Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qgNHjI7J7DvD0ENBXgQGHoV5y-o.roa
File: qgNHjI7J7DvD0ENBXgQGHoV5y-o.roa (raw, json)
Hash identifier: E5LLYTq2RSO9s2Jwv+feCjFzGn/olrd+o9yTqkyBHAM=
Subject key identifier: AA:03:47:8C:8E:C9:EC:3B:C3:D0:43:41:5E:04:06:1E:85:79:CB:EA
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 019918C5269170B038A9377013D0250C1F8C
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qgNHjI7J7DvD0ENBXgQGHoV5y-o.roa
Signing time: Fri 05 Sep 2025 07:26:37 +0000
ROA not before: Fri 05 Sep 2025 07:26:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6828
IP address blocks: 212.220.222.0/23 maxlen: 23
212.220.222.0/24 maxlen: 24
212.220.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 08:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:18:c5:26:91:70:b0:38:a9:37:70:13:d0:25:0c:1f:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Sep 5 07:26:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa03478c8ec9ec3bc3d043415e04061e8579cbea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:18:a5:3e:75:41:ba:a5:7b:67:bf:4a:08:26:
7d:f4:a0:eb:0a:5f:0e:5d:f7:a5:c0:37:6b:7e:41:
0d:29:ba:32:f4:54:a0:43:6e:13:e3:1d:48:58:83:
c5:9e:2d:0e:75:7b:6a:d7:5f:fb:96:8b:24:25:0d:
6b:f1:ab:d4:88:5e:48:ee:59:36:4b:4d:1a:ad:cf:
9f:41:cd:20:21:44:22:a2:9f:bb:60:b7:ef:d5:3b:
5f:9a:4a:7f:32:f4:85:3c:90:e1:d3:32:49:35:3e:
1d:a1:13:0f:89:31:25:59:6c:06:3c:6f:45:8d:f3:
97:fe:ce:72:25:ae:66:72:54:41:5f:e4:5e:15:f0:
91:86:d4:7c:49:ce:50:8f:bf:b0:e1:42:9e:e0:d3:
fd:4a:a9:76:a1:3c:71:c9:b6:e3:1c:4e:33:87:fc:
0b:24:c3:16:07:fa:0b:56:44:ec:84:5e:94:65:1b:
ce:9c:60:df:81:53:76:c0:b8:75:37:5b:e1:b1:31:
2a:10:e4:15:37:c5:98:be:bd:c1:54:8a:5d:f9:75:
5a:53:e8:26:75:e0:cb:04:4e:a7:30:61:9a:64:69:
22:b5:b6:6e:05:50:a1:9d:c9:8d:ec:99:45:bf:2c:
6e:8b:26:5c:a6:ce:0a:43:46:78:78:27:5c:2e:eb:
c1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:03:47:8C:8E:C9:EC:3B:C3:D0:43:41:5E:04:06:1E:85:79:CB:EA
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qgNHjI7J7DvD0ENBXgQGHoV5y-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.220.222.0/23
Signature Algorithm: sha256WithRSAEncryption
28:7e:55:b0:c1:b2:f4:4a:ca:67:03:ac:b8:da:d9:ed:56:2a:
3e:7a:8b:39:5f:91:9f:73:a2:1c:53:91:f4:3a:e4:aa:a2:69:
01:9c:04:91:84:e6:c8:45:dd:95:fa:ed:fe:af:bd:ab:05:49:
aa:31:d0:41:06:f5:87:6c:c0:f3:d5:36:af:cd:cb:8e:db:5e:
18:06:a0:4d:0f:60:25:e3:49:1a:d8:1b:4d:b9:62:11:83:f7:
65:49:0f:70:ce:ad:44:7a:63:4c:b8:f0:a7:be:10:04:4c:59:
d5:c9:ae:64:5b:82:50:30:01:8e:99:c8:62:26:ea:55:cc:36:
a3:48:58:d4:f1:ed:03:d1:66:4b:45:0e:56:00:07:58:60:4b:
67:31:c6:ba:77:21:2f:31:7a:7c:c8:41:23:50:22:6b:78:68:
23:fe:e9:66:46:74:ff:f2:e5:23:ae:d1:5e:36:e9:20:4d:a5:
35:7e:92:c8:fd:60:0c:ff:36:61:89:89:c9:b8:64:17:c2:9f:
8a:ac:3f:4a:e8:92:70:9f:96:36:19:2d:8c:44:b9:e3:51:19:
f9:ab:a2:bd:48:01:f3:bb:a5:37:71:6f:eb:e2:b6:4b:52:c3:
52:1d:d7:0f:fe:bb:c8:b5:f0:f2:89:51:4f:ef:4e:9f:23:29:
05:80:0f:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkYxSaRcLA4qTdwE9AlDB+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwOTA1MDcyNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTAzNDc4YzhlYzllYzNiYzNkMDQzNDE1ZTA0MDYxZTg1NzljYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBilPnVBuqV7Z79KCCZ99KDrCl8O
XfelwDdrfkENKboy9FSgQ24T4x1IWIPFni0OdXtq11/7loskJQ1r8avUiF5I7lk2
S00arc+fQc0gIUQiop+7YLfv1Ttfmkp/MvSFPJDh0zJJNT4doRMPiTElWWwGPG9F
jfOX/s5yJa5mclRBX+ReFfCRhtR8Sc5Qj7+w4UKe4NP9Sql2oTxxybbjHE4zh/wL
JMMWB/oLVkTshF6UZRvOnGDfgVN2wLh1N1vhsTEqEOQVN8WYvr3BVIpd+XVaU+gm
deDLBE6nMGGaZGkitbZuBVChncmN7JlFvyxuiyZcps4KQ0Z4eCdcLuvB9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoDR4yOyew7w9BDQV4EBh6FecvqMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvcWdOSGpJN0o3RHZEMEVOQlhnUUdIb1Y1eS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1NzeMA0G
CSqGSIb3DQEBCwUAA4IBAQAoflWwwbL0SspnA6y42tntVio+eos5X5Gfc6IcU5H0
OuSqomkBnASRhObIRd2V+u3+r72rBUmqMdBBBvWHbMDz1TavzcuO214YBqBND2Al
40ka2BtNuWIRg/dlSQ9wzq1EemNMuPCnvhAETFnVya5kW4JQMAGOmchiJupVzDaj
SFjU8e0D0WZLRQ5WAAdYYEtnMca6dyEvMXp8yEEjUCJreGgj/ulmRnT/8uUjrtFe
NukgTaU1fpLI/WAM/zZhiYnJuGQXwp+KrD9K6JJwn5Y2GS2MRLnjURn5q6K9SAHz
u6U3cW/r4rZLUsNSHdcP/rvItfDyiVFP706fIykFgA+I
-----END CERTIFICATE-----
Generated at Tue Sep 9 14:08:05 2025 by rpki-client