
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa
File: Q8xFmFvAPSn77NIvkdeBwz67ukY.roa (raw, json)
Hash identifier: 6n/TW9WGi0M+VK+cZnP9o3jAKXvSHj5b/AFgad9Qy1Y=
Subject key identifier: 43:CC:45:98:5B:C0:3D:29:FB:EC:D2:2F:91:D7:81:C3:3E:BB:BA:46
Certificate issuer: /CN=a9a073b31d888e4439e272e007c9532fc305c80d
Certificate serial: 01997A7BEBB506ED1FA89F003474EF41141A
Authority key identifier: A9:A0:73:B3:1D:88:8E:44:39:E2:72:E0:07:C9:53:2F:C3:05:C8:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa
Signing time: Wed 24 Sep 2025 06:49:25 +0000
ROA not before: Wed 24 Sep 2025 06:49:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40975
IP address blocks: 195.138.214.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.crl
rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7a:7b:eb:b5:06:ed:1f:a8:9f:00:34:74:ef:41:14:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9a073b31d888e4439e272e007c9532fc305c80d
Validity
Not Before: Sep 24 06:49:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=43cc45985bc03d29fbecd22f91d781c33ebbba46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:a2:b6:fe:50:43:74:3e:b3:0a:73:c1:a6:16:
c6:98:99:73:3d:21:a2:3b:d9:91:fe:dc:01:4f:30:
98:7e:b4:e1:74:9d:04:a2:c8:e8:d0:6d:81:bc:6e:
00:c9:38:4c:a0:e2:2e:d6:88:0e:97:64:d8:ae:80:
cc:ff:8e:a9:42:1c:87:62:33:87:ef:6a:56:55:ce:
23:e8:1b:34:1e:51:72:42:8f:78:93:d8:ec:cd:b5:
e1:36:c3:0c:24:87:c3:54:73:b5:0d:05:8d:9f:a4:
db:93:99:a9:ac:d0:47:5c:8f:44:db:4d:53:e0:c1:
d1:f0:16:60:5a:53:8e:8a:74:b2:2a:a3:c9:e5:0c:
44:46:29:71:ef:43:08:10:f5:83:9d:b4:42:d2:b9:
da:c4:63:41:c1:5a:1b:dc:50:fb:08:03:6b:c3:74:
2d:89:58:5e:49:13:13:f0:7c:03:51:5d:76:76:7e:
94:e3:7f:cf:a7:e2:37:b8:75:50:87:13:e0:90:32:
26:2a:b3:e6:c0:ed:a1:ff:78:90:bd:2e:88:15:6d:
b8:39:4f:b0:55:ec:d7:a1:3c:c5:9d:2c:42:b4:d8:
b6:ef:56:82:de:84:68:9b:64:06:7f:25:56:a0:24:
62:af:4d:0a:c3:89:7d:c0:82:17:c5:d9:0f:07:ee:
08:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:CC:45:98:5B:C0:3D:29:FB:EC:D2:2F:91:D7:81:C3:3E:BB:BA:46
X509v3 Authority Key Identifier:
keyid:A9:A0:73:B3:1D:88:8E:44:39:E2:72:E0:07:C9:53:2F:C3:05:C8:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qaBzsx2IjkQ54nLgB8lTL8MFyA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/Q8xFmFvAPSn77NIvkdeBwz67ukY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ba3b2f-a289-404e-aef8-4e737e06d290/1/qaBzsx2IjkQ54nLgB8lTL8MFyA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.138.214.0/24
Signature Algorithm: sha256WithRSAEncryption
e3:46:41:01:91:2d:1a:72:e6:63:b2:2d:a3:38:cb:0d:2e:fd:
f6:70:6e:dc:4c:8a:82:b6:70:ee:28:e3:e5:ee:0b:77:e9:89:
d5:b4:0f:1c:49:4d:bf:29:ed:66:ca:6e:82:4c:a8:56:56:c3:
77:a0:ed:b1:6e:49:e4:89:15:4d:36:12:49:99:4c:5c:5d:00:
b7:16:20:d1:44:b9:98:d5:72:5f:c3:16:8d:b8:c1:7d:c9:7a:
b3:3f:4c:26:85:ab:ca:a3:33:b1:59:da:82:dc:95:38:d1:56:
5c:12:59:a1:4e:7d:fd:65:d1:08:0c:ab:12:41:d5:5f:7f:c6:
39:0c:e5:49:ea:a0:4f:15:4f:81:e4:87:da:05:45:93:bd:84:
66:7c:2b:c2:4f:55:05:45:55:fe:86:e8:b3:39:44:5d:cc:9d:
18:3e:8b:a5:88:a7:54:65:6d:ab:cc:4a:50:a7:c4:a2:5a:19:
63:d3:4b:0e:5a:59:c8:0d:4b:d3:94:d3:5d:b6:9d:70:10:5e:
66:33:3d:58:88:f3:b6:fd:d6:c7:1d:a9:a2:c1:d5:72:85:a8:
50:3b:58:6a:a3:d1:7d:90:ca:c9:f6:f0:e5:dc:52:f1:9f:90:
88:7a:0e:9f:e3:24:20:71:36:ab:a2:8b:8e:89:c4:a3:e6:57:
28:07:66:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl6e+u1Bu0fqJ8ANHTvQRQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTA3M2IzMWQ4ODhlNDQzOWUyNzJlMDA3Yzk1MzJmYzMw
NWM4MGQwHhcNMjUwOTI0MDY0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2NjNDU5ODViYzAzZDI5ZmJlY2QyMmY5MWQ3ODFjMzNlYmJiYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraK2/lBDdD6zCnPBphbGmJlzPSGi
O9mR/twBTzCYfrThdJ0Eosjo0G2BvG4AyThMoOIu1ogOl2TYroDM/46pQhyHYjOH
72pWVc4j6Bs0HlFyQo94k9jszbXhNsMMJIfDVHO1DQWNn6Tbk5mprNBHXI9E201T
4MHR8BZgWlOOinSyKqPJ5QxERilx70MIEPWDnbRC0rnaxGNBwVob3FD7CANrw3Qt
iVheSRMT8HwDUV12dn6U43/Pp+I3uHVQhxPgkDImKrPmwO2h/3iQvS6IFW24OU+w
VezXoTzFnSxCtNi271aC3oRom2QGfyVWoCRir00Kw4l9wIIXxdkPB+4IpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPMRZhbwD0p++zSL5HXgcM+u7pGMB8GA1UdIwQY
MBaAFKmgc7MdiI5EOeJy4AfJUy/DBcgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFCenN4Mklqa1E1NG5MZ0I4bFRMOE1GeUEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iYTNiMmYtYTI4OS00MDRlLWFlZjgt
NGU3MzdlMDZkMjkwLzEvUTh4Rm1GdkFQU243N05JdmtkZUJ3ejY3dWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iYTNiMmYtYTI4OS00MDRlLWFlZjgtNGU3MzdlMDZkMjkw
LzEvcWFCenN4Mklqa1E1NG5MZ0I4bFRMOE1GeUEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4rWMA0G
CSqGSIb3DQEBCwUAA4IBAQDjRkEBkS0acuZjsi2jOMsNLv32cG7cTIqCtnDuKOPl
7gt36YnVtA8cSU2/Ke1mym6CTKhWVsN3oO2xbknkiRVNNhJJmUxcXQC3FiDRRLmY
1XJfwxaNuMF9yXqzP0wmhavKozOxWdqC3JU40VZcElmhTn39ZdEIDKsSQdVff8Y5
DOVJ6qBPFU+B5IfaBUWTvYRmfCvCT1UFRVX+huizOURdzJ0YPouliKdUZW2rzEpQ
p8SiWhlj00sOWlnIDUvTlNNdtp1wEF5mMz1YiPO2/dbHHamiwdVyhahQO1hqo9F9
kMrJ9vDl3FLxn5CIeg6f4yQgcTaroouOicSj5lcoB2YT
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:24 2025 by rpki-client