Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Crz4-L28D9nxwtThbLF9YHCuS7Q.roa
File: Crz4-L28D9nxwtThbLF9YHCuS7Q.roa (raw, json)
Hash identifier: 5UFBFGP6NJrO3xuKMelxfrRV5rVFQ7i3UnJjtvUrRwo=
Subject key identifier: 0A:BC:F8:F8:BD:BC:0F:D9:F1:C2:D4:E1:6C:B1:7D:60:70:AE:4B:B4
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 0199E2B9E6DC192879DDEAAE5C8023BB2318
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Crz4-L28D9nxwtThbLF9YHCuS7Q.roa
Signing time: Tue 14 Oct 2025 12:37:38 +0000
ROA not before: Tue 14 Oct 2025 12:37:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197706
IP address blocks: 31.171.152.0/24 maxlen: 24
31.171.153.0/24 maxlen: 24
31.171.154.0/24 maxlen: 24
31.171.155.0/24 maxlen: 24
45.142.25.0/24 maxlen: 24
45.142.26.0/24 maxlen: 24
45.142.27.0/24 maxlen: 24
103.93.40.0/24 maxlen: 24
103.93.41.0/24 maxlen: 24
103.93.42.0/24 maxlen: 24
103.93.43.0/24 maxlen: 24
103.124.164.0/24 maxlen: 24
103.124.165.0/24 maxlen: 24
103.124.166.0/24 maxlen: 24
103.124.167.0/24 maxlen: 24
103.204.120.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.140.0/22 maxlen: 22
109.104.140.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.156.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
144.48.52.0/24 maxlen: 24
144.48.53.0/24 maxlen: 24
144.48.54.0/24 maxlen: 24
144.48.55.0/24 maxlen: 24
185.53.100.0/24 maxlen: 24
185.53.101.0/24 maxlen: 24
185.153.125.0/24 maxlen: 24
185.153.126.0/24 maxlen: 24
185.153.127.0/24 maxlen: 24
199.168.120.0/24 maxlen: 24
199.168.121.0/24 maxlen: 24
199.168.122.0/24 maxlen: 24
199.168.123.0/24 maxlen: 24
209.23.44.0/24 maxlen: 24
209.23.45.0/24 maxlen: 24
209.23.46.0/24 maxlen: 24
209.23.47.0/24 maxlen: 24
2a04:27c0::/29 maxlen: 48
2a04:27c0:fffd::/48 maxlen: 48
2a04:27c0:fffe::/48 maxlen: 48
2a09:6e40::/29 maxlen: 48
2a09:6e47::/48 maxlen: 48
2a09:6ec0::/29 maxlen: 48
2a0d:27c0::/29 maxlen: 48
2a0d:27c4::/32 maxlen: 32
2a0d:42c0::/29 maxlen: 48
2a0d:4a40::/29 maxlen: 48
2a0d:4a46::/32 maxlen: 32
2a0e:3f00::/29 maxlen: 48
2a0e:3f01::/48 maxlen: 48
2a0e:4f00::/29 maxlen: 48
2a0e:4f05::/32 maxlen: 32
2a0e:d4c0::/29 maxlen: 48
2a0f:42c0::/29 maxlen: 48
2a0f:a880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e2:b9:e6:dc:19:28:79:dd:ea:ae:5c:80:23:bb:23:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Oct 14 12:37:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0abcf8f8bdbc0fd9f1c2d4e16cb17d6070ae4bb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:06:52:6a:41:fb:b0:b7:31:64:40:73:78:aa:
c4:68:61:b8:a6:29:4d:e7:79:70:3f:b3:c5:de:f1:
d5:45:d0:e2:5b:7a:1a:2a:dc:a5:5c:17:8b:85:33:
a4:77:0c:5c:2b:12:94:0a:85:32:0b:c3:60:06:68:
4c:54:39:e8:cf:a1:b5:09:83:c8:49:a7:01:ce:a1:
ea:de:65:74:fa:7f:37:43:96:13:4a:9c:d5:02:3d:
fd:02:ba:2a:bc:a6:57:86:53:16:c8:69:85:6e:bd:
4c:e5:f7:1c:d1:d3:a9:8d:74:3c:79:43:1d:4f:70:
dc:f4:80:d5:75:21:04:4d:09:13:bd:c6:ce:b9:79:
72:df:7d:4e:43:62:94:7e:e0:d6:2e:c3:09:d4:f7:
26:ac:dc:55:45:80:97:2d:c8:19:f3:84:8c:76:6f:
8c:26:0f:69:47:af:b1:5c:1a:51:fb:08:29:c3:67:
89:04:18:74:d7:58:82:8d:dc:c4:8a:66:f6:37:c5:
b6:a2:03:b4:96:5c:c3:d2:b0:f8:94:09:00:cc:9f:
b3:c4:fb:63:82:e5:63:e6:ad:36:b6:13:cb:46:b3:
e1:25:98:68:0d:b4:dd:6a:0b:ea:bf:eb:b1:ac:a8:
67:eb:d9:29:62:7f:2a:88:eb:41:b2:a1:b8:14:85:
2d:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:BC:F8:F8:BD:BC:0F:D9:F1:C2:D4:E1:6C:B1:7D:60:70:AE:4B:B4
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/Crz4-L28D9nxwtThbLF9YHCuS7Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.152.0/22
45.142.25.0-45.142.27.255
103.93.40.0/22
103.124.164.0/22
103.204.120.0/24
109.104.132.0/23
109.104.135.0-109.104.143.255
109.104.156.0/22
144.48.52.0/22
185.53.100.0/23
185.153.125.0-185.153.127.255
199.168.120.0/22
209.23.44.0/22
IPv6:
2a04:27c0::/29
2a09:6e40::/29
2a09:6ec0::/29
2a0d:27c0::/29
2a0d:42c0::/29
2a0d:4a40::/29
2a0e:3f00::/29
2a0e:4f00::/29
2a0e:d4c0::/29
2a0f:42c0::/29
2a0f:a880::/29
Signature Algorithm: sha256WithRSAEncryption
2c:a1:a3:88:e9:f9:3d:64:71:68:30:c1:c4:67:e6:d7:a2:36:
b1:df:b9:59:b7:54:43:95:df:fa:39:da:6d:c3:5a:4a:3c:7e:
7d:4d:1d:85:26:68:d4:47:8c:ca:dc:ac:e0:a1:93:15:5a:11:
dd:86:0c:27:0c:a3:e1:32:bd:f2:44:7c:83:85:d5:f3:99:bd:
1a:a7:2f:85:cc:0f:46:3f:54:37:a3:02:c8:78:4b:7e:b3:e1:
9c:f3:81:7a:20:95:97:4e:d4:28:e8:a8:5c:a2:1d:2e:41:f3:
e1:6e:01:fa:47:34:0a:f1:05:02:65:7a:25:32:53:31:bf:8f:
ad:1f:8b:36:2d:9f:1c:1a:00:02:74:ee:19:38:81:8d:b1:33:
a7:c0:71:03:e1:20:2b:cf:8f:54:32:14:09:15:d7:44:ee:41:
d7:d0:85:aa:4b:db:0f:32:37:74:4c:78:27:42:b5:89:22:cc:
04:88:3c:c2:0b:b1:79:f5:c6:7d:6c:74:e3:42:c3:e6:bf:3f:
e7:31:6d:cf:7d:b2:65:a9:9d:79:76:c0:3c:07:01:a9:4e:23:
42:b6:f5:2a:c0:3a:ac:64:c3:92:81:cf:c1:f9:50:c5:11:cc:
00:d9:08:39:68:af:e5:2b:68:a4:0b:4b:11:fc:53:d6:9f:02:
b3:42:d4:83
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZniuebcGSh53equXIAjuyMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUxMDE0MTIzNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJjZjhmOGJkYmMwZmQ5ZjFjMmQ0ZTE2Y2IxN2Q2MDcwYWU0YmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogZSakH7sLcxZEBzeKrEaGG4pilN
53lwP7PF3vHVRdDiW3oaKtylXBeLhTOkdwxcKxKUCoUyC8NgBmhMVDnoz6G1CYPI
SacBzqHq3mV0+n83Q5YTSpzVAj39AroqvKZXhlMWyGmFbr1M5fcc0dOpjXQ8eUMd
T3Dc9IDVdSEETQkTvcbOuXly331OQ2KUfuDWLsMJ1PcmrNxVRYCXLcgZ84SMdm+M
Jg9pR6+xXBpR+wgpw2eJBBh011iCjdzEimb2N8W2ogO0llzD0rD4lAkAzJ+zxPtj
guVj5q02thPLRrPhJZhoDbTdagvqv+uxrKhn69kpYn8qiOtBsqG4FIUtFQIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFAq8+Pi9vA/Z8cLU4WyxfWBwrku0MB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvQ3J6NC1MMjhEOW54d3RUaGJMRjlZSEN1UzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHWBggrBgEFBQcBBwEB/wSBxjCBwzBsBAIAATBmAwQCH6uY
MAwDBAAtjhkDBAItjhgDBAJnXSgDBAJnfKQDBABnzHgDBAFtaIQwDAMEAG1ohwME
BG1ogAMEAm1onAMEApAwNAMEAbk1ZDAMAwQAuZl9AwQHuZkAAwQCx6h4AwQC0Rcs
MFMEAgACME0DBQMqBCfAAwUDKgluQAMFAyoJbsADBQMqDSfAAwUDKg1CwAMFAyoN
SkADBQMqDj8AAwUDKg5PAAMFAyoO1MADBQMqD0LAAwUDKg+ogDANBgkqhkiG9w0B
AQsFAAOCAQEALKGjiOn5PWRxaDDBxGfm16I2sd+5WbdUQ5Xf+jnabcNaSjx+fU0d
hSZo1EeMytys4KGTFVoR3YYMJwyj4TK98kR8g4XV85m9GqcvhcwPRj9UN6MCyHhL
frPhnPOBeiCVl07UKOioXKIdLkHz4W4B+kc0CvEFAmV6JTJTMb+PrR+LNi2fHBoA
AnTuGTiBjbEzp8BxA+EgK8+PVDIUCRXXRO5B19CFqkvbDzI3dEx4J0K1iSLMBIg8
wguxefXGfWx040LD5r8/5zFtz32yZamdeXbAPAcBqU4jQrb1KsA6rGTDkoHPwflQ
xRHMANkIOWiv5StopAtLEfxT1p8Cs0LUgw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:32:31 2025 by rpki-client