Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/rQn2WRp_5UNupaC6UAipqauzOpI.roa
File: rQn2WRp_5UNupaC6UAipqauzOpI.roa (raw, json)
Hash identifier: V779a6mTTAXptosRzFipPRD6TSrcHWeP9YRr7LrdpBM=
Subject key identifier: AD:09:F6:59:1A:7F:E5:43:6E:A5:A0:BA:50:08:A9:A9:AB:B3:3A:92
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019D2F89DEB11B9EAD2DC92562D1CA402D9C
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/rQn2WRp_5UNupaC6UAipqauzOpI.roa
Signing time: Fri 27 Mar 2026 13:44:17 +0000
ROA not before: Fri 27 Mar 2026 13:44:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36454
IP address blocks: 65.181.112.0/24 maxlen: 24
65.181.116.0/24 maxlen: 24
65.181.123.0/24 maxlen: 24
65.181.124.0/24 maxlen: 24
65.181.125.0/24 maxlen: 24
65.181.127.0/24 maxlen: 24
69.57.189.0/24 maxlen: 24
162.208.8.0/24 maxlen: 24
162.208.9.0/24 maxlen: 24
162.208.10.0/24 maxlen: 24
162.208.11.0/24 maxlen: 24
185.181.253.0/24 maxlen: 24
185.181.254.0/24 maxlen: 24
185.181.255.0/24 maxlen: 24
192.243.96.0/24 maxlen: 24
192.243.97.0/24 maxlen: 24
192.243.98.0/24 maxlen: 24
192.243.99.0/24 maxlen: 24
192.243.100.0/24 maxlen: 24
192.243.101.0/24 maxlen: 24
192.243.102.0/24 maxlen: 24
192.243.103.0/24 maxlen: 24
192.243.104.0/24 maxlen: 24
192.243.105.0/24 maxlen: 24
192.243.106.0/24 maxlen: 24
192.243.107.0/24 maxlen: 24
192.243.108.0/24 maxlen: 24
192.243.109.0/24 maxlen: 24
192.243.111.0/24 maxlen: 24
192.250.224.0/20 maxlen: 20
192.250.226.0/24 maxlen: 24
192.250.227.0/24 maxlen: 24
192.250.236.0/24 maxlen: 24
194.39.123.0/24 maxlen: 24
194.39.148.0/24 maxlen: 24
194.39.149.0/24 maxlen: 24
195.250.25.0/24 maxlen: 24
198.38.90.0/24 maxlen: 24
199.175.48.0/24 maxlen: 24
199.175.49.0/24 maxlen: 24
199.175.50.0/24 maxlen: 24
199.175.51.0/24 maxlen: 24
199.175.52.0/24 maxlen: 24
199.175.53.0/24 maxlen: 24
199.175.54.0/24 maxlen: 24
199.175.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2f:89:de:b1:1b:9e:ad:2d:c9:25:62:d1:ca:40:2d:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Mar 27 13:44:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ad09f6591a7fe5436ea5a0ba5008a9a9abb33a92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ce:0b:b7:91:5f:3e:0d:7b:a5:3a:90:d1:a7:
d7:b3:f9:b1:be:3d:07:6f:b4:80:2b:7e:52:8d:b2:
3d:f3:ba:ae:01:ee:08:9f:19:dd:47:a0:0b:ad:96:
b6:a2:bf:a6:53:3d:a4:96:2c:29:e3:07:49:00:1d:
57:28:ab:3b:42:0e:58:51:79:ca:65:78:d5:4f:f9:
bf:8d:e9:f1:9a:c2:8f:8c:cc:e0:dd:71:ac:a2:19:
c0:88:4a:9e:8f:7a:26:96:5a:5c:d7:14:b4:0c:d0:
40:16:25:61:ee:d6:ed:02:cd:d5:44:11:d9:47:46:
ee:8f:1c:96:e7:a3:b9:d1:b8:6b:09:af:f8:ee:f3:
65:02:61:90:0c:b4:70:d4:62:ed:59:60:72:ad:b2:
ba:31:d0:d9:99:57:76:a5:e7:e8:02:a7:20:ab:89:
e2:64:5b:3a:7e:63:b8:1c:2c:c9:00:40:55:57:ae:
ba:1d:0a:45:e0:08:a8:5f:aa:65:73:aa:d9:bb:c9:
a5:fd:2d:89:26:5a:11:4b:0d:08:db:dd:07:fa:b3:
43:d1:4e:44:fc:0f:73:58:4a:28:93:97:2d:d7:b5:
aa:60:e2:53:55:ef:ba:eb:83:9b:37:1d:a7:a2:a5:
f5:9d:fc:b7:e0:2e:34:8d:16:3f:62:9c:cd:8e:bb:
61:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:09:F6:59:1A:7F:E5:43:6E:A5:A0:BA:50:08:A9:A9:AB:B3:3A:92
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/rQn2WRp_5UNupaC6UAipqauzOpI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.112.0/24
65.181.116.0/24
65.181.123.0-65.181.125.255
65.181.127.0/24
69.57.189.0/24
162.208.8.0/22
185.181.253.0-185.181.255.255
192.243.96.0-192.243.109.255
192.243.111.0/24
192.250.224.0/20
194.39.123.0/24
194.39.148.0/23
195.250.25.0/24
198.38.90.0/24
199.175.48.0/21
Signature Algorithm: sha256WithRSAEncryption
8d:69:8e:f9:8e:78:70:0f:4c:58:01:0c:a0:70:1b:d9:d0:4b:
31:27:fa:5a:53:5b:0d:da:7d:aa:01:88:34:7c:3f:1d:4a:dd:
8e:e5:a4:35:09:9b:c4:c3:32:0e:d5:cb:39:86:a6:21:04:b9:
f7:37:7f:d4:fa:54:aa:27:35:ff:7b:2e:df:88:db:de:28:4c:
87:92:15:e6:68:3c:0f:37:75:eb:4b:50:2f:e4:ef:d8:70:30:
64:55:b4:d9:c6:bd:06:74:f1:f2:94:8f:b5:3d:ce:58:75:a6:
3a:5d:35:7c:a9:c3:d8:82:2b:65:c9:9c:43:24:9e:be:45:6a:
bf:03:84:47:b6:34:13:4a:dc:57:00:7b:df:ff:1f:21:5b:af:
3c:3b:f7:c4:76:ad:78:94:c8:21:df:44:32:02:49:de:8a:47:
2b:c9:20:42:66:17:e4:25:4a:a7:54:92:bb:88:f2:00:e4:72:
df:6b:5f:8e:97:41:0b:14:b4:00:1b:73:40:c4:22:18:3d:e2:
6b:4e:8d:d1:bf:43:b6:27:cc:ad:ca:18:c1:19:91:7c:ab:8e:
d1:b3:69:82:da:51:1a:f7:bc:a0:91:53:1d:1c:7d:48:65:f5:
d0:25:61:76:18:e5:d9:4c:03:29:06:f3:46:45:3c:ca:e9:34:
2f:92:bf:ff
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAZ0vid6xG56tLcklYtHKQC2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwMzI3MTM0NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDA5ZjY1OTFhN2ZlNTQzNmVhNWEwYmE1MDA4YTlhOWFiYjMzYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc4Lt5FfPg17pTqQ0afXs/mxvj0H
b7SAK35SjbI987quAe4InxndR6ALrZa2or+mUz2kliwp4wdJAB1XKKs7Qg5YUXnK
ZXjVT/m/jenxmsKPjMzg3XGsohnAiEqej3omllpc1xS0DNBAFiVh7tbtAs3VRBHZ
R0bujxyW56O50bhrCa/47vNlAmGQDLRw1GLtWWByrbK6MdDZmVd2pefoAqcgq4ni
ZFs6fmO4HCzJAEBVV666HQpF4AioX6plc6rZu8ml/S2JJloRSw0I290H+rND0U5E
/A9zWEook5ct17WqYOJTVe+664ObNx2noqX1nfy34C40jRY/YpzNjrthMQIDAQAB
o4ICdTCCAnEwHQYDVR0OBBYEFK0J9lkaf+VDbqWgulAIqamrszqSMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvclFuMldScF81VU51cGFDNlVBaXBxYXV6T3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGKBggrBgEFBQcBBwEB/wR7MHkwdwQCAAEwcQMEAEG1cAME
AEG1dDAMAwQAQbV7AwQBQbV8AwQAQbV/AwQARTm9AwQCotAIMAsDBAC5tf0DAwG5
tDAMAwQFwPNgAwQBwPNsAwQAwPNvAwQEwPrgAwQAwid7AwQBwieUAwQAw/oZAwQA
xiZaAwQDx68wMA0GCSqGSIb3DQEBCwUAA4IBAQCNaY75jnhwD0xYAQygcBvZ0Esx
J/paU1sN2n2qAYg0fD8dSt2O5aQ1CZvEwzIO1cs5hqYhBLn3N3/U+lSqJzX/ey7f
iNveKEyHkhXmaDwPN3XrS1Av5O/YcDBkVbTZxr0GdPHylI+1Pc5YdaY6XTV8qcPY
gitlyZxDJJ6+RWq/A4RHtjQTStxXAHvf/x8hW688O/fEdq14lMgh30QyAkneikcr
ySBCZhfkJUqnVJK7iPIA5HLfa1+Ol0ELFLQAG3NAxCIYPeJrTo3Rv0O2J8ytyhjB
GZF8q47Rs2mC2lEa97ygkVMdHH1IZfXQJWF2GOXZTAMpBvNGRTzK6TQvkr//
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:09:45 2026 by rpki-client