Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/QDWgbXviJq4AecTUTzdtmUBRPkM.roa
File: QDWgbXviJq4AecTUTzdtmUBRPkM.roa (raw, json)
Hash identifier: w5dWr+EFjY2DSPcv8scrS3s0nFXLYMuY90DVs/hZPLI=
Subject key identifier: 40:35:A0:6D:7B:E2:26:AE:00:79:C4:D4:4F:37:6D:99:40:51:3E:43
Certificate issuer: /CN=bd049ca42e1d82ce27b54bbfd017781d545a79b7
Certificate serial: 0197CA06F2F39BF3D0B74F402FF3C20B4754
Authority key identifier: BD:04:9C:A4:2E:1D:82:CE:27:B5:4B:BF:D0:17:78:1D:54:5A:79:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vQScpC4dgs4ntUu_0Bd4HVRaebc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/QDWgbXviJq4AecTUTzdtmUBRPkM.roa
Signing time: Wed 02 Jul 2025 07:25:42 +0000
ROA not before: Wed 02 Jul 2025 07:25:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203644
IP address blocks: 91.207.32.0/23 maxlen: 23
91.207.32.0/24 maxlen: 24
91.207.33.0/24 maxlen: 24
91.212.224.0/24 maxlen: 24
185.128.100.0/22 maxlen: 22
185.128.100.0/23 maxlen: 23
185.128.102.0/23 maxlen: 23
193.19.78.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/vQScpC4dgs4ntUu_0Bd4HVRaebc.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/vQScpC4dgs4ntUu_0Bd4HVRaebc.mft
rsync://rpki.ripe.net/repository/DEFAULT/vQScpC4dgs4ntUu_0Bd4HVRaebc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 06:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ca:06:f2:f3:9b:f3:d0:b7:4f:40:2f:f3:c2:0b:47:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bd049ca42e1d82ce27b54bbfd017781d545a79b7
Validity
Not Before: Jul 2 07:25:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4035a06d7be226ae0079c4d44f376d9940513e43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ce:1e:9e:5f:c0:a4:d2:a1:af:b6:9c:ac:a4:
47:45:f0:f1:52:f3:09:a1:4c:bd:4d:7b:0a:ac:1f:
ae:e1:a0:c1:73:9b:61:f4:2d:9f:81:82:04:cd:b1:
9d:86:d6:c7:37:4a:b9:55:72:bb:d0:4c:fa:48:a1:
9e:57:ac:5a:1f:81:ff:b5:00:a2:be:1e:92:c1:bb:
aa:9a:e8:71:04:42:d6:a7:77:5a:ee:56:39:08:2d:
e0:81:94:fe:cc:86:a5:be:d4:50:ea:51:ef:03:e7:
fc:f9:93:18:15:58:17:de:3e:dc:e1:03:21:2b:3e:
c5:b9:de:a3:8d:8f:6a:72:b4:f5:9b:0f:9b:4e:0a:
a3:4a:51:37:1a:ee:88:21:fb:a9:9b:89:85:77:0a:
e4:43:b4:17:6a:45:18:a5:18:36:8c:6d:a7:ab:78:
2b:33:ea:34:da:e1:56:10:f9:38:11:79:57:cb:85:
1b:ae:08:a1:34:b0:83:50:da:5b:fc:d0:db:d1:71:
fb:ec:30:11:7a:11:ce:4c:d5:31:02:97:e5:a1:4a:
3f:99:5d:a0:ea:31:ed:7b:ef:91:ab:ba:b9:a4:45:
ea:79:70:18:c5:46:5d:ce:fa:ad:8b:9c:87:bb:30:
43:a9:95:a0:6b:a8:e0:19:fa:5d:3e:af:50:c8:7f:
f8:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:35:A0:6D:7B:E2:26:AE:00:79:C4:D4:4F:37:6D:99:40:51:3E:43
X509v3 Authority Key Identifier:
keyid:BD:04:9C:A4:2E:1D:82:CE:27:B5:4B:BF:D0:17:78:1D:54:5A:79:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vQScpC4dgs4ntUu_0Bd4HVRaebc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/QDWgbXviJq4AecTUTzdtmUBRPkM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f4820f-e815-44f3-af65-1aa034a2af9c/1/vQScpC4dgs4ntUu_0Bd4HVRaebc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.207.32.0/23
91.212.224.0/24
185.128.100.0/22
193.19.78.0/23
Signature Algorithm: sha256WithRSAEncryption
78:ea:43:cc:58:b1:3c:83:1a:ef:1c:9e:42:6e:15:e3:ff:88:
fb:33:9b:32:cd:9b:85:e8:ec:0b:76:b9:2c:d8:f9:d5:a7:44:
54:8f:72:b7:b0:55:73:2e:63:da:4b:be:64:b0:7b:39:fa:31:
13:bb:3f:e0:3f:e1:71:71:20:db:0c:4f:38:78:92:08:b9:db:
ad:15:6a:15:73:6d:c6:91:36:87:0b:e0:f2:00:8a:86:0f:bd:
61:32:22:01:29:40:e5:70:0e:5f:dc:2c:cc:7d:bf:8d:65:f7:
ac:d8:13:39:31:1c:79:8d:ce:18:86:ab:ea:3d:b1:f6:94:5e:
3d:60:3b:c2:2e:f4:5c:c7:7b:44:ba:32:d2:e6:f7:34:21:c2:
32:a0:22:0b:a8:39:45:59:ec:91:9e:eb:8f:d1:ea:f2:73:c1:
60:c1:91:b8:a6:44:19:a0:dd:32:ae:51:df:c8:e6:70:4f:6b:
ea:32:a4:51:95:99:e8:07:be:4f:97:7f:87:7b:bf:fa:5e:2c:
a4:31:33:2a:34:39:8a:b7:0e:7d:ef:1f:2a:e5:fe:fb:44:51:
be:cc:7b:7f:ed:1d:70:3d:13:81:86:b9:1c:e8:f8:3d:c2:6a:
b5:56:8e:51:a8:9b:87:29:3b:14:14:a6:81:35:2e:f0:fd:e8:
8a:66:ca:d3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZfKBvLzm/PQt09AL/PCC0dUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMDQ5Y2E0MmUxZDgyY2UyN2I1NGJiZmQwMTc3ODFkNTQ1
YTc5YjcwHhcNMjUwNzAyMDcyNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDM1YTA2ZDdiZTIyNmFlMDA3OWM0ZDQ0ZjM3NmQ5OTQwNTEzZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM4enl/ApNKhr7acrKRHRfDxUvMJ
oUy9TXsKrB+u4aDBc5th9C2fgYIEzbGdhtbHN0q5VXK70Ez6SKGeV6xaH4H/tQCi
vh6SwbuqmuhxBELWp3da7lY5CC3ggZT+zIalvtRQ6lHvA+f8+ZMYFVgX3j7c4QMh
Kz7Fud6jjY9qcrT1mw+bTgqjSlE3Gu6IIfupm4mFdwrkQ7QXakUYpRg2jG2nq3gr
M+o02uFWEPk4EXlXy4UbrgihNLCDUNpb/NDb0XH77DARehHOTNUxApfloUo/mV2g
6jHte++Rq7q5pEXqeXAYxUZdzvqti5yHuzBDqZWga6jgGfpdPq9QyH/4dQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEA1oG174iauAHnE1E83bZlAUT5DMB8GA1UdIwQY
MBaAFL0EnKQuHYLOJ7VLv9AXeB1UWnm3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlFTY3BDNGRnczRudFV1XzBCZDRIVlJhZWJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mNDgyMGYtZTgxNS00NGYzLWFmNjUt
MWFhMDM0YTJhZjljLzEvUURXZ2JYdmlKcTRBZWNUVVR6ZHRtVUJSUGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mNDgyMGYtZTgxNS00NGYzLWFmNjUtMWFhMDM0YTJhZjlj
LzEvdlFTY3BDNGRnczRudFV1XzBCZDRIVlJhZWJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW88gAwQA
W9TgAwQCuYBkAwQBwRNOMA0GCSqGSIb3DQEBCwUAA4IBAQB46kPMWLE8gxrvHJ5C
bhXj/4j7M5syzZuF6OwLdrks2PnVp0RUj3K3sFVzLmPaS75ksHs5+jETuz/gP+Fx
cSDbDE84eJIIudutFWoVc23GkTaHC+DyAIqGD71hMiIBKUDlcA5f3CzMfb+NZfes
2BM5MRx5jc4YhqvqPbH2lF49YDvCLvRcx3tEujLS5vc0IcIyoCILqDlFWeyRnuuP
0eryc8FgwZG4pkQZoN0yrlHfyOZwT2vqMqRRlZnoB75Pl3+He7/6XiykMTMqNDmK
tw597x8q5f77RFG+zHt/7R1wPROBhrkc6Pg9wmq1Vo5RqJuHKTsUFKaBNS7w/eiK
ZsrT
-----END CERTIFICATE-----
Generated at Sat Jul 26 14:50:14 2025 by rpki-client