Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2qlsylzgqXhlEayXE9wkcK5qmug.roa
File: 2qlsylzgqXhlEayXE9wkcK5qmug.roa (raw, json)
Hash identifier: uhfOGYd80G0548JpMljPb9TBOvg2gxGmo4JHGRdJP94=
Subject key identifier: DA:A9:6C:CA:5C:E0:A9:78:65:11:AC:97:13:DC:24:70:AE:6A:9A:E8
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0197EE60C57C062022801E94A4FEB666DA6A
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2qlsylzgqXhlEayXE9wkcK5qmug.roa
Signing time: Wed 09 Jul 2025 08:50:08 +0000
ROA not before: Wed 09 Jul 2025 08:50:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29262
IP address blocks: 46.29.26.0/24 maxlen: 24
46.29.27.0/24 maxlen: 24
93.190.12.0/24 maxlen: 24
93.190.13.0/24 maxlen: 24
160.20.108.0/24 maxlen: 24
160.20.109.0/24 maxlen: 24
185.85.189.0/24 maxlen: 24
185.85.190.0/24 maxlen: 24
185.85.191.0/24 maxlen: 24
185.85.237.0/24 maxlen: 24
185.85.238.0/24 maxlen: 24
185.85.239.0/24 maxlen: 24
185.86.5.0/24 maxlen: 24
185.86.13.0/24 maxlen: 24
185.86.153.0/24 maxlen: 24
185.86.154.0/24 maxlen: 24
185.86.164.0/24 maxlen: 24
185.86.165.0/24 maxlen: 24
185.86.166.0/24 maxlen: 24
185.86.167.0/24 maxlen: 24
185.87.24.0/24 maxlen: 24
185.87.26.0/24 maxlen: 24
185.87.27.0/24 maxlen: 24
185.87.121.0/24 maxlen: 24
185.87.122.0/24 maxlen: 24
185.87.123.0/24 maxlen: 24
185.98.60.0/24 maxlen: 24
185.119.80.0/24 maxlen: 24
185.119.81.0/24 maxlen: 24
185.119.82.0/24 maxlen: 24
185.119.83.0/24 maxlen: 24
185.141.32.0/24 maxlen: 24
2a0b:6780::/29 maxlen: 29
2a0c:46c0::/29 maxlen: 29
2a0c:67c0::/29 maxlen: 29
2a10:8b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 04:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ee:60:c5:7c:06:20:22:80:1e:94:a4:fe:b6:66:da:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jul 9 08:50:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=daa96cca5ce0a9786511ac9713dc2470ae6a9ae8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:17:48:5c:19:d8:c2:ca:81:75:3a:4e:de:9c:
a0:64:11:e8:af:00:c5:e6:0a:ca:09:18:66:9d:0e:
2f:58:80:e1:0a:bc:61:a7:9b:95:40:f8:06:a2:a7:
98:4e:bd:56:41:9d:4f:a1:70:5c:90:0d:3c:13:a4:
88:1f:69:3f:35:e5:90:f5:d8:6e:cb:bb:b8:ed:45:
4e:ac:f9:4c:0e:af:16:21:83:be:e0:ed:8f:14:ea:
11:64:87:0f:23:48:dd:0d:25:16:3f:3f:75:cb:72:
d5:39:11:08:3d:69:aa:04:a1:7a:57:7d:a0:61:bd:
54:2a:37:86:66:71:6e:cc:5c:3d:cc:84:99:09:18:
bc:ad:a1:d5:98:11:99:42:e5:45:79:33:3c:e9:5d:
35:91:56:01:c0:1f:5a:91:51:2f:6c:4f:0e:27:e0:
bf:77:ac:cb:b3:0f:e2:f7:8b:40:7e:90:28:c2:14:
09:93:ea:ae:77:76:3d:1d:1b:a1:56:2d:c3:88:33:
ed:e3:66:bf:da:07:80:50:ec:3f:44:0d:d7:22:12:
19:2c:47:95:ad:65:f6:e3:c9:b4:25:3a:a1:64:0c:
34:a3:f9:bb:de:c9:1b:5e:f5:bc:a5:72:bd:81:1d:
09:73:74:d2:3b:15:65:23:bb:4c:31:8a:d1:ff:a8:
41:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:A9:6C:CA:5C:E0:A9:78:65:11:AC:97:13:DC:24:70:AE:6A:9A:E8
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/2qlsylzgqXhlEayXE9wkcK5qmug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.29.26.0/23
93.190.12.0/23
160.20.108.0/23
185.85.189.0-185.85.191.255
185.85.237.0-185.85.239.255
185.86.5.0/24
185.86.13.0/24
185.86.153.0-185.86.154.255
185.86.164.0/22
185.87.24.0/24
185.87.26.0/23
185.87.121.0-185.87.123.255
185.98.60.0/24
185.119.80.0/22
185.141.32.0/24
IPv6:
2a0b:6780::/29
2a0c:46c0::/29
2a0c:67c0::/29
2a10:8b00::/29
Signature Algorithm: sha256WithRSAEncryption
57:bc:4b:2e:23:9b:ba:cb:17:2b:f8:aa:e4:37:63:5b:2f:6d:
30:4f:cb:a2:37:2f:1e:85:90:65:88:8f:83:30:10:e8:27:5b:
ea:03:10:79:b1:f8:d8:06:60:9d:c8:09:80:85:be:21:7b:68:
22:43:86:a8:b2:24:b6:d5:62:32:04:38:83:30:36:51:90:99:
38:f4:82:ee:87:fd:d8:4a:6d:8f:01:ee:81:b3:a0:9c:2f:cb:
cd:ff:6c:2d:8a:e9:c8:da:4e:06:7e:3e:eb:62:8f:22:26:6d:
42:19:b9:8f:e3:dd:61:16:0b:a4:68:75:fc:e7:df:2f:7c:c7:
0b:32:4e:da:ee:37:96:83:b7:fb:1f:0c:83:c8:31:36:9e:24:
36:fd:79:d7:d5:31:3e:dc:85:5e:62:56:6b:ba:30:e4:a9:5a:
d0:fb:05:5a:9f:8b:3a:99:15:e8:56:3b:a8:5f:d1:27:d7:0f:
44:aa:d1:8b:43:42:eb:2a:60:28:55:e0:f5:ff:c1:59:85:51:
53:a9:94:a1:8b:d8:80:5c:5a:5a:c1:e3:c7:04:f3:95:cc:53:
ee:de:28:d8:ca:52:63:4e:29:13:dc:48:71:f4:28:9d:db:4d:
22:7e:ce:03:01:e4:ce:52:1f:d4:51:97:59:22:b1:ea:c3:dd:
1c:b5:a7:18
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgISAZfuYMV8BiAigB6UpP62ZtpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNzA5MDg1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWE5NmNjYTVjZTBhOTc4NjUxMWFjOTcxM2RjMjQ3MGFlNmE5YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBdIXBnYwsqBdTpO3pygZBHorwDF
5grKCRhmnQ4vWIDhCrxhp5uVQPgGoqeYTr1WQZ1PoXBckA08E6SIH2k/NeWQ9dhu
y7u47UVOrPlMDq8WIYO+4O2PFOoRZIcPI0jdDSUWPz91y3LVOREIPWmqBKF6V32g
Yb1UKjeGZnFuzFw9zISZCRi8raHVmBGZQuVFeTM86V01kVYBwB9akVEvbE8OJ+C/
d6zLsw/i94tAfpAowhQJk+qud3Y9HRuhVi3DiDPt42a/2geAUOw/RA3XIhIZLEeV
rWX248m0JTqhZAw0o/m73skbXvW8pXK9gR0Jc3TSOxVlI7tMMYrR/6hBSwIDAQAB
o4ICpTCCAqEwHQYDVR0OBBYEFNqpbMpc4Kl4ZRGslxPcJHCuaproMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvMnFsc3lsemdxWGhsRWF5WEU5d2tjSzVxbXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG6BggrBgEFBQcBBwEB/wSBqjCBpzCBgAQCAAEwegMEAS4d
GgMEAV2+DAMEAaAUbDAMAwQAuVW9AwQGuVWAMAwDBAC5Ve0DBAS5VeADBAC5VgUD
BAC5Vg0wDAMEALlWmQMEALlWmgMEArlWpAMEALlXGAMEAblXGjAMAwQAuVd5AwQC
uVd4AwQAuWI8AwQCuXdQAwQAuY0gMCIEAgACMBwDBQMqC2eAAwUDKgxGwAMFAyoM
Z8ADBQMqEIsAMA0GCSqGSIb3DQEBCwUAA4IBAQBXvEsuI5u6yxcr+KrkN2NbL20w
T8uiNy8ehZBliI+DMBDoJ1vqAxB5sfjYBmCdyAmAhb4he2giQ4aosiS21WIyBDiD
MDZRkJk49ILuh/3YSm2PAe6Bs6CcL8vN/2wtiunI2k4Gfj7rYo8iJm1CGbmP491h
FgukaHX8598vfMcLMk7a7jeWg7f7HwyDyDE2niQ2/XnX1TE+3IVeYlZrujDkqVrQ
+wVan4s6mRXoVjuoX9En1w9EqtGLQ0LrKmAoVeD1/8FZhVFTqZShi9iAXFpawePH
BPOVzFPu3ijYylJjTikT3Ehx9Cid200ifs4DAeTOUh/UUZdZIrHqw90ctacY
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:01:42 2025 by rpki-client