Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qV7gADGH5m02cohaDbKPUvE_iB4.roa
File: qV7gADGH5m02cohaDbKPUvE_iB4.roa (raw, json)
Hash identifier: g+5qryL5LQOY23wBpKhkkhBO1JR+H4We3huShu8yiss=
Subject key identifier: A9:5E:E0:00:31:87:E6:6D:36:72:88:5A:0D:B2:8F:52:F1:3F:88:1E
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0197F3EAAC7087A182CEA5077BE7D19C6A8B
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qV7gADGH5m02cohaDbKPUvE_iB4.roa
Signing time: Thu 10 Jul 2025 10:38:52 +0000
ROA not before: Thu 10 Jul 2025 10:38:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200736
IP address blocks: 94.131.32.0/20 maxlen: 24
94.131.128.0/19 maxlen: 24
94.131.130.0/24 maxlen: 24
94.131.131.0/24 maxlen: 24
94.131.132.0/24 maxlen: 24
94.131.133.0/24 maxlen: 24
94.131.134.0/24 maxlen: 24
94.131.135.0/24 maxlen: 24
94.131.136.0/24 maxlen: 24
94.131.137.0/24 maxlen: 24
94.131.138.0/24 maxlen: 24
94.131.139.0/24 maxlen: 24
94.131.140.0/24 maxlen: 24
94.131.141.0/24 maxlen: 24
94.131.142.0/24 maxlen: 24
94.131.143.0/24 maxlen: 24
94.131.144.0/23 maxlen: 23
94.131.144.0/24 maxlen: 24
94.131.145.0/24 maxlen: 24
94.131.146.0/24 maxlen: 24
94.131.147.0/24 maxlen: 24
94.131.148.0/24 maxlen: 24
94.131.149.0/24 maxlen: 24
94.131.150.0/24 maxlen: 24
94.131.151.0/24 maxlen: 24
94.131.152.0/24 maxlen: 24
94.131.153.0/24 maxlen: 24
94.131.154.0/24 maxlen: 24
94.131.155.0/24 maxlen: 24
94.131.156.0/24 maxlen: 24
94.131.157.0/24 maxlen: 24
94.131.158.0/24 maxlen: 24
94.131.159.0/24 maxlen: 24
94.131.160.0/20 maxlen: 24
94.131.161.0/24 maxlen: 24
94.131.162.0/24 maxlen: 24
94.131.163.0/24 maxlen: 24
94.131.165.0/24 maxlen: 24
94.131.166.0/24 maxlen: 24
94.131.167.0/24 maxlen: 24
94.131.169.0/24 maxlen: 24
94.131.170.0/24 maxlen: 24
94.131.172.0/24 maxlen: 24
94.131.173.0/24 maxlen: 24
94.131.174.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 10:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f3:ea:ac:70:87:a1:82:ce:a5:07:7b:e7:d1:9c:6a:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jul 10 10:38:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a95ee0003187e66d3672885a0db28f52f13f881e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b8:70:31:74:a5:b7:c7:1e:dc:ae:aa:73:2a:
16:de:57:78:5a:62:78:d1:07:ec:f4:c2:61:e1:4b:
07:34:53:ed:70:50:4a:3b:26:3c:aa:4e:ef:58:ef:
03:f3:84:c9:28:68:c6:db:19:b7:0b:d6:bf:9d:27:
d0:44:56:e1:94:26:17:e7:99:17:e3:21:11:18:1a:
47:fe:c0:db:93:77:5e:ff:79:a0:4a:c3:b2:95:fb:
f0:98:f8:d6:9f:8a:fd:c7:e2:c2:0f:fe:66:21:99:
a1:75:53:bd:f4:b9:f1:92:e0:5b:87:a5:41:65:54:
32:9d:91:f6:31:dc:fe:8c:7a:f0:1b:13:38:55:c5:
ab:67:5c:91:d2:08:df:ad:80:0f:3d:a1:f6:0f:23:
cf:d7:fe:8f:db:38:b7:21:e5:09:e2:d7:5b:ef:6b:
1c:90:52:c2:45:5a:df:1e:6b:03:a1:94:98:2c:14:
35:1b:11:a0:1d:5a:f2:24:44:50:83:5c:a0:e6:32:
41:61:c2:8d:e7:b2:78:3d:8c:6a:64:2b:2a:be:14:
0a:a2:82:5c:5f:1c:c3:0c:0e:4b:bb:31:de:15:77:
65:4b:a1:d5:00:39:81:3e:7e:d5:08:60:ef:2e:80:
bb:29:35:19:3d:c0:5e:f9:6b:08:c4:28:ef:66:6a:
a2:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:5E:E0:00:31:87:E6:6D:36:72:88:5A:0D:B2:8F:52:F1:3F:88:1E
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qV7gADGH5m02cohaDbKPUvE_iB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.32.0/20
94.131.128.0-94.131.175.255
Signature Algorithm: sha256WithRSAEncryption
69:ca:eb:e7:a6:29:bf:04:be:31:81:64:21:7e:7d:32:ba:e3:
ab:71:ec:6d:71:d0:eb:ff:8f:12:d0:f3:03:92:fd:d8:43:ee:
68:d8:ac:7e:c8:36:9d:9a:e7:28:0d:34:69:4b:c8:b4:61:fc:
ed:40:f2:db:20:f0:55:d3:a9:36:c6:a7:fd:eb:22:7d:79:05:
7d:a8:9b:92:c8:89:c8:90:e7:7e:b4:3a:b6:53:32:54:b6:0c:
1e:8e:92:15:06:7d:93:01:36:45:55:7f:04:f7:59:3f:55:7c:
a4:51:a8:d6:10:79:40:6d:c9:a4:0c:e9:47:66:f0:82:1c:95:
8e:2d:62:9f:13:ff:dd:6d:00:b0:cd:bf:39:ff:43:b7:f1:87:
de:9c:20:b7:80:73:54:ef:d5:d3:6d:2f:8b:4e:08:be:43:c5:
28:c2:26:1f:99:97:8e:30:eb:a8:54:ea:7c:23:e7:b8:d7:26:
30:a4:a0:dc:0a:55:6f:fe:45:dd:b2:1b:84:76:88:4a:70:92:
f9:b4:8d:b3:09:d5:a5:84:bf:e6:2c:9e:99:35:bc:24:47:bb:
b7:8d:e7:99:19:61:59:e6:3f:c5:c0:78:d3:fb:bc:73:be:64:
9e:6f:79:3a:ea:64:47:af:90:98:c4:72:5b:35:48:d4:08:ba:
db:46:15:9a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZfz6qxwh6GCzqUHe+fRnGqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNzEwMTAzODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTVlZTAwMDMxODdlNjZkMzY3Mjg4NWEwZGIyOGY1MmYxM2Y4ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLhwMXSlt8ce3K6qcyoW3ld4WmJ4
0Qfs9MJh4UsHNFPtcFBKOyY8qk7vWO8D84TJKGjG2xm3C9a/nSfQRFbhlCYX55kX
4yERGBpH/sDbk3de/3mgSsOylfvwmPjWn4r9x+LCD/5mIZmhdVO99LnxkuBbh6VB
ZVQynZH2Mdz+jHrwGxM4VcWrZ1yR0gjfrYAPPaH2DyPP1/6P2zi3IeUJ4tdb72sc
kFLCRVrfHmsDoZSYLBQ1GxGgHVryJERQg1yg5jJBYcKN57J4PYxqZCsqvhQKooJc
XxzDDA5LuzHeFXdlS6HVADmBPn7VCGDvLoC7KTUZPcBe+WsIxCjvZmqigQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKle4AAxh+ZtNnKIWg2yj1LxP4geMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvcVY3Z0FER0g1bTAyY29oYURiS1BVdkVfaUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQEXoMgMAwD
BAdeg4ADBAReg6AwDQYJKoZIhvcNAQELBQADggEBAGnK6+emKb8EvjGBZCF+fTK6
46tx7G1x0Ov/jxLQ8wOS/dhD7mjYrH7INp2a5ygNNGlLyLRh/O1A8tsg8FXTqTbG
p/3rIn15BX2om5LIiciQ5360OrZTMlS2DB6OkhUGfZMBNkVVfwT3WT9VfKRRqNYQ
eUBtyaQM6Udm8IIclY4tYp8T/91tALDNvzn/Q7fxh96cILeAc1Tv1dNtL4tOCL5D
xSjCJh+Zl44w66hU6nwj57jXJjCkoNwKVW/+Rd2yG4R2iEpwkvm0jbMJ1aWEv+Ys
npk1vCRHu7eN55kZYVnmP8XAeNP7vHO+ZJ5veTrqZEevkJjEcls1SNQIuttGFZo=
-----END CERTIFICATE-----
Generated at Tue Jul 22 18:58:57 2025 by rpki-client