Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QKTF5v1PxEcT0z7xf94JrfxE6K4.roa
File: QKTF5v1PxEcT0z7xf94JrfxE6K4.roa (raw, json)
Hash identifier: 2nT48TrbEtM2q3dJfn39zpQYQMXRxanAUNPYajDQRMs=
Subject key identifier: 40:A4:C5:E6:FD:4F:C4:47:13:D3:3E:F1:7F:DE:09:AD:FC:44:E8:AE
Certificate issuer: /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial: 0197C61176D81FD376382886B1DD4ABB0134
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QKTF5v1PxEcT0z7xf94JrfxE6K4.roa
Signing time: Tue 01 Jul 2025 12:58:42 +0000
ROA not before: Tue 01 Jul 2025 12:58:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5511
IP address blocks: 80.12.76.0/24 maxlen: 24
80.12.79.0/24 maxlen: 24
80.12.96.0/22 maxlen: 24
80.12.96.0/23 maxlen: 24
80.12.98.0/24 maxlen: 24
81.52.128.0/21 maxlen: 24
81.52.136.0/22 maxlen: 24
81.52.140.0/23 maxlen: 24
81.52.160.0/24 maxlen: 24
81.52.166.0/23 maxlen: 24
81.52.168.0/23 maxlen: 24
81.52.176.0/20 maxlen: 24
81.52.190.0/24 maxlen: 24
81.52.201.0/24 maxlen: 24
81.52.202.0/24 maxlen: 24
81.52.236.0/22 maxlen: 24
90.84.48.0/20 maxlen: 24
90.84.128.0/20 maxlen: 24
90.84.148.0/24 maxlen: 24
90.84.151.0/24 maxlen: 24
90.84.159.0/24 maxlen: 24
90.84.255.0/24 maxlen: 24
193.251.128.0/19 maxlen: 24
193.251.148.0/23 maxlen: 23
193.251.160.0/20 maxlen: 24
193.251.169.0/24 maxlen: 24
193.251.220.0/22 maxlen: 24
193.251.240.0/20 maxlen: 24
193.252.113.0/24 maxlen: 24
193.252.226.0/24 maxlen: 24
193.253.158.0/23 maxlen: 23
2001:688::/32 maxlen: 48
2001:688:2::/48 maxlen: 48
2001:688:3::/48 maxlen: 48
2001:688:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Jul 2025 08:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c6:11:76:d8:1f:d3:76:38:28:86:b1:dd:4a:bb:01:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
Validity
Not Before: Jul 1 12:58:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40a4c5e6fd4fc44713d33ef17fde09adfc44e8ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:ad:f2:92:49:a6:4b:67:66:40:10:83:53:fa:
e8:b3:ea:d8:c6:10:03:45:33:45:99:08:14:f6:c0:
2d:5c:76:aa:51:ba:a0:05:0b:f5:10:9a:d6:5b:ea:
2b:62:60:ca:54:39:0e:eb:56:92:f8:ec:db:67:4b:
30:49:81:7e:47:ed:9b:a2:a7:49:64:55:55:1c:ad:
4f:c1:46:98:cd:af:76:f4:e0:fe:55:c1:4e:e6:56:
60:bd:f7:a8:6f:fe:27:e1:b3:d2:9b:62:6e:13:6d:
ff:c0:7e:dc:e4:d7:b5:98:0b:8c:85:7d:44:38:0f:
cd:a5:43:c6:04:93:88:56:69:a8:8d:e3:c2:36:69:
97:ea:03:56:99:7d:bc:e7:71:40:80:96:d6:39:72:
fc:ee:5d:81:df:01:02:86:08:1c:75:fb:76:72:a9:
7d:19:8d:8a:fa:1d:1a:5b:ba:78:e1:b9:26:f6:cb:
ef:1d:c7:5f:95:09:fa:9f:a0:76:00:1e:0d:a2:a6:
ba:6b:69:f5:31:32:bc:60:a7:0e:e0:c5:a9:10:29:
27:d8:26:aa:56:66:e1:b0:13:a6:a6:75:3e:93:12:
c5:50:7e:9f:70:51:07:b4:a3:64:69:ee:a8:e5:5b:
9d:84:fc:91:02:b2:e0:bb:2e:30:c6:22:0b:da:a3:
be:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A4:C5:E6:FD:4F:C4:47:13:D3:3E:F1:7F:DE:09:AD:FC:44:E8:AE
X509v3 Authority Key Identifier:
keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QKTF5v1PxEcT0z7xf94JrfxE6K4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.12.76.0/24
80.12.79.0/24
80.12.96.0/22
81.52.128.0-81.52.141.255
81.52.160.0/24
81.52.166.0-81.52.169.255
81.52.176.0/20
81.52.201.0-81.52.202.255
81.52.236.0/22
90.84.48.0/20
90.84.128.0/20
90.84.148.0/24
90.84.151.0/24
90.84.159.0/24
90.84.255.0/24
193.251.128.0-193.251.175.255
193.251.220.0/22
193.251.240.0/20
193.252.113.0/24
193.252.226.0/24
193.253.158.0/23
IPv6:
2001:688::/32
Signature Algorithm: sha256WithRSAEncryption
63:82:52:47:71:df:ec:81:53:1b:23:90:f6:34:76:43:7b:40:
dd:46:03:57:5e:8a:ba:66:3c:c7:f0:51:ae:52:a9:15:ae:b8:
dc:18:82:35:7e:54:97:30:c3:b9:9b:bf:8b:09:7e:a4:db:ae:
69:11:00:83:1d:eb:f2:3e:f8:88:b4:3c:a5:fd:10:b2:53:63:
06:18:81:36:95:92:00:b6:12:97:bb:c4:47:bb:4d:78:03:58:
a9:7b:fd:31:71:e4:ec:e8:3b:9a:f1:ca:0a:a5:fc:ff:f7:5e:
f9:e6:c0:8b:b3:1f:2c:ef:6b:fb:48:7d:12:66:67:9a:34:b0:
eb:a2:a4:b4:55:b1:6c:45:1e:66:31:9a:7c:c5:05:8a:cb:52:
bd:6e:dd:f1:72:6e:c6:2e:98:20:c1:b0:ac:66:c3:53:24:df:
ef:f3:92:f8:bf:42:f4:6a:fa:1e:85:7e:69:ea:fd:af:8e:f1:
65:a6:6e:50:e3:2b:1d:29:cf:e0:b4:89:74:83:06:4b:9c:10:
b1:30:4c:ef:2f:96:7f:bf:b8:67:10:19:1e:59:a7:06:de:24:
57:6e:23:3a:bb:0f:0f:3b:5d:31:8d:69:b7:d9:3e:d9:63:d9:
15:e4:82:1e:9a:b8:0a:6a:d5:1a:37:9c:7c:26:2d:fb:22:b8:
b9:97:a9:53
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZfGEXbYH9N2OCiGsd1KuwE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNzAxMTI1ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE0YzVlNmZkNGZjNDQ3MTNkMzNlZjE3ZmRlMDlhZGZjNDRlOGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv63ykkmmS2dmQBCDU/ros+rYxhAD
RTNFmQgU9sAtXHaqUbqgBQv1EJrWW+orYmDKVDkO61aS+OzbZ0swSYF+R+2boqdJ
ZFVVHK1PwUaYza929OD+VcFO5lZgvfeob/4n4bPSm2JuE23/wH7c5Ne1mAuMhX1E
OA/NpUPGBJOIVmmojePCNmmX6gNWmX2853FAgJbWOXL87l2B3wEChggcdft2cql9
GY2K+h0aW7p44bkm9svvHcdflQn6n6B2AB4Noqa6a2n1MTK8YKcO4MWpECkn2Caq
VmbhsBOmpnU+kxLFUH6fcFEHtKNkae6o5VudhPyRArLguy4wxiIL2qO+/wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFECkxeb9T8RHE9M+8X/eCa38ROiuMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvUUtURjV2MVB4RWNUMHo3eGY5NEpyZnhFNks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHKBggrBgEFBQcBBwEB/wSBujCBtzCBpQQCAAEwgZ4DBABQ
DEwDBABQDE8DBAJQDGAwDAMEB1E0gAMEAVE0jAMEAFE0oDAMAwQBUTSmAwQBUTSo
AwQEUTSwMAwDBABRNMkDBABRNMoDBAJRNOwDBARaVDADBARaVIADBABaVJQDBABa
VJcDBABaVJ8DBABaVP8wDAMEB8H7gAMEBMH7oAMEAsH73AMEBMH78AMEAMH8cQME
AMH84gMEAcH9njANBAIAAjAHAwUAIAEGiDANBgkqhkiG9w0BAQsFAAOCAQEAY4JS
R3Hf7IFTGyOQ9jR2Q3tA3UYDV16KumY8x/BRrlKpFa643BiCNX5UlzDDuZu/iwl+
pNuuaREAgx3r8j74iLQ8pf0QslNjBhiBNpWSALYSl7vER7tNeANYqXv9MXHk7Og7
mvHKCqX8//de+ebAi7MfLO9r+0h9EmZnmjSw66KktFWxbEUeZjGafMUFistSvW7d
8XJuxi6YIMGwrGbDUyTf7/OS+L9C9Gr6HoV+aer9r47xZaZuUOMrHSnP4LSJdIMG
S5wQsTBM7y+Wf7+4ZxAZHlmnBt4kV24jOrsPDztdMY1pt9k+2WPZFeSCHpq4CmrV
GjecfCYt+yK4uZepUw==
-----END CERTIFICATE-----
Generated at Fri Jul 4 17:40:24 2025 by rpki-client