Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/CqdVO28-QY3tq_vgWTmbw9n-j3E.roa
File: CqdVO28-QY3tq_vgWTmbw9n-j3E.roa (raw, json)
Hash identifier: 78B/evwU94ihFNcEqosU3K8F9OFuR+Wr1SaAReW7/iw=
Subject key identifier: 0A:A7:55:3B:6F:3E:41:8D:ED:AB:FB:E0:59:39:9B:C3:D9:FE:8F:71
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 0199BAA41957FD99D5B6FC158BD4A076D51A
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/CqdVO28-QY3tq_vgWTmbw9n-j3E.roa
Signing time: Mon 06 Oct 2025 17:49:00 +0000
ROA not before: Mon 06 Oct 2025 17:49:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4766
IP address blocks: 93.152.68.0/24 maxlen: 24
93.152.74.0/24 maxlen: 24
93.152.78.0/24 maxlen: 24
93.152.82.0/24 maxlen: 24
93.152.88.0/24 maxlen: 24
93.152.105.0/24 maxlen: 24
93.152.108.0/24 maxlen: 24
93.152.111.0/24 maxlen: 24
93.152.123.0/24 maxlen: 24
93.152.126.0/24 maxlen: 24
109.174.236.0/22 maxlen: 22
195.172.206.0/23 maxlen: 23
212.135.128.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ba:a4:19:57:fd:99:d5:b6:fc:15:8b:d4:a0:76:d5:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Oct 6 17:49:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0aa7553b6f3e418dedabfbe059399bc3d9fe8f71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:97:25:e1:75:ea:da:fb:9a:cf:ab:a2:95:9f:
d0:1c:d9:86:13:ee:12:6b:8e:43:30:e3:66:1a:a4:
fe:93:7a:79:86:7d:74:a1:b7:c4:2e:a2:c9:1e:b2:
0f:fc:1e:8b:8e:d3:d5:e4:0f:46:8a:7f:18:e7:19:
e7:71:68:90:42:55:bf:7c:ed:8f:af:8c:64:1a:8f:
34:a0:b8:c8:e4:f7:5b:d2:04:0e:58:13:8a:23:41:
78:85:b1:a8:42:0f:38:e5:54:94:f4:16:61:43:57:
f3:32:8d:e7:f6:e6:c9:5c:2a:50:08:7a:bc:08:7e:
98:aa:d5:d2:d0:94:8b:59:ef:95:9c:54:8a:83:ba:
1f:29:4e:ca:3e:d8:41:92:75:47:eb:c0:a4:3c:69:
ec:cc:5c:78:01:90:9d:2c:af:a6:06:69:d5:96:8a:
d7:73:c6:c5:2b:7d:c5:2f:ec:4f:e6:85:7f:ff:41:
d9:78:bf:6c:d0:26:29:c0:a4:6d:26:4c:2b:b4:df:
45:3e:7f:d2:78:8b:3e:a6:40:50:aa:d1:f9:74:b2:
8f:54:d5:77:83:21:db:4b:b9:91:0a:5d:cc:85:f5:
78:24:11:df:23:56:d5:99:9e:ef:23:1f:7e:ee:cb:
e3:9d:bd:5d:a9:3b:ef:80:4e:59:b3:44:46:ab:21:
06:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:A7:55:3B:6F:3E:41:8D:ED:AB:FB:E0:59:39:9B:C3:D9:FE:8F:71
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/CqdVO28-QY3tq_vgWTmbw9n-j3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.152.68.0/24
93.152.74.0/24
93.152.78.0/24
93.152.82.0/24
93.152.88.0/24
93.152.105.0/24
93.152.108.0/24
93.152.111.0/24
93.152.123.0/24
93.152.126.0/24
109.174.236.0/22
195.172.206.0/23
212.135.128.0/23
Signature Algorithm: sha256WithRSAEncryption
b2:48:1a:0f:1a:6a:4b:82:7d:70:a4:e3:39:f4:3b:99:33:d8:
79:43:b4:c8:0d:5d:b2:9b:2a:81:36:04:3f:15:49:02:b5:4b:
6e:9f:7b:cc:61:fc:a9:f5:dd:db:db:0e:90:54:0d:a8:05:23:
84:7c:60:e7:56:51:fe:ae:af:7d:a1:24:45:ba:70:b7:ca:da:
03:60:b4:f4:b7:2e:6f:af:c7:5a:7a:d1:37:9a:40:c2:bb:be:
8b:06:25:23:90:45:d4:fa:a9:48:77:6c:40:a0:a8:fe:d3:1e:
ca:93:2e:32:d9:4b:85:40:27:45:ab:b3:10:f8:c8:26:db:a8:
1a:c6:d6:23:0e:d5:8e:e1:11:73:4f:65:c4:bb:f6:56:56:b0:
ed:11:51:e1:f5:9d:b8:75:f4:07:d3:80:30:c6:22:38:b7:05:
37:4e:9f:ec:94:2a:d2:29:80:49:e1:b4:9a:ab:4c:b0:42:9f:
a8:44:7a:20:3a:d6:1d:0a:82:ad:58:63:fc:42:80:6a:94:56:
45:18:da:0b:32:5f:73:f1:d3:1e:7d:82:df:92:72:36:d3:da:
1e:47:61:36:0b:08:23:b0:a4:f1:26:5f:73:62:df:de:2c:3d:
cf:2a:58:c2:0f:6e:2b:45:d3:5f:ed:9b:f2:5e:5c:5a:f9:80:
71:3b:db:49
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZm6pBlX/ZnVtvwVi9SgdtUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDA2MTc0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE3NTUzYjZmM2U0MThkZWRhYmZiZTA1OTM5OWJjM2Q5ZmU4ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJcl4XXq2vuaz6uilZ/QHNmGE+4S
a45DMONmGqT+k3p5hn10obfELqLJHrIP/B6LjtPV5A9Gin8Y5xnncWiQQlW/fO2P
r4xkGo80oLjI5Pdb0gQOWBOKI0F4hbGoQg845VSU9BZhQ1fzMo3n9ubJXCpQCHq8
CH6YqtXS0JSLWe+VnFSKg7ofKU7KPthBknVH68CkPGnszFx4AZCdLK+mBmnVlorX
c8bFK33FL+xP5oV//0HZeL9s0CYpwKRtJkwrtN9FPn/SeIs+pkBQqtH5dLKPVNV3
gyHbS7mRCl3MhfV4JBHfI1bVmZ7vIx9+7svjnb1dqTvvgE5Zs0RGqyEGDwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFAqnVTtvPkGN7av74Fk5m8PZ/o9xMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvQ3FkVk8yOC1RWTN0cV92Z1dUbWJ3OW4tajNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAXZhEAwQA
XZhKAwQAXZhOAwQAXZhSAwQAXZhYAwQAXZhpAwQAXZhsAwQAXZhvAwQAXZh7AwQA
XZh+AwQCba7sAwQBw6zOAwQB1IeAMA0GCSqGSIb3DQEBCwUAA4IBAQCySBoPGmpL
gn1wpOM59DuZM9h5Q7TIDV2ymyqBNgQ/FUkCtUtun3vMYfyp9d3b2w6QVA2oBSOE
fGDnVlH+rq99oSRFunC3ytoDYLT0ty5vr8daetE3mkDCu76LBiUjkEXU+qlId2xA
oKj+0x7Kky4y2UuFQCdFq7MQ+Mgm26gaxtYjDtWO4RFzT2XEu/ZWVrDtEVHh9Z24
dfQH04AwxiI4twU3Tp/slCrSKYBJ4bSaq0ywQp+oRHogOtYdCoKtWGP8QoBqlFZF
GNoLMl9z8dMefYLfknI209oeR2E2CwgjsKTxJl9zYt/eLD3PKljCD24rRdNf7Zvy
Xlxa+YBxO9tJ
-----END CERTIFICATE-----
Generated at Sun Oct 19 16:10:29 2025 by rpki-client