Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/IQZnFUMdMirGvQBoMst63-wtl4k.roa
File: IQZnFUMdMirGvQBoMst63-wtl4k.roa (raw, json)
Hash identifier: zGYkFBqnggWuDVjF52TviT/RbEWy/7X95ScZgoQuNRc=
Subject key identifier: 21:06:67:15:43:1D:32:2A:C6:BD:00:68:32:CB:7A:DF:EC:2D:97:89
Certificate issuer: /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial: 01993E35798CF5134F273D703C080BD63FD9
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/IQZnFUMdMirGvQBoMst63-wtl4k.roa
Signing time: Fri 12 Sep 2025 13:55:15 +0000
ROA not before: Fri 12 Sep 2025 13:55:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209800
IP address blocks: 91.92.240.0/24 maxlen: 24
91.92.241.0/24 maxlen: 24
91.92.242.0/24 maxlen: 24
91.92.243.0/24 maxlen: 24
178.16.52.0/24 maxlen: 24
178.16.53.0/24 maxlen: 24
178.16.54.0/24 maxlen: 24
178.16.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 07:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:3e:35:79:8c:f5:13:4f:27:3d:70:3c:08:0b:d6:3f:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
Validity
Not Before: Sep 12 13:55:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21066715431d322ac6bd006832cb7adfec2d9789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:1e:a7:f7:3d:d7:db:58:12:09:39:14:e2:b4:
a8:ef:84:3f:0e:3f:5e:de:6e:a8:ac:23:c9:f8:9c:
ec:d1:91:1b:82:89:8a:07:18:aa:1d:51:18:eb:fa:
25:7a:f5:db:f1:a5:44:4e:da:6e:62:40:9f:1f:28:
05:11:65:1d:8c:74:24:27:fd:70:a9:4c:be:fb:4f:
38:32:b2:ea:ab:6a:c2:62:ed:ac:0b:a5:82:24:b0:
d4:39:ae:f7:eb:3a:a5:bd:ef:09:5c:9e:7e:64:65:
a9:ac:c8:80:0b:54:e8:0e:68:cf:72:41:6b:46:03:
6f:e7:05:e4:1f:5a:e2:78:e1:c3:c9:b0:a6:3f:80:
d5:d2:f2:91:f8:c5:e2:c0:53:f3:90:d4:0a:d4:35:
87:1c:6a:99:3e:f2:75:73:54:a8:9a:2f:4a:61:52:
78:fb:53:2a:b4:54:2b:b7:0f:a5:ff:7c:3d:d8:76:
c8:a4:4f:20:c2:5b:a6:b1:11:44:c7:ac:69:59:07:
2b:38:bd:b1:56:54:38:c4:7b:c6:3c:0b:7c:d8:85:
10:07:ba:dd:43:db:76:46:ee:be:d0:76:db:50:97:
74:7e:80:8f:a7:89:56:9f:76:02:6e:f1:47:9e:bd:
ce:db:8e:14:23:be:77:ca:e0:94:8c:95:bc:e8:ce:
83:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:06:67:15:43:1D:32:2A:C6:BD:00:68:32:CB:7A:DF:EC:2D:97:89
X509v3 Authority Key Identifier:
keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/IQZnFUMdMirGvQBoMst63-wtl4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.92.240.0/22
178.16.52.0/22
Signature Algorithm: sha256WithRSAEncryption
7f:34:2f:d0:db:18:10:7f:ed:d9:91:02:8a:2e:c3:92:99:06:
a1:ff:c2:08:65:57:6e:6a:56:ce:38:5e:4a:e7:b5:c4:89:69:
61:84:49:37:15:14:8a:37:3a:54:44:e4:51:1e:b1:f0:08:3b:
f4:54:44:39:04:95:e5:93:f9:13:7a:45:54:59:a5:b6:f0:32:
54:66:40:12:04:78:5c:e5:1d:22:6e:46:dc:ce:2b:05:45:a7:
34:32:60:7c:fb:04:65:3a:9f:35:1b:bc:b9:f5:1d:b6:8d:2b:
83:7a:ff:85:61:d7:b7:23:38:96:7f:89:fb:ae:25:65:48:58:
41:39:33:ed:40:d0:9f:aa:c2:30:f2:7a:e6:9b:54:f2:24:f1:
0c:fc:2a:2c:ef:04:f5:b3:05:26:fa:4b:28:7b:24:03:26:0d:
38:7d:32:c4:72:a7:a0:a7:cf:f6:b0:eb:57:8e:87:db:ff:6f:
85:40:75:45:28:b4:b0:54:d4:aa:e8:da:ca:d9:6d:85:c1:dd:
dd:69:47:c1:36:e8:ef:6f:cb:53:e6:ca:04:cd:37:82:28:0f:
d9:32:0a:7b:69:2e:da:4b:a1:1c:cf:9a:0a:e3:59:5e:72:5d:
35:7e:4b:bc:c4:84:a6:9b:9f:6e:74:49:9e:16:b2:9b:80:b3:
85:e6:a1:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk+NXmM9RNPJz1wPAgL1j/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwOTEyMTM1NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA2NjcxNTQzMWQzMjJhYzZiZDAwNjgzMmNiN2FkZmVjMmQ5Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx6n9z3X21gSCTkU4rSo74Q/Dj9e
3m6orCPJ+Jzs0ZEbgomKBxiqHVEY6/olevXb8aVETtpuYkCfHygFEWUdjHQkJ/1w
qUy++084MrLqq2rCYu2sC6WCJLDUOa736zqlve8JXJ5+ZGWprMiAC1ToDmjPckFr
RgNv5wXkH1rieOHDybCmP4DV0vKR+MXiwFPzkNQK1DWHHGqZPvJ1c1Somi9KYVJ4
+1MqtFQrtw+l/3w92HbIpE8gwlumsRFEx6xpWQcrOL2xVlQ4xHvGPAt82IUQB7rd
Q9t2Ru6+0HbbUJd0foCPp4lWn3YCbvFHnr3O244UI753yuCUjJW86M6DfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCEGZxVDHTIqxr0AaDLLet/sLZeJMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvSVFabkZVTWRNaXJHdlFCb01zdDYzLXd0bDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW1zwAwQC
shA0MA0GCSqGSIb3DQEBCwUAA4IBAQB/NC/Q2xgQf+3ZkQKKLsOSmQah/8IIZVdu
albOOF5K57XEiWlhhEk3FRSKNzpURORRHrHwCDv0VEQ5BJXlk/kTekVUWaW28DJU
ZkASBHhc5R0ibkbczisFRac0MmB8+wRlOp81G7y59R22jSuDev+FYde3IziWf4n7
riVlSFhBOTPtQNCfqsIw8nrmm1TyJPEM/Cos7wT1swUm+ksoeyQDJg04fTLEcqeg
p8/2sOtXjofb/2+FQHVFKLSwVNSq6NrK2W2Fwd3daUfBNujvb8tT5soEzTeCKA/Z
Mgp7aS7aS6Ecz5oK41lecl01fku8xISmm59udEmeFrKbgLOF5qHd
-----END CERTIFICATE-----
Generated at Tue Sep 16 08:03:27 2025 by rpki-client