Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/QN1eUaTvYAP_ELe-EbMtz85iMfc.roa
File: QN1eUaTvYAP_ELe-EbMtz85iMfc.roa (raw, json)
Hash identifier: xwP2gxjcLucn9cj9qV9ME9PvxT/Q/xeoP3TDbLZIYfY=
Subject key identifier: 40:DD:5E:51:A4:EF:60:03:FF:10:B7:BE:11:B3:2D:CF:CE:62:31:F7
Certificate issuer: /CN=94dec641051b026b95c8459150ca47ddaec89668
Certificate serial: 019B7EA757DA635D45B736E19EE1F1ECE6B8
Authority key identifier: 94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/QN1eUaTvYAP_ELe-EbMtz85iMfc.roa
Signing time: Fri 02 Jan 2026 12:20:54 +0000
ROA not before: Fri 02 Jan 2026 12:20:54 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 21282
IP address blocks: 80.241.0.0/20 maxlen: 20
80.241.1.0/24 maxlen: 24
80.241.2.0/24 maxlen: 24
80.241.3.0/24 maxlen: 24
80.241.4.0/24 maxlen: 24
2a01:7640::/38 maxlen: 38
2a01:7640::/48 maxlen: 48
2a01:7640::/64 maxlen: 64
2a01:7640:0:1::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl
rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.mft
rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:a7:57:da:63:5d:45:b7:36:e1:9e:e1:f1:ec:e6:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94dec641051b026b95c8459150ca47ddaec89668
Validity
Not Before: Jan 2 12:20:54 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=40dd5e51a4ef6003ff10b7be11b32dcfce6231f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:87:20:c9:6b:db:d2:96:dc:28:9c:e3:e9:1c:
b2:44:c2:5a:74:cb:fe:64:bf:88:ea:2e:f6:f2:66:
59:2e:2f:49:8f:d0:d3:f6:70:b6:93:1c:e6:4d:fa:
d0:72:ba:d6:c2:74:7d:83:88:89:f4:6c:95:93:10:
fb:b3:66:68:66:48:26:98:1a:5f:4d:35:37:14:ec:
5b:a7:0d:a3:d8:4c:5a:d6:2b:0c:3c:07:a9:12:5f:
9b:9d:aa:ea:e4:f4:38:5d:2b:82:84:0e:9e:5c:86:
8b:00:59:e3:c1:ac:82:7b:35:13:dd:14:77:58:e0:
a1:24:b4:47:86:28:e8:7d:1b:98:3d:5a:5d:89:21:
c9:0b:27:75:a4:8c:28:c2:b2:d0:18:88:a0:ae:02:
25:b3:bd:c9:84:56:54:cc:f6:f7:17:63:56:12:f5:
e7:f3:0c:69:78:62:55:32:76:90:56:9a:30:bf:99:
db:09:58:87:3f:df:3a:01:ee:cb:f4:a0:57:fe:e6:
2b:ef:c5:4b:a4:93:2b:b1:1e:a9:9d:cc:85:4c:32:
aa:3e:4d:bd:82:24:a2:63:00:91:e0:17:f6:4b:19:
53:bc:ee:c6:65:ba:9a:96:c7:4b:1c:47:cb:18:b5:
8a:9d:1c:7b:bd:d6:a2:61:9b:c1:a0:a3:f0:34:26:
fb:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:DD:5E:51:A4:EF:60:03:FF:10:B7:BE:11:B3:2D:CF:CE:62:31:F7
X509v3 Authority Key Identifier:
keyid:94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/QN1eUaTvYAP_ELe-EbMtz85iMfc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.241.0.0/20
IPv6:
2a01:7640::/38
Signature Algorithm: sha256WithRSAEncryption
81:36:21:79:83:5a:13:a8:84:84:80:fa:25:4f:5d:63:4b:e6:
45:01:2b:31:e3:2c:d4:a2:6a:c1:e1:7d:d3:81:ba:43:fb:d9:
45:6e:af:dc:6e:34:e1:e3:51:f6:4b:7a:1f:f2:9b:56:96:0f:
d1:f0:56:88:e0:24:d9:3f:e9:19:19:1d:10:f8:04:48:8d:78:
93:0a:2e:c9:cc:6c:39:32:cf:9d:0a:b9:26:50:2b:81:78:50:
3f:6b:74:6f:61:c0:69:be:75:a2:72:b1:01:37:23:2d:d5:7a:
fb:c8:70:3e:f5:9d:48:dd:ff:34:48:ed:b2:41:25:3a:0c:64:
a2:df:ae:02:36:99:99:a2:37:32:22:49:af:2b:ad:f4:e5:9e:
ee:b1:12:34:8a:ed:3a:c8:43:77:41:3a:73:45:31:b7:8b:74:
db:0e:01:39:58:eb:2b:30:dd:0f:34:aa:92:a3:f4:ec:4c:cb:
0c:30:31:95:db:a8:52:04:2f:6d:5b:cd:ef:89:82:c6:f2:1f:
f9:74:35:73:5a:3d:30:15:0c:ba:3a:a2:97:d9:99:24:a8:f9:
fc:f3:15:6c:f4:9d:d3:81:87:5f:99:b7:f0:4b:22:0f:75:e1:
72:83:38:56:4a:f3:2a:c0:c8:b8:86:96:e3:c0:08:9e:89:87:
70:bd:1e:b9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZt+p1faY11FtzbhnuHx7Oa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZGVjNjQxMDUxYjAyNmI5NWM4NDU5MTUwY2E0N2RkYWVj
ODk2NjgwHhcNMjYwMTAyMTIyMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRkNWU1MWE0ZWY2MDAzZmYxMGI3YmUxMWIzMmRjZmNlNjIzMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkocgyWvb0pbcKJzj6RyyRMJadMv+
ZL+I6i728mZZLi9Jj9DT9nC2kxzmTfrQcrrWwnR9g4iJ9GyVkxD7s2ZoZkgmmBpf
TTU3FOxbpw2j2Exa1isMPAepEl+bnarq5PQ4XSuChA6eXIaLAFnjwayCezUT3RR3
WOChJLRHhijofRuYPVpdiSHJCyd1pIwowrLQGIigrgIls73JhFZUzPb3F2NWEvXn
8wxpeGJVMnaQVpowv5nbCViHP986Ae7L9KBX/uYr78VLpJMrsR6pncyFTDKqPk29
giSiYwCR4Bf2SxlTvO7GZbqalsdLHEfLGLWKnRx7vdaiYZvBoKPwNCb7IQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFEDdXlGk72AD/xC3vhGzLc/OYjH3MB8GA1UdIwQY
MBaAFJTexkEFGwJrlchFkVDKR92uyJZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYt
OWVhNjQ4NjJhOWFiLzEvUU4xZVVhVHZZQVBfRUxlLUViTXR6ODVpTWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYtOWVhNjQ4NjJhOWFi
LzEvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEUPEAMA4E
AgACMAgDBgIqAXZAADANBgkqhkiG9w0BAQsFAAOCAQEAgTYheYNaE6iEhID6JU9d
Y0vmRQErMeMs1KJqweF904G6Q/vZRW6v3G404eNR9kt6H/KbVpYP0fBWiOAk2T/p
GRkdEPgESI14kwouycxsOTLPnQq5JlArgXhQP2t0b2HAab51onKxATcjLdV6+8hw
PvWdSN3/NEjtskElOgxkot+uAjaZmaI3MiJJryut9OWe7rESNIrtOshDd0E6c0Ux
t4t02w4BOVjrKzDdDzSqkqP07EzLDDAxlduoUgQvbVvN74mCxvIf+XQ1c1o9MBUM
ujqil9mZJKj5/PMVbPSd04GHX5m38EsiD3XhcoM4VkrzKsDIuIaW48AInomHcL0e
uQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 20:50:52 2026 by rpki-client