Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/qyP6ZOFyUvmIxsAwvIR1crurzkA.roa
File: qyP6ZOFyUvmIxsAwvIR1crurzkA.roa (raw, json)
Hash identifier: ATCZOmbWRgy8PLsqpH1t1OGoSYpKTwjDGworctuzaMU=
Subject key identifier: AB:23:FA:64:E1:72:52:F9:88:C6:C0:30:BC:84:75:72:BB:AB:CE:40
Certificate issuer: /CN=65a424cee2fdb0072b541438d913d26636a9b88b
Certificate serial: 01985BA46634397F33075F1E46E23857E88B
Authority key identifier: 65:A4:24:CE:E2:FD:B0:07:2B:54:14:38:D9:13:D2:66:36:A9:B8:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/qyP6ZOFyUvmIxsAwvIR1crurzkA.roa
Signing time: Wed 30 Jul 2025 14:02:37 +0000
ROA not before: Wed 30 Jul 2025 14:02:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198731
IP address blocks: 5.1.32.0/21 maxlen: 21
81.173.40.0/23 maxlen: 23
85.184.224.0/22 maxlen: 22
185.45.28.0/22 maxlen: 22
185.64.232.0/22 maxlen: 22
2a00:bc40::/29 maxlen: 48
2a00:bc40::/40 maxlen: 40
2a00:bc40:b00::/40 maxlen: 40
2a00:bc40:c00::/40 maxlen: 40
2a00:bc40:f01::/48 maxlen: 48
2a00:bc40:f02::/48 maxlen: 48
2a00:bc40:f03::/48 maxlen: 48
2a00:bc40:f04::/48 maxlen: 48
2a00:bc40:1000::/36 maxlen: 36
2a00:bc40:2000::/36 maxlen: 36
2a00:bc40:3000::/36 maxlen: 36
2a00:bc40:4000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 Aug 2025 23:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:5b:a4:66:34:39:7f:33:07:5f:1e:46:e2:38:57:e8:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65a424cee2fdb0072b541438d913d26636a9b88b
Validity
Not Before: Jul 30 14:02:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab23fa64e17252f988c6c030bc847572bbabce40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:20:c9:64:02:54:b8:2c:32:cc:08:fd:50:c5:
fb:6b:23:0f:53:00:83:24:16:fc:36:c9:68:a6:7a:
aa:84:81:de:d4:f8:51:ce:6e:2d:45:41:f6:ff:05:
70:73:1e:cc:2d:66:a3:2f:9e:26:2c:16:0d:c7:9d:
cb:b5:45:77:78:bd:f8:5a:15:23:b5:bb:1e:07:36:
6d:93:77:27:98:5f:2a:d1:e0:fe:9a:da:74:47:67:
32:7c:5c:95:e8:09:e7:e1:1f:d0:03:3b:12:d8:10:
6a:eb:b3:47:52:5e:ab:d8:7c:2a:8f:ca:20:5b:f5:
79:fe:de:08:48:a0:d6:d9:85:c2:72:32:c5:9c:a9:
8a:20:91:b0:a4:38:d3:8b:9c:b0:97:fc:1c:46:a4:
19:53:89:3f:da:98:0c:08:a5:e1:59:cc:28:90:b0:
96:29:c6:b0:7c:e4:eb:f3:67:06:01:61:71:53:64:
2b:43:51:aa:14:03:2a:12:af:6f:d3:87:0f:cd:a5:
d8:ca:c6:f7:aa:61:d3:a0:59:ab:01:26:8b:1e:b2:
02:b3:0c:b8:9b:22:51:9a:3f:e2:45:dd:e9:f3:58:
4b:2d:5c:2a:ac:eb:e3:d1:ff:c8:31:97:a3:d6:8e:
06:01:91:a5:91:71:cb:75:4a:46:63:87:95:0b:a2:
e9:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:23:FA:64:E1:72:52:F9:88:C6:C0:30:BC:84:75:72:BB:AB:CE:40
X509v3 Authority Key Identifier:
keyid:65:A4:24:CE:E2:FD:B0:07:2B:54:14:38:D9:13:D2:66:36:A9:B8:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/qyP6ZOFyUvmIxsAwvIR1crurzkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.32.0/21
81.173.40.0/23
85.184.224.0/22
185.45.28.0/22
185.64.232.0/22
IPv6:
2a00:bc40::/29
Signature Algorithm: sha256WithRSAEncryption
51:81:c8:3c:f0:d2:2b:a7:35:85:09:23:3f:04:99:f6:ea:e5:
f3:86:fe:a7:e4:7a:92:cc:13:2b:1a:c3:24:4a:e0:41:37:ea:
f9:c8:4f:f1:c9:6b:f0:8e:bb:21:d6:eb:aa:c2:8a:4e:5b:f9:
7a:56:2d:c7:8c:4f:9b:ce:9b:f9:4e:fa:e5:4a:76:51:62:11:
cf:27:42:e4:d8:6d:69:db:d0:a0:48:fe:8d:f5:54:89:80:7a:
31:57:ab:49:ad:45:31:36:f1:57:d6:ef:61:a1:91:5f:4c:a2:
af:2e:49:ef:60:8e:1d:b8:f1:f8:0e:d7:80:c1:0b:38:e9:11:
ee:4b:7f:40:5a:77:1a:d3:04:58:d2:9e:1b:b7:ba:47:4d:ec:
c3:cf:cc:d3:00:e9:8a:84:c2:a9:5d:df:28:e9:66:bb:23:fc:
eb:87:a3:34:d8:ac:39:12:e9:71:15:6c:43:b3:25:4a:6a:65:
b9:d8:d9:e7:86:59:63:c4:5f:41:fe:77:50:a4:bd:94:ff:d5:
c2:f8:b8:97:5c:e5:7e:df:32:b5:00:77:3c:f3:76:78:88:57:
19:0b:f6:8d:24:91:ee:90:70:1e:ef:5d:16:fa:f6:59:2e:88:
ef:96:71:d0:52:a0:81:ee:94:54:b2:35:d3:0d:d1:d3:a7:95:
f8:24:31:8b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZhbpGY0OX8zB18eRuI4V+iLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTQyNGNlZTJmZGIwMDcyYjU0MTQzOGQ5MTNkMjY2MzZh
OWI4OGIwHhcNMjUwNzMwMTQwMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjIzZmE2NGUxNzI1MmY5ODhjNmMwMzBiYzg0NzU3MmJiYWJjZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSDJZAJUuCwyzAj9UMX7ayMPUwCD
JBb8NslopnqqhIHe1PhRzm4tRUH2/wVwcx7MLWajL54mLBYNx53LtUV3eL34WhUj
tbseBzZtk3cnmF8q0eD+mtp0R2cyfFyV6Ann4R/QAzsS2BBq67NHUl6r2Hwqj8og
W/V5/t4ISKDW2YXCcjLFnKmKIJGwpDjTi5ywl/wcRqQZU4k/2pgMCKXhWcwokLCW
KcawfOTr82cGAWFxU2QrQ1GqFAMqEq9v04cPzaXYysb3qmHToFmrASaLHrICswy4
myJRmj/iRd3p81hLLVwqrOvj0f/IMZej1o4GAZGlkXHLdUpGY4eVC6LpBwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKsj+mThclL5iMbAMLyEdXK7q85AMB8GA1UdIwQY
MBaAFGWkJM7i/bAHK1QUONkT0mY2qbiLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFRa3p1TDlzQWNyVkJRNDJSUFNaamFwdUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9lYjgzN2ItM2FlNS00ZjYwLTgyOWIt
MmI4MDM4MjgzMDE3LzEvcXlQNlpPRnlVdm1JeHNBd3ZJUjFjcnVyemtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9lYjgzN2ItM2FlNS00ZjYwLTgyOWItMmI4MDM4MjgzMDE3
LzEvWmFRa3p1TDlzQWNyVkJRNDJSUFNaamFwdUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBQEgAwQB
Ua0oAwQCVbjgAwQCuS0cAwQCuUDoMA0EAgACMAcDBQMqALxAMA0GCSqGSIb3DQEB
CwUAA4IBAQBRgcg88NIrpzWFCSM/BJn26uXzhv6n5HqSzBMrGsMkSuBBN+r5yE/x
yWvwjrsh1uuqwopOW/l6Vi3HjE+bzpv5TvrlSnZRYhHPJ0Lk2G1p29CgSP6N9VSJ
gHoxV6tJrUUxNvFX1u9hoZFfTKKvLknvYI4duPH4DteAwQs46RHuS39AWnca0wRY
0p4bt7pHTezDz8zTAOmKhMKpXd8o6Wa7I/zrh6M02Kw5EulxFWxDsyVKamW52Nnn
hlljxF9B/ndQpL2U/9XC+LiXXOV+3zK1AHc883Z4iFcZC/aNJJHukHAe710W+vZZ
LojvlnHQUqCB7pRUsjXTDdHTp5X4JDGL
-----END CERTIFICATE-----
Generated at Wed Aug 6 05:13:48 2025 by rpki-client