Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/qfuhRedqUPpNTA86T-6bb6nkpoU.roa
File: qfuhRedqUPpNTA86T-6bb6nkpoU.roa (raw, json)
Hash identifier: n2+GEGHXXGKkmerP/9dENHzgRYY7IxvI5R7IJ6va0DM=
Subject key identifier: A9:FB:A1:45:E7:6A:50:FA:4D:4C:0F:3A:4F:EE:9B:6F:A9:E4:A6:85
Certificate issuer: /CN=7d346ace4e652870f1687450d5c34e14cb0094b5
Certificate serial: 01997FBDB759C41A5CC47F4EE80A9D7F7955
Authority key identifier: 7D:34:6A:CE:4E:65:28:70:F1:68:74:50:D5:C3:4E:14:CB:00:94:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/qfuhRedqUPpNTA86T-6bb6nkpoU.roa
Signing time: Thu 25 Sep 2025 07:19:23 +0000
ROA not before: Thu 25 Sep 2025 07:19:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29256
IP address blocks: 37.48.128.0/18 maxlen: 18
37.48.192.0/19 maxlen: 19
46.58.128.0/20 maxlen: 20
46.58.144.0/20 maxlen: 20
46.58.160.0/20 maxlen: 20
46.58.176.0/20 maxlen: 20
46.58.192.0/20 maxlen: 20
46.58.208.0/20 maxlen: 20
46.58.224.0/20 maxlen: 20
46.58.240.0/20 maxlen: 20
130.0.240.0/20 maxlen: 20
130.180.128.0/20 maxlen: 20
130.180.144.0/20 maxlen: 20
130.180.160.0/20 maxlen: 20
130.180.176.0/20 maxlen: 20
178.171.128.0/20 maxlen: 20
178.171.144.0/20 maxlen: 20
178.171.160.0/20 maxlen: 20
178.171.176.0/20 maxlen: 20
178.171.192.0/20 maxlen: 20
178.171.208.0/20 maxlen: 20
178.171.224.0/20 maxlen: 20
178.171.240.0/20 maxlen: 20
188.160.0.0/17 maxlen: 17
188.160.128.0/20 maxlen: 20
188.160.144.0/20 maxlen: 20
188.160.160.0/20 maxlen: 20
188.160.176.0/20 maxlen: 20
188.160.192.0/20 maxlen: 20
188.160.208.0/20 maxlen: 20
188.160.224.0/20 maxlen: 20
188.160.240.0/20 maxlen: 20
188.229.128.0/20 maxlen: 20
188.229.144.0/20 maxlen: 20
188.229.160.0/20 maxlen: 20
188.229.176.0/20 maxlen: 20
188.229.192.0/20 maxlen: 20
188.229.208.0/20 maxlen: 20
188.229.224.0/20 maxlen: 20
188.229.240.0/20 maxlen: 20
2a00:1ee8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7f:bd:b7:59:c4:1a:5c:c4:7f:4e:e8:0a:9d:7f:79:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d346ace4e652870f1687450d5c34e14cb0094b5
Validity
Not Before: Sep 25 07:19:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a9fba145e76a50fa4d4c0f3a4fee9b6fa9e4a685
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:54:41:77:17:ef:35:8b:27:f6:79:0e:ba:fc:
24:fc:7e:9f:9e:c9:99:8b:67:58:28:a5:d8:5b:45:
a1:0d:89:87:44:a1:cb:77:49:63:7d:b9:32:b4:c3:
5b:04:ed:60:7b:19:01:a0:9b:28:82:10:02:73:92:
9a:42:b2:83:c2:7d:8f:6f:c6:5e:36:74:77:4c:18:
ea:49:7d:68:f3:dd:51:0a:e8:e8:c7:93:b6:b4:8c:
b5:16:1b:d8:5c:e2:92:bf:b8:1f:27:b6:e1:9f:c2:
63:cc:ab:2d:10:5c:bf:68:8a:f3:e1:5f:2b:94:69:
3c:5a:ac:ea:be:b3:72:fa:7c:c4:45:46:74:b4:25:
17:11:5e:01:9e:a8:c3:c7:dc:4d:b9:3b:16:bc:9e:
29:ac:0d:6c:dc:34:58:db:16:d7:4b:4f:b7:8c:bd:
ba:3f:a6:56:49:97:7b:57:7f:e2:a9:17:09:8f:2c:
4d:06:dd:a6:ac:7e:56:3a:cb:b3:ba:51:92:dc:33:
2b:aa:ec:71:f5:45:25:1b:2a:2e:1a:91:32:96:ac:
e8:98:52:90:15:03:f1:7a:53:c2:d6:28:08:3b:7c:
7a:de:a6:cb:10:95:5b:0b:7b:2a:b3:b3:59:6b:df:
5f:43:e5:a1:c3:29:17:dd:80:6f:6e:7a:e2:9e:c6:
83:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:FB:A1:45:E7:6A:50:FA:4D:4C:0F:3A:4F:EE:9B:6F:A9:E4:A6:85
X509v3 Authority Key Identifier:
keyid:7D:34:6A:CE:4E:65:28:70:F1:68:74:50:D5:C3:4E:14:CB:00:94:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/qfuhRedqUPpNTA86T-6bb6nkpoU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c676d7-fbfe-4ae6-be51-327acc1b1e59/1/fTRqzk5lKHDxaHRQ1cNOFMsAlLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.48.128.0-37.48.223.255
46.58.128.0/17
130.0.240.0/20
130.180.128.0/18
178.171.128.0/17
188.160.0.0/16
188.229.128.0/17
IPv6:
2a00:1ee8::/32
Signature Algorithm: sha256WithRSAEncryption
97:ee:d3:12:a1:81:10:c1:0a:54:4d:3d:e9:ce:f4:70:6a:38:
06:57:0c:f1:f2:c4:de:81:2e:63:45:c4:f8:f4:bf:6c:b1:bb:
38:97:69:61:91:ac:a1:2b:c3:48:12:a0:cb:bc:2e:48:8f:d0:
93:6e:b2:2c:a4:e1:e0:56:30:dd:ba:1b:68:08:7f:82:5e:fe:
f6:94:c0:4d:29:da:68:4f:2c:5a:ac:10:ad:36:67:cd:14:41:
27:7a:22:8f:f7:60:bc:e6:c9:e3:1b:ce:35:6b:be:fb:7e:5e:
05:82:50:b5:e7:d3:9e:9a:0e:f0:09:ef:6d:61:51:7e:e6:7f:
a6:48:af:31:87:41:18:f0:83:85:f1:94:d1:f4:64:d1:33:04:
47:db:3b:9d:e3:ef:a2:65:36:07:c9:27:4a:88:5f:67:95:ac:
ee:0e:6e:d5:79:61:24:ee:50:d2:49:ca:6e:f6:a8:53:22:7f:
30:83:37:ed:e1:79:be:1e:c5:2c:1f:80:28:9f:29:82:a1:32:
1e:db:a9:c9:9b:2a:3f:a2:36:bd:ae:7f:d6:16:1e:e1:10:a2:
37:50:86:27:53:74:f9:b8:21:59:87:94:af:b5:02:c7:fe:2d:
c4:7f:f4:e2:8c:3d:1e:e2:04:46:28:39:ea:22:bc:68:36:60:
c9:fd:27:3b
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZl/vbdZxBpcxH9O6Aqdf3lVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMzQ2YWNlNGU2NTI4NzBmMTY4NzQ1MGQ1YzM0ZTE0Y2Iw
MDk0YjUwHhcNMjUwOTI1MDcxOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZiYTE0NWU3NmE1MGZhNGQ0YzBmM2E0ZmVlOWI2ZmE5ZTRhNjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVRBdxfvNYsn9nkOuvwk/H6fnsmZ
i2dYKKXYW0WhDYmHRKHLd0ljfbkytMNbBO1gexkBoJsoghACc5KaQrKDwn2Pb8Ze
NnR3TBjqSX1o891RCujox5O2tIy1FhvYXOKSv7gfJ7bhn8JjzKstEFy/aIrz4V8r
lGk8WqzqvrNy+nzERUZ0tCUXEV4BnqjDx9xNuTsWvJ4prA1s3DRY2xbXS0+3jL26
P6ZWSZd7V3/iqRcJjyxNBt2mrH5WOsuzulGS3DMrquxx9UUlGyouGpEylqzomFKQ
FQPxelPC1igIO3x63qbLEJVbC3sqs7NZa99fQ+WhwykX3YBvbnrinsaDYQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKn7oUXnalD6TUwPOk/um2+p5KaFMB8GA1UdIwQY
MBaAFH00as5OZShw8Wh0UNXDThTLAJS1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRScXprNWxLSER4YUhSUTFjTk9GTXNBbExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jNjc2ZDctZmJmZS00YWU2LWJlNTEt
MzI3YWNjMWIxZTU5LzEvcWZ1aFJlZHFVUHBOVEE4NlQtNmJiNm5rcG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jNjc2ZDctZmJmZS00YWU2LWJlNTEtMzI3YWNjMWIxZTU5
LzEvZlRScXprNWxLSER4YUhSUTFjTk9GTXNBbExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxMAwDBAclMIAD
BAUlMMADBAcuOoADBASCAPADBAaCtIADBAeyq4ADAwC8oAMEB7zlgDANBAIAAjAH
AwUAKgAe6DANBgkqhkiG9w0BAQsFAAOCAQEAl+7TEqGBEMEKVE096c70cGo4BlcM
8fLE3oEuY0XE+PS/bLG7OJdpYZGsoSvDSBKgy7wuSI/Qk26yLKTh4FYw3bobaAh/
gl7+9pTATSnaaE8sWqwQrTZnzRRBJ3oij/dgvObJ4xvONWu++35eBYJQtefTnpoO
8AnvbWFRfuZ/pkivMYdBGPCDhfGU0fRk0TMER9s7nePvomU2B8knSohfZ5Ws7g5u
1XlhJO5Q0knKbvaoUyJ/MIM37eF5vh7FLB+AKJ8pgqEyHtupyZsqP6I2va5/1hYe
4RCiN1CGJ1N0+bghWYeUr7UCx/4txH/04ow9HuIERig56iK8aDZgyf0nOw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:36:27 2025 by rpki-client