Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/hq-hZy5eF6T-32Mpp_MYYMTh_lo.roa
File: hq-hZy5eF6T-32Mpp_MYYMTh_lo.roa (raw, json)
Hash identifier: svp2ZTIwxVMxeppEarQFFUCvZlDSIQbyXGekSzDFCRo=
Subject key identifier: 86:AF:A1:67:2E:5E:17:A4:FE:DF:63:29:A7:F3:18:60:C4:E1:FE:5A
Certificate issuer: /CN=a77720c7dc1dc3edd1d0d47f923bcd833f06af36
Certificate serial: 01992B4062F3761C274E605667C914710BC8
Authority key identifier: A7:77:20:C7:DC:1D:C3:ED:D1:D0:D4:7F:92:3B:CD:83:3F:06:AF:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p3cgx9wdw-3R0NR_kjvNgz8GrzY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/hq-hZy5eF6T-32Mpp_MYYMTh_lo.roa
Signing time: Mon 08 Sep 2025 21:34:23 +0000
ROA not before: Mon 08 Sep 2025 21:34:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44655
IP address blocks: 91.202.124.0/22 maxlen: 22
91.202.124.0/24 maxlen: 24
91.202.125.0/24 maxlen: 24
91.202.126.0/24 maxlen: 24
91.202.127.0/24 maxlen: 24
2001:67c:740::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/p3cgx9wdw-3R0NR_kjvNgz8GrzY.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/p3cgx9wdw-3R0NR_kjvNgz8GrzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/p3cgx9wdw-3R0NR_kjvNgz8GrzY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 18:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2b:40:62:f3:76:1c:27:4e:60:56:67:c9:14:71:0b:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a77720c7dc1dc3edd1d0d47f923bcd833f06af36
Validity
Not Before: Sep 8 21:34:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86afa1672e5e17a4fedf6329a7f31860c4e1fe5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:5f:60:55:0e:2e:58:6f:72:0b:2f:19:cd:b1:
db:9a:18:ac:37:20:9d:8e:c9:cc:da:44:53:fa:85:
ea:e5:50:5c:c2:e8:28:8b:82:8c:da:36:cf:c0:bd:
a9:27:83:42:a8:d2:26:05:87:c5:7a:b6:20:be:6e:
f8:02:c3:13:e7:78:b4:e3:ac:bd:9f:ec:15:5a:3b:
8c:3e:60:25:76:f1:b5:4d:66:56:82:0e:9b:3b:43:
8d:e4:fe:93:85:51:43:e9:9b:cc:7e:89:45:56:c4:
98:f2:02:ab:11:54:8e:6b:85:fd:2b:30:c4:11:67:
56:66:78:6e:b0:8a:a8:a4:86:d6:12:31:c7:f1:2d:
77:a5:71:7a:64:19:22:fd:d4:e5:d6:8c:2a:cc:e1:
e2:d6:d5:cb:3e:31:07:d5:9f:af:61:0b:6a:13:cc:
bc:59:d6:29:01:f1:a7:d9:31:95:65:17:71:41:67:
4d:ff:f2:e9:bd:14:ee:92:e5:5a:37:35:7a:72:63:
59:ab:5f:be:e3:16:f2:dd:4a:7d:d5:4c:80:bc:0f:
f7:e1:e7:99:d6:00:22:e6:39:76:01:e7:d4:7b:97:
f3:f5:73:03:cd:ab:81:56:f2:2a:cb:1c:dc:16:94:
55:75:ad:6b:0f:f9:09:63:e3:5c:3b:d3:0b:c3:b7:
53:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:AF:A1:67:2E:5E:17:A4:FE:DF:63:29:A7:F3:18:60:C4:E1:FE:5A
X509v3 Authority Key Identifier:
keyid:A7:77:20:C7:DC:1D:C3:ED:D1:D0:D4:7F:92:3B:CD:83:3F:06:AF:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p3cgx9wdw-3R0NR_kjvNgz8GrzY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/hq-hZy5eF6T-32Mpp_MYYMTh_lo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ba7219-ad7c-48b0-9c96-17228cef0049/1/p3cgx9wdw-3R0NR_kjvNgz8GrzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.202.124.0/22
IPv6:
2001:67c:740::/48
Signature Algorithm: sha256WithRSAEncryption
9e:09:9b:92:ae:de:71:08:13:99:cc:5c:ef:b9:d4:ea:62:8e:
eb:12:f7:5b:b8:25:3f:d1:46:58:6d:de:e1:4d:33:a1:41:32:
d8:1c:e6:0e:ef:d7:99:c1:2c:1e:1a:30:47:dd:40:b8:07:44:
43:df:61:10:09:4b:8c:3b:53:bf:ea:d4:5b:fb:51:ea:e9:1d:
a9:fc:9e:24:6c:a6:ac:b3:07:63:42:7a:92:de:ff:33:ef:21:
26:77:7d:a2:f4:d6:07:42:fa:6d:30:dc:16:2c:13:38:8b:3e:
ee:61:91:3d:1b:4d:13:80:65:61:5c:b7:f7:4b:a5:e1:b8:9b:
e8:2d:91:d9:5a:24:58:c4:f9:2d:e8:9a:73:62:7e:31:4a:80:
ed:d8:ae:9f:8c:b4:c2:7c:5a:7b:4b:28:af:6e:c3:7f:77:12:
70:10:fd:e2:8e:58:5d:ed:02:90:b3:62:eb:bb:d3:43:40:ff:
01:03:59:dd:54:b1:3c:b5:fc:b6:47:ba:85:03:c3:82:a0:01:
f6:a5:f8:39:d1:0f:f6:18:f7:0a:08:a0:09:79:85:21:51:29:
61:71:3c:0b:03:4e:84:57:48:b4:9d:bb:ff:6d:a2:54:99:bd:
1b:65:14:d8:11:58:6a:e4:92:d7:59:6f:38:3f:df:31:86:3c:
de:b0:1c:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZkrQGLzdhwnTmBWZ8kUcQvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NzcyMGM3ZGMxZGMzZWRkMWQwZDQ3ZjkyM2JjZDgzM2Yw
NmFmMzYwHhcNMjUwOTA4MjEzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmFmYTE2NzJlNWUxN2E0ZmVkZjYzMjlhN2YzMTg2MGM0ZTFmZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq19gVQ4uWG9yCy8ZzbHbmhisNyCd
jsnM2kRT+oXq5VBcwugoi4KM2jbPwL2pJ4NCqNImBYfFerYgvm74AsMT53i046y9
n+wVWjuMPmAldvG1TWZWgg6bO0ON5P6ThVFD6ZvMfolFVsSY8gKrEVSOa4X9KzDE
EWdWZnhusIqopIbWEjHH8S13pXF6ZBki/dTl1owqzOHi1tXLPjEH1Z+vYQtqE8y8
WdYpAfGn2TGVZRdxQWdN//LpvRTukuVaNzV6cmNZq1++4xby3Up91UyAvA/34eeZ
1gAi5jl2AefUe5fz9XMDzauBVvIqyxzcFpRVda1rD/kJY+NcO9MLw7dTDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIavoWcuXhek/t9jKafzGGDE4f5aMB8GA1UdIwQY
MBaAFKd3IMfcHcPt0dDUf5I7zYM/Bq82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDNjZ3g5d2R3LTNSME5SX2tqdk5nejhHcnpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iYTcyMTktYWQ3Yy00OGIwLTljOTYt
MTcyMjhjZWYwMDQ5LzEvaHEtaFp5NWVGNlQtMzJNcHBfTVlZTVRoX2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iYTcyMTktYWQ3Yy00OGIwLTljOTYtMTcyMjhjZWYwMDQ5
LzEvcDNjZ3g5d2R3LTNSME5SX2tqdk5nejhHcnpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW8p8MA8E
AgACMAkDBwAgAQZ8B0AwDQYJKoZIhvcNAQELBQADggEBAJ4Jm5Ku3nEIE5nMXO+5
1OpijusS91u4JT/RRlht3uFNM6FBMtgc5g7v15nBLB4aMEfdQLgHREPfYRAJS4w7
U7/q1Fv7UerpHan8niRspqyzB2NCepLe/zPvISZ3faL01gdC+m0w3BYsEziLPu5h
kT0bTROAZWFct/dLpeG4m+gtkdlaJFjE+S3omnNifjFKgO3Yrp+MtMJ8WntLKK9u
w393EnAQ/eKOWF3tApCzYuu700NA/wEDWd1UsTy1/LZHuoUDw4KgAfal+DnRD/YY
9woIoAl5hSFRKWFxPAsDToRXSLSdu/9tolSZvRtlFNgRWGrkktdZbzg/3zGGPN6w
HF0=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:06:16 2025 by rpki-client