Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/QBFidod6jL-O_PLphDzUTfk8gSs.roa
File: QBFidod6jL-O_PLphDzUTfk8gSs.roa (raw, json)
Hash identifier: MzCXrlb+iM3QXQEPZ+kHvIfGWId6awqeXlXphcbIxlE=
Subject key identifier: 40:11:62:76:87:7A:8C:BF:8E:FC:F2:E9:84:3C:D4:4D:F9:3C:81:2B
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 0197632DD62AA6203670353A8B69F2AFDE4A
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/QBFidod6jL-O_PLphDzUTfk8gSs.roa
Signing time: Thu 12 Jun 2025 08:07:17 +0000
ROA not before: Thu 12 Jun 2025 08:07:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59645
IP address blocks: 193.104.168.0/24 maxlen: 24
195.191.196.0/23 maxlen: 24
195.191.196.0/24 maxlen: 24
195.191.197.0/24 maxlen: 24
2a06:d1c0::/29 maxlen: 29
2a06:d1c0:a761::/48 maxlen: 48
2a06:d1c0:ac5a::/48 maxlen: 48
2a06:d1c0:deac::/48 maxlen: 48
2a06:d1c0:dead::/48 maxlen: 48
2a06:d1c0:deae::/48 maxlen: 48
2a06:d1c0:f761::/48 maxlen: 48
2a06:d1c1::/32 maxlen: 48
2a06:d1c1:a::/48 maxlen: 48
2a06:d1c1:e::/48 maxlen: 48
2a06:d1c1:23::/48 maxlen: 48
2a06:d1c1:30::/44 maxlen: 48
2a06:d1c1:30::/48 maxlen: 48
2a06:d1c1:ac5a::/48 maxlen: 48
2a06:d1c2::/36 maxlen: 48
2a06:d1c2:a000::/36 maxlen: 36
2a06:d1c2:b000::/36 maxlen: 36
2a06:d1c2:d000::/36 maxlen: 36
2a06:d1c7::/48 maxlen: 48
2a06:d1c7:a::/48 maxlen: 48
2a06:d1c7:b::/48 maxlen: 48
2a06:d1c7:d::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.mft
rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:63:2d:d6:2a:a6:20:36:70:35:3a:8b:69:f2:af:de:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Jun 12 08:07:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40116276877a8cbf8efcf2e9843cd44df93c812b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:f0:da:38:da:b9:ca:67:31:e0:73:8e:b6:1a:
7d:9c:bc:eb:75:4e:f5:66:62:1b:0a:8d:13:14:d3:
38:d4:94:0a:af:18:28:6a:b8:07:b1:20:e5:55:48:
5a:d5:b3:a2:75:06:96:33:97:e5:cb:76:6a:de:93:
67:62:49:44:f4:65:cb:7b:54:19:5b:92:c6:6b:27:
e0:40:6f:78:5f:4f:f8:bd:80:8c:df:ea:e0:78:cc:
48:a6:c6:3b:89:c6:ba:3e:eb:02:11:b1:f5:b5:94:
89:a0:5b:cb:b9:c9:91:26:90:62:22:10:6a:b0:9c:
03:8a:d4:1e:2a:39:27:a6:30:52:da:a9:e2:77:4d:
13:2a:08:d6:09:b0:0a:9b:b6:b5:91:32:72:b0:2c:
ed:11:6c:40:5a:60:b9:d3:f0:1c:cf:cc:69:ea:29:
e1:2a:dd:86:25:81:ec:7f:a6:be:d8:35:8d:b5:2c:
3e:9f:08:b7:ac:d0:e3:5d:0a:13:d3:1c:55:b2:e7:
80:41:55:7b:5c:a1:5f:6a:0e:42:5f:ac:8c:15:2e:
56:91:31:af:83:e3:50:91:23:fa:5e:23:57:bc:7f:
a7:75:83:14:c0:0a:02:70:dd:17:9a:de:ba:11:9d:
e9:33:c0:5e:29:cb:71:c9:05:4d:75:6e:7f:be:21:
1a:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:11:62:76:87:7A:8C:BF:8E:FC:F2:E9:84:3C:D4:4D:F9:3C:81:2B
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/QBFidod6jL-O_PLphDzUTfk8gSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.104.168.0/24
195.191.196.0/23
IPv6:
2a06:d1c0::/29
Signature Algorithm: sha256WithRSAEncryption
65:77:d3:4b:87:7a:05:bd:40:4c:db:08:a7:c4:70:a2:9c:78:
a5:ef:1a:fc:fd:41:17:f2:ed:5b:f2:d5:64:23:b5:f6:fd:9f:
ee:21:4f:60:62:aa:ab:17:1c:56:e9:16:31:52:08:7e:1f:b3:
22:86:98:25:1d:d6:a0:69:d0:28:47:14:5e:5b:30:27:0f:7b:
76:bb:97:fd:21:8b:fa:96:82:01:7d:28:98:4a:c9:f6:8d:1d:
20:ed:6c:b5:e0:fe:81:fb:b7:a3:7a:4f:f0:68:85:66:78:6f:
73:16:00:9d:0b:67:6f:24:10:24:d7:e9:55:8e:40:e7:93:f5:
28:ef:66:cc:04:fc:88:81:62:75:ad:81:25:b0:b3:2f:12:c0:
6d:a9:30:c1:fb:64:2d:d9:a2:1d:28:0c:68:83:84:2b:5a:a3:
22:b5:4a:75:a8:e1:0c:f0:60:3c:55:a6:d8:aa:22:e3:c2:18:
f5:1d:12:50:7b:86:5a:94:61:af:8d:0d:25:ad:d8:7c:b8:ac:
01:d9:24:1a:af:6c:29:1f:b3:e0:86:bf:03:d5:60:f5:c7:0e:
df:51:27:f3:87:6e:7d:92:14:96:7f:eb:8b:1a:d4:a9:59:2b:
b1:d9:08:95:bd:e6:4d:13:5b:a4:a9:34:10:7e:49:54:2d:d3:
27:fa:21:ec
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZdjLdYqpiA2cDU6i2nyr95KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwNjEyMDgwNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDExNjI3Njg3N2E4Y2JmOGVmY2YyZTk4NDNjZDQ0ZGY5M2M4MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/DaONq5ymcx4HOOthp9nLzrdU71
ZmIbCo0TFNM41JQKrxgoargHsSDlVUha1bOidQaWM5fly3Zq3pNnYklE9GXLe1QZ
W5LGayfgQG94X0/4vYCM3+rgeMxIpsY7ica6PusCEbH1tZSJoFvLucmRJpBiIhBq
sJwDitQeKjknpjBS2qnid00TKgjWCbAKm7a1kTJysCztEWxAWmC50/Acz8xp6inh
Kt2GJYHsf6a+2DWNtSw+nwi3rNDjXQoT0xxVsueAQVV7XKFfag5CX6yMFS5WkTGv
g+NQkSP6XiNXvH+ndYMUwAoCcN0Xmt66EZ3pM8BeKctxyQVNdW5/viEawQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEARYnaHeoy/jvzy6YQ81E35PIErMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvUUJGaWRvZDZqTC1PX1BMcGhEelVUZms4Z1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwWioAwQB
w7/EMA0EAgACMAcDBQMqBtHAMA0GCSqGSIb3DQEBCwUAA4IBAQBld9NLh3oFvUBM
2winxHCinHil7xr8/UEX8u1b8tVkI7X2/Z/uIU9gYqqrFxxW6RYxUgh+H7Mihpgl
HdagadAoRxReWzAnD3t2u5f9IYv6loIBfSiYSsn2jR0g7Wy14P6B+7ejek/waIVm
eG9zFgCdC2dvJBAk1+lVjkDnk/Uo72bMBPyIgWJ1rYElsLMvEsBtqTDB+2Qt2aId
KAxog4QrWqMitUp1qOEM8GA8VabYqiLjwhj1HRJQe4ZalGGvjQ0lrdh8uKwB2SQa
r2wpH7Pghr8D1WD1xw7fUSfzh259khSWf+uLGtSpWSux2QiVveZNE1ukqTQQfklU
LdMn+iHs
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:54:49 2025 by rpki-client