Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qIFzZMRibquZdU5qNveC0k0eQno.roa
File: qIFzZMRibquZdU5qNveC0k0eQno.roa (raw, json)
Hash identifier: 6NEI/Yy1ZA/zakwOLoTpPs7rdsuIGKYC/oWl+URuHuc=
Subject key identifier: A8:81:73:64:C4:62:6E:AB:99:75:4E:6A:36:F7:82:D2:4D:1E:42:7A
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 01979C0997577B4AEE1788F554B7F58C43AF
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qIFzZMRibquZdU5qNveC0k0eQno.roa
Signing time: Mon 23 Jun 2025 09:06:03 +0000
ROA not before: Mon 23 Jun 2025 09:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8568
IP address blocks: 195.166.160.0/22 maxlen: 24
195.166.160.0/24 maxlen: 24
195.166.163.0/24 maxlen: 24
195.166.168.0/21 maxlen: 24
195.166.176.0/21 maxlen: 24
195.166.176.0/23 maxlen: 24
195.166.176.0/24 maxlen: 24
195.166.180.0/22 maxlen: 24
195.166.184.0/21 maxlen: 24
195.166.184.0/22 maxlen: 24
195.166.188.0/24 maxlen: 24
195.166.189.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 20:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:9c:09:97:57:7b:4a:ee:17:88:f5:54:b7:f5:8c:43:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 23 09:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8817364c4626eab99754e6a36f782d24d1e427a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:96:dc:a3:16:8f:ba:3a:86:e4:5a:43:01:a4:
5f:e5:96:de:4b:94:e4:4b:0e:8c:b3:ba:f7:73:5b:
86:20:0d:08:ed:66:98:92:68:86:f9:84:59:4d:ad:
40:6f:fe:12:31:6e:39:46:ab:aa:09:8e:b9:5c:33:
aa:91:2d:2a:6c:55:67:80:09:cf:79:e2:c5:af:a8:
b4:6b:24:6f:db:86:5b:f6:0c:9b:f9:20:9e:41:00:
05:fd:1c:5b:ee:3e:f8:1b:b0:9e:98:89:89:6a:fd:
23:a2:6b:0a:80:fc:b4:23:47:74:dd:11:c1:a5:44:
e0:a3:06:99:40:c3:48:26:8a:72:4e:1a:90:fc:8c:
0d:61:8c:fc:0a:c2:46:77:42:a3:0c:a6:25:31:68:
e8:9d:e9:91:ea:0b:46:50:77:6e:c5:47:0e:76:b7:
57:4c:a9:46:0d:7a:6e:b0:ac:46:65:ef:2d:ce:e5:
4a:21:d1:b7:33:54:05:39:ec:91:ee:b1:d2:c3:ab:
7c:ae:0b:05:f2:ab:5d:c2:ae:93:68:19:ba:b4:6c:
71:10:b4:93:56:7d:47:84:04:13:06:dd:77:83:cc:
35:fa:86:c3:c6:27:b9:05:46:c2:bf:89:f5:8d:61:
d9:ee:33:c8:8f:9e:7f:2b:00:db:82:66:d9:cc:a5:
c6:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:81:73:64:C4:62:6E:AB:99:75:4E:6A:36:F7:82:D2:4D:1E:42:7A
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/qIFzZMRibquZdU5qNveC0k0eQno.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.166.160.0/22
195.166.168.0-195.166.191.255
Signature Algorithm: sha256WithRSAEncryption
46:a8:ef:50:ff:8b:0a:9b:ea:18:57:92:b3:f1:7e:88:80:b4:
e1:4a:60:b8:66:a7:ca:a0:17:bd:92:44:2d:64:85:e0:5b:74:
6b:c0:81:a9:d4:95:42:72:c1:50:5b:7a:d0:be:6d:7c:cc:4b:
50:d8:d1:14:fd:a5:02:ab:93:d9:c8:4e:e9:fa:17:02:6e:b7:
13:64:8a:e5:6b:3b:39:b5:51:07:bd:f8:9d:a9:60:27:0d:2f:
ce:3e:a3:e2:cb:45:5b:92:6b:b7:f7:1f:89:9c:21:a7:e4:43:
b0:20:ee:71:2a:52:b1:01:56:6c:c4:90:99:64:b9:df:48:69:
45:98:db:3d:c6:70:d7:6b:ec:e8:3f:87:a8:76:fc:19:ab:7f:
14:85:d0:01:b0:2f:1b:e6:11:b7:47:e1:34:87:96:fb:8a:10:
41:f1:a8:c8:05:0f:38:52:b9:b0:c1:f3:e0:0c:24:0f:0f:26:
9c:a2:90:b7:8f:46:f2:25:0b:29:82:13:ac:6d:ed:5f:c3:10:
3e:4d:fc:81:ee:e1:e4:62:0f:c0:18:70:0f:10:32:a9:51:09:
f3:b4:a7:76:47:46:b6:88:b8:d0:63:8b:39:af:b6:85:62:28:
ba:5f:be:8e:17:96:34:af:94:35:a2:3a:7e:5c:9f:8d:57:41:
8f:e7:a9:a0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZecCZdXe0ruF4j1VLf1jEOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjIzMDkwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODgxNzM2NGM0NjI2ZWFiOTk3NTRlNmEzNmY3ODJkMjRkMWU0MjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZbcoxaPujqG5FpDAaRf5ZbeS5Tk
Sw6Ms7r3c1uGIA0I7WaYkmiG+YRZTa1Ab/4SMW45RquqCY65XDOqkS0qbFVngAnP
eeLFr6i0ayRv24Zb9gyb+SCeQQAF/Rxb7j74G7CemImJav0jomsKgPy0I0d03RHB
pUTgowaZQMNIJopyThqQ/IwNYYz8CsJGd0KjDKYlMWjonemR6gtGUHduxUcOdrdX
TKlGDXpusKxGZe8tzuVKIdG3M1QFOeyR7rHSw6t8rgsF8qtdwq6TaBm6tGxxELST
Vn1HhAQTBt13g8w1+obDxie5BUbCv4n1jWHZ7jPIj55/KwDbgmbZzKXGKwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKiBc2TEYm6rmXVOajb3gtJNHkJ6MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvcUlGelpNUmlicXVaZFU1cU52ZUMwazBlUW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCw6agMAwD
BAPDpqgDBAbDpoAwDQYJKoZIhvcNAQELBQADggEBAEao71D/iwqb6hhXkrPxfoiA
tOFKYLhmp8qgF72SRC1kheBbdGvAganUlUJywVBbetC+bXzMS1DY0RT9pQKrk9nI
Tun6FwJutxNkiuVrOzm1UQe9+J2pYCcNL84+o+LLRVuSa7f3H4mcIafkQ7Ag7nEq
UrEBVmzEkJlkud9IaUWY2z3GcNdr7Og/h6h2/BmrfxSF0AGwLxvmEbdH4TSHlvuK
EEHxqMgFDzhSubDB8+AMJA8PJpyikLePRvIlCymCE6xt7V/DED5N/IHu4eRiD8AY
cA8QMqlRCfO0p3ZHRraIuNBjizmvtoViKLpfvo4XljSvlDWiOn5cn41XQY/nqaA=
-----END CERTIFICATE-----
Generated at Thu Jul 3 05:12:03 2025 by rpki-client