Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Q3-n13JnYjFmnlx7fEFPLauH6Z8.roa
File: Q3-n13JnYjFmnlx7fEFPLauH6Z8.roa (raw, json)
Hash identifier: lVv8MptwuJtXmErRC2AUu2+ruTT+Iol0hKt0Cs+uzI0=
Subject key identifier: 43:7F:A7:D7:72:67:62:31:66:9E:5C:7B:7C:41:4F:2D:AB:87:E9:9F
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D7292C9B130B56986330FD8AA37C47177
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Q3-n13JnYjFmnlx7fEFPLauH6Z8.roa
Signing time: Thu 09 Apr 2026 14:08:35 +0000
ROA not before: Thu 09 Apr 2026 14:08:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 397207
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:c9:b1:30:b5:69:86:33:0f:d8:aa:37:c4:71:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=437fa7d772676231669e5c7b7c414f2dab87e99f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:6f:bd:41:34:92:63:f1:c7:ff:0b:18:9b:dd:
7b:24:e6:c4:1c:d1:3d:a9:a8:e6:af:63:d9:be:09:
0e:52:0f:a1:16:f1:29:43:6d:47:8f:76:23:4d:10:
a5:05:59:85:75:41:90:3a:5d:06:7a:e6:4f:9d:c7:
65:5d:bc:8f:a2:13:4a:b6:34:af:85:26:e9:7e:e2:
d5:a6:24:1a:f9:5b:82:bc:24:94:20:88:8f:ab:47:
eb:9d:2a:1a:73:ec:f2:8c:5e:32:87:6f:cc:ce:52:
f1:30:99:8f:66:be:b2:b6:5b:e6:05:01:65:35:98:
62:56:58:30:14:21:8c:45:a5:d7:a1:75:1a:4d:8f:
30:62:2f:1d:2b:52:7b:c1:3f:dd:ff:1a:5b:68:4c:
fe:77:6b:ab:34:6c:aa:d5:b8:62:aa:b8:25:45:dd:
f6:ac:1d:8e:7a:96:ad:3f:b3:8f:73:fc:ec:78:c0:
e6:51:11:08:58:fa:0f:38:4e:61:45:06:04:a1:64:
7b:a8:d4:1a:26:45:ef:57:1f:54:10:d2:a2:43:e4:
75:b9:0c:39:c9:4d:d4:62:4c:0e:aa:51:64:a6:84:
42:a1:78:f9:49:8d:bc:23:c2:56:be:37:ec:e7:17:
95:d3:94:ae:a4:d3:55:d8:9f:c5:bc:69:c0:bf:ca:
ae:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:7F:A7:D7:72:67:62:31:66:9E:5C:7B:7C:41:4F:2D:AB:87:E9:9F
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/Q3-n13JnYjFmnlx7fEFPLauH6Z8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
1c:e9:dc:bc:10:06:85:35:d1:fd:03:b9:77:25:8d:6d:3d:33:
3a:12:76:6c:9e:dd:f1:b3:38:1c:d0:86:d4:67:0f:4f:bf:2b:
ea:ad:74:3f:9e:2f:a3:e2:e6:7b:fd:fa:b5:72:c5:c2:ff:f0:
62:38:4b:08:60:04:b8:bc:e4:43:8a:91:92:f6:e2:dc:4e:ff:
26:44:07:f3:ae:f0:30:ed:10:2a:a0:7d:4c:f0:66:ad:58:3b:
74:b4:2d:4e:d9:2e:a8:c5:28:bc:14:13:a6:30:67:4c:4b:c1:
87:1f:61:0c:1c:4a:b9:f1:c2:f5:fe:c5:85:b0:05:f0:27:ba:
2f:88:54:8a:d7:ac:ff:58:1d:07:4f:c2:2b:7d:34:a2:d0:f8:
be:1e:8a:a5:f9:11:b8:f4:d6:a5:75:c6:f8:7c:0d:63:b1:4c:
01:ba:9c:cd:e4:8d:2a:88:b6:9e:a8:5d:25:2d:fc:7b:a5:1e:
f0:47:18:da:4e:ca:7d:67:98:73:cc:4d:77:8c:a0:aa:06:d1:
b5:4e:41:9d:80:fb:96:3a:4a:d1:fc:21:d8:1c:7e:35:35:67:
0c:32:a5:d7:66:5c:b5:84:74:6e:cd:51:8a:51:25:2a:e6:16:
00:c5:60:fb:a0:96:ca:89:1c:3f:06:46:ac:80:26:9f:db:5d:
58:70:c7:50
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1yksmxMLVphjMP2Ko3xHF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdmYTdkNzcyNjc2MjMxNjY5ZTVjN2I3YzQxNGYyZGFiODdlOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG+9QTSSY/HH/wsYm917JObEHNE9
qajmr2PZvgkOUg+hFvEpQ21Hj3YjTRClBVmFdUGQOl0GeuZPncdlXbyPohNKtjSv
hSbpfuLVpiQa+VuCvCSUIIiPq0frnSoac+zyjF4yh2/MzlLxMJmPZr6ytlvmBQFl
NZhiVlgwFCGMRaXXoXUaTY8wYi8dK1J7wT/d/xpbaEz+d2urNGyq1bhiqrglRd32
rB2OepatP7OPc/zseMDmUREIWPoPOE5hRQYEoWR7qNQaJkXvVx9UENKiQ+R1uQw5
yU3UYkwOqlFkpoRCoXj5SY28I8JWvjfs5xeV05SupNNV2J/FvGnAv8quIwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEN/p9dyZ2IxZp5ce3xBTy2rh+mfMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvUTMtbjEzSm5ZakZtbmx4N2ZFRlBMYXVINlo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBABzp3LwQBoU1
0f0DuXcljW09MzoSdmye3fGzOBzQhtRnD0+/K+qtdD+eL6Pi5nv9+rVyxcL/8GI4
SwhgBLi85EOKkZL24txO/yZEB/Ou8DDtECqgfUzwZq1YO3S0LU7ZLqjFKLwUE6Yw
Z0xLwYcfYQwcSrnxwvX+xYWwBfAnui+IVIrXrP9YHQdPwit9NKLQ+L4eiqX5Ebj0
1qV1xvh8DWOxTAG6nM3kjSqItp6oXSUt/HulHvBHGNpOyn1nmHPMTXeMoKoG0bVO
QZ2A+5Y6StH8IdgcfjU1ZwwypddmXLWEdG7NUYpRJSrmFgDFYPuglsqJHD8GRqyA
Jp/bXVhwx1A=
-----END CERTIFICATE-----
Generated at Fri Apr 17 08:14:25 2026 by rpki-client