Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/qwNz3o7wg_OLUcBSvGiaJQfRhhk.roa
File: qwNz3o7wg_OLUcBSvGiaJQfRhhk.roa (raw, json)
Hash identifier: MjkmkNxZSvtubWbKEquRH7ODg918T3yuTch6krUFO2M=
Subject key identifier: AB:03:73:DE:8E:F0:83:F3:8B:51:C0:52:BC:68:9A:25:07:D1:86:19
Certificate issuer: /CN=11bc40bcab5e9053ab6db7d19e2a38df1b6f9a4b
Certificate serial: 0198ED4514BDB7945190EE6CEBEC57118095
Authority key identifier: 11:BC:40:BC:AB:5E:90:53:AB:6D:B7:D1:9E:2A:38:DF:1B:6F:9A:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/qwNz3o7wg_OLUcBSvGiaJQfRhhk.roa
Signing time: Wed 27 Aug 2025 20:43:04 +0000
ROA not before: Wed 27 Aug 2025 20:43:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202391
IP address blocks: 185.227.64.0/24 maxlen: 24
185.235.136.0/24 maxlen: 24
185.235.139.0/24 maxlen: 24
185.255.208.0/22 maxlen: 22
185.255.208.0/24 maxlen: 24
2a0a:4b80::/30 maxlen: 30
2a0a:4b84::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.crl
rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.mft
rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ed:45:14:bd:b7:94:51:90:ee:6c:eb:ec:57:11:80:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11bc40bcab5e9053ab6db7d19e2a38df1b6f9a4b
Validity
Not Before: Aug 27 20:43:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab0373de8ef083f38b51c052bc689a2507d18619
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:df:8c:4f:61:8b:5f:e5:26:b9:4b:9d:a6:a2:
ec:e6:bd:d5:a0:43:2d:87:43:2e:27:c5:c4:4f:27:
41:40:75:e3:97:65:43:fd:cf:7f:f1:bf:b6:36:fa:
38:75:f8:4b:98:7a:94:25:e7:98:47:4a:d7:96:59:
9d:85:72:a8:97:7f:cb:41:47:dd:d5:c7:6d:20:df:
ab:68:77:49:9f:df:02:5f:5e:d5:5b:81:68:a6:ec:
9c:0a:1a:85:54:37:23:c8:85:e4:16:86:15:a2:d8:
40:2a:93:e8:ab:47:00:34:aa:d0:4e:f9:1c:18:b2:
04:ce:6a:61:07:55:95:f4:63:42:03:8c:d8:40:74:
6d:0d:7e:0d:81:34:a9:f5:05:b7:16:ad:c0:84:43:
52:37:aa:44:83:80:87:17:a2:80:3f:b4:cc:d3:4b:
b0:fb:f8:40:23:80:ac:65:81:15:24:8a:4c:f7:92:
19:36:c5:92:ac:4b:a2:47:ff:03:79:26:b1:f7:f0:
5a:54:1e:e1:e7:e7:48:7c:5a:92:81:88:4e:a5:60:
13:3c:64:cc:b2:2a:74:07:5f:94:4b:67:f0:0b:78:
47:d8:54:e0:49:dd:f5:12:4f:c6:c9:87:64:d4:98:
bb:63:6e:03:ca:60:79:f4:d8:16:d1:d0:60:b7:ce:
43:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:03:73:DE:8E:F0:83:F3:8B:51:C0:52:BC:68:9A:25:07:D1:86:19
X509v3 Authority Key Identifier:
keyid:11:BC:40:BC:AB:5E:90:53:AB:6D:B7:D1:9E:2A:38:DF:1B:6F:9A:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbxAvKtekFOrbbfRnio43xtvmks.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/qwNz3o7wg_OLUcBSvGiaJQfRhhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/daffb6-8bdf-411d-b6c4-ae4f84e16ca1/1/EbxAvKtekFOrbbfRnio43xtvmks.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.227.64.0/24
185.235.136.0/24
185.235.139.0/24
185.255.208.0/22
IPv6:
2a0a:4b80::/29
Signature Algorithm: sha256WithRSAEncryption
53:2c:b1:ee:9a:b3:42:a2:58:d6:03:76:58:7b:d7:96:eb:11:
bd:ea:e4:d3:7e:2f:e2:90:ca:2e:62:2c:86:0e:33:a1:f9:65:
fc:be:39:68:81:14:0d:cf:9c:04:38:1f:c2:8b:48:6b:c2:93:
c0:c3:ef:f9:2d:b6:8e:a8:bf:63:c6:49:f3:f8:d7:38:db:0f:
a9:b8:95:de:3f:a4:c8:10:9d:94:ec:71:94:c6:d8:e4:99:dd:
81:12:c0:5e:96:81:44:17:78:3e:3f:d4:5e:48:4b:32:f9:ca:
29:e2:42:26:f6:6e:ab:fc:37:94:0a:19:d4:be:40:9f:69:63:
2d:e8:28:7f:b0:24:62:af:a7:d1:04:67:be:5d:70:48:9b:00:
7c:37:6a:a0:e1:63:d7:b9:1c:2d:f0:86:68:d8:d7:05:36:89:
bc:df:09:64:6b:2b:fa:18:45:48:41:25:da:43:51:ca:5d:02:
c7:61:10:20:ad:47:43:ef:39:e3:b3:e5:b4:10:4f:e9:ae:1d:
1b:2f:c9:a9:3c:1a:82:51:06:1c:62:a7:0b:8c:2b:4c:49:1b:
35:e7:9d:d7:48:6b:02:3e:5a:00:fa:07:6c:8d:df:54:0c:63:
4e:26:b8:e6:25:05:95:92:fd:a4:64:b3:94:52:c8:b8:e1:89:
10:72:10:6e
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZjtRRS9t5RRkO5s6+xXEYCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmM0MGJjYWI1ZTkwNTNhYjZkYjdkMTllMmEzOGRmMWI2
ZjlhNGIwHhcNMjUwODI3MjA0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjAzNzNkZThlZjA4M2YzOGI1MWMwNTJiYzY4OWEyNTA3ZDE4NjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt+MT2GLX+UmuUudpqLs5r3VoEMt
h0MuJ8XETydBQHXjl2VD/c9/8b+2Nvo4dfhLmHqUJeeYR0rXllmdhXKol3/LQUfd
1cdtIN+raHdJn98CX17VW4FopuycChqFVDcjyIXkFoYVothAKpPoq0cANKrQTvkc
GLIEzmphB1WV9GNCA4zYQHRtDX4NgTSp9QW3Fq3AhENSN6pEg4CHF6KAP7TM00uw
+/hAI4CsZYEVJIpM95IZNsWSrEuiR/8DeSax9/BaVB7h5+dIfFqSgYhOpWATPGTM
sip0B1+US2fwC3hH2FTgSd31Ek/GyYdk1Ji7Y24DymB59NgW0dBgt85DuwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKsDc96O8IPzi1HAUrxomiUH0YYZMB8GA1UdIwQY
MBaAFBG8QLyrXpBTq2230Z4qON8bb5pLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJ4QXZLdGVrRk9yYmJmUm5pbzQzeHR2bWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYWZmYjYtOGJkZi00MTFkLWI2YzQt
YWU0Zjg0ZTE2Y2ExLzEvcXdOejNvN3dnX09MVWNCU3ZHaWFKUWZSaGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYWZmYjYtOGJkZi00MTFkLWI2YzQtYWU0Zjg0ZTE2Y2Ex
LzEvRWJ4QXZLdGVrRk9yYmJmUm5pbzQzeHR2bWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAueNAAwQA
ueuIAwQAueuLAwQCuf/QMA0EAgACMAcDBQMqCkuAMA0GCSqGSIb3DQEBCwUAA4IB
AQBTLLHumrNColjWA3ZYe9eW6xG96uTTfi/ikMouYiyGDjOh+WX8vjlogRQNz5wE
OB/Ci0hrwpPAw+/5LbaOqL9jxknz+Nc42w+puJXeP6TIEJ2U7HGUxtjkmd2BEsBe
loFEF3g+P9ReSEsy+cop4kIm9m6r/DeUChnUvkCfaWMt6Ch/sCRir6fRBGe+XXBI
mwB8N2qg4WPXuRwt8IZo2NcFNom83wlkayv6GEVIQSXaQ1HKXQLHYRAgrUdD7znj
s+W0EE/prh0bL8mpPBqCUQYcYqcLjCtMSRs1553XSGsCPloA+gdsjd9UDGNOJrjm
JQWVkv2kZLOUUsi44YkQchBu
-----END CERTIFICATE-----
Generated at Wed Sep 10 10:28:44 2025 by rpki-client