Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QI7UW-Va01CoA3Xt2tVFK5w5XqA.roa
File: QI7UW-Va01CoA3Xt2tVFK5w5XqA.roa (raw, json)
Hash identifier: rbe8JttV+S/Mf8VdaRwIbhTzQiMjLMAGbgKvT8T9XwA=
Subject key identifier: 40:8E:D4:5B:E5:5A:D3:50:A8:03:75:ED:DA:D5:45:2B:9C:39:5E:A0
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01979D4E9BE97CC5062B53457AE95F872517
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QI7UW-Va01CoA3Xt2tVFK5w5XqA.roa
Signing time: Mon 23 Jun 2025 15:01:04 +0000
ROA not before: Mon 23 Jun 2025 15:01:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56755
IP address blocks: 45.148.118.0/23 maxlen: 24
93.88.205.0/24 maxlen: 24
139.28.99.0/24 maxlen: 24
193.58.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Jul 2025 12:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:9d:4e:9b:e9:7c:c5:06:2b:53:45:7a:e9:5f:87:25:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jun 23 15:01:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=408ed45be55ad350a80375eddad5452b9c395ea0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:22:63:a7:29:31:a7:6c:3c:8e:21:29:2e:c6:
c2:65:3d:7e:a8:cd:c0:ed:b3:e8:0c:15:f2:30:62:
f2:22:79:54:ef:3b:48:74:6c:cb:b0:8d:cb:27:a6:
05:ca:46:40:d5:c3:94:18:b5:ae:4c:41:4c:69:3b:
df:57:e7:42:d2:93:dd:72:a0:7f:8d:ab:93:9a:e2:
5b:07:14:e1:eb:e0:5b:cc:ae:1b:60:35:fc:ec:6e:
ef:78:66:a0:23:53:7a:dd:a7:7b:c2:26:35:f5:49:
c2:ef:96:0c:b9:bc:c2:79:f9:22:09:27:05:be:a3:
97:46:ae:f6:73:1e:6b:3d:8e:ec:74:9b:08:f5:de:
99:42:7b:ea:d9:0a:28:12:1a:cd:96:ca:df:08:74:
8c:0f:0c:73:f0:41:f5:2a:08:65:ab:c1:fa:0f:be:
bf:55:c1:26:10:96:a8:19:70:96:7b:91:65:0d:9a:
c5:c9:c7:8b:e1:4f:e8:21:e0:fb:b8:f5:55:41:67:
0b:cc:ed:1e:3c:dd:bd:04:bd:b9:5e:9e:e2:16:4e:
7e:08:89:95:21:ee:ac:70:0e:f8:e4:70:98:b4:73:
f3:87:46:2a:5d:92:23:0f:7d:6e:f8:38:32:9c:7e:
8c:fd:c1:d6:a2:3a:9b:a8:c6:21:b3:8a:85:73:42:
d7:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:8E:D4:5B:E5:5A:D3:50:A8:03:75:ED:DA:D5:45:2B:9C:39:5E:A0
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QI7UW-Va01CoA3Xt2tVFK5w5XqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.148.118.0/23
93.88.205.0/24
139.28.99.0/24
193.58.239.0/24
Signature Algorithm: sha256WithRSAEncryption
69:a0:cb:d8:91:fa:17:59:fc:48:d0:d1:49:96:2d:8d:69:b1:
e1:ce:81:a1:c5:5d:c2:2f:f7:43:e4:b8:c9:80:50:dc:f8:24:
d9:13:3a:2a:f8:92:63:69:1f:28:32:19:f4:b9:29:ff:da:12:
a9:1e:9b:07:f8:40:51:3c:a6:8f:97:db:6a:bd:39:50:ca:83:
1c:c7:fe:ed:fa:11:ad:07:7e:e4:3f:a4:cd:66:48:f8:b2:6e:
61:08:12:fc:23:aa:27:ad:8d:4b:00:e7:27:5a:44:67:09:17:
be:b9:dc:fd:0a:d5:be:d4:70:1c:ab:5b:85:4a:6b:08:dc:26:
9e:ff:0c:7f:33:06:81:bd:77:d8:b4:e7:04:3f:0b:60:3e:a2:
97:7e:cc:0a:cb:05:87:c4:67:6c:c2:33:ab:8e:2e:e7:cb:76:
b3:5c:8e:dd:8f:c7:fb:49:dc:09:b6:0e:0c:a0:29:df:46:98:
da:71:a1:2e:7d:db:95:c7:56:b5:51:6b:aa:2a:2c:80:86:ed:
11:11:ea:d4:11:f5:94:ee:c3:8e:21:fe:27:4d:29:ad:19:ac:
4a:66:f1:c5:95:9d:d5:ad:2a:f7:f6:db:27:74:c8:4b:70:9b:
d0:e4:1c:cc:b9:72:61:bb:06:6b:32:2c:e9:cd:4a:1c:5c:19:
df:57:e6:94
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZedTpvpfMUGK1NFeulfhyUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjIzMTUwMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhlZDQ1YmU1NWFkMzUwYTgwMzc1ZWRkYWQ1NDUyYjljMzk1ZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSJjpykxp2w8jiEpLsbCZT1+qM3A
7bPoDBXyMGLyInlU7ztIdGzLsI3LJ6YFykZA1cOUGLWuTEFMaTvfV+dC0pPdcqB/
jauTmuJbBxTh6+BbzK4bYDX87G7veGagI1N63ad7wiY19UnC75YMubzCefkiCScF
vqOXRq72cx5rPY7sdJsI9d6ZQnvq2QooEhrNlsrfCHSMDwxz8EH1Kghlq8H6D76/
VcEmEJaoGXCWe5FlDZrFyceL4U/oIeD7uPVVQWcLzO0ePN29BL25Xp7iFk5+CImV
Ie6scA745HCYtHPzh0YqXZIjD31u+DgynH6M/cHWojqbqMYhs4qFc0LXSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFECO1FvlWtNQqAN17drVRSucOV6gMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUUk3VVctVmEwMUNvQTNYdDJ0VkZLNXc1WHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLZR2AwQA
XVjNAwQAixxjAwQAwTrvMA0GCSqGSIb3DQEBCwUAA4IBAQBpoMvYkfoXWfxI0NFJ
li2NabHhzoGhxV3CL/dD5LjJgFDc+CTZEzoq+JJjaR8oMhn0uSn/2hKpHpsH+EBR
PKaPl9tqvTlQyoMcx/7t+hGtB37kP6TNZkj4sm5hCBL8I6onrY1LAOcnWkRnCRe+
udz9CtW+1HAcq1uFSmsI3Cae/wx/MwaBvXfYtOcEPwtgPqKXfswKywWHxGdswjOr
ji7ny3azXI7dj8f7SdwJtg4MoCnfRpjacaEufduVx1a1UWuqKiyAhu0REerUEfWU
7sOOIf4nTSmtGaxKZvHFlZ3VrSr39tsndMhLcJvQ5BzMuXJhuwZrMizpzUocXBnf
V+aU
-----END CERTIFICATE-----
Generated at Fri Jul 4 19:28:15 2025 by rpki-client