Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/qkTqrO7XelpW6Q5iX68CrdjzWos.roa
File: qkTqrO7XelpW6Q5iX68CrdjzWos.roa (raw, json)
Hash identifier: 2la/hVcZll8gvRBsY59IVSBJ7qK4GiwOVnBOoPlYkfg=
Subject key identifier: AA:44:EA:AC:EE:D7:7A:5A:56:E9:0E:62:5F:AF:02:AD:D8:F3:5A:8B
Certificate issuer: /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial: 0199522673AC67E33EB3BE42715A58956632
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/qkTqrO7XelpW6Q5iX68CrdjzWos.roa
Signing time: Tue 16 Sep 2025 10:51:15 +0000
ROA not before: Tue 16 Sep 2025 10:51:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6453
IP address blocks: 5.23.0.0/19 maxlen: 19
80.231.0.0/16 maxlen: 16
80.231.8.0/21 maxlen: 21
80.231.11.0/24 maxlen: 24
80.231.22.0/24 maxlen: 24
80.231.56.0/24 maxlen: 24
80.231.71.0/24 maxlen: 24
80.231.93.0/24 maxlen: 24
80.231.94.0/24 maxlen: 24
80.231.96.0/21 maxlen: 21
80.231.112.0/21 maxlen: 21
80.231.176.0/21 maxlen: 21
80.231.187.0/24 maxlen: 24
80.231.202.0/24 maxlen: 24
80.231.216.0/24 maxlen: 24
80.231.235.0/24 maxlen: 24
195.219.0.0/16 maxlen: 16
195.219.22.0/24 maxlen: 24
195.219.40.0/24 maxlen: 24
195.219.41.0/24 maxlen: 24
195.219.43.0/24 maxlen: 24
195.219.44.0/24 maxlen: 24
195.219.45.0/24 maxlen: 24
195.219.47.0/24 maxlen: 24
195.219.168.0/23 maxlen: 23
195.219.204.0/24 maxlen: 24
195.219.232.0/24 maxlen: 24
195.219.235.0/24 maxlen: 24
195.219.238.0/24 maxlen: 24
195.219.240.0/24 maxlen: 24
195.219.246.0/24 maxlen: 24
195.219.248.0/21 maxlen: 21
195.219.253.0/24 maxlen: 24
2a01:3e0::/29 maxlen: 29
2a01:3e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 04:02:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:26:73:ac:67:e3:3e:b3:be:42:71:5a:58:95:66:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
Validity
Not Before: Sep 16 10:51:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa44eaaceed77a5a56e90e625faf02add8f35a8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:5b:7e:9d:f5:58:47:6d:4a:0c:5c:13:9a:93:
16:df:14:5e:75:68:74:16:67:c8:3d:47:1f:38:25:
9b:ba:d2:4e:31:3e:9c:c2:62:27:43:72:19:27:a7:
47:ea:b2:0f:b9:ff:f5:93:5f:96:0a:c1:c3:73:ea:
55:a1:8f:1c:ef:23:82:85:8a:2a:00:9a:c1:81:03:
7c:f8:ad:ec:59:18:7d:32:52:c1:e2:36:d5:a0:8a:
c3:4c:5c:72:7e:1c:30:cd:a0:c8:55:fd:c5:59:f5:
a7:e4:73:e1:bb:60:ed:11:be:5f:6f:42:ba:ff:62:
30:d8:0a:67:71:02:2f:6a:d5:52:86:93:f6:ef:4b:
0d:8b:24:39:e8:d0:59:ef:3b:34:ef:d4:15:b7:f7:
29:8c:db:46:1f:9f:51:68:1b:f3:16:b9:42:d8:71:
9d:74:93:04:85:33:21:41:5a:55:48:3f:0a:f5:eb:
5d:20:22:a4:ef:75:3d:96:f0:8f:7f:b1:81:5c:6e:
7b:86:61:ab:66:3f:7b:b1:e4:1c:7e:17:5e:7c:a5:
37:44:71:f4:9b:b2:2c:4b:60:0b:ef:e4:5c:44:f9:
22:38:60:2b:1d:6b:e0:59:4f:d4:36:e9:41:6e:bc:
6e:00:9b:6d:5e:2c:96:a4:dd:d7:e1:89:fe:b9:af:
7e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:44:EA:AC:EE:D7:7A:5A:56:E9:0E:62:5F:AF:02:AD:D8:F3:5A:8B
X509v3 Authority Key Identifier:
keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/qkTqrO7XelpW6Q5iX68CrdjzWos.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.0.0/19
80.231.0.0/16
195.219.0.0/16
IPv6:
2a01:3e0::/29
Signature Algorithm: sha256WithRSAEncryption
8b:9e:90:31:ee:72:7f:47:b0:56:55:d0:a7:13:20:6b:82:22:
e5:51:9a:b0:0a:4d:9d:ce:90:5f:82:2f:51:ef:52:95:c0:6f:
d0:2e:56:66:c9:c2:4e:89:a5:73:d8:71:5a:ed:53:51:cf:33:
ac:d2:8e:ef:7e:c6:dc:63:12:21:10:33:29:1e:91:6e:54:b7:
5c:07:68:71:06:26:08:37:4c:77:4f:c0:76:6c:ed:55:38:b4:
05:ec:97:cb:4d:81:90:92:9a:5e:7d:f9:18:93:14:b2:35:99:
51:1d:cf:0e:7d:d7:28:ae:7f:eb:b2:4c:24:7a:70:16:ae:d5:
ef:b3:fc:ea:c7:fa:93:2d:fd:e8:8f:75:92:d0:00:b2:eb:a0:
7a:6c:d4:c0:9d:98:b4:91:13:c7:ce:27:f0:b2:3b:9d:61:1f:
b4:0e:f3:cc:a1:79:bc:3f:c9:fc:17:0e:b0:a8:60:3e:cb:e9:
9a:83:aa:10:e1:c5:c8:b5:d0:00:be:c3:01:a4:48:fa:75:4c:
0d:0a:e3:13:26:3a:64:00:4e:84:ed:29:a6:09:3a:72:92:74:
71:b9:00:4f:b4:ca:69:66:e3:42:4d:36:0a:9a:e5:a1:34:c9:
85:f1:06:79:5e:d7:a7:d5:68:dd:96:fc:1a:c7:09:6a:18:3b:
f7:4b:4f:bc
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZlSJnOsZ+M+s75CcVpYlWYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjUwOTE2MTA1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ0ZWFhY2VlZDc3YTVhNTZlOTBlNjI1ZmFmMDJhZGQ4ZjM1YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFt+nfVYR21KDFwTmpMW3xRedWh0
FmfIPUcfOCWbutJOMT6cwmInQ3IZJ6dH6rIPuf/1k1+WCsHDc+pVoY8c7yOChYoq
AJrBgQN8+K3sWRh9MlLB4jbVoIrDTFxyfhwwzaDIVf3FWfWn5HPhu2DtEb5fb0K6
/2Iw2ApncQIvatVShpP270sNiyQ56NBZ7zs079QVt/cpjNtGH59RaBvzFrlC2HGd
dJMEhTMhQVpVSD8K9etdICKk73U9lvCPf7GBXG57hmGrZj97seQcfhdefKU3RHH0
m7IsS2AL7+RcRPkiOGArHWvgWU/UNulBbrxuAJttXiyWpN3X4Yn+ua9+gQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKpE6qzu13paVukOYl+vAq3Y81qLMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvcWtUcXJPN1hlbHBXNlE1aVg2OENyZGp6V29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAWBAIAATAQAwQFBRcAAwMA
UOcDAwDD2zANBAIAAjAHAwUDKgED4DANBgkqhkiG9w0BAQsFAAOCAQEAi56QMe5y
f0ewVlXQpxMga4Ii5VGasApNnc6QX4IvUe9SlcBv0C5WZsnCTomlc9hxWu1TUc8z
rNKO737G3GMSIRAzKR6RblS3XAdocQYmCDdMd0/AdmztVTi0BeyXy02BkJKaXn35
GJMUsjWZUR3PDn3XKK5/67JMJHpwFq7V77P86sf6ky396I91ktAAsuugemzUwJ2Y
tJETx84n8LI7nWEftA7zzKF5vD/J/BcOsKhgPsvpmoOqEOHFyLXQAL7DAaRI+nVM
DQrjEyY6ZABOhO0ppgk6cpJ0cbkAT7TKaWbjQk02CprloTTJhfEGeV7Xp9Vo3Zb8
GscJahg790tPvA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:20:27 2025 by rpki-client