Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/QhST770mU_k1AKU7JTmNX07pC-g.roa
File: QhST770mU_k1AKU7JTmNX07pC-g.roa (raw, json)
Hash identifier: I0ps4EgOCuYlxmbadbpNOL5J1zbCIQQa4lBfcKjlcdI=
Subject key identifier: 42:14:93:EF:BD:26:53:F9:35:00:A5:3B:25:39:8D:5F:4E:E9:0B:E8
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019A30D1BDC17FF115124215BD8BCA72645C
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/QhST770mU_k1AKU7JTmNX07pC-g.roa
Signing time: Wed 29 Oct 2025 16:34:03 +0000
ROA not before: Wed 29 Oct 2025 16:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 22616
IP address blocks: 147.161.128.0/23 maxlen: 24
159.254.60.0/23 maxlen: 24
159.254.62.0/23 maxlen: 24
159.254.64.0/23 maxlen: 24
159.254.66.0/23 maxlen: 24
159.254.69.0/24 maxlen: 24
159.254.84.0/24 maxlen: 24
159.254.85.0/24 maxlen: 24
159.254.86.0/24 maxlen: 24
159.254.92.0/24 maxlen: 24
159.254.93.0/24 maxlen: 24
159.254.94.0/24 maxlen: 24
159.254.95.0/24 maxlen: 24
159.254.96.0/24 maxlen: 24
159.254.97.0/24 maxlen: 24
164.137.4.0/24 maxlen: 24
164.137.5.0/24 maxlen: 24
164.137.6.0/24 maxlen: 24
164.137.7.0/24 maxlen: 24
164.137.8.0/24 maxlen: 24
164.137.9.0/24 maxlen: 24
164.137.10.0/24 maxlen: 24
164.137.11.0/24 maxlen: 24
164.137.12.0/24 maxlen: 24
164.137.13.0/24 maxlen: 24
164.137.14.0/24 maxlen: 24
164.137.15.0/24 maxlen: 24
164.137.16.0/24 maxlen: 24
164.137.17.0/24 maxlen: 24
164.137.18.0/24 maxlen: 24
164.137.19.0/24 maxlen: 24
164.137.20.0/24 maxlen: 24
164.137.21.0/24 maxlen: 24
164.137.22.0/24 maxlen: 24
164.137.23.0/24 maxlen: 24
164.137.24.0/24 maxlen: 24
164.137.25.0/24 maxlen: 24
164.137.26.0/24 maxlen: 24
164.137.27.0/24 maxlen: 24
164.137.28.0/24 maxlen: 24
164.137.29.0/24 maxlen: 24
164.137.30.0/24 maxlen: 24
164.137.31.0/24 maxlen: 24
164.137.32.0/24 maxlen: 24
164.137.33.0/24 maxlen: 24
164.137.34.0/24 maxlen: 24
164.137.35.0/24 maxlen: 24
164.137.36.0/24 maxlen: 24
164.137.37.0/24 maxlen: 24
164.137.38.0/24 maxlen: 24
164.137.39.0/24 maxlen: 24
164.137.40.0/24 maxlen: 24
164.137.41.0/24 maxlen: 24
164.137.42.0/24 maxlen: 24
164.137.43.0/24 maxlen: 24
164.137.44.0/24 maxlen: 24
164.137.45.0/24 maxlen: 24
164.137.46.0/24 maxlen: 24
164.137.47.0/24 maxlen: 24
164.137.48.0/24 maxlen: 24
164.137.49.0/24 maxlen: 24
164.137.50.0/24 maxlen: 24
164.137.51.0/24 maxlen: 24
164.137.52.0/24 maxlen: 24
164.137.53.0/24 maxlen: 24
2a03:eec0:322b::/48 maxlen: 48
2a03:eec0:322c::/48 maxlen: 48
2a03:eec0:322d::/48 maxlen: 48
2a03:eec0:322e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:30:d1:bd:c1:7f:f1:15:12:42:15:bd:8b:ca:72:64:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Oct 29 16:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=421493efbd2653f93500a53b25398d5f4ee90be8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8f:01:96:73:9d:19:72:12:09:18:18:f1:4d:
bc:0b:b4:1b:2b:f8:b7:bc:ac:67:6d:f9:4b:07:1e:
ba:4e:c3:98:55:74:6a:e5:f4:c6:89:aa:08:4e:32:
c5:0a:14:94:88:0a:da:f4:57:b0:00:99:42:4b:56:
ea:94:2e:ef:8c:c9:7d:d4:d3:5e:97:79:db:ab:3d:
ca:2d:4f:45:a2:05:f2:86:73:8b:11:e4:13:d0:ff:
d4:85:21:34:19:16:e1:d6:a4:95:1e:df:6c:8c:01:
cf:73:3f:c0:7c:33:12:84:14:18:cb:5f:f9:17:6a:
1f:06:f4:9c:58:c1:f0:9a:65:08:9d:3f:20:b4:bb:
a1:1a:67:2a:5d:7d:fc:87:09:99:ff:52:19:b5:d7:
8a:02:4e:b8:e6:55:cd:df:11:3e:69:8b:5d:9c:11:
b9:32:6f:f3:d0:e5:3f:d4:df:a8:dd:4b:29:71:39:
e0:53:4f:26:93:c8:8a:51:21:66:92:d0:e3:a2:82:
0d:c9:78:08:f5:e5:41:65:f2:07:d1:3a:e2:52:83:
0d:4e:5d:f9:f9:7e:c3:ac:4f:54:9a:aa:8a:dd:9a:
93:7d:c8:45:b5:da:11:2f:3a:14:65:ba:c1:08:bf:
46:da:a0:ab:4c:7a:1c:8c:1f:c9:0c:75:71:b6:93:
04:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:14:93:EF:BD:26:53:F9:35:00:A5:3B:25:39:8D:5F:4E:E9:0B:E8
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/QhST770mU_k1AKU7JTmNX07pC-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.128.0/23
159.254.60.0-159.254.67.255
159.254.69.0/24
159.254.84.0-159.254.86.255
159.254.92.0-159.254.97.255
164.137.4.0-164.137.53.255
IPv6:
2a03:eec0:322b::-2a03:eec0:322e:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
91:eb:29:f4:72:0f:66:cf:d0:4e:44:ee:b6:15:4e:b3:f3:40:
e1:e1:be:8b:f8:fb:c3:5a:4a:09:7e:83:97:75:0f:f1:56:c1:
be:1f:56:e9:d3:e8:91:e2:fc:f5:e1:44:df:6c:95:17:35:e9:
a6:59:6c:5c:8e:87:22:5c:9d:1e:76:db:b3:a3:93:05:78:ec:
30:bc:01:78:92:10:d7:a6:a1:57:e6:a3:c4:ce:c4:e0:94:af:
2b:01:c1:e4:0f:30:86:93:5b:63:59:54:cd:fe:ef:b4:63:f4:
cf:32:e3:f4:46:48:5d:61:6b:8d:20:79:67:ab:56:7d:8d:a5:
5d:89:f3:0d:0d:3e:63:64:7e:86:e0:cd:84:eb:ab:da:a9:cf:
d5:7a:d5:9d:73:9e:32:84:0e:c9:bc:80:85:2e:d3:59:a7:71:
89:59:3f:3f:fa:63:34:2a:a4:91:85:1e:e9:28:e8:4a:08:82:
b2:85:73:09:57:f6:96:48:e5:d0:f5:b9:88:6b:ec:78:7c:84:
c4:bb:57:62:ab:75:40:b9:f4:67:08:f0:78:45:e7:69:60:2b:
d4:98:a4:5e:ff:1e:a9:5d:06:71:71:33:39:fc:cc:fd:3a:54:
46:b2:21:66:8c:a7:23:97:4b:94:03:47:9f:6d:ef:51:55:0d:
73:b3:7a:19
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZow0b3Bf/EVEkIVvYvKcmRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUxMDI5MTYzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE0OTNlZmJkMjY1M2Y5MzUwMGE1M2IyNTM5OGQ1ZjRlZTkwYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY8BlnOdGXISCRgY8U28C7QbK/i3
vKxnbflLBx66TsOYVXRq5fTGiaoITjLFChSUiAra9FewAJlCS1bqlC7vjMl91NNe
l3nbqz3KLU9FogXyhnOLEeQT0P/UhSE0GRbh1qSVHt9sjAHPcz/AfDMShBQYy1/5
F2ofBvScWMHwmmUInT8gtLuhGmcqXX38hwmZ/1IZtdeKAk645lXN3xE+aYtdnBG5
Mm/z0OU/1N+o3UspcTngU08mk8iKUSFmktDjooINyXgI9eVBZfIH0TriUoMNTl35
+X7DrE9UmqqK3ZqTfchFtdoRLzoUZbrBCL9G2qCrTHocjB/JDHVxtpMEtwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFEIUk++9JlP5NQClOyU5jV9O6QvoMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvUWhTVDc3MG1VX2sxQUtVN0pUbU5YMDdwQy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBKBAIAATBEAwQBk6GAMAwD
BAKf/jwDBAKf/kADBACf/kUwDAMEAp/+VAMEAJ/+VjAMAwQCn/5cAwQBn/5gMAwD
BAKkiQQDBAGkiTQwGgQCAAIwFDASAwcAKgPuwDIrAwcAKgPuwDIuMA0GCSqGSIb3
DQEBCwUAA4IBAQCR6yn0cg9mz9BORO62FU6z80Dh4b6L+PvDWkoJfoOXdQ/xVsG+
H1bp0+iR4vz14UTfbJUXNemmWWxcjociXJ0edtuzo5MFeOwwvAF4khDXpqFX5qPE
zsTglK8rAcHkDzCGk1tjWVTN/u+0Y/TPMuP0RkhdYWuNIHlnq1Z9jaVdifMNDT5j
ZH6G4M2E66vaqc/VetWdc54yhA7JvICFLtNZp3GJWT8/+mM0KqSRhR7pKOhKCIKy
hXMJV/aWSOXQ9bmIa+x4fITEu1diq3VAufRnCPB4RedpYCvUmKRe/x6pXQZxcTM5
/Mz9OlRGsiFmjKcjl0uUA0efbe9RVQ1zs3oZ
-----END CERTIFICATE-----
Generated at Tue Nov 4 07:59:33 2025 by rpki-client