Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/QheNcxsOMuaxLgjUMz8IKhAE4zI.roa
File: QheNcxsOMuaxLgjUMz8IKhAE4zI.roa (raw, json)
Hash identifier: 1qU8I97VIdY7GQVn2XafsvIYaI5J0RtyUS8ikCjbw40=
Subject key identifier: 42:17:8D:73:1B:0E:32:E6:B1:2E:08:D4:33:3F:08:2A:10:04:E3:32
Certificate issuer: /CN=3bde2cd5215e93bfa0ca6df8b2c1f5ed2c94af74
Certificate serial: 0199BEE191E860113EC553DB1D1D36E70BD2
Authority key identifier: 3B:DE:2C:D5:21:5E:93:BF:A0:CA:6D:F8:B2:C1:F5:ED:2C:94:AF:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/QheNcxsOMuaxLgjUMz8IKhAE4zI.roa
Signing time: Tue 07 Oct 2025 13:34:37 +0000
ROA not before: Tue 07 Oct 2025 13:34:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 91.195.160.0/23 maxlen: 23
91.198.151.0/24 maxlen: 24
91.236.83.0/24 maxlen: 24
194.0.250.0/24 maxlen: 24
194.30.188.0/24 maxlen: 24
217.102.232.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 07:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:be:e1:91:e8:60:11:3e:c5:53:db:1d:1d:36:e7:0b:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3bde2cd5215e93bfa0ca6df8b2c1f5ed2c94af74
Validity
Not Before: Oct 7 13:34:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=42178d731b0e32e6b12e08d4333f082a1004e332
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:65:27:82:10:f1:00:ef:5f:7c:d4:cb:6a:0f:
17:8b:0a:b5:b4:66:c8:50:2e:20:e1:a6:78:d9:41:
50:1c:36:66:f8:d0:d0:d4:5c:ab:1b:e9:46:4d:5f:
83:3d:63:da:67:94:86:f7:72:07:d6:79:82:8e:20:
c3:4d:2f:40:28:5c:a4:27:87:3f:88:f7:7f:f8:b6:
71:0e:5f:e6:13:5f:c7:93:88:bf:b5:bc:5a:2e:97:
63:bf:30:e9:f2:2c:ef:5b:69:a0:23:a3:c5:a2:17:
77:51:d7:32:b2:69:ce:55:de:a9:79:36:d4:f0:63:
9a:46:6e:52:2f:dc:6b:d4:3e:12:26:db:40:2e:cd:
6a:a3:6a:54:f9:a2:05:bb:b9:98:57:1b:74:62:17:
5e:bc:d9:06:96:5c:a2:55:93:af:53:74:10:da:b8:
e8:40:fb:d3:8e:63:31:9d:84:1d:8f:fa:d7:bb:ef:
b1:75:46:d7:94:c6:83:97:87:3a:37:c7:30:2a:75:
81:f7:f6:bb:81:0a:65:32:b8:62:85:7d:45:54:1f:
61:d4:ed:3a:e2:0b:8e:4f:b9:17:2c:40:fb:a1:91:
aa:70:b3:af:f4:74:95:85:9f:7d:cd:41:74:19:f2:
61:d4:a8:b2:4d:78:c8:81:e1:b1:f7:e0:2b:8d:7d:
14:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:17:8D:73:1B:0E:32:E6:B1:2E:08:D4:33:3F:08:2A:10:04:E3:32
X509v3 Authority Key Identifier:
keyid:3B:DE:2C:D5:21:5E:93:BF:A0:CA:6D:F8:B2:C1:F5:ED:2C:94:AF:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/QheNcxsOMuaxLgjUMz8IKhAE4zI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.160.0/23
91.198.151.0/24
91.236.83.0/24
194.0.250.0/24
194.30.188.0/24
217.102.232.0/21
Signature Algorithm: sha256WithRSAEncryption
9e:6e:38:e3:b3:76:b9:38:19:df:84:db:60:c8:3a:09:19:a3:
0f:d1:ce:1f:2b:56:fa:18:64:f8:ff:66:1f:ed:6a:f9:00:f6:
90:15:90:18:ca:14:4e:fa:5d:bf:cb:4a:51:33:be:28:1e:a3:
70:35:be:bd:fb:89:32:f3:74:ca:83:08:6a:ee:8c:13:79:9a:
40:0e:52:6e:f8:b8:b9:5b:8f:d8:46:ea:dd:52:fc:76:94:0b:
21:23:c7:16:70:04:c8:6f:f6:cb:cf:a3:10:29:79:80:6b:24:
89:39:d6:4d:b7:33:12:04:71:ef:6d:46:fc:c2:fd:38:e6:07:
6b:e9:3e:53:cd:91:55:4c:5f:93:d3:80:14:ad:d6:fb:ba:19:
ca:e6:20:ed:f7:74:32:bd:af:05:c3:3e:d7:8b:e6:17:97:bd:
9c:b7:9d:e7:20:25:8d:de:d9:17:ab:b5:97:fa:b1:c6:7f:28:
9d:c8:c3:eb:66:b0:08:9f:11:3d:ba:3d:4a:38:40:48:44:8c:
b1:31:4f:02:23:fe:8d:97:32:ac:bd:f2:a1:c5:f1:02:45:59:
1b:74:be:f4:f2:de:86:22:42:b3:4e:fe:e8:c8:ba:7e:32:ef:
22:73:c6:63:69:49:f5:10:fd:e9:da:04:1c:93:84:ba:dc:1b:
5b:c0:1b:10
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZm+4ZHoYBE+xVPbHR025wvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZGUyY2Q1MjE1ZTkzYmZhMGNhNmRmOGIyYzFmNWVkMmM5
NGFmNzQwHhcNMjUxMDA3MTMzNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE3OGQ3MzFiMGUzMmU2YjEyZTA4ZDQzMzNmMDgyYTEwMDRlMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGUnghDxAO9ffNTLag8Xiwq1tGbI
UC4g4aZ42UFQHDZm+NDQ1FyrG+lGTV+DPWPaZ5SG93IH1nmCjiDDTS9AKFykJ4c/
iPd/+LZxDl/mE1/Hk4i/tbxaLpdjvzDp8izvW2mgI6PFohd3UdcysmnOVd6peTbU
8GOaRm5SL9xr1D4SJttALs1qo2pU+aIFu7mYVxt0YhdevNkGllyiVZOvU3QQ2rjo
QPvTjmMxnYQdj/rXu++xdUbXlMaDl4c6N8cwKnWB9/a7gQplMrhihX1FVB9h1O06
4guOT7kXLED7oZGqcLOv9HSVhZ99zUF0GfJh1KiyTXjIgeGx9+ArjX0UvwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEIXjXMbDjLmsS4I1DM/CCoQBOMyMB8GA1UdIwQY
MBaAFDveLNUhXpO/oMpt+LLB9e0slK90MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzk0czFTRmVrNy1neW0zNHNzSDE3U3lVcjNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jNTNhM2UtZjkwZC00NzQyLTg0ZmIt
ZGIzMTlhMzFiZGY3LzEvUWhlTmN4c09NdWF4TGdqVU16OElLaEFFNHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jNTNhM2UtZjkwZC00NzQyLTg0ZmItZGIzMTlhMzFiZGY3
LzEvTzk0czFTRmVrNy1neW0zNHNzSDE3U3lVcjNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBW8OgAwQA
W8aXAwQAW+xTAwQAwgD6AwQAwh68AwQD2WboMA0GCSqGSIb3DQEBCwUAA4IBAQCe
bjjjs3a5OBnfhNtgyDoJGaMP0c4fK1b6GGT4/2Yf7Wr5APaQFZAYyhRO+l2/y0pR
M74oHqNwNb69+4ky83TKgwhq7owTeZpADlJu+Li5W4/YRurdUvx2lAshI8cWcATI
b/bLz6MQKXmAaySJOdZNtzMSBHHvbUb8wv045gdr6T5TzZFVTF+T04AUrdb7uhnK
5iDt93Qyva8Fwz7Xi+YXl72ct53nICWN3tkXq7WX+rHGfyidyMPrZrAInxE9uj1K
OEBIRIyxMU8CI/6NlzKsvfKhxfECRVkbdL708t6GIkKzTv7oyLp+Mu8ic8ZjaUn1
EP3p2gQck4S63BtbwBsQ
-----END CERTIFICATE-----
Generated at Wed Oct 8 13:57:47 2025 by rpki-client