Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QaGktmeX7DXmzvSZWkGqgem5xiQ.roa
File: QaGktmeX7DXmzvSZWkGqgem5xiQ.roa (raw, json)
Hash identifier: g2HkSm4fNW/dmlt17NJWhNlroWnY4LIXEIOmPAV2tFs=
Subject key identifier: 41:A1:A4:B6:67:97:EC:35:E6:CE:F4:99:5A:41:AA:81:E9:B9:C6:24
Certificate issuer: /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial: 019D29C74708AA58750186912A636AD2AB58
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QaGktmeX7DXmzvSZWkGqgem5xiQ.roa
Signing time: Thu 26 Mar 2026 10:53:38 +0000
ROA not before: Thu 26 Mar 2026 10:53:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3267
IP address blocks: 80.250.160.0/19 maxlen: 24
82.137.128.0/18 maxlen: 24
82.137.176.0/20 maxlen: 22
82.179.32.0/20 maxlen: 24
82.179.63.0/24 maxlen: 24
82.179.64.0/19 maxlen: 24
82.179.140.0/23 maxlen: 23
82.179.160.0/20 maxlen: 24
82.179.192.0/19 maxlen: 24
83.149.192.0/18 maxlen: 24
85.142.8.0/21 maxlen: 21
85.142.16.0/20 maxlen: 24
85.142.32.0/21 maxlen: 24
85.142.52.0/22 maxlen: 24
85.142.56.0/22 maxlen: 24
85.142.102.0/23 maxlen: 24
85.142.104.0/21 maxlen: 24
85.142.116.0/22 maxlen: 24
85.142.120.0/21 maxlen: 24
85.142.148.0/23 maxlen: 24
85.142.153.0/24 maxlen: 24
85.142.162.0/23 maxlen: 24
85.143.0.0/20 maxlen: 24
85.143.18.0/23 maxlen: 24
85.143.26.0/24 maxlen: 24
85.143.96.0/22 maxlen: 24
85.143.112.0/22 maxlen: 24
85.143.124.0/22 maxlen: 24
85.143.224.0/21 maxlen: 21
85.143.239.0/24 maxlen: 24
86.110.96.0/24 maxlen: 24
86.110.101.0/24 maxlen: 24
86.110.102.0/23 maxlen: 24
86.110.118.0/24 maxlen: 24
185.71.96.0/22 maxlen: 22
185.141.124.0/22 maxlen: 22
188.93.107.0/24 maxlen: 24
193.27.214.0/23 maxlen: 24
194.85.32.0/20 maxlen: 20
194.85.168.0/23 maxlen: 23
194.85.174.0/23 maxlen: 23
194.149.64.0/24 maxlen: 24
194.149.70.0/23 maxlen: 24
194.190.232.0/21 maxlen: 24
194.190.240.0/23 maxlen: 24
194.190.247.0/24 maxlen: 24
194.190.249.0/24 maxlen: 24
194.190.254.0/23 maxlen: 23
194.226.192.0/19 maxlen: 24
195.209.224.0/22 maxlen: 22
195.209.234.0/24 maxlen: 24
195.209.236.0/23 maxlen: 23
195.209.240.0/22 maxlen: 22
2001:b08:22::/48 maxlen: 48
2001:b08:25::/48 maxlen: 48
2001:b08:26::/48 maxlen: 48
2a00:db8::/32 maxlen: 48
2a07:a6c0::/29 maxlen: 29
2a07:a6c4::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Apr 2026 22:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:c7:47:08:aa:58:75:01:86:91:2a:63:6a:d2:ab:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Validity
Not Before: Mar 26 10:53:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=41a1a4b66797ec35e6cef4995a41aa81e9b9c624
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:d8:11:68:d1:65:a0:e8:2a:a3:38:2a:c2:84:
da:07:c6:bf:97:14:a4:50:90:7b:cb:fa:3a:13:fc:
27:ae:7a:0d:f1:ed:91:7a:cf:ca:7d:2e:cc:99:65:
b4:cb:26:42:f4:e3:35:e4:4c:96:36:92:8e:49:f0:
cf:0b:0b:55:6b:9d:22:fd:f1:c8:c9:c1:7a:56:f5:
ea:de:0f:8f:75:5c:44:b3:93:8a:6c:e5:62:00:5c:
38:6b:99:0c:15:ff:8b:37:bd:ab:4c:d5:3b:f7:43:
e7:91:89:29:35:84:00:51:cf:d1:0a:72:6b:84:f9:
5a:50:9e:96:bb:a5:26:6b:50:68:4f:ce:cf:da:43:
1b:ce:d3:3d:b6:c9:d1:c6:94:4e:83:91:4e:06:f5:
c0:bf:47:05:54:80:9b:3a:8b:e4:54:66:75:69:2e:
5c:bf:67:82:bb:bc:77:15:cf:b5:a0:f6:2b:a3:a5:
e4:06:2a:be:da:71:ba:73:6f:ef:36:f0:fa:74:9e:
b1:68:31:6c:0f:83:87:a7:81:d2:58:84:5a:6c:b2:
d6:ce:7c:0c:10:63:3e:8d:f9:3c:ab:bb:b0:f9:ad:
91:3c:43:39:cd:a2:57:dd:2e:4a:13:be:52:99:30:
10:75:5e:52:07:9d:8f:34:f8:0c:6c:ca:41:1b:44:
f7:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:A1:A4:B6:67:97:EC:35:E6:CE:F4:99:5A:41:AA:81:E9:B9:C6:24
X509v3 Authority Key Identifier:
keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/QaGktmeX7DXmzvSZWkGqgem5xiQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.250.160.0/19
82.137.128.0/18
82.179.32.0/20
82.179.63.0-82.179.95.255
82.179.140.0/23
82.179.160.0/20
82.179.192.0/19
83.149.192.0/18
85.142.8.0-85.142.39.255
85.142.52.0-85.142.59.255
85.142.102.0-85.142.111.255
85.142.116.0-85.142.127.255
85.142.148.0/23
85.142.153.0/24
85.142.162.0/23
85.143.0.0/20
85.143.18.0/23
85.143.26.0/24
85.143.96.0/22
85.143.112.0/22
85.143.124.0/22
85.143.224.0/21
85.143.239.0/24
86.110.96.0/24
86.110.101.0-86.110.103.255
86.110.118.0/24
185.71.96.0/22
185.141.124.0/22
188.93.107.0/24
193.27.214.0/23
194.85.32.0/20
194.85.168.0/23
194.85.174.0/23
194.149.64.0/24
194.149.70.0/23
194.190.232.0-194.190.241.255
194.190.247.0/24
194.190.249.0/24
194.190.254.0/23
194.226.192.0/19
195.209.224.0/22
195.209.234.0/24
195.209.236.0/23
195.209.240.0/22
IPv6:
2001:b08:22::/48
2001:b08:25::-2001:b08:26:ffff:ffff:ffff:ffff:ffff
2a00:db8::/32
2a07:a6c0::/29
Signature Algorithm: sha256WithRSAEncryption
4c:02:16:69:3b:03:f4:2f:c1:cf:26:51:6b:2d:f5:a6:84:09:
12:2a:52:cc:04:68:13:ef:e4:90:3f:1f:42:dd:e2:f1:03:29:
51:db:39:4b:d0:8d:48:d4:c9:0f:fa:01:1f:32:9a:fa:e6:37:
d8:ea:a2:55:fe:5b:0d:bc:11:cd:51:1d:69:b7:ef:47:f9:58:
a6:d3:78:c6:b1:28:8b:21:07:e5:22:ae:08:bd:9d:c1:e4:6a:
4b:c3:4a:a8:73:d7:5e:dc:77:14:cf:d6:76:09:2b:65:23:26:
29:3d:70:4d:00:e6:7b:14:27:77:ca:40:d5:42:66:db:78:81:
51:f3:b8:91:b4:6d:e9:42:9f:54:87:56:ca:ad:66:78:f5:9a:
be:ac:67:3e:99:24:11:64:f8:a1:30:0f:69:29:60:0d:54:9c:
bc:c2:5a:3b:a1:4f:f0:e8:37:b9:8a:00:d6:8a:bc:eb:75:92:
8b:12:35:3a:f3:ba:5f:bf:1b:dd:dd:0a:46:45:ab:83:c8:fa:
51:b7:41:5d:37:31:c3:c8:d5:4a:aa:a2:41:d8:82:98:48:7f:
13:bc:8f:5e:4d:a9:9d:88:3a:b6:f0:e8:07:6d:98:f3:a1:f6:
b4:dd:d6:1b:db:3d:58:13:cb:d5:ab:e9:e2:06:d5:e5:f6:18:
5a:fc:86:83
-----BEGIN CERTIFICATE-----
MIIGdDCCBVygAwIBAgISAZ0px0cIqlh1AYaRKmNq0qtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMzI2MTA1MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWExYTRiNjY3OTdlYzM1ZTZjZWY0OTk1YTQxYWE4MWU5YjljNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdgRaNFloOgqozgqwoTaB8a/lxSk
UJB7y/o6E/wnrnoN8e2Res/KfS7MmWW0yyZC9OM15EyWNpKOSfDPCwtVa50i/fHI
ycF6VvXq3g+PdVxEs5OKbOViAFw4a5kMFf+LN72rTNU790PnkYkpNYQAUc/RCnJr
hPlaUJ6Wu6Uma1BoT87P2kMbztM9tsnRxpROg5FOBvXAv0cFVICbOovkVGZ1aS5c
v2eCu7x3Fc+1oPYro6XkBiq+2nG6c2/vNvD6dJ6xaDFsD4OHp4HSWIRabLLWznwM
EGM+jfk8q7uw+a2RPEM5zaJX3S5KE75SmTAQdV5SB52PNPgMbMpBG0T3BwIDAQAB
o4IDgDCCA3wwHQYDVR0OBBYEFEGhpLZnl+w15s70mVpBqoHpucYkMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvUWFHa3RtZVg3RFhtenZTWldrR3FnZW01eGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBlAYIKwYBBQUHAQcBAf8EggGDMIIBfzCCAUgEAgABMIIB
QAMEBVD6oAMEBlKJgAMEBFKzIDAMAwQAUrM/AwQFUrNAAwQBUrOMAwQEUrOgAwQF
UrPAAwQGU5XAMAwDBANVjggDBANVjiAwDAMEAlWONAMEAlWOODAMAwQBVY5mAwQE
VY5gMAwDBAJVjnQDBAdVjgADBAFVjpQDBABVjpkDBAFVjqIDBARVjwADBAFVjxID
BABVjxoDBAJVj2ADBAJVj3ADBAJVj3wDBANVj+ADBABVj+8DBABWbmAwDAMEAFZu
ZQMEA1ZuYAMEAFZudgMEArlHYAMEArmNfAMEALxdawMEAcEb1gMEBMJVIAMEAcJV
qAMEAcJVrgMEAMKVQAMEAcKVRjAMAwQDwr7oAwQBwr7wAwQAwr73AwQAwr75AwQB
wr7+AwQFwuLAAwQCw9HgAwQAw9HqAwQBw9HsAwQCw9HwMDEEAgACMCsDBwAgAQsI
ACIwEgMHACABCwgAJQMHACABCwgAJgMFACoADbgDBQMqB6bAMA0GCSqGSIb3DQEB
CwUAA4IBAQBMAhZpOwP0L8HPJlFrLfWmhAkSKlLMBGgT7+SQPx9C3eLxAylR2zlL
0I1I1MkP+gEfMpr65jfY6qJV/lsNvBHNUR1pt+9H+Vim03jGsSiLIQflIq4IvZ3B
5GpLw0qoc9de3HcUz9Z2CStlIyYpPXBNAOZ7FCd3ykDVQmbbeIFR87iRtG3pQp9U
h1bKrWZ49Zq+rGc+mSQRZPihMA9pKWANVJy8wlo7oU/w6De5igDWirzrdZKLEjU6
87pfvxvd3QpGRauDyPpRt0FdNzHDyNVKqqJB2IKYSH8TvI9eTamdiDq28OgHbZjz
ofa03dYb2z1YE8vVq+niBtXl9hha/IaD
-----END CERTIFICATE-----
Generated at Sun Apr 19 08:49:54 2026 by rpki-client