Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/Q4OZxztfyDSVk8gALqZq70chyas.roa
File: Q4OZxztfyDSVk8gALqZq70chyas.roa (raw, json)
Hash identifier: +wq+wwit7khNj/v3e6ja2msUgF3YYPnUELKveLLehBw=
Subject key identifier: 43:83:99:C7:3B:5F:C8:34:95:93:C8:00:2E:A6:6A:EF:47:21:C9:AB
Certificate issuer: /CN=0a178bb54933c13a30038720bb4341f9ff2bee3e
Certificate serial: 0199A4658D461AE1CCDC8F047A8EE4B59CB9
Authority key identifier: 0A:17:8B:B5:49:33:C1:3A:30:03:87:20:BB:43:41:F9:FF:2B:EE:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/Q4OZxztfyDSVk8gALqZq70chyas.roa
Signing time: Thu 02 Oct 2025 10:09:02 +0000
ROA not before: Thu 02 Oct 2025 10:09:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20917
IP address blocks: 91.232.40.0/22 maxlen: 24
185.22.196.0/22 maxlen: 24
213.163.160.0/19 maxlen: 24
2a00:e80::/32 maxlen: 32
2a04:2000::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.mft
rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a4:65:8d:46:1a:e1:cc:dc:8f:04:7a:8e:e4:b5:9c:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a178bb54933c13a30038720bb4341f9ff2bee3e
Validity
Not Before: Oct 2 10:09:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=438399c73b5fc8349593c8002ea66aef4721c9ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c3:92:6a:e2:f6:ec:c9:2b:91:76:7f:c7:03:
49:25:fe:63:50:64:ff:21:77:0e:3e:cd:10:a7:60:
ef:7b:8e:8d:94:91:03:ee:da:74:96:14:6c:82:e4:
d0:d3:5a:a2:ed:16:8d:8d:13:5a:4b:16:bd:0f:be:
fd:c7:5b:a2:7d:e1:31:2b:9a:7f:2b:9e:11:e8:e5:
a7:a6:b8:0b:2e:91:82:ca:5d:ed:44:20:c1:fd:02:
8e:8d:c4:fe:14:84:ed:f3:7a:90:97:4f:96:45:cb:
6a:fc:c8:ec:7a:17:2c:d6:46:3f:7d:03:3d:67:7d:
f6:ab:90:b7:1e:ef:ad:23:06:84:e8:39:99:5a:08:
61:c8:9a:0e:46:46:1a:dd:72:32:c7:10:1c:d7:cf:
51:4f:50:b1:34:d3:8d:08:fc:e6:b5:db:73:18:f0:
7c:66:c2:59:ff:81:33:26:48:bd:6f:53:a9:c9:ed:
d7:da:03:57:ac:c9:1c:8a:96:f3:94:52:37:1b:eb:
4a:1e:e8:50:9a:0d:dd:f2:94:29:36:bf:a5:5d:a0:
bd:75:5d:f0:2a:00:d3:fd:64:04:da:6a:38:05:c7:
9f:a1:b8:e1:36:fc:09:a4:12:00:bb:7c:2f:08:ef:
71:7c:a4:d9:b9:d5:21:43:cc:a5:01:6b:4f:1b:9d:
d6:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:83:99:C7:3B:5F:C8:34:95:93:C8:00:2E:A6:6A:EF:47:21:C9:AB
X509v3 Authority Key Identifier:
keyid:0A:17:8B:B5:49:33:C1:3A:30:03:87:20:BB:43:41:F9:FF:2B:EE:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CheLtUkzwTowA4cgu0NB-f8r7j4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/Q4OZxztfyDSVk8gALqZq70chyas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/8b9454-4ca1-462a-84e3-293c4d89c432/1/CheLtUkzwTowA4cgu0NB-f8r7j4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.232.40.0/22
185.22.196.0/22
213.163.160.0/19
IPv6:
2a00:e80::/32
2a04:2000::/29
Signature Algorithm: sha256WithRSAEncryption
70:68:e0:a5:30:5f:8c:01:a2:db:7e:b3:0b:3f:07:dd:b5:82:
d1:37:77:12:9a:54:81:a1:2a:44:53:16:14:53:b2:68:26:c8:
d1:75:b4:16:c0:e4:c9:26:68:29:0a:8a:8f:e5:4a:a9:e7:57:
55:4d:1a:d2:e4:73:7a:aa:a2:bd:b7:e2:61:a4:73:c0:0b:b7:
e1:51:f9:a7:52:cf:f6:99:98:fc:83:96:d9:ef:18:1c:45:9a:
75:13:5f:89:87:77:5d:50:82:69:b9:d2:b1:54:cb:b6:d6:05:
bc:5d:2d:fb:c2:06:55:5b:96:83:c2:7d:a1:a3:14:0b:0e:8a:
fc:1f:3d:59:37:ba:9d:3d:c1:75:24:d8:58:1e:b0:82:59:dc:
fd:e0:63:a3:81:46:08:ce:23:93:c8:d5:a1:91:c3:dd:ba:0e:
f6:d2:54:be:e1:3b:cc:df:be:2a:ef:c2:92:2d:07:3c:ca:cf:
74:46:57:2b:53:d5:86:7a:d7:6b:a9:b7:8a:ff:a0:9c:db:db:
93:84:c1:8e:06:7d:7c:3d:8a:01:4b:1b:fc:d0:35:ed:0a:3c:
83:b9:d2:bb:57:07:b4:47:9a:9a:15:21:f0:bb:3e:c3:fc:30:
57:e4:eb:33:67:52:f0:ec:89:61:c7:8e:ef:18:ff:9e:09:b1:
34:25:bc:c4
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZmkZY1GGuHM3I8Eeo7ktZy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMTc4YmI1NDkzM2MxM2EzMDAzODcyMGJiNDM0MWY5ZmYy
YmVlM2UwHhcNMjUxMDAyMTAwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzgzOTljNzNiNWZjODM0OTU5M2M4MDAyZWE2NmFlZjQ3MjFjOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMOSauL27MkrkXZ/xwNJJf5jUGT/
IXcOPs0Qp2Dve46NlJED7tp0lhRsguTQ01qi7RaNjRNaSxa9D779x1uifeExK5p/
K54R6OWnprgLLpGCyl3tRCDB/QKOjcT+FITt83qQl0+WRctq/Mjsehcs1kY/fQM9
Z332q5C3Hu+tIwaE6DmZWghhyJoORkYa3XIyxxAc189RT1CxNNONCPzmtdtzGPB8
ZsJZ/4EzJki9b1Opye3X2gNXrMkcipbzlFI3G+tKHuhQmg3d8pQpNr+lXaC9dV3w
KgDT/WQE2mo4BcefobjhNvwJpBIAu3wvCO9xfKTZudUhQ8ylAWtPG53WrwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEODmcc7X8g0lZPIAC6mau9HIcmrMB8GA1UdIwQY
MBaAFAoXi7VJM8E6MAOHILtDQfn/K+4+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2hlTHRVa3p3VG93QTRjZ3UwTkItZjhyN2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi84Yjk0NTQtNGNhMS00NjJhLTg0ZTMt
MjkzYzRkODljNDMyLzEvUTRPWnh6dGZ5RFNWazhnQUxxWnE3MGNoeWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi84Yjk0NTQtNGNhMS00NjJhLTg0ZTMtMjkzYzRkODljNDMy
LzEvQ2hlTHRVa3p3VG93QTRjZ3UwTkItZjhyN2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCW+goAwQC
uRbEAwQF1aOgMBQEAgACMA4DBQAqAA6AAwUDKgQgADANBgkqhkiG9w0BAQsFAAOC
AQEAcGjgpTBfjAGi236zCz8H3bWC0Td3EppUgaEqRFMWFFOyaCbI0XW0FsDkySZo
KQqKj+VKqedXVU0a0uRzeqqivbfiYaRzwAu34VH5p1LP9pmY/IOW2e8YHEWadRNf
iYd3XVCCabnSsVTLttYFvF0t+8IGVVuWg8J9oaMUCw6K/B89WTe6nT3BdSTYWB6w
glnc/eBjo4FGCM4jk8jVoZHD3boO9tJUvuE7zN++Ku/Cki0HPMrPdEZXK1PVhnrX
a6m3iv+gnNvbk4TBjgZ9fD2KAUsb/NA17Qo8g7nSu1cHtEeamhUh8Ls+w/wwV+Tr
M2dS8OyJYceO7xj/ngmxNCW8xA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:35:50 2025 by rpki-client