Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qnICZYiLbrGPlJAYqEcKvQ2CjqQ.roa
File: qnICZYiLbrGPlJAYqEcKvQ2CjqQ.roa (raw, json)
Hash identifier: HnPlRq2/eM18ZCRGQnjr87vL3s3tKW/ZrixlOUg/qKk=
Subject key identifier: AA:72:02:65:88:8B:6E:B1:8F:94:90:18:A8:47:0A:BD:0D:82:8E:A4
Certificate issuer: /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial: 01997207953A647B070F64E00A310EC5B9C5
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qnICZYiLbrGPlJAYqEcKvQ2CjqQ.roa
Signing time: Mon 22 Sep 2025 15:25:23 +0000
ROA not before: Mon 22 Sep 2025 15:25:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215242
IP address blocks: 185.7.241.0/24 maxlen: 24
185.7.242.0/24 maxlen: 24
185.7.243.0/24 maxlen: 24
2a14:db80:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 14:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:72:07:95:3a:64:7b:07:0f:64:e0:0a:31:0e:c5:b9:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
Validity
Not Before: Sep 22 15:25:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa720265888b6eb18f949018a8470abd0d828ea4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:c0:b6:54:97:8d:f5:7e:00:4b:7f:c8:76:76:
2d:60:2c:f3:7f:97:db:94:c0:91:68:7e:78:5c:00:
f1:00:f5:8e:15:b2:67:19:b9:ee:b1:05:e8:3a:f1:
9c:65:6c:c0:47:20:61:32:13:a7:92:7c:65:24:ad:
90:e7:92:e3:24:18:89:77:df:a7:e8:d4:b0:54:2e:
71:fe:65:b6:f6:f9:cf:87:ef:6d:cc:76:47:f2:5d:
e0:a3:f8:fc:b6:3e:c3:29:9d:c1:01:99:81:5f:24:
e7:a1:e8:09:d2:9b:83:b9:87:2c:b6:9b:9f:18:98:
b8:34:95:29:f7:61:b3:56:35:58:d5:6f:25:45:26:
65:c1:be:82:2b:19:8a:2a:4b:4c:32:b8:79:12:c4:
cd:ea:91:76:f4:ef:71:e3:c3:10:72:cf:8b:2f:7c:
64:4b:22:7c:c5:e3:35:49:cb:35:e4:3c:83:08:09:
5a:ac:8c:a0:b6:fc:de:2f:45:a6:ab:d9:8b:58:d9:
88:42:14:cd:c3:72:11:ed:3e:99:0e:d0:01:a9:1b:
48:af:d1:79:e3:63:56:a2:e8:bf:47:6a:85:8c:e6:
f5:c7:af:66:b4:16:13:3e:61:db:48:f8:9c:26:ab:
88:80:e4:a2:aa:a8:ee:7e:86:cd:d3:71:f7:6d:89:
b5:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:72:02:65:88:8B:6E:B1:8F:94:90:18:A8:47:0A:BD:0D:82:8E:A4
X509v3 Authority Key Identifier:
keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/qnICZYiLbrGPlJAYqEcKvQ2CjqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.7.241.0-185.7.243.255
IPv6:
2a14:db80:5::/48
Signature Algorithm: sha256WithRSAEncryption
af:de:9c:4f:3d:b9:92:59:1e:4d:fc:b1:a9:00:d9:92:be:2d:
61:19:4e:7e:c0:35:39:bf:85:ab:aa:a8:cb:87:21:78:6d:d6:
0f:a4:f5:e0:2c:b5:d8:53:79:ee:ef:cc:d5:67:12:0d:7b:b4:
60:32:9e:f7:8d:39:9e:54:69:a3:13:89:88:42:48:2d:51:be:
8f:2e:89:8a:eb:a9:f7:14:97:9b:de:10:54:59:21:2a:ca:75:
db:bf:df:3e:2e:18:91:75:36:78:62:65:71:31:ac:54:e5:5f:
f3:72:b8:61:e4:d4:09:0f:cb:43:0c:79:1e:fc:8b:2b:65:1c:
9c:06:c1:78:1d:12:71:e5:70:88:65:60:23:df:e3:02:5c:d7:
63:8b:38:90:20:aa:2a:d9:64:8a:a8:51:c9:db:32:c7:17:6a:
73:81:05:2f:f0:a7:9d:ad:a1:c3:bb:b7:5f:08:83:cc:93:6f:
61:ea:12:42:b4:8f:78:25:73:5f:66:38:1a:a3:91:78:8c:17:
b1:9d:59:d5:94:ac:ba:b9:3f:c1:d8:d7:06:93:b5:c6:a7:ff:
6a:1c:18:25:27:f0:14:47:c8:b5:58:58:6b:59:46:98:67:58:
39:42:5f:6c:f6:d2:6b:18:24:c3:27:f9:a1:3f:f6:f2:9b:97:
b7:41:ed:47
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZlyB5U6ZHsHD2TgCjEOxbnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwOTIyMTUyNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTcyMDI2NTg4OGI2ZWIxOGY5NDkwMThhODQ3MGFiZDBkODI4ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusC2VJeN9X4AS3/IdnYtYCzzf5fb
lMCRaH54XADxAPWOFbJnGbnusQXoOvGcZWzARyBhMhOnknxlJK2Q55LjJBiJd9+n
6NSwVC5x/mW29vnPh+9tzHZH8l3go/j8tj7DKZ3BAZmBXyTnoegJ0puDuYcstpuf
GJi4NJUp92GzVjVY1W8lRSZlwb6CKxmKKktMMrh5EsTN6pF29O9x48MQcs+LL3xk
SyJ8xeM1Scs15DyDCAlarIygtvzeL0Wmq9mLWNmIQhTNw3IR7T6ZDtABqRtIr9F5
42NWoui/R2qFjOb1x69mtBYTPmHbSPicJquIgOSiqqjufobN03H3bYm1hQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKpyAmWIi26xj5SQGKhHCr0Ngo6kMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvcW5JQ1pZaUxickdQbEpBWXFFY0t2UTJDanFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAC5B/ED
BAK5B/AwDwQCAAIwCQMHACoU24AABTANBgkqhkiG9w0BAQsFAAOCAQEAr96cTz25
klkeTfyxqQDZkr4tYRlOfsA1Ob+Fq6qoy4cheG3WD6T14Cy12FN57u/M1WcSDXu0
YDKe9405nlRpoxOJiEJILVG+jy6Jiuup9xSXm94QVFkhKsp127/fPi4YkXU2eGJl
cTGsVOVf83K4YeTUCQ/LQwx5HvyLK2UcnAbBeB0SceVwiGVgI9/jAlzXY4s4kCCq
KtlkiqhRydsyxxdqc4EFL/Cnna2hw7u3XwiDzJNvYeoSQrSPeCVzX2Y4GqOReIwX
sZ1Z1ZSsurk/wdjXBpO1xqf/ahwYJSfwFEfItVhYa1lGmGdYOUJfbPbSaxgkwyf5
oT/28puXt0HtRw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:46:40 2025 by rpki-client