Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qhe0QtpAyfw_vs2_vG1iO_iJg9w.roa
File: Qhe0QtpAyfw_vs2_vG1iO_iJg9w.roa (raw, json)
Hash identifier: SiYFWAv0dTH5KOWIdtGdGSZHcpaJhvovGGB7gkasNlU=
Subject key identifier: 42:17:B4:42:DA:40:C9:FC:3F:BE:CD:BF:BC:6D:62:3B:F8:89:83:DC
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019821BB17EBD093EB47933F96589F44B793
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qhe0QtpAyfw_vs2_vG1iO_iJg9w.roa
Signing time: Sat 19 Jul 2025 08:09:26 +0000
ROA not before: Sat 19 Jul 2025 08:09:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 37.202.194.0/24 maxlen: 24
37.202.201.0/24 maxlen: 24
151.242.81.0/24 maxlen: 24
151.243.7.0/24 maxlen: 24
151.243.152.0/22 maxlen: 24
151.243.228.0/24 maxlen: 24
151.243.243.0/24 maxlen: 24
151.244.54.0/24 maxlen: 24
151.244.180.0/24 maxlen: 24
151.244.224.0/24 maxlen: 24
151.245.3.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:21:bb:17:eb:d0:93:eb:47:93:3f:96:58:9f:44:b7:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Jul 19 08:09:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4217b442da40c9fc3fbecdbfbc6d623bf88983dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9f:36:32:d5:d3:45:a2:10:6f:fa:f1:5c:07:
11:50:3f:4a:83:6a:ab:b0:45:da:e7:25:2d:18:21:
8d:1e:5a:a5:84:5b:16:94:bb:a6:38:39:8d:4b:ae:
38:b2:0f:e2:02:63:07:fd:cf:18:00:4e:9b:ce:ac:
ba:48:b1:d1:e7:a2:f8:42:67:05:4a:2e:ab:2f:46:
42:ca:39:cf:1f:56:4d:ac:c2:a7:5d:7a:37:ee:e7:
67:fb:e2:36:bd:64:25:ec:58:91:81:71:a4:58:de:
ec:9c:d8:ed:fa:05:5f:aa:21:49:20:e0:57:56:0d:
5c:2a:9f:39:c1:c6:d2:fc:54:9f:88:4e:55:d6:48:
b6:e3:b0:1b:b5:e0:4f:e3:ba:3b:c4:c8:d0:7f:06:
67:22:f4:e2:f7:78:81:a5:71:fd:d9:d8:54:17:2a:
bd:bb:ae:d1:31:2c:77:68:e1:20:58:5b:c2:87:b6:
31:60:07:67:63:37:a7:91:ff:37:97:df:6e:9e:ee:
fc:19:22:ee:f5:cc:15:04:4b:bd:77:68:cf:ad:ef:
3b:09:d1:be:b6:17:92:bd:d0:2a:6d:c5:6d:ef:0f:
38:f5:4a:07:61:29:76:18:e4:6d:da:21:26:c2:3d:
f8:78:cd:35:9f:64:f8:7d:ab:46:2c:28:a9:cd:bc:
f1:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:17:B4:42:DA:40:C9:FC:3F:BE:CD:BF:BC:6D:62:3B:F8:89:83:DC
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Qhe0QtpAyfw_vs2_vG1iO_iJg9w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.194.0/24
37.202.201.0/24
151.242.81.0/24
151.243.7.0/24
151.243.152.0/22
151.243.228.0/24
151.243.243.0/24
151.244.54.0/24
151.244.180.0/24
151.244.224.0/24
151.245.3.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:53:66:c6:40:59:97:96:f0:84:79:e5:56:6c:4f:1a:3b:c9:
49:bf:70:ea:ab:a7:9a:5f:c9:00:17:e0:d2:9f:ce:da:61:83:
4f:e3:d6:3c:95:6f:1b:68:31:55:e8:85:7d:29:6b:92:f5:ab:
08:50:e1:8c:db:5b:57:72:27:ed:e7:66:2e:08:f9:78:7d:42:
14:43:ac:7d:2a:84:0a:52:02:b1:da:64:a6:2c:e1:80:43:89:
f5:59:43:28:70:68:a8:76:e1:d1:fc:c0:17:b5:ae:2a:44:17:
ef:5b:c9:b0:ff:5f:15:c7:4c:8e:84:e6:e3:09:2d:9b:7b:d7:
82:3b:ad:ea:b2:40:3f:c9:81:5b:2a:c9:e8:08:d5:3f:76:db:
b2:c7:fc:bd:a2:6d:df:f4:57:fe:65:95:05:59:38:c5:8c:f4:
dc:68:d5:9d:c8:b9:d0:1c:7e:dc:00:46:70:4e:88:d0:df:75:
48:e0:c8:f3:f3:13:9a:e8:44:ca:e2:1e:e4:da:1b:35:62:79:
56:6e:b5:02:61:cd:00:f9:86:f6:5e:e1:09:af:ef:94:3b:71:
b1:27:98:4c:bb:4d:96:f9:7a:57:61:7d:9d:10:9b:fc:7c:aa:
3b:4d:2c:43:49:5b:9e:0c:b2:09:ce:83:76:0a:57:a1:45:6f:
53:04:ff:cd
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZghuxfr0JPrR5M/llifRLeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE5MDgwOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE3YjQ0MmRhNDBjOWZjM2ZiZWNkYmZiYzZkNjIzYmY4ODk4M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyp82MtXTRaIQb/rxXAcRUD9Kg2qr
sEXa5yUtGCGNHlqlhFsWlLumODmNS644sg/iAmMH/c8YAE6bzqy6SLHR56L4QmcF
Si6rL0ZCyjnPH1ZNrMKnXXo37udn++I2vWQl7FiRgXGkWN7snNjt+gVfqiFJIOBX
Vg1cKp85wcbS/FSfiE5V1ki247AbteBP47o7xMjQfwZnIvTi93iBpXH92dhUFyq9
u67RMSx3aOEgWFvCh7YxYAdnYzenkf83l99unu78GSLu9cwVBEu9d2jPre87CdG+
theSvdAqbcVt7w849UoHYSl2GORt2iEmwj34eM01n2T4fatGLCipzbzxlwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEIXtELaQMn8P77Nv7xtYjv4iYPcMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUWhlMFF0cEF5ZndfdnMyX3ZHMWlPX2lKZzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJcrCAwQA
JcrJAwQAl/JRAwQAl/MHAwQCl/OYAwQAl/PkAwQAl/PzAwQAl/Q2AwQAl/S0AwQA
l/TgAwQAl/UDMA0GCSqGSIb3DQEBCwUAA4IBAQChU2bGQFmXlvCEeeVWbE8aO8lJ
v3Dqq6eaX8kAF+DSn87aYYNP49Y8lW8baDFV6IV9KWuS9asIUOGM21tXcift52Yu
CPl4fUIUQ6x9KoQKUgKx2mSmLOGAQ4n1WUMocGioduHR/MAXta4qRBfvW8mw/18V
x0yOhObjCS2be9eCO63qskA/yYFbKsnoCNU/dtuyx/y9om3f9Ff+ZZUFWTjFjPTc
aNWdyLnQHH7cAEZwTojQ33VI4Mjz8xOa6ETK4h7k2hs1YnlWbrUCYc0A+Yb2XuEJ
r++UO3GxJ5hMu02W+XpXYX2dEJv8fKo7TSxDSVueDLIJzoN2ClehRW9TBP/N
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:45:25 2025 by rpki-client