Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/QTaYixkWug0WkImFD5gnGK_ASr4.roa
File: QTaYixkWug0WkImFD5gnGK_ASr4.roa (raw, json)
Hash identifier: w7qx/N8YQKmCAl0otduhK8XuUZj0HapOBC1Dku0mdTQ=
Subject key identifier: 41:36:98:8B:19:16:BA:0D:16:90:89:85:0F:98:27:18:AF:C0:4A:BE
Certificate issuer: /CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Certificate serial: 019B7AC82559CF1F919EA20D81D6B68F6B8B
Authority key identifier: 38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/QTaYixkWug0WkImFD5gnGK_ASr4.roa
Signing time: Thu 01 Jan 2026 18:18:15 +0000
ROA not before: Thu 01 Jan 2026 18:18:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200752
IP address blocks: 5.133.96.0/22 maxlen: 24
91.214.60.0/22 maxlen: 24
185.97.120.0/22 maxlen: 24
2a06:5c0::/29 maxlen: 29
2a09:6e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7a:c8:25:59:cf:1f:91:9e:a2:0d:81:d6:b6:8f:6b:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Validity
Not Before: Jan 1 18:18:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4136988b1916ba0d169089850f982718afc04abe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:77:dd:2c:b1:ce:fd:f4:de:3c:ea:f0:73:9c:
08:5e:32:a4:65:83:cd:3a:07:34:d9:94:69:95:bc:
ff:e5:d1:11:4a:0c:af:49:7d:e3:98:78:b1:1a:4e:
4c:f6:d4:85:37:19:1c:15:38:0e:83:fa:2f:f8:c5:
86:05:ad:29:ec:f6:25:0e:6a:b6:e5:e0:16:d2:ee:
8d:72:f6:79:92:9a:7f:d2:5f:e2:27:4c:c2:2a:64:
76:51:4d:ec:b9:89:2a:82:c3:1c:7b:43:66:35:ab:
9f:b7:7c:c7:e7:12:36:20:de:72:c3:e2:66:aa:8b:
ea:51:c2:45:51:cf:8b:56:8b:a6:68:2f:b9:36:3a:
40:db:a0:1f:85:44:e1:11:d6:76:6d:b4:29:a0:ae:
c4:30:33:1c:2a:9f:58:c6:e7:99:a4:2a:16:23:a3:
13:7e:2c:18:f0:5f:40:61:68:68:8e:98:e2:26:00:
46:97:66:f5:c8:e1:9c:94:8f:15:5f:b5:15:9e:2d:
ff:d2:15:19:49:fd:bc:4e:41:6c:92:7e:8c:b2:ca:
3f:5f:09:e4:67:25:e9:fb:a8:22:fa:ff:a2:ad:30:
7b:09:29:fd:ad:ae:dd:68:9c:03:1d:24:0e:b4:5f:
fc:6c:c2:08:fb:05:1e:a5:91:eb:04:e7:3e:03:42:
c1:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:36:98:8B:19:16:BA:0D:16:90:89:85:0F:98:27:18:AF:C0:4A:BE
X509v3 Authority Key Identifier:
keyid:38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/QTaYixkWug0WkImFD5gnGK_ASr4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.96.0/22
91.214.60.0/22
185.97.120.0/22
IPv6:
2a06:5c0::/29
2a09:6e00::/29
Signature Algorithm: sha256WithRSAEncryption
17:0e:5f:f9:d8:0c:1b:10:0c:e6:3f:a8:1c:f9:71:00:6e:3c:
cb:f4:08:f7:83:09:5f:81:f7:5b:72:a7:a1:70:91:0b:ee:89:
98:1e:b0:30:54:5b:d0:41:1f:5b:e0:64:e0:64:58:01:b9:f1:
33:fd:d0:7b:f0:57:4e:2d:8c:8b:46:a4:23:42:9c:41:8e:c4:
f3:87:a5:ea:5b:62:61:61:ff:96:1a:76:0e:69:5b:4e:8c:7b:
33:da:74:3a:b5:2e:d4:e7:13:a1:fc:fb:d1:e8:25:fe:10:6e:
e0:46:47:c8:81:3c:84:88:8f:80:c7:d0:fb:05:b2:96:60:ab:
9c:19:0f:42:8f:83:d8:91:7b:ef:59:18:58:e2:a8:20:8b:d3:
05:71:d9:6c:de:42:93:7f:ff:c6:0a:c0:0b:e2:e4:db:8b:90:
58:91:a3:b6:ff:e8:80:33:94:60:49:a8:97:0b:d4:d9:49:34:
9e:c3:2a:fd:5d:93:45:00:d3:71:c2:b2:da:fc:6d:a5:91:73:
45:fc:05:5e:7d:11:b6:4f:5c:27:23:b5:56:4b:f8:7b:29:a1:
29:be:de:f2:bf:5f:4d:ec:1d:7a:25:2b:d4:0d:a1:70:d2:5f:
4e:d2:8c:e9:07:89:5e:ba:65:f8:8b:6c:e2:d0:a2:a6:fc:1b:
e5:db:68:b3
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZt6yCVZzx+RnqINgda2j2uLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmM3OTRjNWZiYWFjNjMyYTdmZmI0M2RiMTRmNzM5Y2Q1
M2IyYzQwHhcNMjYwMTAxMTgxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM2OTg4YjE5MTZiYTBkMTY5MDg5ODUwZjk4MjcxOGFmYzA0YWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXfdLLHO/fTePOrwc5wIXjKkZYPN
Ogc02ZRplbz/5dERSgyvSX3jmHixGk5M9tSFNxkcFTgOg/ov+MWGBa0p7PYlDmq2
5eAW0u6NcvZ5kpp/0l/iJ0zCKmR2UU3suYkqgsMce0NmNauft3zH5xI2IN5yw+Jm
qovqUcJFUc+LVoumaC+5NjpA26AfhUThEdZ2bbQpoK7EMDMcKp9YxueZpCoWI6MT
fiwY8F9AYWhojpjiJgBGl2b1yOGclI8VX7UVni3/0hUZSf28TkFskn6Msso/Xwnk
ZyXp+6gi+v+irTB7CSn9ra7daJwDHSQOtF/8bMII+wUepZHrBOc+A0LBzQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEE2mIsZFroNFpCJhQ+YJxivwEq+MB8GA1UdIwQY
MBaAFDi8eUxfuqxjKn/7Q9sU9znNU7LEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYt
ZDk4NTM5NGUzYzEwLzEvUVRhWWl4a1d1ZzBXa0ltRkQ1Z25HS19BU3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYtZDk4NTM5NGUzYzEw
LzEvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCBYVgAwQC
W9Y8AwQCuWF4MBQEAgACMA4DBQMqBgXAAwUDKgluADANBgkqhkiG9w0BAQsFAAOC
AQEAFw5f+dgMGxAM5j+oHPlxAG48y/QI94MJX4H3W3KnoXCRC+6JmB6wMFRb0EEf
W+Bk4GRYAbnxM/3Qe/BXTi2Mi0akI0KcQY7E84el6ltiYWH/lhp2DmlbTox7M9p0
OrUu1OcTofz70egl/hBu4EZHyIE8hIiPgMfQ+wWylmCrnBkPQo+D2JF771kYWOKo
IIvTBXHZbN5Ck3//xgrAC+Lk24uQWJGjtv/ogDOUYEmolwvU2Uk0nsMq/V2TRQDT
ccKy2vxtpZFzRfwFXn0Rtk9cJyO1Vkv4eymhKb7e8r9fTewdeiUr1A2hcNJfTtKM
6QeJXrpl+Its4tCipvwb5dtosw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:28:00 2026 by rpki-client