Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/uQeNUYIWjnGmqaUBkySNvZayst0.roa
File: uQeNUYIWjnGmqaUBkySNvZayst0.roa (raw, json)
Hash identifier: D1PD2kgYkN2WlebqGG+7PVvzlHuHBwXlCjpZXbIItxY=
Subject key identifier: B9:07:8D:51:82:16:8E:71:A6:A9:A5:01:93:24:8D:BD:96:B2:B2:DD
Certificate issuer: /CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
Certificate serial: 01977840201FAAE8CE6297343931AD7F4313
Authority key identifier: 41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/uQeNUYIWjnGmqaUBkySNvZayst0.roa
Signing time: Mon 16 Jun 2025 10:19:17 +0000
ROA not before: Mon 16 Jun 2025 10:19:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62359
IP address blocks: 37.58.30.0/23 maxlen: 24
91.242.173.0/24 maxlen: 24
2001:67c:6d8::/48 maxlen: 48
2a14:30c0::/32 maxlen: 48
2a14:30c1::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl
rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 08:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:40:20:1f:aa:e8:ce:62:97:34:39:31:ad:7f:43:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
Validity
Not Before: Jun 16 10:19:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b9078d5182168e71a6a9a50193248dbd96b2b2dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:51:4b:48:39:33:94:b8:7f:2c:64:98:2a:0e:
46:ca:4b:2a:60:3b:4d:bf:ac:ca:70:1b:cd:f8:70:
d0:b7:00:a7:e8:81:3b:82:8d:7e:88:fe:c3:59:65:
7d:c8:66:a1:62:cc:f9:88:fd:61:a7:48:58:24:af:
9e:1c:f4:19:85:7a:29:1f:5e:20:98:ac:b1:72:78:
9e:18:ee:7f:a6:4b:e9:e5:58:51:fe:08:5a:5c:20:
14:10:e2:1d:dc:b4:a9:72:40:21:9f:c8:8e:c6:09:
2f:f6:f9:7e:c4:8e:75:fe:12:53:07:0b:55:16:50:
01:49:df:ee:56:ce:86:b8:39:2a:21:d9:70:03:10:
83:8d:43:71:19:b4:2b:c3:4e:34:1b:19:0c:a9:60:
6d:d1:07:13:a4:db:d1:cb:13:99:79:c5:d3:d8:ec:
de:6e:42:15:65:22:7a:8e:31:d5:2b:c0:7f:dd:74:
85:01:1d:0e:6a:51:6d:45:76:ef:47:21:d9:df:aa:
72:76:a5:f8:72:fa:a6:80:ec:97:42:ce:a7:a7:17:
2a:e3:b8:bb:da:27:8b:da:93:09:8e:6d:55:a5:28:
a6:ac:8c:87:6b:9e:04:40:07:1b:96:53:d4:8e:bf:
04:7f:ee:ec:0c:e3:b1:f5:57:c2:ee:81:a4:c9:4b:
f9:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:07:8D:51:82:16:8E:71:A6:A9:A5:01:93:24:8D:BD:96:B2:B2:DD
X509v3 Authority Key Identifier:
keyid:41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/uQeNUYIWjnGmqaUBkySNvZayst0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.58.30.0/23
91.242.173.0/24
IPv6:
2001:67c:6d8::/48
2a14:30c0::/31
Signature Algorithm: sha256WithRSAEncryption
1f:b2:5c:34:48:de:9f:88:3c:2d:2f:a4:b0:35:0d:99:8f:81:
0b:d5:5c:a8:7e:df:50:63:89:31:45:0b:a5:af:7f:80:c2:3a:
ff:99:d0:43:aa:d9:d7:32:6b:3b:ec:fa:24:57:28:93:d9:da:
db:28:5e:32:ce:22:a0:a9:30:2e:ad:99:d8:cd:af:9c:23:2a:
02:04:df:28:a4:2d:c9:85:50:67:6d:79:18:61:5b:04:f4:83:
32:b0:9e:8f:eb:85:69:80:03:36:70:16:60:5b:fa:41:db:f4:
9e:23:be:07:6b:b9:21:73:a3:5b:83:19:dd:79:2c:94:59:55:
46:2c:3c:77:4f:d8:f7:5a:00:ea:bf:d2:e9:5e:99:bd:97:7a:
2f:c2:a4:84:d4:81:eb:d2:6b:72:27:48:de:08:37:95:c8:7e:
77:3b:42:5e:29:d0:b3:48:9e:08:c0:86:25:e4:e5:20:0a:9e:
f0:7a:59:38:90:76:8b:8f:5d:42:09:36:14:10:0f:a6:fe:de:
c8:ed:87:ab:ca:2a:aa:e4:bb:0b:f0:d5:21:cd:88:93:f9:0c:
8d:58:c6:2e:4e:ed:57:95:be:b7:42:b8:a2:b9:38:be:bf:d2:
86:17:61:0b:67:10:72:72:8d:1b:49:69:37:28:1b:10:d9:c7:
76:12:93:2b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZd4QCAfqujOYpc0OTGtf0MTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZGQxY2U0ZWViOTJmZjUzYjYzMzg5MmZkNDU3YjAxMWUx
MTcxZjEwHhcNMjUwNjE2MTAxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTA3OGQ1MTgyMTY4ZTcxYTZhOWE1MDE5MzI0OGRiZDk2YjJiMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lFLSDkzlLh/LGSYKg5GyksqYDtN
v6zKcBvN+HDQtwCn6IE7go1+iP7DWWV9yGahYsz5iP1hp0hYJK+eHPQZhXopH14g
mKyxcnieGO5/pkvp5VhR/ghaXCAUEOId3LSpckAhn8iOxgkv9vl+xI51/hJTBwtV
FlABSd/uVs6GuDkqIdlwAxCDjUNxGbQrw040GxkMqWBt0QcTpNvRyxOZecXT2Oze
bkIVZSJ6jjHVK8B/3XSFAR0OalFtRXbvRyHZ36pydqX4cvqmgOyXQs6npxcq47i7
2ieL2pMJjm1VpSimrIyHa54EQAcbllPUjr8Ef+7sDOOx9VfC7oGkyUv5owIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLkHjVGCFo5xpqmlAZMkjb2WsrLdMB8GA1UdIwQY
MBaAFEHdHOTuuS/1O2M4kv1FewEeEXHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMt
ODg1MjFhZDk5YzdlLzEvdVFlTlVZSVdqbkdtcWFVQmt5U052WmF5c3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMtODg1MjFhZDk5Yzdl
LzEvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQBJToeAwQA
W/KtMBYEAgACMBADBwAgAQZ8BtgDBQEqFDDAMA0GCSqGSIb3DQEBCwUAA4IBAQAf
slw0SN6fiDwtL6SwNQ2Zj4EL1Vyoft9QY4kxRQulr3+Awjr/mdBDqtnXMms77Pok
VyiT2drbKF4yziKgqTAurZnYza+cIyoCBN8opC3JhVBnbXkYYVsE9IMysJ6P64Vp
gAM2cBZgW/pB2/SeI74Ha7khc6NbgxndeSyUWVVGLDx3T9j3WgDqv9LpXpm9l3ov
wqSE1IHr0mtyJ0jeCDeVyH53O0JeKdCzSJ4IwIYl5OUgCp7welk4kHaLj11CCTYU
EA+m/t7I7Yeryiqq5LsL8NUhzYiT+QyNWMYuTu1Xlb63QriiuTi+v9KGF2ELZxBy
co0bSWk3KBsQ2cd2EpMr
-----END CERTIFICATE-----
Generated at Tue Jul 1 15:01:56 2025 by rpki-client