Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QY3FsKWsHL7VlMduaclRNJ3pt_U.roa
File: QY3FsKWsHL7VlMduaclRNJ3pt_U.roa (raw, json)
Hash identifier: H5vPCo3lKDFJhLJsXdyGxkbSr+CZKxnZxfEUf2naVGc=
Subject key identifier: 41:8D:C5:B0:A5:AC:1C:BE:D5:94:C7:6E:69:C9:51:34:9D:E9:B7:F5
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 0196C3FEAF7A1379DDDD464F0BE29AC596E9
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QY3FsKWsHL7VlMduaclRNJ3pt_U.roa
Signing time: Mon 12 May 2025 10:16:10 +0000
ROA not before: Mon 12 May 2025 10:16:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197968
IP address blocks: 91.147.108.0/24 maxlen: 24
91.147.109.0/24 maxlen: 24
109.175.175.0/24 maxlen: 24
109.175.225.0/24 maxlen: 24
212.108.86.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 20:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c3:fe:af:7a:13:79:dd:dd:46:4f:0b:e2:9a:c5:96:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: May 12 10:16:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=418dc5b0a5ac1cbed594c76e69c951349de9b7f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:80:83:9e:1b:37:a6:ea:2f:bf:54:00:ba:19:
13:5d:af:a4:fc:88:03:b8:eb:16:5a:b8:b7:f3:98:
06:81:64:c1:39:01:b6:66:49:9f:a8:ea:dc:ae:fa:
2d:e0:38:fa:ce:b5:6e:c4:39:85:f6:ed:0f:83:a6:
ec:02:63:e0:ec:57:6d:39:e3:dd:81:7a:2a:c9:75:
61:19:b0:1d:7b:7e:32:95:c1:7f:23:15:fe:43:28:
b1:30:1c:62:2f:9d:8f:aa:51:24:47:7d:98:ef:c4:
cf:94:41:f4:a5:60:8f:1c:b1:04:91:35:0e:05:4f:
97:39:bb:87:f3:88:a0:6b:f6:43:b3:63:a9:fd:c6:
64:57:72:af:ae:15:12:b2:ad:9a:9a:f6:84:5e:05:
b2:2d:df:9a:4c:d1:0b:d9:2d:e5:8a:09:8c:12:3a:
39:0e:fe:e7:2d:6c:9f:85:13:e2:ba:a1:71:66:bd:
e3:dd:8b:24:f5:1e:0e:a3:5e:18:ee:08:3f:35:e9:
09:28:ea:9f:5f:dc:c5:35:68:fd:5b:5d:35:e1:0b:
0f:51:b3:47:d6:27:50:ad:84:32:a4:28:fa:b5:26:
64:1c:a2:bb:c5:86:ed:b2:d9:53:bd:29:06:e9:c3:
be:e8:e8:98:5a:9c:08:95:d5:df:4b:52:19:d6:da:
10:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:8D:C5:B0:A5:AC:1C:BE:D5:94:C7:6E:69:C9:51:34:9D:E9:B7:F5
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/QY3FsKWsHL7VlMduaclRNJ3pt_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.147.108.0/23
109.175.175.0/24
109.175.225.0/24
212.108.86.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:1f:17:f1:51:38:6d:12:7b:f6:df:a2:1c:95:4a:c6:7b:85:
cf:90:79:4f:a1:34:96:66:ad:83:cc:58:4e:e5:cb:a8:ac:3b:
ba:42:07:09:fe:12:dc:fb:4a:d6:f6:ac:64:27:c1:84:19:a7:
2c:55:cf:8d:15:a1:73:87:c0:99:8e:01:31:27:4b:d4:4c:35:
d6:42:11:4d:8e:c1:c3:64:0c:f0:f9:2c:0f:cf:af:52:6a:0a:
61:4d:5c:06:4f:7a:d3:71:4b:74:7a:be:25:f3:05:48:85:fc:
a7:b5:41:b2:7d:3f:f8:e1:0c:31:44:9d:f3:5b:5d:bb:70:65:
d7:29:60:bd:b4:d4:36:52:3d:09:3f:ce:95:71:a1:0f:d5:83:
33:f7:f1:93:ed:44:cf:96:97:67:f7:52:d6:e8:97:cd:bb:22:
5c:54:b6:fd:2b:58:56:0a:ea:94:b7:7f:ba:9f:bf:e2:6f:40:
36:59:cd:10:df:ee:d7:22:16:e0:ca:36:63:c1:32:67:1e:d0:
7e:90:a2:86:b8:19:69:e3:18:97:ab:84:a2:c3:94:4e:1d:e9:
73:4d:93:43:c2:87:05:da:95:4f:7d:94:f9:63:fb:71:80:13:
82:99:f6:7c:ec:56:ff:84:7a:20:f5:49:d4:cc:06:b4:ff:5d:
3c:e8:f0:68
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZbD/q96E3nd3UZPC+KaxZbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwNTEyMTAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThkYzViMGE1YWMxY2JlZDU5NGM3NmU2OWM5NTEzNDlkZTliN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYCDnhs3puovv1QAuhkTXa+k/IgD
uOsWWri385gGgWTBOQG2ZkmfqOrcrvot4Dj6zrVuxDmF9u0Pg6bsAmPg7FdtOePd
gXoqyXVhGbAde34ylcF/IxX+QyixMBxiL52PqlEkR32Y78TPlEH0pWCPHLEEkTUO
BU+XObuH84iga/ZDs2Op/cZkV3KvrhUSsq2amvaEXgWyLd+aTNEL2S3ligmMEjo5
Dv7nLWyfhRPiuqFxZr3j3Ysk9R4Oo14Y7gg/NekJKOqfX9zFNWj9W1014QsPUbNH
1idQrYQypCj6tSZkHKK7xYbtstlTvSkG6cO+6OiYWpwIldXfS1IZ1toQgwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEGNxbClrBy+1ZTHbmnJUTSd6bf1MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvUVkzRnNLV3NITDdWbE1kdWFjbFJOSjNwdF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW5NsAwQA
ba+vAwQAba/hAwQA1GxWMA0GCSqGSIb3DQEBCwUAA4IBAQCiHxfxUThtEnv236Ic
lUrGe4XPkHlPoTSWZq2DzFhO5cuorDu6QgcJ/hLc+0rW9qxkJ8GEGacsVc+NFaFz
h8CZjgExJ0vUTDXWQhFNjsHDZAzw+SwPz69SagphTVwGT3rTcUt0er4l8wVIhfyn
tUGyfT/44QwxRJ3zW127cGXXKWC9tNQ2Uj0JP86VcaEP1YMz9/GT7UTPlpdn91LW
6JfNuyJcVLb9K1hWCuqUt3+6n7/ib0A2Wc0Q3+7XIhbgyjZjwTJnHtB+kKKGuBlp
4xiXq4Siw5ROHelzTZNDwocF2pVPfZT5Y/txgBOCmfZ87Fb/hHog9UnUzAa0/108
6PBo
-----END CERTIFICATE-----
Generated at Sun Jun 8 06:14:49 2025 by rpki-client