Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/mqFsim5-hi0MZTcLot58PVfSTYM.roa
File: mqFsim5-hi0MZTcLot58PVfSTYM.roa (raw, json)
Hash identifier: eHkkkj65fxN14PVyu/eH+6Rea5ciEBRsLvLo2M2czPQ=
Subject key identifier: 9A:A1:6C:8A:6E:7E:86:2D:0C:65:37:0B:A2:DE:7C:3D:57:D2:4D:83
Certificate issuer: /CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
Certificate serial: 019708A0556E54887669E879DF5F1B9383D0
Authority key identifier: AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/mqFsim5-hi0MZTcLot58PVfSTYM.roa
Signing time: Sun 25 May 2025 18:06:54 +0000
ROA not before: Sun 25 May 2025 18:06:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 193.8.222.0/23 maxlen: 24
194.56.96.0/22 maxlen: 24
194.56.100.0/22 maxlen: 24
194.56.104.0/22 maxlen: 24
194.56.108.0/22 maxlen: 24
194.56.112.0/22 maxlen: 24
194.56.116.0/22 maxlen: 24
194.56.120.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl
rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.mft
rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:08:a0:55:6e:54:88:76:69:e8:79:df:5f:1b:93:83:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
Validity
Not Before: May 25 18:06:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9aa16c8a6e7e862d0c65370ba2de7c3d57d24d83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:17:a9:33:53:db:f6:8a:3e:9d:d3:cd:da:d3:
05:c4:5b:d9:98:60:8c:dd:b9:14:17:fb:70:a7:f8:
ef:b6:e8:a2:b6:00:03:bc:ca:e9:69:c8:1f:a9:df:
3c:bd:13:34:75:65:d7:8d:27:46:b6:f4:f0:e9:33:
da:3f:5e:0f:bb:c0:dd:d9:76:48:9e:3c:6d:18:e1:
9c:59:d3:0d:61:06:18:dc:55:0a:46:18:8d:2c:d4:
05:d4:ce:4a:07:c8:4d:4b:14:e4:e6:79:4b:f0:d4:
69:96:2b:5c:b7:56:02:fd:0a:f7:c4:99:b0:1a:8b:
42:e5:f0:34:b1:27:bd:39:50:c2:64:8a:01:da:46:
a0:72:c4:4b:c4:95:12:b7:fe:41:57:b8:2b:39:3c:
db:e4:99:07:1b:a0:18:1b:5c:cf:2e:98:08:74:44:
f0:1b:4b:c2:3d:42:72:b0:75:54:44:f8:65:4d:2a:
87:48:11:0b:18:bd:98:94:cf:be:42:df:a3:a5:21:
5a:f9:48:2e:3d:54:ad:85:0d:c1:91:69:45:3b:b6:
e0:69:fd:7c:4b:6b:91:83:71:71:a8:48:ae:3e:16:
40:2f:8b:fd:1d:1d:af:30:5f:1a:22:b0:50:db:13:
d4:05:87:c4:c9:1d:bb:bc:69:2a:2d:d8:f6:32:a6:
ed:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:A1:6C:8A:6E:7E:86:2D:0C:65:37:0B:A2:DE:7C:3D:57:D2:4D:83
X509v3 Authority Key Identifier:
keyid:AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/mqFsim5-hi0MZTcLot58PVfSTYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.8.222.0/23
194.56.96.0-194.56.123.255
Signature Algorithm: sha256WithRSAEncryption
61:d6:f7:cc:e4:05:71:00:7a:23:19:7b:8c:a4:4e:45:bc:5b:
77:f2:28:78:0c:7e:04:a8:b4:e8:bf:b0:76:14:82:02:05:ab:
51:7f:da:e0:b1:47:a2:6f:6e:b2:6b:0d:ad:fa:2f:a2:fa:bf:
3c:ce:71:76:3b:aa:dd:64:45:3e:6e:c3:fc:c7:0a:f6:2b:6d:
2e:7b:71:48:21:a5:67:a5:64:54:a6:f0:8a:8c:76:8d:77:56:
60:db:9e:c3:ea:1e:03:8d:20:26:be:65:9e:c9:bb:28:71:fe:
70:38:ed:a4:11:be:fa:fd:11:aa:f0:f7:54:41:fc:7b:b4:8e:
84:4e:78:9e:e7:58:d4:39:d4:83:fb:0f:49:c9:0b:b6:8d:f6:
82:c8:7f:43:a3:d4:e2:c9:d1:5a:fd:53:5e:82:60:09:f0:93:
1f:7b:79:1c:02:9c:f8:d1:66:60:97:af:18:c7:3a:01:47:8f:
75:1f:22:f7:eb:9c:20:0c:d2:4f:59:8e:76:6f:dd:08:52:66:
93:45:79:75:79:05:50:77:a6:a6:13:c5:4b:fe:23:ad:ef:59:
ad:eb:12:38:a0:02:c5:96:d5:ac:97:bb:7e:a7:44:ee:b2:5f:
25:ab:07:82:0e:2e:96:72:62:aa:eb:cb:3c:f8:b0:85:43:dc:
cf:4d:e0:c2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZcIoFVuVIh2aeh5318bk4PQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmRhOWQ1NmI0MmMyYjgxNmIxYWU2YjE4NTEyNWFiZjIx
NTkzZWYwHhcNMjUwNTI1MTgwNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWExNmM4YTZlN2U4NjJkMGM2NTM3MGJhMmRlN2MzZDU3ZDI0ZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxepM1Pb9oo+ndPN2tMFxFvZmGCM
3bkUF/twp/jvtuiitgADvMrpacgfqd88vRM0dWXXjSdGtvTw6TPaP14Pu8Dd2XZI
njxtGOGcWdMNYQYY3FUKRhiNLNQF1M5KB8hNSxTk5nlL8NRplitct1YC/Qr3xJmw
GotC5fA0sSe9OVDCZIoB2kagcsRLxJUSt/5BV7grOTzb5JkHG6AYG1zPLpgIdETw
G0vCPUJysHVURPhlTSqHSBELGL2YlM++Qt+jpSFa+UguPVSthQ3BkWlFO7bgaf18
S2uRg3FxqEiuPhZAL4v9HR2vMF8aIrBQ2xPUBYfEyR27vGkqLdj2MqbtSQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJqhbIpufoYtDGU3C6LefD1X0k2DMB8GA1UdIwQY
MBaAFK9tqdVrQsK4FrGuaxhRJavyFZPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQt
YjEwYTgzMmJjYTQzLzEvbXFGc2ltNS1oaTBNWlRjTG90NThQVmZTVFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQtYjEwYTgzMmJjYTQz
LzEvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBwQjeMAwD
BAXCOGADBALCOHgwDQYJKoZIhvcNAQELBQADggEBAGHW98zkBXEAeiMZe4ykTkW8
W3fyKHgMfgSotOi/sHYUggIFq1F/2uCxR6JvbrJrDa36L6L6vzzOcXY7qt1kRT5u
w/zHCvYrbS57cUghpWelZFSm8IqMdo13VmDbnsPqHgONICa+ZZ7Juyhx/nA47aQR
vvr9Earw91RB/Hu0joROeJ7nWNQ51IP7D0nJC7aN9oLIf0Oj1OLJ0Vr9U16CYAnw
kx97eRwCnPjRZmCXrxjHOgFHj3UfIvfrnCAM0k9ZjnZv3QhSZpNFeXV5BVB3pqYT
xUv+I63vWa3rEjigAsWW1ayXu36nRO6yXyWrB4IOLpZyYqrryzz4sIVD3M9N4MI=
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:12:33 2025 by rpki-client