245.195.0/24
151.245.201.0/24
151.245.212.0/24
151.247.120.0/21
151.247.188.0/24
151.247.221.0/24
Signature Algorithm: sha256WithRSAEncryption
06:72:4e:97:38:65:ec:c6:b8:5c:8e:2a:2a:17:08:63:1d:e7:
76:76:90:42:c6:98:29:42:fd:77:5c:95:15:24:b0:dc:17:9b:
0e:b3:8b:dc:2a:ac:fd:b9:98:44:d5:fb:91:38:e0:0d:41:84:
ff:48:08:f6:47:14:9a:cd:24:2a:da:d8:f1:c4:ef:fb:73:ef:
cf:58:d8:59:00:33:eb:a4:41:7f:16:3f:f3:2f:e0:06:41:42:
11:2d:da:48:a7:b2:ca:5e:f0:76:dc:26:31:14:b9:96:d3:a3:
e9:0d:62:e7:64:52:ac:9f:0e:b6:79:45:77:03:09:f6:b5:24:
b0:37:c9:f1:ac:92:90:9d:09:5d:fc:f3:43:36:51:64:b0:e4:
40:b6:ac:ac:0a:77:4a:e2:92:39:00:93:77:4e:71:4e:25:db:
1e:a9:93:dd:31:04:77:80:c3:b7:8a:e7:f0:df:aa:79:87:dd:
ab:c5:74:52:ad:a9:d2:21:bf:6b:d0:22:a8:a4:1e:ba:20:12:
d7:80:01:f3:b2:4a:27:fb:f3:3a:e2:a8:4f:af:64:10:02:84:
de:62:18:80:d9:00:d4:bc:c3:05:b6:86:2f:95:60:ea:4b:ab:
08:91:5b:55:2f:60:82:4b:b0:ee:1c:5b:e6:60:75:64:21:3c:
0f:3f:e3:25
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAZxA81h9WM/Ir7dQMrB3pnoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjA5MDU1MDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODBiZDgxMTQ3MzZhZGEyZTBkNTZkNmVlMjBiNTVkODIyZDhmZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3d+/jgJ2eKgOkhybha2J973BtNu+
DbTlNt++oH9DBSFFHCJju7QSg28mwS8fjwcAuDEaFecdn9KDdfNs3X+NTnPQqaKa
o+Fz5belpt2DP/1kemt1nQNIpZkISFNLUDbT0NDj29lI8VgSRRQHGyQhaRv0PhoB
ft2V6LIV3pmYAlpcGhVVSrJJm53hp1gUAxh6btOyX8UhnC+WkmF7D3oOd1oj/uPu
tJYsdy4vKARLh/BM8Ft8MVpWuRSc4+hOhaH+7XCVxmo4kRW7WqD1DQ+fW/Z2Pc+S
HQ//0cH7/vmGG3A5KAMnLGyJvmh3dT4bB40xX9jtDzcUDfIKQlt5vXMK1QIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFKgL2BFHNq2i4NVtbuILVdgi2P6oMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcUF2WUVVYzJyYUxnMVcxdTRndFYyQ0xZX3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCCARAEAgABMIIB
CAMEACXKyQMEAJfwLQMEAJfwowMEAJfwrQMEAJfxHgMEAJfxJwMEAJfxMgMEAJfx
QAMEAJfxQwMEAZfxRgMEAJfxSQMEAJfxTQMEAJfxXwMEAJfxcwMEAJfxoAMEAJfx
sAMEAJfxzAMEAJfyLQMEAJfyngMEAJfzAgMEAJfzaQMEAJfziQMEAJf0BQMEAJf0
OQMEAJf0bwMEAZf0cgMEAJf0gwMEAJf0vwMEAJf0wQMEAJf0xgMEAJf0yQMEAJf0
1AMEAJf1AwMEAJf1HAMEAJf1RgMEAJf1TAMEAJf1TgMEAJf1aAMEAJf1wwMEAJf1
yQMEAJf11AMEA5f3eAMEAJf3vAMEAJf33TANBgkqhkiG9w0BAQsFAAOCAQEABnJO
lzhl7Ma4XI4qKhcIYx3ndnaQQsaYKUL9d1yVFSSw3BebDrOL3Cqs/bmYRNX7kTjg
DUGE/0gI9kcUms0kKtrY8cTv+3Pvz1jYWQAz66RBfxY/8y/gBkFCES3aSKeyyl7w
dtwmMRS5ltOj6Q1i52RSrJ8OtnlFdwMJ9rUksDfJ8aySkJ0JXfzzQzZRZLDkQLas
rAp3SuKSOQCTd05xTiXbHqmT3TEEd4DDt4rn8N+qeYfdq8V0Uq2p0iG/a9AiqKQe
uiAS14AB87JKJ/vzOuKoT69kEAKE3mIYgNkA1LzDBbaGL5Vg6kurCJFbVS9ggkuw
7hxb5mB1ZCE8Dz/jJQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:34:08 2026 by rpki-client