Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/QSFo4SzW5Mxl0PfFRdNnIL_TgtQ.roa
File: QSFo4SzW5Mxl0PfFRdNnIL_TgtQ.roa (raw, json)
Hash identifier: ihRbYBAqH4CF7W2NY5WPRwb0ldsVjq6C79woYjxyC0Q=
Subject key identifier: 41:21:68:E1:2C:D6:E4:CC:65:D0:F7:C5:45:D3:67:20:BF:D3:82:D4
Certificate issuer: /CN=eebe79d147882422ec275417dfd2affa93a02757
Certificate serial: 019C9A02E4E25E94633CCB75CF57F0814BF1
Authority key identifier: EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/QSFo4SzW5Mxl0PfFRdNnIL_TgtQ.roa
Signing time: Thu 26 Feb 2026 12:53:26 +0000
ROA not before: Thu 26 Feb 2026 12:53:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34876
IP address blocks: 95.86.128.0/24 maxlen: 24
95.86.129.0/24 maxlen: 24
95.86.130.0/24 maxlen: 24
95.86.131.0/24 maxlen: 24
95.86.132.0/24 maxlen: 24
95.86.133.0/24 maxlen: 24
95.86.134.0/24 maxlen: 24
95.86.135.0/24 maxlen: 24
95.86.137.0/24 maxlen: 24
95.86.138.0/24 maxlen: 24
95.86.139.0/24 maxlen: 24
95.86.140.0/24 maxlen: 24
95.86.141.0/24 maxlen: 24
95.86.142.0/24 maxlen: 24
95.86.143.0/24 maxlen: 24
95.86.144.0/21 maxlen: 21
95.86.152.0/24 maxlen: 24
95.86.153.0/24 maxlen: 24
95.86.154.0/24 maxlen: 24
95.86.155.0/24 maxlen: 24
95.86.156.0/24 maxlen: 24
95.86.157.0/24 maxlen: 24
95.86.158.0/24 maxlen: 24
95.86.159.0/24 maxlen: 24
95.86.160.0/24 maxlen: 24
95.86.161.0/24 maxlen: 24
95.86.172.0/24 maxlen: 24
95.86.173.0/24 maxlen: 24
95.86.174.0/24 maxlen: 24
95.86.175.0/24 maxlen: 24
95.86.176.0/24 maxlen: 24
95.86.177.0/24 maxlen: 24
95.86.178.0/24 maxlen: 24
95.86.179.0/24 maxlen: 24
95.86.180.0/24 maxlen: 24
95.86.181.0/24 maxlen: 24
95.86.182.0/24 maxlen: 24
95.86.183.0/24 maxlen: 24
95.86.184.0/22 maxlen: 22
95.86.184.0/24 maxlen: 24
95.86.185.0/24 maxlen: 24
95.86.186.0/24 maxlen: 24
95.86.187.0/24 maxlen: 24
95.86.188.0/24 maxlen: 24
95.86.189.0/24 maxlen: 24
95.86.190.0/24 maxlen: 24
95.86.191.0/24 maxlen: 24
193.8.62.0/23 maxlen: 23
193.8.62.0/24 maxlen: 24
193.8.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.mft
rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 21:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9a:02:e4:e2:5e:94:63:3c:cb:75:cf:57:f0:81:4b:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eebe79d147882422ec275417dfd2affa93a02757
Validity
Not Before: Feb 26 12:53:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=412168e12cd6e4cc65d0f7c545d36720bfd382d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a6:4c:a3:28:56:99:c2:44:91:3a:6d:27:f6:
63:86:b8:32:7c:5c:f3:8e:bd:35:e5:41:5d:ec:05:
56:39:86:f2:f1:9b:aa:de:71:c9:4c:4e:4f:e3:14:
37:00:97:c5:54:49:3d:fa:35:a8:50:1c:0c:56:a5:
ab:37:7d:0c:72:60:27:49:63:53:a3:63:b7:be:44:
46:6a:f2:7c:c1:f7:1f:f3:27:c4:d0:bd:db:87:54:
15:92:b1:0a:e6:aa:a7:10:0a:7c:8f:13:8f:c5:39:
b0:9f:00:3a:9c:16:81:24:cf:12:75:0c:0b:80:42:
18:a3:c9:10:f4:c7:08:1f:4d:32:61:aa:8b:7b:9a:
63:ee:1b:da:27:ef:f2:72:da:6d:59:df:fe:cc:35:
16:df:22:61:7a:45:da:7f:89:64:d2:19:13:5e:90:
c3:08:d7:e5:6d:40:d6:0d:77:e9:1f:a1:a7:f6:7e:
9b:61:56:23:5b:75:7d:13:c4:0a:d8:7c:6a:83:51:
0c:3c:f0:8e:df:32:94:05:f8:27:66:e8:6b:b7:00:
fa:01:55:ce:df:8d:b3:c5:3d:4a:ef:0e:e0:0e:ba:
0c:3e:b1:9b:b1:b6:5d:ca:65:8d:0a:30:6c:38:3d:
60:59:75:2e:70:b9:cd:ab:96:c1:c5:b2:06:8a:92:
ee:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:21:68:E1:2C:D6:E4:CC:65:D0:F7:C5:45:D3:67:20:BF:D3:82:D4
X509v3 Authority Key Identifier:
keyid:EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/QSFo4SzW5Mxl0PfFRdNnIL_TgtQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.86.128.0/21
95.86.137.0-95.86.161.255
95.86.172.0-95.86.191.255
193.8.62.0/23
Signature Algorithm: sha256WithRSAEncryption
23:55:36:ab:52:c3:12:c4:30:47:e7:1e:fc:0f:88:a0:db:54:
1f:6b:f3:6d:9c:dd:17:29:ef:31:6a:65:c1:d7:26:bc:6e:80:
f6:55:9e:26:8d:23:ab:b3:44:46:eb:24:10:59:1e:cf:31:f5:
62:32:f3:df:a5:40:c3:64:78:b5:a9:35:44:57:3b:0a:22:99:
0d:f1:3a:1f:60:a8:fc:ec:c8:82:77:53:b3:11:37:d3:7a:72:
9f:4e:8f:3c:26:6f:37:76:e6:13:59:87:65:c0:4d:ba:12:78:
a6:06:26:26:be:ba:54:9d:b3:7b:62:68:4a:3f:e5:8a:8e:94:
a3:4e:7d:bb:1a:3f:7b:06:d2:d4:aa:6a:eb:fc:e9:fd:ae:68:
18:28:18:80:93:82:27:07:9d:c9:2a:50:99:00:af:50:46:c0:
9c:e7:04:d3:02:2c:98:c2:8d:32:d7:01:30:2b:18:9f:a0:17:
a5:c4:ab:b2:2d:0a:18:d6:44:ed:08:6c:38:f4:90:db:40:21:
77:2d:88:49:3d:f1:29:59:fd:7d:a7:a3:e1:f2:db:a6:f2:67:
87:28:d2:27:4d:cd:8b:aa:92:ef:0d:af:d0:ff:0e:30:cc:27:
27:90:0f:da:18:01:ab:02:61:65:3f:ea:5e:60:d6:d4:87:ec:
19:45:2c:6c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZyaAuTiXpRjPMt1z1fwgUvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmU3OWQxNDc4ODI0MjJlYzI3NTQxN2RmZDJhZmZhOTNh
MDI3NTcwHhcNMjYwMjI2MTI1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTIxNjhlMTJjZDZlNGNjNjVkMGY3YzU0NWQzNjcyMGJmZDM4MmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKZMoyhWmcJEkTptJ/ZjhrgyfFzz
jr015UFd7AVWOYby8Zuq3nHJTE5P4xQ3AJfFVEk9+jWoUBwMVqWrN30McmAnSWNT
o2O3vkRGavJ8wfcf8yfE0L3bh1QVkrEK5qqnEAp8jxOPxTmwnwA6nBaBJM8SdQwL
gEIYo8kQ9McIH00yYaqLe5pj7hvaJ+/yctptWd/+zDUW3yJhekXaf4lk0hkTXpDD
CNflbUDWDXfpH6Gn9n6bYVYjW3V9E8QK2Hxqg1EMPPCO3zKUBfgnZuhrtwD6AVXO
342zxT1K7w7gDroMPrGbsbZdymWNCjBsOD1gWXUucLnNq5bBxbIGipLu7wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEEhaOEs1uTMZdD3xUXTZyC/04LUMB8GA1UdIwQY
MBaAFO6+edFHiCQi7CdUF9/Sr/qToCdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTIt
Mzg4MjNjMTQ0OWFmLzEvUVNGbzRTelc1TXhsMFBmRlJkTm5JTF9UZ3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTItMzg4MjNjMTQ0OWFm
LzEvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQDX1aAMAwD
BABfVokDBAFfVqAwDAMEAl9WrAMEBl9WgAMEAcEIPjANBgkqhkiG9w0BAQsFAAOC
AQEAI1U2q1LDEsQwR+ce/A+IoNtUH2vzbZzdFynvMWplwdcmvG6A9lWeJo0jq7NE
RuskEFkezzH1YjLz36VAw2R4tak1RFc7CiKZDfE6H2Co/OzIgndTsxE303pyn06P
PCZvN3bmE1mHZcBNuhJ4pgYmJr66VJ2ze2JoSj/lio6Uo059uxo/ewbS1Kpq6/zp
/a5oGCgYgJOCJwedySpQmQCvUEbAnOcE0wIsmMKNMtcBMCsYn6AXpcSrsi0KGNZE
7QhsOPSQ20Ahdy2IST3xKVn9faej4fLbpvJnhyjSJ03Ni6qS7w2v0P8OMMwnJ5AP
2hgBqwJhZT/qXmDW1IfsGUUsbA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:53:28 2026 by rpki-client