Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qkn09gGw9_pYS22v_SrDemeIoJI.roa
File: qkn09gGw9_pYS22v_SrDemeIoJI.roa (raw, json)
Hash identifier: OSIoNd4NerHm/MUfEqmcXlQFZ/K6gwLw7wnqNHc3YTQ=
Subject key identifier: AA:49:F4:F6:01:B0:F7:FA:58:4B:6D:AF:FD:2A:C3:7A:67:88:A0:92
Certificate issuer: /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial: 01983150F4070AFD8F340E67E32B88F49161
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qkn09gGw9_pYS22v_SrDemeIoJI.roa
Signing time: Tue 22 Jul 2025 08:47:25 +0000
ROA not before: Tue 22 Jul 2025 08:47:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31167
IP address blocks: 85.14.128.0/18 maxlen: 18
85.14.131.0/24 maxlen: 24
85.14.153.0/24 maxlen: 24
93.115.111.0/24 maxlen: 24
109.74.80.0/20 maxlen: 20
109.74.90.0/24 maxlen: 24
109.74.93.0/24 maxlen: 24
217.119.176.0/20 maxlen: 20
217.171.16.0/20 maxlen: 20
217.171.27.0/24 maxlen: 24
2a00:1788::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:31:50:f4:07:0a:fd:8f:34:0e:67:e3:2b:88:f4:91:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Validity
Not Before: Jul 22 08:47:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa49f4f601b0f7fa584b6daffd2ac37a6788a092
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:26:ab:4e:15:f6:82:67:03:2b:7a:6a:4d:52:
c7:8c:10:62:39:ba:7f:58:d6:c5:91:5b:9e:bf:e4:
83:04:d9:4b:67:49:f0:08:6d:71:87:98:ac:47:a4:
37:00:40:e0:92:20:f6:16:b0:56:2f:21:60:d9:22:
ee:9f:2f:27:aa:dc:63:17:89:b5:0b:3d:da:d2:1a:
21:e8:3e:40:46:2b:db:dd:ba:73:9d:39:ec:3f:fd:
46:ad:cc:cd:f7:d0:7c:09:b2:65:5b:0a:02:11:43:
2c:8b:8b:8b:50:02:07:c6:38:e8:83:c5:64:31:35:
c4:46:e1:5c:27:c5:d1:7c:c5:77:58:20:cb:e7:53:
59:ef:02:2f:d1:e5:f0:32:d5:6f:60:99:a3:f4:28:
de:24:1f:78:1e:a5:c3:e2:1b:ed:85:74:c1:3c:c1:
17:51:a5:29:f2:85:b8:6f:e8:2f:a1:c0:ef:71:05:
85:90:30:9a:c2:4c:cf:ff:af:a6:c9:79:1f:58:99:
6e:2b:53:6d:44:29:bf:be:b5:75:a3:66:77:7d:8e:
d0:ec:55:7b:85:ea:8a:3d:16:00:69:5c:f8:8b:b1:
f7:00:2f:f0:b5:1f:f3:28:9d:57:cb:89:76:9a:d1:
80:a1:09:59:41:ba:2f:7f:8a:0d:24:53:98:2d:0a:
40:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:49:F4:F6:01:B0:F7:FA:58:4B:6D:AF:FD:2A:C3:7A:67:88:A0:92
X509v3 Authority Key Identifier:
keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/qkn09gGw9_pYS22v_SrDemeIoJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.14.128.0/18
93.115.111.0/24
109.74.80.0/20
217.119.176.0/20
217.171.16.0/20
IPv6:
2a00:1788::/32
Signature Algorithm: sha256WithRSAEncryption
03:38:97:87:17:87:29:fc:0a:d5:bf:f1:33:b2:2c:6e:ab:6c:
89:2e:c8:a8:73:39:8e:0e:94:7f:4d:1d:e9:79:5b:e8:c0:93:
db:80:25:2c:33:01:1b:32:a6:b6:48:95:6f:d5:e3:9d:4d:49:
03:82:62:4f:b3:09:c1:bd:de:e8:4b:77:a2:18:16:25:05:5f:
d3:15:ff:7c:38:ec:ad:8b:dc:7a:73:86:2c:1e:b1:35:a1:0f:
ff:35:1c:e8:13:7b:a3:0d:79:84:8a:3d:29:ca:05:98:97:f4:
27:4a:0d:bd:b3:4d:b2:6f:c3:30:42:5d:f3:56:b4:2a:53:7b:
92:af:43:a7:f1:ae:bb:fd:c3:29:9f:1f:6b:81:76:b8:ff:6a:
70:ea:9c:2a:c4:9b:a6:d1:bd:04:e0:84:98:8b:cd:b0:55:5a:
df:f1:c6:7a:18:7b:5f:b1:33:77:5b:ce:4e:d6:ca:9b:87:88:
11:9b:5e:c1:eb:c8:73:f8:2a:17:69:e9:a9:bc:04:69:c1:62:
dd:75:c0:6b:70:5e:cf:09:42:03:f4:c7:cb:c0:bf:73:2a:24:
06:94:83:c1:f6:6d:5a:c8:00:cb:2b:c8:66:ac:0b:fe:ac:96:
04:eb:90:3b:2b:85:d4:4e:67:2b:d7:22:a2:5e:60:d9:7e:a0:
a7:f1:34:53
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZgxUPQHCv2PNA5n4yuI9JFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjUwNzIyMDg0NzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ5ZjRmNjAxYjBmN2ZhNTg0YjZkYWZmZDJhYzM3YTY3ODhhMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCarThX2gmcDK3pqTVLHjBBiObp/
WNbFkVuev+SDBNlLZ0nwCG1xh5isR6Q3AEDgkiD2FrBWLyFg2SLuny8nqtxjF4m1
Cz3a0hoh6D5ARivb3bpznTnsP/1GrczN99B8CbJlWwoCEUMsi4uLUAIHxjjog8Vk
MTXERuFcJ8XRfMV3WCDL51NZ7wIv0eXwMtVvYJmj9CjeJB94HqXD4hvthXTBPMEX
UaUp8oW4b+gvocDvcQWFkDCawkzP/6+myXkfWJluK1NtRCm/vrV1o2Z3fY7Q7FV7
heqKPRYAaVz4i7H3AC/wtR/zKJ1Xy4l2mtGAoQlZQbovf4oNJFOYLQpAEQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKpJ9PYBsPf6WEttr/0qw3pniKCSMB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvcWtuMDlnR3c5X3BZUzIydl9TckRlbWVJb0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGVQ6AAwQA
XXNvAwQEbUpQAwQE2XewAwQE2asQMA0EAgACMAcDBQAqABeIMA0GCSqGSIb3DQEB
CwUAA4IBAQADOJeHF4cp/ArVv/Ezsixuq2yJLsioczmODpR/TR3peVvowJPbgCUs
MwEbMqa2SJVv1eOdTUkDgmJPswnBvd7oS3eiGBYlBV/TFf98OOyti9x6c4YsHrE1
oQ//NRzoE3ujDXmEij0pygWYl/QnSg29s02yb8MwQl3zVrQqU3uSr0On8a67/cMp
nx9rgXa4/2pw6pwqxJum0b0E4ISYi82wVVrf8cZ6GHtfsTN3W85O1sqbh4gRm17B
68hz+CoXaempvARpwWLddcBrcF7PCUID9MfLwL9zKiQGlIPB9m1ayADLK8hmrAv+
rJYE65A7K4XUTmcr1yKiXmDZfqCn8TRT
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:37:26 2025 by rpki-client