Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qWf4zsAaLlxNBWnNkvng4-8Bvtw.roa
File: qWf4zsAaLlxNBWnNkvng4-8Bvtw.roa (raw, json)
Hash identifier: 6AjOSzj9VMdiYdzdqisEkWs6TZcl3i5LO4GKBF6A3ik=
Subject key identifier: A9:67:F8:CE:C0:1A:2E:5C:4D:05:69:CD:92:F9:E0:E3:EF:01:BE:DC
Certificate issuer: /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial: 019C93F97CD28488C786D4FF2D756D7CF386
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qWf4zsAaLlxNBWnNkvng4-8Bvtw.roa
Signing time: Wed 25 Feb 2026 08:45:27 +0000
ROA not before: Wed 25 Feb 2026 08:45:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214036
IP address blocks: 31.172.80.0/24 maxlen: 32
31.172.83.0/24 maxlen: 32
31.172.87.0/24 maxlen: 32
79.133.41.0/24 maxlen: 32
79.133.42.0/24 maxlen: 24
79.133.46.0/24 maxlen: 32
79.133.51.0/24 maxlen: 32
79.133.56.0/24 maxlen: 32
79.133.57.0/24 maxlen: 32
84.200.16.0/24 maxlen: 32
84.200.17.0/24 maxlen: 32
84.200.24.0/24 maxlen: 32
84.200.27.0/24 maxlen: 32
84.200.73.0/24 maxlen: 32
84.200.77.0/24 maxlen: 32
84.200.80.0/24 maxlen: 32
84.200.81.0/24 maxlen: 32
84.200.87.0/24 maxlen: 32
84.200.89.0/24 maxlen: 32
84.200.91.0/24 maxlen: 32
84.200.125.0/24 maxlen: 32
84.200.128.0/24 maxlen: 32
84.200.154.0/24 maxlen: 32
84.200.192.0/24 maxlen: 32
84.200.193.0/24 maxlen: 32
84.200.205.0/24 maxlen: 32
84.201.4.0/24 maxlen: 32
84.201.5.0/24 maxlen: 32
84.201.6.0/24 maxlen: 32
84.201.14.0/24 maxlen: 24
84.201.20.0/24 maxlen: 32
84.201.25.0/24 maxlen: 24
159.100.6.0/24 maxlen: 32
159.100.9.0/24 maxlen: 32
159.100.13.0/24 maxlen: 32
159.100.14.0/24 maxlen: 32
159.100.17.0/24 maxlen: 32
159.100.18.0/24 maxlen: 32
159.100.19.0/24 maxlen: 32
159.100.20.0/24 maxlen: 32
159.100.22.0/24 maxlen: 32
159.100.29.0/24 maxlen: 32
159.100.30.0/24 maxlen: 32
212.224.86.0/24 maxlen: 32
212.224.88.0/24 maxlen: 32
212.224.93.0/24 maxlen: 32
212.224.107.0/24 maxlen: 32
212.224.125.0/24 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:50:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:93:f9:7c:d2:84:88:c7:86:d4:ff:2d:75:6d:7c:f3:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Validity
Not Before: Feb 25 08:45:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a967f8cec01a2e5c4d0569cd92f9e0e3ef01bedc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b8:11:3c:c4:25:87:a4:9e:4d:52:2b:e4:3b:
fd:19:5f:0f:7d:ff:3b:07:8f:a3:ff:91:fe:f2:81:
54:0a:f5:66:3b:34:12:c5:3c:1c:83:6c:a3:b5:0a:
bb:41:92:98:b6:43:73:78:96:ff:21:bd:c8:fd:34:
ce:6f:10:c7:7e:13:2e:6b:ed:00:6f:ff:72:0d:87:
2c:6a:e5:77:a1:26:77:36:63:b5:c7:f3:a5:ef:56:
11:8a:5c:fa:70:66:1d:fe:d1:97:fc:8f:02:8d:0c:
18:f1:fd:bb:67:df:db:95:f0:f2:33:69:95:e6:73:
72:3e:d1:6e:85:26:1c:83:fd:08:9e:44:aa:09:1f:
c7:c5:9d:84:68:3d:72:16:1f:81:c6:f1:de:e7:72:
15:ea:12:78:80:74:c3:e9:27:10:77:eb:a4:11:b8:
c5:e9:aa:68:95:ae:6b:bb:49:45:4e:6a:66:66:38:
a8:17:48:c0:53:26:2b:cc:ff:62:d6:ac:1f:f0:33:
5f:50:8e:83:c4:da:8a:1a:78:9a:5e:f2:5d:26:d5:
e9:37:79:59:df:fa:59:37:12:e4:35:9b:48:76:27:
f5:a8:0a:34:39:44:9e:ef:d0:d9:83:41:64:1c:26:
9c:6f:59:21:f2:8b:cb:eb:ae:59:61:a8:25:e9:23:
8f:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:67:F8:CE:C0:1A:2E:5C:4D:05:69:CD:92:F9:E0:E3:EF:01:BE:DC
X509v3 Authority Key Identifier:
keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qWf4zsAaLlxNBWnNkvng4-8Bvtw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.80.0/24
31.172.83.0/24
31.172.87.0/24
79.133.41.0-79.133.42.255
79.133.46.0/24
79.133.51.0/24
79.133.56.0/23
84.200.16.0/23
84.200.24.0/24
84.200.27.0/24
84.200.73.0/24
84.200.77.0/24
84.200.80.0/23
84.200.87.0/24
84.200.89.0/24
84.200.91.0/24
84.200.125.0/24
84.200.128.0/24
84.200.154.0/24
84.200.192.0/23
84.200.205.0/24
84.201.4.0-84.201.6.255
84.201.14.0/24
84.201.20.0/24
84.201.25.0/24
159.100.6.0/24
159.100.9.0/24
159.100.13.0-159.100.14.255
159.100.17.0-159.100.20.255
159.100.22.0/24
159.100.29.0-159.100.30.255
212.224.86.0/24
212.224.88.0/24
212.224.93.0/24
212.224.107.0/24
212.224.125.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:31:be:54:1b:b7:25:56:d5:ac:00:89:85:05:ac:0a:6c:0b:
6e:c5:2e:49:1c:8d:d6:53:c2:f7:6e:89:08:21:d2:8d:56:e6:
60:0a:d7:7b:53:14:f0:d0:12:18:06:68:41:03:32:2a:8b:c0:
6a:96:31:70:e6:18:23:8e:12:3e:21:a4:8d:78:89:3c:42:40:
0e:78:f9:c3:4d:46:7c:9e:20:22:f7:17:f4:f3:cc:39:c9:3b:
2e:4e:24:f4:50:41:68:ab:4d:cf:e7:df:1a:78:b7:a3:7b:ad:
18:90:1a:a6:83:fe:f9:2a:7c:b5:53:d4:64:6c:c6:06:0b:39:
b0:72:de:8d:11:b9:fd:4d:6f:c0:82:e4:4c:27:88:80:7f:67:
35:03:ef:56:14:53:8a:72:d6:33:5b:b3:9f:a6:ce:56:01:36:
59:da:16:ab:28:47:d1:83:c8:d8:70:95:c0:af:57:f5:5f:6e:
34:43:a0:66:c4:30:01:b4:05:de:05:67:82:bf:5b:99:2a:d6:
1e:83:95:7e:3d:3b:7a:fe:35:0c:34:6d:ee:74:12:ff:29:e0:
d3:36:d9:b6:ca:6d:79:1a:47:1a:fb:30:b5:32:bb:96:5e:3c:
df:9f:d2:b1:2c:44:ad:ea:72:59:a4:48:60:ab:a6:82:33:73:
30:95:7b:94
-----BEGIN CERTIFICATE-----
MIIGATCCBOmgAwIBAgISAZyT+XzShIjHhtT/LXVtfPOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjYwMjI1MDg0NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTY3ZjhjZWMwMWEyZTVjNGQwNTY5Y2Q5MmY5ZTBlM2VmMDFiZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubgRPMQlh6SeTVIr5Dv9GV8Pff87
B4+j/5H+8oFUCvVmOzQSxTwcg2yjtQq7QZKYtkNzeJb/Ib3I/TTObxDHfhMua+0A
b/9yDYcsauV3oSZ3NmO1x/Ol71YRilz6cGYd/tGX/I8CjQwY8f27Z9/blfDyM2mV
5nNyPtFuhSYcg/0InkSqCR/HxZ2EaD1yFh+BxvHe53IV6hJ4gHTD6ScQd+ukEbjF
6apola5ru0lFTmpmZjioF0jAUyYrzP9i1qwf8DNfUI6DxNqKGniaXvJdJtXpN3lZ
3/pZNxLkNZtIdif1qAo0OUSe79DZg0FkHCacb1kh8ovL665ZYagl6SOPxQIDAQAB
o4IDDTCCAwkwHQYDVR0OBBYEFKln+M7AGi5cTQVpzZL54OPvAb7cMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvcVdmNHpzQWFMbHhOQlduTmt2bmc0LThCdnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIQYIKwYBBQUHAQcBAf8EggEQMIIBDDCCAQgEAgABMIIB
AAMEAB+sUAMEAB+sUwMEAB+sVzAMAwQAT4UpAwQAT4UqAwQAT4UuAwQAT4UzAwQB
T4U4AwQBVMgQAwQAVMgYAwQAVMgbAwQAVMhJAwQAVMhNAwQBVMhQAwQAVMhXAwQA
VMhZAwQAVMhbAwQAVMh9AwQAVMiAAwQAVMiaAwQBVMjAAwQAVMjNMAwDBAJUyQQD
BABUyQYDBABUyQ4DBABUyRQDBABUyRkDBACfZAYDBACfZAkwDAMEAJ9kDQMEAJ9k
DjAMAwQAn2QRAwQAn2QUAwQAn2QWMAwDBACfZB0DBACfZB4DBADU4FYDBADU4FgD
BADU4F0DBADU4GsDBADU4H0wDQYJKoZIhvcNAQELBQADggEBAG4xvlQbtyVW1awA
iYUFrApsC27FLkkcjdZTwvduiQgh0o1W5mAK13tTFPDQEhgGaEEDMiqLwGqWMXDm
GCOOEj4hpI14iTxCQA54+cNNRnyeICL3F/TzzDnJOy5OJPRQQWirTc/n3xp4t6N7
rRiQGqaD/vkqfLVT1GRsxgYLObBy3o0Ruf1Nb8CC5EwniIB/ZzUD71YUU4py1jNb
s5+mzlYBNlnaFqsoR9GDyNhwlcCvV/VfbjRDoGbEMAG0Bd4FZ4K/W5kq1h6DlX49
O3r+NQw0be50Ev8p4NM22bbKbXkaRxr7MLUyu5ZePN+f0rEsRK3qclmkSGCrpoIz
czCVe5Q=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:36:54 2026 by rpki-client