Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/qJ1oXPy2zR5AWITHnFOnI8zbBtI.roa
File: qJ1oXPy2zR5AWITHnFOnI8zbBtI.roa (raw, json)
Hash identifier: 2JhWie1vdrZ9TGWL5IWneU9ysYNZV//iN2iGhnspRb0=
Subject key identifier: A8:9D:68:5C:FC:B6:CD:1E:40:58:84:C7:9C:53:A7:23:CC:DB:06:D2
Certificate issuer: /CN=32157d6b8c12c05b41bc41241d0615040af241e1
Certificate serial: 0196C54BF015D7B55D74B49C18D830960D06
Authority key identifier: 32:15:7D:6B:8C:12:C0:5B:41:BC:41:24:1D:06:15:04:0A:F2:41:E1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MhV9a4wSwFtBvEEkHQYVBAryQeE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/qJ1oXPy2zR5AWITHnFOnI8zbBtI.roa
Signing time: Mon 12 May 2025 16:20:10 +0000
ROA not before: Mon 12 May 2025 16:20:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2376
IP address blocks: 86.232.0.0/16 maxlen: 16
90.72.0.0/16 maxlen: 16
90.97.0.0/17 maxlen: 17
2a01:dfff::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/MhV9a4wSwFtBvEEkHQYVBAryQeE.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/MhV9a4wSwFtBvEEkHQYVBAryQeE.mft
rsync://rpki.ripe.net/repository/DEFAULT/MhV9a4wSwFtBvEEkHQYVBAryQeE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 16:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c5:4b:f0:15:d7:b5:5d:74:b4:9c:18:d8:30:96:0d:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32157d6b8c12c05b41bc41241d0615040af241e1
Validity
Not Before: May 12 16:20:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a89d685cfcb6cd1e405884c79c53a723ccdb06d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:e7:92:05:57:48:e9:b2:f2:4c:61:86:66:72:
b2:1f:11:23:e2:70:25:79:55:4b:eb:d0:20:8a:fc:
9c:e0:9f:bf:2a:c8:1e:0a:e4:a9:fb:1f:0e:42:a5:
47:92:d0:d9:fc:87:ad:ce:50:2c:b0:b6:8c:d4:15:
2b:6e:9c:77:7e:38:ba:8f:c9:da:e1:20:5a:4f:cc:
0a:8c:82:89:9d:6e:f6:0f:70:63:6f:ff:89:a9:6b:
25:26:91:46:78:6c:5b:b2:c2:2b:46:7b:3e:a8:ab:
b9:64:f7:15:e5:04:de:b8:7d:12:65:c9:2b:1c:27:
a3:27:45:e6:3c:01:9b:4b:17:08:70:0d:3e:18:89:
c7:63:a0:38:ca:f0:ae:9d:9c:58:71:0d:66:71:9c:
d6:72:db:e0:24:d5:70:71:04:dc:2f:58:da:54:df:
d9:13:ed:41:af:93:8e:65:84:4b:d6:ee:50:ae:bb:
56:89:92:07:0e:d7:81:e1:4f:e5:d6:90:97:de:fc:
66:86:2b:02:e3:54:94:c3:a9:3b:cd:9c:23:0f:d6:
f2:d1:a3:cc:49:a9:27:1a:b2:2f:6f:aa:59:3f:d2:
ab:6a:eb:a2:84:27:01:76:54:50:a2:cf:78:b7:ca:
8b:6d:9e:85:80:af:13:c3:03:0a:8d:2a:34:3e:fd:
4c:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:9D:68:5C:FC:B6:CD:1E:40:58:84:C7:9C:53:A7:23:CC:DB:06:D2
X509v3 Authority Key Identifier:
keyid:32:15:7D:6B:8C:12:C0:5B:41:BC:41:24:1D:06:15:04:0A:F2:41:E1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MhV9a4wSwFtBvEEkHQYVBAryQeE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/qJ1oXPy2zR5AWITHnFOnI8zbBtI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/416a80-dc56-4514-8bc0-27f9c823edea/1/MhV9a4wSwFtBvEEkHQYVBAryQeE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.232.0.0/16
90.72.0.0/16
90.97.0.0/17
IPv6:
2a01:dfff::/32
Signature Algorithm: sha256WithRSAEncryption
95:2f:96:ce:ca:71:f2:e3:aa:19:48:70:99:e1:2d:95:c9:28:
66:c6:f4:d3:a2:98:6f:07:ea:d7:7a:38:5c:a6:b5:74:a2:c8:
3b:66:83:97:3d:16:54:02:be:ef:c4:3c:07:1c:35:b4:f4:a7:
9f:25:5c:e9:2d:a6:23:cc:af:ca:f2:28:06:90:a7:ab:ea:30:
4a:83:44:53:2a:21:35:a4:61:f3:e3:d4:27:a0:87:5d:4b:88:
a0:8a:a0:3a:43:8b:54:3a:37:46:d3:f8:c2:0e:b5:0d:68:25:
f8:ee:f6:18:d1:16:0d:da:d1:89:64:c6:b6:10:14:5d:bb:a7:
24:dc:8f:b9:ce:67:e4:14:1c:1f:c3:47:c2:48:6d:75:d9:49:
8d:c7:9a:1e:b6:98:70:dc:e1:5e:3a:4a:be:9f:01:41:a9:a2:
b1:d4:1b:54:2b:f7:e0:80:5e:21:c0:dd:55:24:6b:6a:d4:99:
87:b6:0c:04:95:14:c1:e0:f7:05:56:b9:97:c7:22:51:4a:e9:
93:a6:ad:d7:0b:27:05:4e:86:de:30:3a:d8:52:4b:42:6e:34:
c7:3f:5f:ce:d0:de:3c:60:f6:00:b6:b8:f7:73:da:fb:2f:44:
0e:a4:9d:6d:c5:6a:e8:c7:e3:8e:38:3c:d9:73:89:75:04:bf:
9c:30:a8:a2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZbFS/AV17VddLScGNgwlg0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMTU3ZDZiOGMxMmMwNWI0MWJjNDEyNDFkMDYxNTA0MGFm
MjQxZTEwHhcNMjUwNTEyMTYyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODlkNjg1Y2ZjYjZjZDFlNDA1ODg0Yzc5YzUzYTcyM2NjZGIwNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+eSBVdI6bLyTGGGZnKyHxEj4nAl
eVVL69Agivyc4J+/KsgeCuSp+x8OQqVHktDZ/IetzlAssLaM1BUrbpx3fji6j8na
4SBaT8wKjIKJnW72D3Bjb/+JqWslJpFGeGxbssIrRns+qKu5ZPcV5QTeuH0SZckr
HCejJ0XmPAGbSxcIcA0+GInHY6A4yvCunZxYcQ1mcZzWctvgJNVwcQTcL1jaVN/Z
E+1Br5OOZYRL1u5QrrtWiZIHDteB4U/l1pCX3vxmhisC41SUw6k7zZwjD9by0aPM
SaknGrIvb6pZP9KrauuihCcBdlRQos94t8qLbZ6FgK8TwwMKjSo0Pv1M2QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKidaFz8ts0eQFiEx5xTpyPM2wbSMB8GA1UdIwQY
MBaAFDIVfWuMEsBbQbxBJB0GFQQK8kHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWhWOWE0d1N3RnRCdkVFa0hRWVZCQXJ5UWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80MTZhODAtZGM1Ni00NTE0LThiYzAt
MjdmOWM4MjNlZGVhLzEvcUoxb1hQeTJ6UjVBV0lUSG5GT25JOHpiQnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80MTZhODAtZGM1Ni00NTE0LThiYzAtMjdmOWM4MjNlZGVh
LzEvTWhWOWE0d1N3RnRCdkVFa0hRWVZCQXJ5UWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAWBAIAATAQAwMAVugDAwBa
SAMEB1phADANBAIAAjAHAwUAKgHf/zANBgkqhkiG9w0BAQsFAAOCAQEAlS+Wzspx
8uOqGUhwmeEtlckoZsb006KYbwfq13o4XKa1dKLIO2aDlz0WVAK+78Q8Bxw1tPSn
nyVc6S2mI8yvyvIoBpCnq+owSoNEUyohNaRh8+PUJ6CHXUuIoIqgOkOLVDo3RtP4
wg61DWgl+O72GNEWDdrRiWTGthAUXbunJNyPuc5n5BQcH8NHwkhtddlJjceaHraY
cNzhXjpKvp8BQamisdQbVCv34IBeIcDdVSRratSZh7YMBJUUweD3BVa5l8ciUUrp
k6at1wsnBU6G3jA62FJLQm40xz9fztDePGD2ALa493Pa+y9EDqSdbcVq6Mfjjjg8
2XOJdQS/nDCoog==
-----END CERTIFICATE-----
Generated at Sun Jun 8 23:25:19 2025 by rpki-client