Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/qLaayI2tY9A0TdjGpIVUCiHX4ZQ.roa
File: qLaayI2tY9A0TdjGpIVUCiHX4ZQ.roa (raw, json)
Hash identifier: DO7Ul6TvG+RD/fBgXFTFv86hvW9qPGUJgXT/uFTsnc0=
Subject key identifier: A8:B6:9A:C8:8D:AD:63:D0:34:4D:D8:C6:A4:85:54:0A:21:D7:E1:94
Certificate issuer: /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial: 019EA944B057785C20A1282A8FE2AEC6F04B
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/qLaayI2tY9A0TdjGpIVUCiHX4ZQ.roa
Signing time: Mon 08 Jun 2026 22:05:11 +0000
ROA not before: Mon 08 Jun 2026 22:05:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48449
IP address blocks: 46.20.105.0/24 maxlen: 24
185.160.193.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.160.195.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
2a14:80::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 19:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:a9:44:b0:57:78:5c:20:a1:28:2a:8f:e2:ae:c6:f0:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
Validity
Not Before: Jun 8 22:05:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a8b69ac88dad63d0344dd8c6a485540a21d7e194
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:e2:41:fc:1d:fd:48:c5:4f:0e:f1:0c:42:ab:
73:e5:65:3c:10:03:4c:2b:5b:32:60:af:ac:5c:fe:
9e:53:22:d2:f3:58:84:fa:9a:ea:15:c5:3e:f0:75:
63:fe:94:40:a8:3d:8b:3c:9d:25:58:36:03:31:78:
af:5d:23:0d:61:a5:ed:09:cb:3b:8a:94:47:fd:e5:
33:c8:84:5d:37:f6:18:03:a9:1a:1e:cb:b3:5e:f1:
56:b4:97:5c:f1:01:db:d2:35:e7:03:ba:d7:51:96:
bd:70:ff:c9:61:42:7c:d7:f4:fc:9a:65:ee:b9:49:
3b:92:50:4a:49:b8:ff:5d:65:a8:15:05:72:c1:ab:
b6:a1:26:10:33:f8:db:ec:5d:a7:97:87:d2:3f:78:
c3:3c:4e:48:c6:86:1e:45:97:38:59:a4:eb:9b:40:
17:46:3d:ce:28:44:3a:4b:4f:9a:54:68:d1:ac:ed:
4a:eb:23:77:b1:40:25:44:86:ea:83:da:e9:64:c6:
41:e8:a7:fa:bd:e5:55:e5:13:9a:86:21:87:ea:a7:
8c:79:a5:5b:ed:a3:07:f2:25:b5:84:eb:35:83:7d:
5c:01:95:2b:44:c0:61:41:b2:7e:cb:17:db:49:92:
d1:36:bf:42:86:a6:ad:4a:04:8f:a8:03:e6:72:ab:
79:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:B6:9A:C8:8D:AD:63:D0:34:4D:D8:C6:A4:85:54:0A:21:D7:E1:94
X509v3 Authority Key Identifier:
keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/qLaayI2tY9A0TdjGpIVUCiHX4ZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.105.0/24
185.160.193.0-185.160.195.255
185.169.221.0-185.169.223.255
IPv6:
2a14:80::/48
Signature Algorithm: sha256WithRSAEncryption
1f:3d:91:df:16:9e:bf:44:08:70:ed:02:89:30:51:21:36:6b:
37:c5:c3:28:cc:0e:54:a8:c9:da:5a:7f:8b:07:c6:18:0c:98:
11:e0:46:4f:51:5c:3c:87:61:f4:af:59:38:8c:7a:9f:49:13:
98:cf:54:c2:2f:54:10:1f:f6:22:7a:9c:36:9b:3c:fa:fc:2c:
13:6a:7b:25:31:50:ed:3b:48:43:d6:f9:dd:38:f0:f1:5a:43:
c3:cc:80:d0:0b:8f:f0:a3:28:f0:fb:6c:76:e3:9f:09:73:e5:
9e:a2:e0:5b:49:69:5b:7c:e8:c1:1f:9c:d6:b0:76:20:ce:81:
b2:0b:a5:c5:41:1f:00:0b:de:7f:44:82:11:76:16:de:9b:f6:
86:b7:a1:c3:6b:d8:6c:9c:c1:1a:76:cc:09:52:24:0f:2f:86:
34:3b:47:b3:0e:9c:2c:8d:a0:ef:77:0a:bf:df:88:6c:59:e2:
58:05:43:d1:fc:c8:20:c8:57:75:95:1c:d3:b0:22:c2:26:b1:
bb:c6:5f:91:b3:c5:c6:b6:ae:6d:9f:b0:2d:f6:87:b2:3e:b1:
6d:b1:d4:81:f6:89:a3:2a:c2:3f:49:ed:f3:c8:dc:2e:93:cb:
39:78:fe:fb:40:af:0a:30:3e:4a:24:00:f8:d3:14:0a:5d:fb:
60:0e:0a:07
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZ6pRLBXeFwgoSgqj+KuxvBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwNjA4MjIwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI2OWFjODhkYWQ2M2QwMzQ0ZGQ4YzZhNDg1NTQwYTIxZDdlMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeJB/B39SMVPDvEMQqtz5WU8EANM
K1syYK+sXP6eUyLS81iE+prqFcU+8HVj/pRAqD2LPJ0lWDYDMXivXSMNYaXtCcs7
ipRH/eUzyIRdN/YYA6kaHsuzXvFWtJdc8QHb0jXnA7rXUZa9cP/JYUJ81/T8mmXu
uUk7klBKSbj/XWWoFQVywau2oSYQM/jb7F2nl4fSP3jDPE5IxoYeRZc4WaTrm0AX
Rj3OKEQ6S0+aVGjRrO1K6yN3sUAlRIbqg9rpZMZB6Kf6veVV5ROahiGH6qeMeaVb
7aMH8iW1hOs1g31cAZUrRMBhQbJ+yxfbSZLRNr9ChqatSgSPqAPmcqt51QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKi2msiNrWPQNE3YxqSFVAoh1+GUMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvcUxhYXlJMnRZOUEwVGRqR3BJVlVDaUhYNFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiAwQALhRpMAwD
BAC5oMEDBAK5oMAwDAMEALmp3QMEBbmpwDAPBAIAAjAJAwcAKhQAgAAAMA0GCSqG
SIb3DQEBCwUAA4IBAQAfPZHfFp6/RAhw7QKJMFEhNms3xcMozA5UqMnaWn+LB8YY
DJgR4EZPUVw8h2H0r1k4jHqfSROYz1TCL1QQH/Yiepw2mzz6/CwTanslMVDtO0hD
1vndOPDxWkPDzIDQC4/woyjw+2x2458Jc+WeouBbSWlbfOjBH5zWsHYgzoGyC6XF
QR8AC95/RIIRdhbem/aGt6HDa9hsnMEadswJUiQPL4Y0O0ezDpwsjaDvdwq/34hs
WeJYBUPR/MggyFd1lRzTsCLCJrG7xl+Rs8XGtq5tn7At9oeyPrFtsdSB9omjKsI/
Se3zyNwuk8s5eP77QK8KMD5KJAD40xQKXftgDgoH
-----END CERTIFICATE-----
Generated at Sun Jun 14 04:48:25 2026 by rpki-client