Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QWx1xOK0awW_LJrNTr9v52IOagA.roa
File: QWx1xOK0awW_LJrNTr9v52IOagA.roa (raw, json)
Hash identifier: QnthGSe6eJY0HRNxNIJ5MC5no9EL0aJAnRwmFNspHlA=
Subject key identifier: 41:6C:75:C4:E2:B4:6B:05:BF:2C:9A:CD:4E:BF:6F:E7:62:0E:6A:00
Certificate issuer: /CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
Certificate serial: 0196C40B809DC03E4267C63666A594CD3864
Authority key identifier: 42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QWx1xOK0awW_LJrNTr9v52IOagA.roa
Signing time: Mon 12 May 2025 10:30:10 +0000
ROA not before: Mon 12 May 2025 10:30:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5400
IP address blocks: 2a00:2000::/23 maxlen: 23
2a00:2200::/25 maxlen: 25
2a00:2200::/40 maxlen: 40
2a00:2200:200::/40 maxlen: 40
2a00:2200:300::/40 maxlen: 40
2a00:2200:900::/40 maxlen: 40
2a00:2200:b00::/40 maxlen: 40
2a00:2200:d00::/40 maxlen: 40
2a00:2280::/25 maxlen: 25
2a00:2300::/25 maxlen: 25
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.crl
rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.mft
rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 10:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c4:0b:80:9d:c0:3e:42:67:c6:36:66:a5:94:cd:38:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42f1a24c80fdca329644573ae6d61c9f2e374ed8
Validity
Not Before: May 12 10:30:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=416c75c4e2b46b05bf2c9acd4ebf6fe7620e6a00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:63:f5:69:d6:db:1c:b3:38:c4:56:32:05:7f:
90:7e:09:f7:1b:cf:e2:c6:cf:79:15:9b:c9:dc:59:
7b:76:3e:0f:33:24:e5:f6:06:25:89:9e:67:a4:68:
6c:f9:da:ee:9a:69:61:08:af:ec:a9:3c:a6:87:62:
0a:94:88:22:bf:5a:94:dc:44:ec:82:3f:6d:0f:d5:
9b:8a:bc:21:b0:97:44:fd:50:19:f9:d3:5a:87:c2:
0e:08:bb:be:0c:04:ba:ef:cf:b8:da:09:93:c0:7b:
8f:83:e5:04:52:41:af:9e:f1:87:f2:77:ae:a9:69:
f2:e9:ec:3f:90:c9:23:82:c2:4e:4d:38:3d:62:1f:
d2:c6:9a:2f:13:93:0c:ce:56:27:86:7c:3f:0d:18:
a6:ca:c0:47:21:1a:f8:3e:f6:c4:7d:e4:08:f5:13:
f7:2d:24:51:c1:04:f9:17:f4:f7:8b:ee:b6:17:95:
11:26:17:99:6b:bf:e6:88:ed:a8:ca:47:e3:89:35:
ca:3d:10:53:db:ed:17:19:43:62:de:05:87:51:19:
2e:a6:61:97:b1:8d:09:61:d3:e9:94:84:14:ef:86:
d8:0f:ce:95:9d:48:0e:6f:0c:17:a7:f5:4b:39:1d:
59:83:fb:db:0f:f9:e7:05:32:5f:6f:20:fa:46:cb:
3b:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:6C:75:C4:E2:B4:6B:05:BF:2C:9A:CD:4E:BF:6F:E7:62:0E:6A:00
X509v3 Authority Key Identifier:
keyid:42:F1:A2:4C:80:FD:CA:32:96:44:57:3A:E6:D6:1C:9F:2E:37:4E:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvGiTID9yjKWRFc65tYcny43Ttg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QWx1xOK0awW_LJrNTr9v52IOagA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fed92a-2120-4326-a0c9-7168ae0b8278/1/QvGiTID9yjKWRFc65tYcny43Ttg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a00:2000::-2a00:237f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
e1:7c:65:20:a3:a8:c5:ad:e4:eb:5c:32:19:2e:9d:58:8e:e3:
20:d3:92:86:a1:96:c8:44:79:ce:12:e3:56:b6:1d:4e:fa:a0:
ce:90:f3:5f:8f:d2:6c:a4:74:92:95:c3:95:3a:1d:8b:19:93:
6e:27:c8:1b:17:01:16:03:a4:0f:c5:d1:2e:2f:da:b2:0b:8b:
cb:50:be:22:19:7b:50:95:2f:b2:1d:1f:5d:36:0a:62:92:3f:
4d:b7:47:f0:6c:7e:20:10:f6:25:b4:49:6c:ea:82:a1:68:b1:
b3:07:19:ec:3f:05:6f:9a:2d:5c:c7:9d:bb:38:e0:ce:14:56:
1d:48:43:22:c7:f6:ab:30:ff:d0:3c:9c:64:92:1f:23:1a:b9:
98:58:14:db:a5:0f:33:b0:24:3d:07:02:2e:37:b9:33:77:d1:
36:e7:23:7e:f3:da:b6:1c:c0:b0:bf:e3:6a:95:fc:29:72:06:
44:7a:0d:4e:06:30:b3:a4:8b:1a:d7:62:a8:7d:82:0e:2f:42:
ca:47:50:32:53:92:62:79:4d:43:a8:b3:a2:ec:35:0a:da:3c:
7b:86:7c:15:60:a5:13:85:29:e7:3c:72:96:b9:74:8e:c7:23:
c3:87:3a:a3:32:5b:7c:cb:b9:d8:fc:24:ee:ca:e0:15:c2:0c:
da:29:cc:eb
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZbEC4CdwD5CZ8Y2ZqWUzThkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjFhMjRjODBmZGNhMzI5NjQ0NTczYWU2ZDYxYzlmMmUz
NzRlZDgwHhcNMjUwNTEyMTAzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTZjNzVjNGUyYjQ2YjA1YmYyYzlhY2Q0ZWJmNmZlNzYyMGU2YTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumP1adbbHLM4xFYyBX+Qfgn3G8/i
xs95FZvJ3Fl7dj4PMyTl9gYliZ5npGhs+drummlhCK/sqTymh2IKlIgiv1qU3ETs
gj9tD9WbirwhsJdE/VAZ+dNah8IOCLu+DAS678+42gmTwHuPg+UEUkGvnvGH8neu
qWny6ew/kMkjgsJOTTg9Yh/SxpovE5MMzlYnhnw/DRimysBHIRr4PvbEfeQI9RP3
LSRRwQT5F/T3i+62F5URJheZa7/miO2oykfjiTXKPRBT2+0XGUNi3gWHURkupmGX
sY0JYdPplIQU74bYD86VnUgObwwXp/VLOR1Zg/vbD/nnBTJfbyD6Rss7yQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFEFsdcTitGsFvyyazU6/b+diDmoAMB8GA1UdIwQY
MBaAFELxokyA/coylkRXOubWHJ8uN07YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzkt
NzE2OGFlMGI4Mjc4LzEvUVd4MXhPSzBhd1dfTEpyTlRyOXY1MklPYWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mZWQ5MmEtMjEyMC00MzI2LWEwYzktNzE2OGFlMGI4Mjc4
LzEvUXZHaVRJRDl5aktXUkZjNjV0WWNueTQzVHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPMA0DBAUqACAD
BQcqACMAMA0GCSqGSIb3DQEBCwUAA4IBAQDhfGUgo6jFreTrXDIZLp1YjuMg05KG
oZbIRHnOEuNWth1O+qDOkPNfj9JspHSSlcOVOh2LGZNuJ8gbFwEWA6QPxdEuL9qy
C4vLUL4iGXtQlS+yHR9dNgpikj9Nt0fwbH4gEPYltEls6oKhaLGzBxnsPwVvmi1c
x527OODOFFYdSEMix/arMP/QPJxkkh8jGrmYWBTbpQ8zsCQ9BwIuN7kzd9E25yN+
89q2HMCwv+NqlfwpcgZEeg1OBjCzpIsa12KofYIOL0LKR1AyU5JieU1DqLOi7DUK
2jx7hnwVYKUThSnnPHKWuXSOxyPDhzqjMlt8y7nY/CTuyuAVwgzaKczr
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:06:22 2025 by rpki-client