Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qzhJ22gkwPKghhNAsyQ8hahGl7A.roa
File: qzhJ22gkwPKghhNAsyQ8hahGl7A.roa (raw, json)
Hash identifier: 09LTxCcGNd3z2jpA6+/28JHaqIA2Mww8e9j5+k3ojRE=
Subject key identifier: AB:38:49:DB:68:24:C0:F2:A0:86:13:40:B3:24:3C:85:A8:46:97:B0
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 019A0B2015ED0A62A3A6E30A2608423997C4
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qzhJ22gkwPKghhNAsyQ8hahGl7A.roa
Signing time: Wed 22 Oct 2025 08:54:03 +0000
ROA not before: Wed 22 Oct 2025 08:54:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213029
IP address blocks: 93.170.6.0/24 maxlen: 24
93.170.83.0/24 maxlen: 24
93.170.88.0/24 maxlen: 24
95.46.210.0/23 maxlen: 24
95.47.124.0/23 maxlen: 24
95.47.127.0/24 maxlen: 24
95.47.238.0/23 maxlen: 24
146.120.240.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0b:20:15:ed:0a:62:a3:a6:e3:0a:26:08:42:39:97:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Oct 22 08:54:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab3849db6824c0f2a0861340b3243c85a84697b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:86:08:ce:87:11:b6:43:06:f9:3a:6e:cd:a2:
9d:42:d9:af:f5:82:f7:fb:fe:a7:a7:e8:b7:54:93:
d0:f7:71:55:47:78:7e:da:6a:19:1c:01:78:2a:1b:
27:c4:67:2c:f5:dc:87:50:fc:e2:e5:b9:72:8f:47:
57:9c:fc:36:cd:5a:d3:7f:f4:13:d8:2e:a5:62:36:
f4:5e:af:91:29:77:0d:9c:f9:d8:2e:18:bd:ff:2c:
a1:ab:64:53:31:33:dc:11:85:41:20:f2:11:34:ef:
14:c7:19:f8:b8:da:eb:e0:a1:5f:28:5e:96:31:6a:
63:c2:fc:ca:38:12:5a:09:e6:57:b2:ea:61:3f:e2:
22:53:40:fa:a4:b2:06:a6:11:c4:7b:bb:08:d8:86:
d3:88:46:c2:a0:e1:64:58:75:68:dc:61:69:d9:a0:
59:0d:5f:eb:6a:47:3a:90:b1:aa:94:33:92:0e:be:
c5:60:71:56:cb:14:58:43:49:c3:5c:2e:1a:d3:79:
37:ae:93:b3:2e:95:42:9c:04:b9:df:fb:43:86:9e:
68:11:d1:e5:31:4a:31:7f:de:25:4d:cf:81:eb:53:
09:7c:1f:8f:55:df:9e:c8:fa:c7:09:49:c5:c0:18:
2a:36:b0:68:2a:b5:14:53:29:de:72:df:a5:5a:3c:
08:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:38:49:DB:68:24:C0:F2:A0:86:13:40:B3:24:3C:85:A8:46:97:B0
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qzhJ22gkwPKghhNAsyQ8hahGl7A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.170.6.0/24
93.170.83.0/24
93.170.88.0/24
95.46.210.0/23
95.47.124.0/23
95.47.127.0/24
95.47.238.0/23
146.120.240.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:b4:73:7b:6a:9c:e5:53:57:71:88:00:a5:b8:86:90:1a:7d:
2b:7c:8b:58:dd:75:ed:eb:e1:28:7b:f1:d4:0b:59:91:e9:ac:
74:b5:58:52:cd:db:8e:07:b4:db:57:24:c2:93:9a:58:2c:7f:
48:89:11:ed:31:ba:4d:2e:3b:5c:60:87:45:5e:bf:5d:d7:ab:
4c:8f:b7:28:68:4e:6c:04:20:7a:74:2b:7f:2c:b9:58:fe:2d:
ca:06:79:d5:e0:b1:11:75:cb:f8:c3:50:8c:5e:08:d6:f2:16:
57:bc:cb:1b:26:48:93:32:75:59:79:ac:3a:86:17:9d:6e:84:
1d:0e:11:df:01:85:9b:e6:82:a3:f7:67:0d:b6:90:d0:21:d0:
80:d4:5c:37:eb:2b:58:85:60:33:56:35:4e:cb:97:1e:f8:19:
5d:a2:36:1c:7e:95:51:17:5a:e1:ed:20:c3:10:05:1f:1d:71:
9c:89:a5:3d:df:38:0d:c7:23:11:d9:f3:ea:a5:8d:37:e4:ea:
33:f2:ad:26:a4:15:d7:21:64:61:34:49:c1:68:80:17:6d:63:
d3:b0:e8:3a:80:04:44:0a:3c:53:c8:18:66:00:8d:e1:c0:0a:
c8:82:bb:a8:03:51:a2:27:69:af:c8:41:eb:c8:8c:49:2c:ad:
6a:a3:4c:1a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoLIBXtCmKjpuMKJghCOZfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUxMDIyMDg1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM4NDlkYjY4MjRjMGYyYTA4NjEzNDBiMzI0M2M4NWE4NDY5N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4YIzocRtkMG+TpuzaKdQtmv9YL3
+/6np+i3VJPQ93FVR3h+2moZHAF4KhsnxGcs9dyHUPzi5blyj0dXnPw2zVrTf/QT
2C6lYjb0Xq+RKXcNnPnYLhi9/yyhq2RTMTPcEYVBIPIRNO8Uxxn4uNrr4KFfKF6W
MWpjwvzKOBJaCeZXsuphP+IiU0D6pLIGphHEe7sI2IbTiEbCoOFkWHVo3GFp2aBZ
DV/rakc6kLGqlDOSDr7FYHFWyxRYQ0nDXC4a03k3rpOzLpVCnAS53/tDhp5oEdHl
MUoxf94lTc+B61MJfB+PVd+eyPrHCUnFwBgqNrBoKrUUUynect+lWjwIiQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKs4SdtoJMDyoIYTQLMkPIWoRpewMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcXpoSjIyZ2t3UEtnaGhOQXN5UThoYWhHbDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAXaoGAwQA
XapTAwQAXapYAwQBXy7SAwQBXy98AwQAXy9/AwQBXy/uAwQAknjwMA0GCSqGSIb3
DQEBCwUAA4IBAQAdtHN7apzlU1dxiACluIaQGn0rfItY3XXt6+Eoe/HUC1mR6ax0
tVhSzduOB7TbVyTCk5pYLH9IiRHtMbpNLjtcYIdFXr9d16tMj7coaE5sBCB6dCt/
LLlY/i3KBnnV4LERdcv4w1CMXgjW8hZXvMsbJkiTMnVZeaw6hhedboQdDhHfAYWb
5oKj92cNtpDQIdCA1Fw36ytYhWAzVjVOy5ce+BldojYcfpVRF1rh7SDDEAUfHXGc
iaU93zgNxyMR2fPqpY035Ooz8q0mpBXXIWRhNEnBaIAXbWPTsOg6gARECjxTyBhm
AI3hwArIgruoA1GiJ2mvyEHryIxJLK1qo0wa
-----END CERTIFICATE-----
Generated at Wed Oct 22 22:01:26 2025 by rpki-client