Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/QZoLuFkftySTBFXm0IVGsdEjWSc.roa
File: QZoLuFkftySTBFXm0IVGsdEjWSc.roa (raw, json)
Hash identifier: OleeaSAA+3wpsX1eMFtI7iInTKkVtH+3kKO3RFIPMMo=
Subject key identifier: 41:9A:0B:B8:59:1F:B7:24:93:04:55:E6:D0:85:46:B1:D1:23:59:27
Certificate issuer: /CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Certificate serial: 0195A7AA49142C2EC8C53F46B475EBE1F83E
Authority key identifier: 70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/QZoLuFkftySTBFXm0IVGsdEjWSc.roa
Signing time: Tue 18 Mar 2025 05:11:49 +0000
ROA not before: Tue 18 Mar 2025 05:11:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31721
IP address blocks: 5.191.0.0/20 maxlen: 20
5.191.16.0/20 maxlen: 20
5.191.32.0/20 maxlen: 20
5.191.33.0/24 maxlen: 24
5.191.34.0/24 maxlen: 24
5.191.48.0/20 maxlen: 20
5.191.64.0/20 maxlen: 20
5.191.80.0/20 maxlen: 20
5.191.90.0/24 maxlen: 24
5.191.96.0/20 maxlen: 20
5.191.100.0/24 maxlen: 24
5.191.101.0/24 maxlen: 24
5.191.102.0/24 maxlen: 24
5.191.103.0/24 maxlen: 24
5.191.104.0/24 maxlen: 24
5.191.105.0/24 maxlen: 24
5.191.106.0/24 maxlen: 24
5.191.107.0/24 maxlen: 24
5.191.108.0/24 maxlen: 24
5.191.109.0/24 maxlen: 24
5.191.110.0/24 maxlen: 24
5.191.111.0/24 maxlen: 24
5.191.112.0/20 maxlen: 20
5.191.112.0/24 maxlen: 24
5.191.113.0/24 maxlen: 24
5.191.114.0/24 maxlen: 24
5.191.115.0/24 maxlen: 24
5.191.116.0/24 maxlen: 24
5.191.117.0/24 maxlen: 24
5.191.118.0/24 maxlen: 24
5.191.119.0/24 maxlen: 24
5.191.120.0/24 maxlen: 24
5.191.121.0/24 maxlen: 24
5.191.122.0/24 maxlen: 24
5.191.123.0/24 maxlen: 24
5.191.124.0/24 maxlen: 24
5.191.125.0/24 maxlen: 24
5.191.126.0/24 maxlen: 24
5.191.127.0/24 maxlen: 24
5.191.128.0/20 maxlen: 20
5.191.128.0/24 maxlen: 24
5.191.129.0/24 maxlen: 24
5.191.130.0/24 maxlen: 24
5.191.131.0/24 maxlen: 24
5.191.132.0/24 maxlen: 24
5.191.133.0/24 maxlen: 24
5.191.134.0/24 maxlen: 24
5.191.135.0/24 maxlen: 24
5.191.136.0/24 maxlen: 24
5.191.137.0/24 maxlen: 24
5.191.138.0/24 maxlen: 24
5.191.139.0/24 maxlen: 24
5.191.140.0/24 maxlen: 24
5.191.141.0/24 maxlen: 24
5.191.142.0/24 maxlen: 24
5.191.144.0/20 maxlen: 20
5.191.160.0/20 maxlen: 20
5.191.176.0/20 maxlen: 20
5.191.191.0/24 maxlen: 24
5.191.192.0/20 maxlen: 20
5.191.208.0/20 maxlen: 20
5.191.224.0/20 maxlen: 20
217.168.176.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.mft
rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 13:25:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a7:aa:49:14:2c:2e:c8:c5:3f:46:b4:75:eb:e1:f8:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Validity
Not Before: Mar 18 05:11:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=419a0bb8591fb724930455e6d08546b1d1235927
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:71:00:29:28:a8:c1:ed:f9:3c:c9:ed:c3:7a:
e8:fc:0b:78:d9:d4:0b:7b:34:1f:f7:e8:ff:d8:c2:
2d:60:85:87:09:37:0f:cf:f6:d3:8f:a6:63:fe:78:
69:6b:ef:73:48:ca:a0:b3:c6:6c:18:e8:a9:fb:6d:
90:d3:43:24:0d:42:4d:ad:93:f0:5c:ef:b0:5b:5e:
b7:21:37:3f:5a:a2:eb:8c:66:d1:99:35:4e:ba:46:
5c:a4:39:51:07:33:4f:7b:cd:c0:1f:29:d3:b5:d6:
0c:e6:d0:3c:45:c3:93:ec:a7:bf:82:30:45:6b:16:
f2:a1:ae:97:ef:11:0b:fe:46:84:d0:1d:f4:7d:c3:
2f:9d:07:ab:f4:95:d6:22:90:cf:38:8b:b3:f8:d5:
ef:90:e4:d1:0e:2d:69:da:a3:37:7b:f2:cc:13:cb:
24:54:c4:c0:20:f0:d4:fe:64:66:16:8d:7a:22:e2:
27:7f:26:98:88:ec:cb:b1:a4:ab:0d:19:63:52:fd:
65:54:01:08:d8:f6:4e:a2:98:85:30:91:a7:30:58:
06:a3:14:98:fa:02:6b:b0:f0:b0:35:62:a8:54:cd:
f9:59:dc:5b:d4:bd:a9:ad:31:9b:ab:c7:96:1e:97:
de:47:39:b9:ab:b0:43:9a:8b:ae:02:c4:6c:2a:37:
2f:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:9A:0B:B8:59:1F:B7:24:93:04:55:E6:D0:85:46:B1:D1:23:59:27
X509v3 Authority Key Identifier:
keyid:70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/QZoLuFkftySTBFXm0IVGsdEjWSc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.191.0.0-5.191.239.255
217.168.176.0/20
Signature Algorithm: sha256WithRSAEncryption
92:a6:5b:ee:f0:0d:4f:52:a7:f9:d9:11:f8:ed:d0:73:ca:97:
b8:91:6f:dc:05:ae:4b:31:50:d3:f6:ff:0e:04:21:b0:19:2c:
ff:ce:58:47:a1:b4:49:03:0d:57:ac:f6:a9:de:ae:1c:2a:d1:
81:8a:74:fc:d6:0a:f6:f0:69:ee:57:3e:e3:74:70:82:06:ef:
1a:df:4a:a9:e5:5d:93:8c:9d:fe:67:aa:5e:ea:18:33:aa:d0:
4f:b1:78:2a:50:f8:c3:95:63:4c:37:59:28:87:80:3d:7c:c5:
80:87:2d:dc:47:67:86:22:a3:d4:a2:4b:ef:bc:e5:c5:60:2c:
2e:2b:81:35:ba:31:f5:2d:df:18:78:31:cc:e0:b5:c3:65:cd:
a1:24:03:e2:86:29:d6:0e:1c:26:1e:21:81:13:e0:a5:5d:50:
46:bf:69:61:73:9c:ad:06:d0:3b:5b:78:3c:63:a3:1d:a2:c2:
e8:4c:2b:53:ce:ed:bf:0c:a9:0e:7c:f7:5d:ef:28:94:bd:78:
83:b6:24:de:bb:ff:31:3f:ea:8d:f0:97:e0:2c:84:56:89:73:
b9:41:31:52:10:46:10:a6:6c:2d:19:81:44:d8:8a:90:4b:e1:
10:27:7e:26:88:82:18:64:92:21:97:61:4b:21:b9:d1:a0:3a:
0d:f3:02:07
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZWnqkkULC7IxT9GtHXr4fg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjhlYzljY2Q2ZDg2MWY1ZjFhZmRhZDAwNDZmMzNjOTEw
M2JhMDYwHhcNMjUwMzE4MDUxMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTlhMGJiODU5MWZiNzI0OTMwNDU1ZTZkMDg1NDZiMWQxMjM1OTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXEAKSiowe35PMntw3ro/At42dQL
ezQf9+j/2MItYIWHCTcPz/bTj6Zj/nhpa+9zSMqgs8ZsGOip+22Q00MkDUJNrZPw
XO+wW163ITc/WqLrjGbRmTVOukZcpDlRBzNPe83AHynTtdYM5tA8RcOT7Ke/gjBF
axbyoa6X7xEL/kaE0B30fcMvnQer9JXWIpDPOIuz+NXvkOTRDi1p2qM3e/LME8sk
VMTAIPDU/mRmFo16IuInfyaYiOzLsaSrDRljUv1lVAEI2PZOopiFMJGnMFgGoxSY
+gJrsPCwNWKoVM35Wdxb1L2prTGbq8eWHpfeRzm5q7BDmouuAsRsKjcvWwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFEGaC7hZH7ckkwRV5tCFRrHRI1knMB8GA1UdIwQY
MBaAFHAo7JzNbYYfXxr9rQBG8zyRA7oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAt
Y2NkZDA2NTYzYTVmLzEvUVpvTHVGa2Z0eVNUQkZYbTBJVkdzZEVqV1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAtY2NkZDA2NTYzYTVm
LzEvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwAFvwME
BAW/4AMEBNmosDANBgkqhkiG9w0BAQsFAAOCAQEAkqZb7vANT1Kn+dkR+O3Qc8qX
uJFv3AWuSzFQ0/b/DgQhsBks/85YR6G0SQMNV6z2qd6uHCrRgYp0/NYK9vBp7lc+
43RwggbvGt9KqeVdk4yd/meqXuoYM6rQT7F4KlD4w5VjTDdZKIeAPXzFgIct3Edn
hiKj1KJL77zlxWAsLiuBNbox9S3fGHgxzOC1w2XNoSQD4oYp1g4cJh4hgRPgpV1Q
Rr9pYXOcrQbQO1t4PGOjHaLC6EwrU87tvwypDnz3Xe8olL14g7Yk3rv/MT/qjfCX
4CyEVolzuUExUhBGEKZsLRmBRNiKkEvhECd+JoiCGGSSIZdhSyG50aA6DfMCBw==
-----END CERTIFICATE-----
Generated at Mon Jun 16 15:52:19 2025 by rpki-client