Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/QhDIucdaurzB981UlzUcbtxwNzE.roa
File: QhDIucdaurzB981UlzUcbtxwNzE.roa (raw, json)
Hash identifier: BUchHh6VdFVM1QmFpuGjLRWleSUnkZRGfBW9OnL4YS8=
Subject key identifier: 42:10:C8:B9:C7:5A:BA:BC:C1:F7:CD:54:97:35:1C:6E:DC:70:37:31
Certificate issuer: /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial: 01984CE35A61242119B2D2DB090ECE3D868C
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/QhDIucdaurzB981UlzUcbtxwNzE.roa
Signing time: Sun 27 Jul 2025 17:17:04 +0000
ROA not before: Sun 27 Jul 2025 17:17:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 212.116.228.0/22 maxlen: 24
212.116.229.0/24 maxlen: 24
212.116.236.0/24 maxlen: 24
212.116.238.0/23 maxlen: 24
212.116.244.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 20:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:4c:e3:5a:61:24:21:19:b2:d2:db:09:0e:ce:3d:86:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Validity
Not Before: Jul 27 17:17:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4210c8b9c75ababcc1f7cd5497351c6edc703731
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:56:51:5c:89:7f:4e:30:f0:1a:90:f5:28:98:
9d:72:bc:28:07:e9:ca:19:0e:76:fc:71:95:a6:d9:
58:c0:d4:ed:47:a8:05:d5:72:de:af:6a:ba:98:22:
53:60:91:f9:61:36:33:87:12:44:13:2c:4c:8a:7d:
a7:4d:dc:84:f3:1a:62:e8:2b:7b:79:47:f3:d8:67:
3d:b3:d7:25:d0:fb:d2:0d:49:37:b0:d9:6d:fa:84:
76:e3:76:16:93:0f:a2:2d:06:35:77:a5:7e:2d:44:
4d:d3:de:20:72:01:2d:7c:8f:0b:be:44:20:84:6d:
74:93:51:6f:cc:ad:e6:cf:65:62:41:2a:05:0f:df:
4b:13:83:0d:3e:c8:01:fc:75:6f:f3:e3:cf:7d:63:
c0:b5:e7:64:7d:e2:d5:74:e0:4f:c3:4f:73:93:2c:
0a:9a:dc:4b:9f:9f:1d:cb:e6:5d:9b:e4:20:41:c4:
89:0c:0e:74:eb:d4:0c:23:df:bc:9a:26:d2:7f:1b:
ce:fe:97:48:04:f2:b9:8a:c8:22:bd:29:2a:ff:11:
64:86:0d:ca:58:b5:ca:6d:f8:ee:5f:81:6c:53:1b:
8f:1c:d7:3a:6d:f2:cf:60:66:8e:8c:6e:f8:7d:d8:
6e:bd:11:24:a6:cb:03:0e:b5:2e:d8:50:aa:60:c6:
db:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:10:C8:B9:C7:5A:BA:BC:C1:F7:CD:54:97:35:1C:6E:DC:70:37:31
X509v3 Authority Key Identifier:
keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/QhDIucdaurzB981UlzUcbtxwNzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.116.228.0/22
212.116.236.0/24
212.116.238.0/23
212.116.244.0/24
Signature Algorithm: sha256WithRSAEncryption
37:aa:e2:58:ed:b5:50:43:73:d9:51:1f:a8:b2:66:7c:72:35:
9e:77:10:66:f5:04:98:39:4f:4e:c2:47:29:34:42:e4:66:81:
09:fd:fb:4d:74:f4:5d:6c:69:ce:3a:16:15:2f:4b:ff:1d:ef:
de:3e:f1:ed:5c:6f:ef:86:54:28:8d:dc:6a:68:86:87:52:98:
d7:b3:7d:6d:7d:1b:79:cf:5b:7f:1b:8f:a8:0e:64:2b:b4:f0:
a7:88:d7:4e:d0:67:b5:bb:94:88:48:9d:c6:3e:f1:34:3e:98:
72:19:05:b3:34:98:97:2b:49:aa:0a:cb:61:d9:a7:1c:15:8c:
64:a8:fc:1a:32:c8:b7:8e:ae:fc:35:c7:8e:a3:f8:30:55:56:
93:fa:5e:cf:92:a3:94:61:3f:8d:ab:fa:39:13:49:00:af:d9:
09:ee:e5:1f:45:a8:ea:f4:da:de:9c:06:8c:db:cc:ad:74:6b:
a4:ab:23:2c:c2:bf:09:d1:c8:c3:05:c4:e7:3d:56:a3:6f:30:
d7:08:88:42:d7:e1:a5:91:7e:13:78:60:66:7a:41:d9:5d:f0:
5e:cb:0e:15:32:74:4d:8e:25:f8:2f:61:3d:1b:5e:7f:19:4c:
88:dc:0b:c4:6c:a4:05:73:e5:ef:bc:ab:27:ab:4c:b2:8b:f5:
ea:49:87:c7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZhM41phJCEZstLbCQ7OPYaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwNzI3MTcxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjEwYzhiOWM3NWFiYWJjYzFmN2NkNTQ5NzM1MWM2ZWRjNzAzNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVZRXIl/TjDwGpD1KJidcrwoB+nK
GQ52/HGVptlYwNTtR6gF1XLer2q6mCJTYJH5YTYzhxJEEyxMin2nTdyE8xpi6Ct7
eUfz2Gc9s9cl0PvSDUk3sNlt+oR243YWkw+iLQY1d6V+LURN094gcgEtfI8LvkQg
hG10k1FvzK3mz2ViQSoFD99LE4MNPsgB/HVv8+PPfWPAtedkfeLVdOBPw09zkywK
mtxLn58dy+Zdm+QgQcSJDA5069QMI9+8mibSfxvO/pdIBPK5isgivSkq/xFkhg3K
WLXKbfjuX4FsUxuPHNc6bfLPYGaOjG74fdhuvREkpssDDrUu2FCqYMbb1QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEIQyLnHWrq8wffNVJc1HG7ccDcxMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvUWhESXVjZGF1cnpCOTgxVWx6VWNidHh3TnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQC1HTkAwQA
1HTsAwQB1HTuAwQA1HT0MA0GCSqGSIb3DQEBCwUAA4IBAQA3quJY7bVQQ3PZUR+o
smZ8cjWedxBm9QSYOU9OwkcpNELkZoEJ/ftNdPRdbGnOOhYVL0v/He/ePvHtXG/v
hlQojdxqaIaHUpjXs31tfRt5z1t/G4+oDmQrtPCniNdO0Ge1u5SISJ3GPvE0Pphy
GQWzNJiXK0mqCsth2accFYxkqPwaMsi3jq78NceOo/gwVVaT+l7PkqOUYT+Nq/o5
E0kAr9kJ7uUfRajq9NrenAaM28ytdGukqyMswr8J0cjDBcTnPVajbzDXCIhC1+Gl
kX4TeGBmekHZXfBeyw4VMnRNjiX4L2E9G15/GUyI3AvEbKQFc+XvvKsnq0yyi/Xq
SYfH
-----END CERTIFICATE-----
Generated at Sat Aug 9 02:48:30 2025 by rpki-client