Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/QO_GooH2m885Q2taEPXMPgyGMvU.roa
File: QO_GooH2m885Q2taEPXMPgyGMvU.roa (raw, json)
Hash identifier: 1VnTsOfjtKGYm7FG0JLVMLSQUzntH2YHEOdl/AmQZTA=
Subject key identifier: 40:EF:C6:A2:81:F6:9B:CF:39:43:6B:5A:10:F5:CC:3E:0C:86:32:F5
Certificate issuer: /CN=fb2aa5acfc9bb0fe6b911f1ecad3eb54d45cb36f
Certificate serial: 0198325F099757C51BAED521641E68EDD027
Authority key identifier: FB:2A:A5:AC:FC:9B:B0:FE:6B:91:1F:1E:CA:D3:EB:54:D4:5C:B3:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/QO_GooH2m885Q2taEPXMPgyGMvU.roa
Signing time: Tue 22 Jul 2025 13:42:25 +0000
ROA not before: Tue 22 Jul 2025 13:42:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203466
IP address blocks: 188.208.197.0/24 maxlen: 24
188.214.194.0/24 maxlen: 24
213.134.13.0/24 maxlen: 24
2a06:f940::/48 maxlen: 48
2a06:f940:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Jul 2025 22:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:32:5f:09:97:57:c5:1b:ae:d5:21:64:1e:68:ed:d0:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb2aa5acfc9bb0fe6b911f1ecad3eb54d45cb36f
Validity
Not Before: Jul 22 13:42:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40efc6a281f69bcf39436b5a10f5cc3e0c8632f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:ae:5b:13:a5:33:07:95:3e:fb:ea:63:74:f1:
67:4f:99:33:ce:ab:1b:9a:a9:15:96:74:ab:2a:91:
71:8b:23:a3:b8:00:4d:94:7a:fd:4b:6a:c2:a8:3c:
4c:7b:83:e7:5a:58:b9:20:e8:c8:ad:e0:1d:27:54:
8e:05:9a:74:3f:bb:4f:de:be:3e:d9:a3:9d:fc:e5:
a1:cd:db:e9:c0:4d:77:cb:6c:6a:e7:bf:d0:81:71:
e0:fb:00:50:59:10:b2:a4:ed:39:f9:a1:d7:01:cd:
f0:ae:48:4e:be:fb:4d:c7:7f:7f:bc:33:66:d3:78:
70:f9:b3:66:21:8d:1b:de:27:63:1c:ac:6d:9d:be:
b8:66:3e:b8:b1:de:80:96:66:62:ca:db:fe:56:4e:
48:6b:c4:8f:36:2c:0a:0b:76:9a:3e:76:44:94:9c:
76:f8:3c:ec:39:37:c9:b1:57:2e:9f:26:3b:8c:e6:
58:10:4a:7a:5c:68:bb:14:00:87:2f:5b:cd:01:84:
5a:b5:65:9e:fb:b8:37:5e:4a:73:7b:5c:db:6e:bf:
33:1c:c2:b9:7c:2f:a1:2e:d7:ce:5a:07:1b:dd:9b:
b5:10:7f:0a:15:97:d9:76:88:7c:c9:8e:08:94:c0:
a5:19:e0:d6:d5:96:3d:35:1d:a0:1b:f3:49:05:ed:
17:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:EF:C6:A2:81:F6:9B:CF:39:43:6B:5A:10:F5:CC:3E:0C:86:32:F5
X509v3 Authority Key Identifier:
keyid:FB:2A:A5:AC:FC:9B:B0:FE:6B:91:1F:1E:CA:D3:EB:54:D4:5C:B3:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/QO_GooH2m885Q2taEPXMPgyGMvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.208.197.0/24
188.214.194.0/24
213.134.13.0/24
IPv6:
2a06:f940::/47
Signature Algorithm: sha256WithRSAEncryption
00:43:4c:99:78:f1:9c:9b:0a:b9:5b:0b:09:e0:f1:11:84:89:
ae:82:eb:9d:64:a7:ae:41:e3:4c:a1:77:12:6a:99:cc:5c:76:
65:69:e3:8d:99:8f:19:a9:06:91:3b:97:33:b8:97:c5:02:40:
1c:fe:8a:c4:58:99:4c:4c:18:75:1f:aa:ca:4a:2b:c9:1b:bb:
95:56:77:6f:9b:47:e8:ad:f8:64:d2:ac:b5:0a:3c:0a:67:6b:
e8:a6:17:ed:c0:f2:2a:89:2a:04:7e:cd:6b:5e:42:db:91:41:
a6:62:c9:49:7c:f5:13:86:cf:0a:05:a9:c1:57:36:21:23:22:
a9:2e:a7:da:22:29:2d:e4:fe:f2:bb:fe:49:32:eb:d3:c3:87:
3e:e2:3d:46:d7:bd:97:2a:fd:5e:ce:4d:56:6d:11:b2:8b:d3:
d3:94:ca:bb:96:b7:98:c2:58:c4:27:54:f5:4b:83:27:62:a8:
80:2a:00:cf:56:d0:6d:a6:9a:bc:ca:6b:9c:d7:b2:dd:3f:2d:
a5:32:f6:4e:a3:cb:8b:44:35:2c:c8:ae:30:f3:1a:9b:c7:b5:
f9:1a:29:4e:af:ea:89:60:12:a2:83:02:22:20:26:72:9e:17:
17:4b:9a:3a:d0:fd:6f:19:00:00:da:2c:64:d3:33:20:cf:04:
a7:fe:f0:7a
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZgyXwmXV8UbrtUhZB5o7dAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMmFhNWFjZmM5YmIwZmU2YjkxMWYxZWNhZDNlYjU0ZDQ1
Y2IzNmYwHhcNMjUwNzIyMTM0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVmYzZhMjgxZjY5YmNmMzk0MzZiNWExMGY1Y2MzZTBjODYzMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy65bE6UzB5U+++pjdPFnT5kzzqsb
mqkVlnSrKpFxiyOjuABNlHr9S2rCqDxMe4PnWli5IOjIreAdJ1SOBZp0P7tP3r4+
2aOd/OWhzdvpwE13y2xq57/QgXHg+wBQWRCypO05+aHXAc3wrkhOvvtNx39/vDNm
03hw+bNmIY0b3idjHKxtnb64Zj64sd6AlmZiytv+Vk5Ia8SPNiwKC3aaPnZElJx2
+DzsOTfJsVcunyY7jOZYEEp6XGi7FACHL1vNAYRatWWe+7g3Xkpze1zbbr8zHMK5
fC+hLtfOWgcb3Zu1EH8KFZfZdoh8yY4IlMClGeDW1ZY9NR2gG/NJBe0X0wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFEDvxqKB9pvPOUNrWhD1zD4MhjL1MB8GA1UdIwQY
MBaAFPsqpaz8m7D+a5EfHsrT61TUXLNvMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS15cWxyUHlic1A1cmtSOGV5dFByVk5SY3MyOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEvZDllN2VkLTNjMGYtNGE5Mi04NzE2
LWVlMDU3Y2Y5YzE2MS8xL1FPX0dvb0gybTg4NVEydGFFUFhNUGd5R012VS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjEvZDllN2VkLTNjMGYtNGE5Mi04NzE2LWVlMDU3Y2Y5YzE2
MS8xLzEteXFsclB5YnNQNXJrUjhleXRQclZOUmNzMjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPAYIKwYBBQUHAQcBAf8ELTArMBgEAgABMBIDBAC80MUD
BAC81sIDBADVhg0wDwQCAAIwCQMHASoG+UAAADANBgkqhkiG9w0BAQsFAAOCAQEA
AENMmXjxnJsKuVsLCeDxEYSJroLrnWSnrkHjTKF3EmqZzFx2ZWnjjZmPGakGkTuX
M7iXxQJAHP6KxFiZTEwYdR+qykoryRu7lVZ3b5tH6K34ZNKstQo8Cmdr6KYX7cDy
KokqBH7Na15C25FBpmLJSXz1E4bPCgWpwVc2ISMiqS6n2iIpLeT+8rv+STLr08OH
PuI9Rte9lyr9Xs5NVm0RsovT05TKu5a3mMJYxCdU9UuDJ2KogCoAz1bQbaaavMpr
nNey3T8tpTL2TqPLi0Q1LMiuMPMam8e1+RopTq/qiWASooMCIiAmcp4XF0uaOtD9
bxkAANosZNMzIM8Ep/7weg==
-----END CERTIFICATE-----
Generated at Tue Jul 29 00:34:45 2025 by rpki-client