Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QFcj5PeiIYau4Y2UOGJK44_wD54.roa
File: QFcj5PeiIYau4Y2UOGJK44_wD54.roa (raw, json)
Hash identifier: Xby/lPLbSx+C98Igf2vSC16rJYYkPVduxnLSZ9aNOL8=
Subject key identifier: 40:57:23:E4:F7:A2:21:86:AE:E1:8D:94:38:62:4A:E3:8F:F0:0F:9E
Certificate issuer: /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial: 01982D3244656B371BCE39679BA85B67566E
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QFcj5PeiIYau4Y2UOGJK44_wD54.roa
Signing time: Mon 21 Jul 2025 13:35:25 +0000
ROA not before: Mon 21 Jul 2025 13:35:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213732
IP address blocks: 46.38.144.0/24 maxlen: 24
46.38.145.0/24 maxlen: 24
46.38.146.0/24 maxlen: 24
46.38.147.0/24 maxlen: 24
46.38.148.0/24 maxlen: 24
46.38.149.0/24 maxlen: 24
46.38.150.0/24 maxlen: 24
46.38.151.0/24 maxlen: 24
185.29.223.0/24 maxlen: 24
212.80.29.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 19:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2d:32:44:65:6b:37:1b:ce:39:67:9b:a8:5b:67:56:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
Validity
Not Before: Jul 21 13:35:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=405723e4f7a22186aee18d9438624ae38ff00f9e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:7f:ed:05:4f:2b:81:97:a7:9c:d1:9e:66:1c:
9b:46:53:67:2a:11:06:58:b6:ee:09:10:15:6b:96:
1b:fa:84:28:c3:9c:27:40:cb:c9:7b:8f:7c:30:68:
ca:70:54:11:7e:80:74:c6:71:ae:23:9d:0e:28:47:
69:77:14:03:8b:65:07:c9:b8:a5:7e:fc:b1:30:42:
6e:30:9d:d1:b4:fa:93:22:26:4d:48:c6:b3:d4:7b:
19:4e:d6:74:b7:c6:94:60:37:07:72:b5:8e:89:d7:
f3:7a:38:39:83:80:78:ad:c4:f1:3a:80:2d:87:11:
0b:f7:07:8b:5c:9c:98:4d:98:a6:d1:b9:0c:2a:8b:
c7:a4:7b:f1:c7:98:9f:1b:f8:f5:db:13:2f:12:6c:
5e:91:65:0a:19:ee:9b:cd:b7:12:5c:9c:89:cd:52:
b3:f8:69:70:62:9f:68:50:2a:7e:20:6b:b9:6c:af:
c0:fa:d3:3b:a8:26:2e:7b:a0:1a:7a:d7:00:5c:98:
d0:b6:c9:38:47:54:15:1c:02:79:72:ca:83:50:17:
d7:e4:b7:46:38:b0:23:e7:23:87:e1:23:90:52:b6:
10:36:8a:e9:24:ef:dc:de:f4:5f:28:c1:2c:3f:2f:
90:27:cd:27:30:9d:79:df:63:64:69:67:76:30:c7:
e5:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:57:23:E4:F7:A2:21:86:AE:E1:8D:94:38:62:4A:E3:8F:F0:0F:9E
X509v3 Authority Key Identifier:
keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/QFcj5PeiIYau4Y2UOGJK44_wD54.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.38.144.0/21
185.29.223.0/24
212.80.29.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:5b:c7:a9:e8:5f:b7:4f:5f:52:18:3a:0a:22:65:ff:e4:a0:
57:c4:aa:2e:68:8b:b9:dc:a9:b0:64:77:60:1c:44:6c:1b:75:
e4:53:df:bb:e4:cd:d5:00:3e:8e:9f:7d:8b:d0:f9:1a:c9:11:
77:ad:97:fd:92:be:3c:68:99:6a:dd:d9:52:42:68:f8:8b:52:
e5:6b:78:34:11:1c:a1:75:93:d3:4d:bc:b2:1c:b8:23:2b:d5:
e2:c6:db:54:de:44:42:37:1a:76:ef:db:b4:e2:49:cd:c1:df:
35:e4:0b:6c:4f:0a:3c:b4:47:67:26:cc:71:08:6d:0b:58:85:
61:a5:02:0a:56:38:ef:85:67:1b:02:ae:ed:db:f0:4a:ff:50:
b5:94:74:ec:8b:8e:d2:24:ca:18:fb:14:8d:8c:cc:bb:88:20:
5c:07:d9:5d:76:70:6b:df:d7:cd:6c:21:89:91:09:7e:70:52:
db:c6:52:7d:ff:6d:b2:6b:14:ef:47:aa:4f:2b:06:c2:0b:05:
93:d0:09:0f:ae:eb:ec:c9:fc:69:d8:bb:be:34:26:d1:b1:4c:
3f:cd:d0:5f:42:db:79:2f:74:3d:7a:1a:19:d5:6e:01:1c:9e:
8a:5f:1f:5c:e3:45:2d:27:13:1c:86:30:a3:c6:96:93:67:69:
2a:60:f6:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgtMkRlazcbzjlnm6hbZ1ZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzIxMTMzNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDU3MjNlNGY3YTIyMTg2YWVlMThkOTQzODYyNGFlMzhmZjAwZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX/tBU8rgZennNGeZhybRlNnKhEG
WLbuCRAVa5Yb+oQow5wnQMvJe498MGjKcFQRfoB0xnGuI50OKEdpdxQDi2UHybil
fvyxMEJuMJ3RtPqTIiZNSMaz1HsZTtZ0t8aUYDcHcrWOidfzejg5g4B4rcTxOoAt
hxEL9weLXJyYTZim0bkMKovHpHvxx5ifG/j12xMvEmxekWUKGe6bzbcSXJyJzVKz
+GlwYp9oUCp+IGu5bK/A+tM7qCYue6AaetcAXJjQtsk4R1QVHAJ5csqDUBfX5LdG
OLAj5yOH4SOQUrYQNorpJO/c3vRfKMEsPy+QJ80nMJ1532NkaWd2MMflSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEBXI+T3oiGGruGNlDhiSuOP8A+eMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvUUZjajVQZWlJWWF1NFkyVU9HSks0NF93RDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLiaQAwQA
uR3fAwQA1FAdMA0GCSqGSIb3DQEBCwUAA4IBAQCrW8ep6F+3T19SGDoKImX/5KBX
xKouaIu53KmwZHdgHERsG3XkU9+75M3VAD6On32L0PkayRF3rZf9kr48aJlq3dlS
Qmj4i1Lla3g0ERyhdZPTTbyyHLgjK9XixttU3kRCNxp279u04knNwd815AtsTwo8
tEdnJsxxCG0LWIVhpQIKVjjvhWcbAq7t2/BK/1C1lHTsi47SJMoY+xSNjMy7iCBc
B9lddnBr39fNbCGJkQl+cFLbxlJ9/22yaxTvR6pPKwbCCwWT0AkPruvsyfxp2Lu+
NCbRsUw/zdBfQtt5L3Q9ehoZ1W4BHJ6KXx9c40UtJxMchjCjxpaTZ2kqYPY5
-----END CERTIFICATE-----
Generated at Thu Jul 24 02:10:25 2025 by rpki-client