Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QG4XDauoT3YZZWiorRFZU6wgCqI.roa
File: QG4XDauoT3YZZWiorRFZU6wgCqI.roa (raw, json)
Hash identifier: W86DoxWPLH5owIhWIAeb+OOV4etuYSaHrSDEQRlHSvY=
Subject key identifier: 40:6E:17:0D:AB:A8:4F:76:19:65:68:A8:AD:11:59:53:AC:20:0A:A2
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 01981ED004FB59EEEBA8701D19654605E8DC
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QG4XDauoT3YZZWiorRFZU6wgCqI.roa
Signing time: Fri 18 Jul 2025 18:33:25 +0000
ROA not before: Fri 18 Jul 2025 18:33:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0f:9c06::/32 maxlen: 32
2a11:1487::/32 maxlen: 32
2a11:1f00::/32 maxlen: 32
2a11:5182::/32 maxlen: 32
2a11:6305::/32 maxlen: 32
2a11:9383::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:1e:d0:04:fb:59:ee:eb:a8:70:1d:19:65:46:05:e8:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jul 18 18:33:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=406e170daba84f76196568a8ad115953ac200aa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:29:61:6b:50:a1:de:62:a1:b6:01:e2:49:93:
c6:95:bb:f4:11:6c:e7:90:bc:56:ac:d3:2a:89:e4:
e1:4a:08:34:e9:90:2b:79:e5:d6:1d:54:a2:d2:07:
ff:bc:59:a1:ed:cc:2b:dd:cb:9a:9a:d4:8f:6e:82:
2f:a7:ea:a3:ce:ba:35:0f:6b:d5:2f:4d:e0:ba:7c:
4c:17:fc:a8:51:65:f8:a3:56:06:d9:9f:3d:69:87:
d6:d2:b2:0c:b7:75:2c:69:94:2e:54:48:b1:bc:6d:
c9:5f:ee:d6:c8:fc:00:f4:03:64:03:52:b1:53:13:
eb:86:7a:6e:65:69:e2:a9:51:0a:53:08:ba:dd:38:
76:ee:56:ca:1f:2e:35:ab:b7:b8:f5:8a:77:09:cd:
95:81:00:6c:58:e4:6e:fe:08:f7:e7:c2:13:1c:91:
0c:b0:d4:7a:f5:9e:13:9a:fa:e4:aa:53:18:8a:43:
98:8c:7e:f7:37:dc:a5:e4:b0:fc:23:a1:cc:a9:5b:
50:69:4b:ba:5a:f5:26:1d:e0:28:25:69:f0:a1:01:
10:87:b7:83:70:f1:c8:77:96:e3:74:4a:ab:44:09:
65:b3:5e:2b:13:dd:40:56:bf:22:d6:55:42:30:4e:
1f:f8:43:78:2f:5a:d0:76:54:4c:ce:31:d1:f4:63:
96:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:6E:17:0D:AB:A8:4F:76:19:65:68:A8:AD:11:59:53:AC:20:0A:A2
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/QG4XDauoT3YZZWiorRFZU6wgCqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:9c06::/32
2a11:1487::/32
2a11:1f00::/32
2a11:5182::/32
2a11:6305::/32
2a11:9383::/32
Signature Algorithm: sha256WithRSAEncryption
58:b1:87:55:09:89:23:f2:3e:a8:c9:e9:6e:47:33:35:4a:8b:
a0:2f:0a:ef:f9:bd:6d:65:08:e6:2d:ac:51:86:4c:b2:06:dc:
3f:f8:eb:43:e1:09:80:7e:89:07:06:2d:73:66:91:ea:3d:a4:
b5:92:83:33:8b:cb:5a:08:78:b9:7d:a9:cd:c9:15:68:32:b2:
50:48:72:d5:6f:f1:1b:ad:3a:89:e9:21:b8:e7:a4:57:d9:db:
dc:e6:54:c8:7d:48:82:4f:2b:81:d1:b5:79:8c:21:ef:81:c5:
70:68:13:d4:27:11:6b:ad:ed:26:a2:80:bf:f1:f2:08:a7:e7:
ce:c9:4b:a3:21:a1:f4:e8:94:a4:db:62:a9:c3:51:eb:99:4d:
76:1a:a7:69:79:67:36:5e:a1:cb:c7:50:8f:d1:b4:98:fa:0c:
34:45:51:6f:95:81:9b:f0:a0:17:5d:39:32:e8:21:e8:7e:79:
70:a8:37:e4:1d:d0:2a:63:c7:e4:e1:08:01:74:82:68:93:31:
65:81:60:f4:ce:e4:8d:80:e7:45:fe:e7:04:d6:dc:05:6a:82:
cb:04:78:51:c2:52:8e:c2:53:5d:bc:a3:5a:24:b0:e4:a5:b2:
ee:38:c2:88:00:c5:5b:76:3f:04:cd:f7:05:b5:6c:f0:54:4b:
15:d2:e5:12
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZge0AT7We7rqHAdGWVGBejcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzE4MTgzMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZlMTcwZGFiYTg0Zjc2MTk2NTY4YThhZDExNTk1M2FjMjAwYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApylha1Ch3mKhtgHiSZPGlbv0EWzn
kLxWrNMqieThSgg06ZAreeXWHVSi0gf/vFmh7cwr3cuamtSPboIvp+qjzro1D2vV
L03gunxMF/yoUWX4o1YG2Z89aYfW0rIMt3UsaZQuVEixvG3JX+7WyPwA9ANkA1Kx
UxPrhnpuZWniqVEKUwi63Th27lbKHy41q7e49Yp3Cc2VgQBsWORu/gj358ITHJEM
sNR69Z4TmvrkqlMYikOYjH73N9yl5LD8I6HMqVtQaUu6WvUmHeAoJWnwoQEQh7eD
cPHId5bjdEqrRAlls14rE91AVr8i1lVCME4f+EN4L1rQdlRMzjHR9GOW/wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEBuFw2rqE92GWVoqK0RWVOsIAqiMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvUUc0WERhdW9UM1laWldpb3JSRlpVNndnQ3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUAKg+cBgMF
ACoRFIcDBQAqER8AAwUAKhFRggMFACoRYwUDBQAqEZODMA0GCSqGSIb3DQEBCwUA
A4IBAQBYsYdVCYkj8j6oyeluRzM1SougLwrv+b1tZQjmLaxRhkyyBtw/+OtD4QmA
fokHBi1zZpHqPaS1koMzi8taCHi5fanNyRVoMrJQSHLVb/EbrTqJ6SG456RX2dvc
5lTIfUiCTyuB0bV5jCHvgcVwaBPUJxFrre0mooC/8fIIp+fOyUujIaH06JSk22Kp
w1HrmU12GqdpeWc2XqHLx1CP0bSY+gw0RVFvlYGb8KAXXTky6CHofnlwqDfkHdAq
Y8fk4QgBdIJokzFlgWD0zuSNgOdF/ucE1twFaoLLBHhRwlKOwlNdvKNaJLDkpbLu
OMKIAMVbdj8EzfcFtWzwVEsV0uUS
-----END CERTIFICATE-----
Generated at Mon Jul 21 10:38:20 2025 by rpki-client