Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/qjyhGLzSjen3GpqWTeSFco9KSwQ.roa
File: qjyhGLzSjen3GpqWTeSFco9KSwQ.roa (raw, json)
Hash identifier: kp7IkbSOmQC+WxD6X5wnwhQy2Cc5wCQoIJuVSNYbr0Y=
Subject key identifier: AA:3C:A1:18:BC:D2:8D:E9:F7:1A:9A:96:4D:E4:85:72:8F:4A:4B:04
Certificate issuer: /CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Certificate serial: 019A0664D6315A6742F5FD8C7DA8DC315F54
Authority key identifier: 38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/qjyhGLzSjen3GpqWTeSFco9KSwQ.roa
Signing time: Tue 21 Oct 2025 10:51:02 +0000
ROA not before: Tue 21 Oct 2025 10:51:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35617
IP address blocks: 5.133.96.0/22 maxlen: 24
91.214.60.0/22 maxlen: 24
185.97.120.0/22 maxlen: 24
2a06:5c0::/29 maxlen: 32
2a09:6e00::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:64:d6:31:5a:67:42:f5:fd:8c:7d:a8:dc:31:5f:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Validity
Not Before: Oct 21 10:51:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa3ca118bcd28de9f71a9a964de485728f4a4b04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:d6:54:8d:26:7d:3e:13:eb:5c:2f:36:97:ee:
cc:99:f2:ac:03:ef:32:58:0c:f3:55:2c:7d:56:37:
a3:5a:6d:97:9e:96:57:37:80:dc:05:76:d4:0d:91:
06:d0:ab:3f:48:4b:79:19:74:36:c4:3e:4b:ef:b5:
d3:17:16:07:83:24:fb:28:82:a2:a5:17:a0:60:17:
8c:43:52:dd:4a:81:bf:bc:51:a7:55:8b:ec:f0:a5:
6c:b2:e8:30:74:f8:f7:3d:8d:cb:39:bc:37:3a:d5:
7f:a5:d4:e5:7c:ad:21:2d:7e:49:26:7d:3c:c3:75:
47:ca:08:76:4d:e4:76:de:e8:ee:f8:90:8d:c5:aa:
85:a6:53:cc:7e:ad:77:d0:df:b5:c0:d0:6d:b8:f9:
0e:f7:25:b8:5a:db:e1:25:91:53:2b:38:eb:d0:f5:
0b:12:d3:0c:fb:17:eb:18:06:4e:7d:0a:5d:5d:1f:
bc:91:52:ed:0a:92:11:4d:fa:b6:96:ca:c8:2f:af:
c0:83:8a:db:4a:87:52:c2:8d:53:33:93:72:2d:59:
f4:15:a2:ce:a2:40:c7:fe:6e:d0:fc:4d:21:63:5d:
db:d5:b6:2e:97:63:c3:42:f9:72:8f:c7:61:17:d5:
aa:24:29:28:78:fe:38:37:a9:0e:5c:97:b0:ee:f4:
29:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:3C:A1:18:BC:D2:8D:E9:F7:1A:9A:96:4D:E4:85:72:8F:4A:4B:04
X509v3 Authority Key Identifier:
keyid:38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/qjyhGLzSjen3GpqWTeSFco9KSwQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.96.0/22
91.214.60.0/22
185.97.120.0/22
IPv6:
2a06:5c0::/29
2a09:6e00::/29
Signature Algorithm: sha256WithRSAEncryption
c6:e5:01:c2:95:b3:c8:3d:d9:0d:39:42:f9:e9:ab:ff:cd:a4:
ca:dc:02:91:54:de:08:95:46:fd:c7:ac:8d:fa:46:ff:ef:47:
29:ce:8c:6e:6c:9c:00:e0:1e:32:20:74:fa:ac:7b:a4:34:89:
ca:da:68:7b:02:3a:05:f7:76:80:99:60:e9:82:ca:8b:3b:85:
e7:2e:7c:d7:c8:05:f9:46:22:85:da:7d:31:cc:ed:f8:f0:ed:
de:d6:5f:14:b1:42:e3:19:43:fd:3f:fc:9a:76:7e:da:60:6b:
d2:a6:7f:f8:5e:f6:ae:38:db:d7:63:9a:79:c0:ef:69:29:03:
4b:c0:40:82:79:6a:72:90:a9:e1:46:64:f6:e8:38:25:3b:1a:
67:51:7a:36:b1:f8:ac:c8:62:80:b3:46:08:e6:de:05:1d:e3:
2f:95:51:6b:c3:d2:57:79:05:54:a7:24:10:35:b2:a2:11:77:
b0:4e:da:48:21:82:96:5d:0e:65:5f:2d:c7:45:38:b2:5e:12:
e9:c5:e6:e9:49:a4:29:32:3d:0b:83:05:7e:a4:96:c6:dc:90:
92:b9:c0:f9:e2:fc:65:a0:f0:ed:52:9c:04:33:bc:93:97:1c:
dd:13:78:8c:27:f9:3b:ba:22:bc:41:8b:67:be:77:59:e3:7d:
ce:77:0b:d6
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZoGZNYxWmdC9f2MfajcMV9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmM3OTRjNWZiYWFjNjMyYTdmZmI0M2RiMTRmNzM5Y2Q1
M2IyYzQwHhcNMjUxMDIxMTA1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTNjYTExOGJjZDI4ZGU5ZjcxYTlhOTY0ZGU0ODU3MjhmNGE0YjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtZUjSZ9PhPrXC82l+7MmfKsA+8y
WAzzVSx9VjejWm2XnpZXN4DcBXbUDZEG0Ks/SEt5GXQ2xD5L77XTFxYHgyT7KIKi
pRegYBeMQ1LdSoG/vFGnVYvs8KVssugwdPj3PY3LObw3OtV/pdTlfK0hLX5JJn08
w3VHygh2TeR23uju+JCNxaqFplPMfq130N+1wNBtuPkO9yW4WtvhJZFTKzjr0PUL
EtMM+xfrGAZOfQpdXR+8kVLtCpIRTfq2lsrIL6/Ag4rbSodSwo1TM5NyLVn0FaLO
okDH/m7Q/E0hY13b1bYul2PDQvlyj8dhF9WqJCkoeP44N6kOXJew7vQpZwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKo8oRi80o3p9xqalk3khXKPSksEMB8GA1UdIwQY
MBaAFDi8eUxfuqxjKn/7Q9sU9znNU7LEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYt
ZDk4NTM5NGUzYzEwLzEvcWp5aEdMelNqZW4zR3BxV1RlU0ZjbzlLU3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYtZDk4NTM5NGUzYzEw
LzEvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCBYVgAwQC
W9Y8AwQCuWF4MBQEAgACMA4DBQMqBgXAAwUDKgluADANBgkqhkiG9w0BAQsFAAOC
AQEAxuUBwpWzyD3ZDTlC+emr/82kytwCkVTeCJVG/cesjfpG/+9HKc6MbmycAOAe
MiB0+qx7pDSJytpoewI6Bfd2gJlg6YLKizuF5y5818gF+UYihdp9Mczt+PDt3tZf
FLFC4xlD/T/8mnZ+2mBr0qZ/+F72rjjb12OaecDvaSkDS8BAgnlqcpCp4UZk9ug4
JTsaZ1F6NrH4rMhigLNGCObeBR3jL5VRa8PSV3kFVKckEDWyohF3sE7aSCGCll0O
ZV8tx0U4sl4S6cXm6UmkKTI9C4MFfqSWxtyQkrnA+eL8ZaDw7VKcBDO8k5cc3RN4
jCf5O7oivEGLZ753WeN9zncL1g==
-----END CERTIFICATE-----
Generated at Thu Oct 23 04:19:03 2025 by rpki-client