Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/1-QazRIRPg7ctmvpySXX90ZpNvVs.roa
File: 1-QazRIRPg7ctmvpySXX90ZpNvVs.roa (raw, json)
Hash identifier: /R5NiKNiflnBoSvWiTSdWTvgCke/+xxLiQtRLSd2PN8=
Subject key identifier: F9:06:B3:44:84:4F:83:B7:2D:9A:FA:72:49:75:FD:D1:9A:4D:BD:5B
Certificate issuer: /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial: 0199673D6FC20A67ADC478EA7EDAE7CC41CE
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/1-QazRIRPg7ctmvpySXX90ZpNvVs.roa
Signing time: Sat 20 Sep 2025 13:08:23 +0000
ROA not before: Sat 20 Sep 2025 13:08:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28787
IP address blocks: 37.61.0.0/17 maxlen: 17
37.61.56.0/21 maxlen: 21
37.61.77.0/24 maxlen: 24
37.61.78.0/24 maxlen: 24
37.61.79.0/24 maxlen: 24
37.61.112.0/22 maxlen: 22
37.61.116.0/22 maxlen: 22
37.61.120.0/22 maxlen: 22
37.61.124.0/22 maxlen: 22
81.17.80.0/20 maxlen: 20
81.17.82.0/24 maxlen: 24
185.30.88.0/22 maxlen: 22
188.253.128.0/19 maxlen: 19
188.253.208.0/22 maxlen: 22
188.253.212.0/22 maxlen: 22
188.253.216.0/22 maxlen: 22
188.253.220.0/22 maxlen: 22
188.253.224.0/21 maxlen: 21
188.253.232.0/21 maxlen: 21
188.253.254.0/24 maxlen: 24
188.253.255.0/24 maxlen: 24
194.135.166.0/23 maxlen: 23
194.135.168.0/23 maxlen: 23
194.135.170.0/24 maxlen: 24
194.135.171.0/24 maxlen: 24
194.135.172.0/24 maxlen: 24
194.135.173.0/24 maxlen: 24
194.135.174.0/24 maxlen: 24
194.135.175.0/24 maxlen: 24
194.135.176.0/24 maxlen: 24
194.135.177.0/24 maxlen: 24
194.135.178.0/24 maxlen: 24
194.135.179.0/24 maxlen: 24
213.154.0.0/19 maxlen: 19
213.154.2.0/23 maxlen: 23
217.64.16.0/20 maxlen: 20
217.64.16.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:67:3d:6f:c2:0a:67:ad:c4:78:ea:7e:da:e7:cc:41:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Validity
Not Before: Sep 20 13:08:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f906b344844f83b72d9afa724975fdd19a4dbd5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c7:c5:ca:82:c8:e9:4d:51:01:18:87:24:0d:
4d:07:cb:df:ea:9f:45:4e:e1:c5:84:25:7c:f7:dd:
6e:0c:08:7e:81:4a:5b:1d:39:a4:68:c1:3f:6e:13:
29:22:da:96:1b:7c:57:94:71:91:38:b4:fd:06:70:
c3:cd:9b:d9:2d:ea:b8:34:a0:ed:31:cc:57:35:aa:
65:7a:b2:18:87:92:44:48:8e:59:c4:73:06:cb:9d:
5a:ed:74:14:a2:2e:58:ee:14:d0:58:f2:89:3c:b0:
2d:86:23:67:c5:80:a8:7f:c8:8b:8a:01:64:d4:8e:
d6:e2:90:30:ab:72:bb:f4:37:4b:8d:14:9a:9f:3e:
5d:02:2b:5d:8a:9a:a0:b5:88:a6:df:a9:07:89:6a:
3a:c0:53:b0:4f:1f:74:94:f6:96:ec:00:99:c5:cf:
11:72:66:f6:dd:61:51:de:fa:b5:0e:39:9e:58:71:
35:df:20:f2:89:c8:1a:0b:c5:5e:ef:db:e1:ed:b1:
eb:d4:1a:f4:70:52:d9:1d:10:c9:01:a4:39:f6:ef:
0e:01:fd:47:45:31:7f:f9:3f:74:17:7c:fd:82:63:
3a:8d:d1:6b:45:1a:10:55:dd:64:62:23:72:21:53:
d1:6f:8b:24:32:5e:b3:0c:e5:8d:bb:08:fc:6c:37:
ab:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:06:B3:44:84:4F:83:B7:2D:9A:FA:72:49:75:FD:D1:9A:4D:BD:5B
X509v3 Authority Key Identifier:
keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/1-QazRIRPg7ctmvpySXX90ZpNvVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.0.0/17
81.17.80.0/20
185.30.88.0/22
188.253.128.0/19
188.253.208.0-188.253.239.255
188.253.254.0/23
194.135.166.0-194.135.179.255
213.154.0.0/19
217.64.16.0/20
Signature Algorithm: sha256WithRSAEncryption
87:59:59:b3:25:9b:88:69:e8:98:1b:53:18:90:4d:6a:bd:36:
de:5a:f8:d6:30:9b:64:1f:06:9b:6e:2d:b3:a7:17:55:03:47:
b9:a2:78:5b:c5:05:85:87:74:41:c5:5d:df:c3:be:64:2c:fc:
cd:89:08:e1:76:85:cd:1c:f0:96:db:b5:36:d6:f8:91:37:23:
4d:82:af:e3:bc:4b:5b:8d:e6:c9:e7:e8:cb:88:9f:d0:23:1a:
2e:8d:b7:b1:fa:f1:59:c5:3d:df:57:a8:2d:ed:79:a9:5f:ec:
1c:72:1f:2c:e7:c5:0c:72:ec:a8:b3:de:1c:79:58:ec:eb:44:
18:95:a2:2c:67:d2:5d:0c:65:85:b3:54:22:08:e5:bf:85:f9:
e6:c6:dd:9c:23:31:41:cc:82:c6:95:1a:c2:22:76:a6:8d:a5:
19:81:8e:d4:fc:fc:2f:f1:eb:f4:26:b6:7b:be:5b:c7:3b:e4:
3a:a3:32:20:dd:e4:f2:2a:71:08:95:31:c6:a9:30:60:3a:4f:
f4:12:9b:d5:b6:ab:a1:db:53:84:d1:b1:04:77:0e:0f:5e:32:
c5:0c:9a:ee:78:f4:f3:16:c6:18:a8:8e:f9:36:72:51:fb:17:
0c:a9:8c:92:71:c9:b6:85:86:16:22:ee:db:33:11:3a:0c:22:
20:e2:53:f9
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZlnPW/CCmetxHjqftrnzEHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjUwOTIwMTMwODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA2YjM0NDg0NGY4M2I3MmQ5YWZhNzI0OTc1ZmRkMTlhNGRiZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcfFyoLI6U1RARiHJA1NB8vf6p9F
TuHFhCV8991uDAh+gUpbHTmkaME/bhMpItqWG3xXlHGROLT9BnDDzZvZLeq4NKDt
McxXNaplerIYh5JESI5ZxHMGy51a7XQUoi5Y7hTQWPKJPLAthiNnxYCof8iLigFk
1I7W4pAwq3K79DdLjRSanz5dAitdipqgtYim36kHiWo6wFOwTx90lPaW7ACZxc8R
cmb23WFR3vq1DjmeWHE13yDyicgaC8Ve79vh7bHr1Br0cFLZHRDJAaQ59u8OAf1H
RTF/+T90F3z9gmM6jdFrRRoQVd1kYiNyIVPRb4skMl6zDOWNuwj8bDernwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPkGs0SET4O3LZr6ckl1/dGaTb1bMB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvMS1RYXpSSVJQZzdjdG12cHlTWFg5MFpwTnZWcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTUvZmNlNjc1LWJmNTMtNDc4Ny05M2U3LTgxZjU2NjE4NWIw
Ni8xL0t3dmlKaU1OUUpuTzZncEtiUFR0aTVBZ0UxQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBfBggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRgMEByU9AAME
BFERUAMEArkeWAMEBbz9gDAMAwQEvP3QAwQEvP3gAwQBvP3+MAwDBAHCh6YDBALC
h7ADBAXVmgADBATZQBAwDQYJKoZIhvcNAQELBQADggEBAIdZWbMlm4hp6JgbUxiQ
TWq9Nt5a+NYwm2QfBptuLbOnF1UDR7mieFvFBYWHdEHFXd/DvmQs/M2JCOF2hc0c
8JbbtTbW+JE3I02Cr+O8S1uN5snn6MuIn9AjGi6Nt7H68VnFPd9XqC3tealf7Bxy
HyznxQxy7Kiz3hx5WOzrRBiVoixn0l0MZYWzVCII5b+F+ebG3ZwjMUHMgsaVGsIi
dqaNpRmBjtT8/C/x6/Qmtnu+W8c75DqjMiDd5PIqcQiVMcapMGA6T/QSm9W2q6Hb
U4TRsQR3Dg9eMsUMmu549PMWxhiojvk2clH7FwypjJJxybaFhhYi7tszEToMIiDi
U/k=
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:35:30 2025 by rpki-client