Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/RUQaxYKvLWtplW7yHI6TR3XEkQE.roa
File: RUQaxYKvLWtplW7yHI6TR3XEkQE.roa (raw, json)
Hash identifier: XDQ+7CQl5GASmirk7HcC4w80DGZtYXJDshkFg3byREs=
Subject key identifier: 45:44:1A:C5:82:AF:2D:6B:69:95:6E:F2:1C:8E:93:47:75:C4:91:01
Certificate issuer: /CN=5336107179715609dca422bc07a098468c529452
Certificate serial: 01983B7D5086F89D2DC1BA19AA3F5680E2B9
Authority key identifier: 53:36:10:71:79:71:56:09:DC:A4:22:BC:07:A0:98:46:8C:52:94:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/RUQaxYKvLWtplW7yHI6TR3XEkQE.roa
Signing time: Thu 24 Jul 2025 08:12:04 +0000
ROA not before: Thu 24 Jul 2025 08:12:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43927
IP address blocks: 45.131.128.0/23 maxlen: 24
46.102.240.0/21 maxlen: 24
77.81.240.0/21 maxlen: 24
89.32.144.0/21 maxlen: 24
89.33.197.0/24 maxlen: 24
89.45.248.0/21 maxlen: 24
91.188.224.0/24 maxlen: 24
91.188.225.0/24 maxlen: 24
91.188.226.0/24 maxlen: 24
91.188.227.0/24 maxlen: 24
92.114.98.0/24 maxlen: 24
93.113.174.0/24 maxlen: 24
185.105.32.0/22 maxlen: 24
185.125.108.0/24 maxlen: 24
185.125.109.0/24 maxlen: 24
185.125.110.0/23 maxlen: 24
185.199.172.0/22 maxlen: 24
185.199.174.0/24 maxlen: 24
185.199.175.0/24 maxlen: 24
185.250.104.0/24 maxlen: 24
185.250.105.0/24 maxlen: 24
185.250.106.0/24 maxlen: 24
185.250.107.0/24 maxlen: 24
188.240.47.0/24 maxlen: 24
188.241.112.0/21 maxlen: 24
2a06:cd40:1::/48 maxlen: 48
2a06:cd40:2::/48 maxlen: 48
2a06:cd40:3::/48 maxlen: 48
2a06:cd40:4::/48 maxlen: 48
2a06:cd40:100::/48 maxlen: 48
2a06:cd40:101::/48 maxlen: 64
2a06:cd40:200::/48 maxlen: 48
2a06:cd40:300::/48 maxlen: 64
2a06:cd40:301::/48 maxlen: 64
2a06:cd40:400::/48 maxlen: 48
2a06:cd40:cafe::/48 maxlen: 48
2a06:cd40:caff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.mft
rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 18:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3b:7d:50:86:f8:9d:2d:c1:ba:19:aa:3f:56:80:e2:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5336107179715609dca422bc07a098468c529452
Validity
Not Before: Jul 24 08:12:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=45441ac582af2d6b69956ef21c8e934775c49101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:35:49:6d:73:a0:b3:e4:a7:73:a8:b7:94:8c:
af:59:72:9d:24:b1:13:1b:9f:f9:48:ef:f1:aa:0e:
d3:b8:5e:d8:9d:c9:1d:44:9a:91:dd:41:5e:30:32:
b2:8a:48:56:69:8e:0c:65:72:4d:c2:28:fb:1a:86:
6b:28:55:45:34:4d:b5:3b:1e:45:17:ef:b4:d0:a8:
8c:8e:87:7c:3e:e3:f5:b5:b7:ca:9c:60:42:6d:97:
fe:8e:96:cd:50:54:f0:f7:aa:d5:b8:e6:70:09:0b:
24:df:17:ec:10:71:11:84:4c:33:a3:2f:4e:9b:c6:
dd:eb:2c:f5:3c:ea:cc:34:8f:1b:dd:81:f5:6d:fd:
71:32:1f:7d:e8:09:f4:3e:99:00:64:33:fb:b8:71:
c2:d2:95:48:67:56:01:83:41:40:17:1c:4b:55:79:
f3:f0:0f:73:f5:85:eb:62:5b:95:6c:35:18:99:4d:
0f:5c:0e:4a:e9:57:53:39:ba:65:95:a6:6a:11:eb:
8b:18:fc:20:6f:30:14:14:d1:b5:84:d9:c3:24:a6:
23:08:b7:15:e4:fc:05:75:9f:86:1a:08:17:47:52:
37:b6:ef:16:a5:c4:9e:97:54:c2:75:9d:2d:fa:dc:
ab:dd:41:8e:b8:af:d7:8f:20:e2:67:70:49:7f:3c:
88:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:44:1A:C5:82:AF:2D:6B:69:95:6E:F2:1C:8E:93:47:75:C4:91:01
X509v3 Authority Key Identifier:
keyid:53:36:10:71:79:71:56:09:DC:A4:22:BC:07:A0:98:46:8C:52:94:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzYQcXlxVgncpCK8B6CYRoxSlFI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/RUQaxYKvLWtplW7yHI6TR3XEkQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/81df33-7538-40d8-b81e-d18610075efc/1/UzYQcXlxVgncpCK8B6CYRoxSlFI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.131.128.0/23
46.102.240.0/21
77.81.240.0/21
89.32.144.0/21
89.33.197.0/24
89.45.248.0/21
91.188.224.0/22
92.114.98.0/24
93.113.174.0/24
185.105.32.0/22
185.125.108.0/22
185.199.172.0/22
185.250.104.0/22
188.240.47.0/24
188.241.112.0/21
IPv6:
2a06:cd40:1::-2a06:cd40:4:ffff:ffff:ffff:ffff:ffff
2a06:cd40:100::/47
2a06:cd40:200::/48
2a06:cd40:300::/47
2a06:cd40:400::/48
2a06:cd40:cafe::/47
Signature Algorithm: sha256WithRSAEncryption
a1:01:83:fc:2e:54:1f:6e:b3:40:50:1e:b7:80:86:99:1e:df:
64:2a:12:44:69:3e:e6:b3:df:88:21:41:59:75:b3:ca:3c:9f:
2b:2f:f8:1e:57:87:e1:42:df:94:4a:2d:8a:73:a5:67:87:bd:
44:e9:f3:23:ad:10:fa:66:13:34:0d:18:a0:fd:73:5c:46:37:
55:49:96:f0:3a:d5:8a:1f:66:52:47:2d:10:7d:b5:5c:fb:73:
62:08:12:cb:ba:15:48:fa:bc:19:df:d2:a8:c6:e9:ed:dc:33:
63:9a:68:f7:34:20:63:31:72:c2:0d:2b:3a:8a:fd:b9:b1:5c:
70:46:87:de:17:f7:b0:00:48:15:2b:41:f8:38:fd:b1:39:c6:
b7:01:11:93:20:dc:23:54:8d:91:1f:0e:e8:88:18:3a:e5:3f:
17:05:43:26:cb:91:52:ac:66:a9:9e:a1:91:4d:f5:d2:a2:28:
2b:44:22:33:c7:45:b2:28:b9:ff:13:83:3c:6b:50:a0:35:67:
db:cf:8c:5b:06:b2:11:f1:7c:29:e1:48:87:e2:e4:2b:b0:75:
00:77:64:df:71:84:77:6f:1e:d1:60:1e:82:62:d1:6b:37:a2:
c1:9d:4b:83:5d:53:6b:09:58:d4:a5:2f:96:f4:fe:70:10:d5:
b3:13:d8:08
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgISAZg7fVCG+J0twboZqj9WgOK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzYxMDcxNzk3MTU2MDlkY2E0MjJiYzA3YTA5ODQ2OGM1
Mjk0NTIwHhcNMjUwNzI0MDgxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQ0MWFjNTgyYWYyZDZiNjk5NTZlZjIxYzhlOTM0Nzc1YzQ5MTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVJbXOgs+Snc6i3lIyvWXKdJLET
G5/5SO/xqg7TuF7YnckdRJqR3UFeMDKyikhWaY4MZXJNwij7GoZrKFVFNE21Ox5F
F++00KiMjod8PuP1tbfKnGBCbZf+jpbNUFTw96rVuOZwCQsk3xfsEHERhEwzoy9O
m8bd6yz1POrMNI8b3YH1bf1xMh996An0PpkAZDP7uHHC0pVIZ1YBg0FAFxxLVXnz
8A9z9YXrYluVbDUYmU0PXA5K6VdTObpllaZqEeuLGPwgbzAUFNG1hNnDJKYjCLcV
5PwFdZ+GGggXR1I3tu8WpcSel1TCdZ0t+tyr3UGOuK/XjyDiZ3BJfzyIswIDAQAB
o4ICqTCCAqUwHQYDVR0OBBYEFEVEGsWCry1raZVu8hyOk0d1xJEBMB8GA1UdIwQY
MBaAFFM2EHF5cVYJ3KQivAegmEaMUpRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpZUWNYbHhWZ25jcENLOEI2Q1lSb3hTbEZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS84MWRmMzMtNzUzOC00MGQ4LWI4MWUt
ZDE4NjEwMDc1ZWZjLzEvUlVRYXhZS3ZMV3RwbFc3eUhJNlRSM1hFa1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS84MWRmMzMtNzUzOC00MGQ4LWI4MWUtZDE4NjEwMDc1ZWZj
LzEvVXpZUWNYbHhWZ25jcENLOEI2Q1lSb3hTbEZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG+BggrBgEFBQcBBwEB/wSBrjCBqzBgBAIAATBaAwQBLYOA
AwQDLmbwAwQDTVHwAwQDWSCQAwQAWSHFAwQDWS34AwQCW7zgAwQAXHJiAwQAXXGu
AwQCuWkgAwQCuX1sAwQCucesAwQCufpoAwQAvPAvAwQDvPFwMEcEAgACMEEwEgMH
ACoGzUAAAQMHACoGzUAABAMHASoGzUABAAMHACoGzUACAAMHASoGzUADAAMHACoG
zUAEAAMHASoGzUDK/jANBgkqhkiG9w0BAQsFAAOCAQEAoQGD/C5UH26zQFAet4CG
mR7fZCoSRGk+5rPfiCFBWXWzyjyfKy/4HleH4ULflEotinOlZ4e9ROnzI60Q+mYT
NA0YoP1zXEY3VUmW8DrVih9mUkctEH21XPtzYggSy7oVSPq8Gd/SqMbp7dwzY5po
9zQgYzFywg0rOor9ubFccEaH3hf3sABIFStB+Dj9sTnGtwERkyDcI1SNkR8O6IgY
OuU/FwVDJsuRUqxmqZ6hkU310qIoK0QiM8dFsii5/xODPGtQoDVn28+MWwayEfF8
KeFIh+LkK7B1AHdk33GEd28e0WAegmLRazeiwZ1Lg11TawlY1KUvlvT+cBDVsxPY
CA==
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:50:42 2025 by rpki-client