Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2D7BkJ2uS8eaQi0tUoSNEy2C_Qs.roa
File: 2D7BkJ2uS8eaQi0tUoSNEy2C_Qs.roa (raw, json)
Hash identifier: 6UliecSbmyd+GheOL3Qj1KpFcgUOmb4o9MBbBJHjs7g=
Subject key identifier: D8:3E:C1:90:9D:AE:4B:C7:9A:42:2D:2D:52:84:8D:13:2D:82:FD:0B
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0199DF5B7A6097D20B6489B160BB50D97454
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2D7BkJ2uS8eaQi0tUoSNEy2C_Qs.roa
Signing time: Mon 13 Oct 2025 20:55:38 +0000
ROA not before: Mon 13 Oct 2025 20:55:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 64.43.65.0/24 maxlen: 24
64.43.73.0/24 maxlen: 24
64.43.74.0/24 maxlen: 24
64.43.75.0/24 maxlen: 24
64.43.93.0/24 maxlen: 24
64.43.94.0/24 maxlen: 24
64.43.95.0/24 maxlen: 24
64.43.108.0/24 maxlen: 24
64.43.109.0/24 maxlen: 24
64.43.110.0/24 maxlen: 24
64.43.111.0/24 maxlen: 24
64.43.116.0/24 maxlen: 24
64.43.117.0/24 maxlen: 24
64.43.118.0/24 maxlen: 24
64.43.119.0/24 maxlen: 24
64.43.120.0/24 maxlen: 24
64.43.121.0/24 maxlen: 24
64.43.122.0/24 maxlen: 24
64.43.123.0/24 maxlen: 24
77.36.61.0/24 maxlen: 24
77.36.72.0/24 maxlen: 24
77.36.73.0/24 maxlen: 24
77.36.74.0/24 maxlen: 24
77.36.75.0/24 maxlen: 24
77.36.76.0/24 maxlen: 24
77.36.77.0/24 maxlen: 24
77.36.78.0/24 maxlen: 24
77.36.79.0/24 maxlen: 24
109.197.236.0/24 maxlen: 24
109.197.237.0/24 maxlen: 24
109.197.238.0/24 maxlen: 24
109.197.239.0/24 maxlen: 24
176.96.88.0/24 maxlen: 24
176.96.90.0/24 maxlen: 24
176.96.91.0/24 maxlen: 24
193.36.208.0/24 maxlen: 24
193.36.209.0/24 maxlen: 24
193.36.210.0/24 maxlen: 24
193.36.211.0/24 maxlen: 24
193.36.212.0/24 maxlen: 24
193.36.213.0/24 maxlen: 24
193.36.214.0/24 maxlen: 24
193.36.215.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:df:5b:7a:60:97:d2:0b:64:89:b1:60:bb:50:d9:74:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 13 20:55:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d83ec1909dae4bc79a422d2d52848d132d82fd0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:96:9b:ac:51:b8:b2:94:50:74:53:e9:d5:8e:
36:c8:01:ce:1e:67:1b:19:51:a0:ed:0a:c3:01:36:
e5:6f:eb:77:8e:3d:a1:10:cf:a9:46:06:36:a0:3f:
11:e5:5d:fb:7c:34:22:60:c1:f8:93:36:0d:6e:23:
ac:81:2f:07:5c:80:ef:dc:3b:ae:25:0c:15:60:79:
69:02:c8:e6:cf:ba:a7:1e:eb:3e:df:11:8d:64:18:
45:fe:1e:f5:4c:3f:34:d7:5b:c4:02:47:1b:70:f6:
86:49:9e:9a:02:47:c1:a5:d8:5e:eb:c1:19:5c:fe:
be:4d:1f:df:e3:6d:2d:c9:c0:ef:8a:32:56:3a:be:
c3:08:07:1b:03:11:57:53:cd:bb:a9:12:e2:16:00:
74:56:4f:4b:5a:39:47:95:e3:40:bd:23:f5:f7:20:
26:5d:ef:5b:48:a5:a2:42:eb:a2:38:ad:22:d3:fe:
3a:e3:c1:d4:c6:41:a9:06:9b:f2:85:91:94:19:76:
1b:42:02:7d:e7:aa:96:2f:c0:a1:46:4d:c3:70:0d:
71:b3:a6:f1:be:67:0b:9c:32:95:25:2e:b8:d4:87:
25:8b:6c:a8:2c:43:8f:90:28:6c:e9:a3:bf:f1:a1:
2a:ec:73:20:11:5f:73:15:1a:73:59:12:da:7a:52:
0c:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:3E:C1:90:9D:AE:4B:C7:9A:42:2D:2D:52:84:8D:13:2D:82:FD:0B
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2D7BkJ2uS8eaQi0tUoSNEy2C_Qs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.43.65.0/24
64.43.73.0-64.43.75.255
64.43.93.0-64.43.95.255
64.43.108.0/22
64.43.116.0-64.43.123.255
77.36.61.0/24
77.36.72.0/21
109.197.236.0/22
176.96.88.0/24
176.96.90.0/23
193.36.208.0/21
Signature Algorithm: sha256WithRSAEncryption
60:96:ab:56:3d:95:53:c5:7e:3e:90:eb:17:a4:5a:08:d2:19:
14:8b:c9:2b:f5:47:20:29:88:1b:85:34:25:ca:f8:ed:53:10:
a9:e2:9c:7b:0a:92:f8:20:cb:48:49:47:0e:ed:e0:b8:a1:eb:
bb:88:e4:27:9a:c3:28:2a:28:1e:c7:5d:b2:fb:74:b5:c3:82:
23:0c:d3:8c:ee:77:58:db:9b:0c:15:0a:bf:1b:98:11:b2:0c:
87:b1:9c:69:99:ae:bb:8b:a7:8b:1d:f8:59:32:ab:20:b0:4b:
29:5e:42:1f:19:ab:12:e3:e5:b6:db:c7:b3:b7:d5:ca:60:e0:
6f:07:4c:65:25:e3:61:16:00:88:1e:d3:0e:e9:1a:6d:30:8c:
0a:9e:c6:de:65:8f:9d:50:fb:ac:9c:6e:a2:dc:4d:6e:86:1b:
0c:3c:15:4a:4c:85:82:67:59:b3:09:20:95:8c:dc:57:4c:ec:
a9:c8:4c:0b:c2:73:55:87:64:b7:3c:4a:9e:18:b6:5d:2c:bd:
99:aa:62:d9:f0:02:ec:76:79:10:70:d7:78:f0:8c:b9:7c:40:
a9:74:49:dd:d7:bd:b3:00:44:3b:ba:de:1b:18:80:20:3d:d5:
40:90:b9:fa:d4:9d:f8:4e:da:60:20:87:7c:d2:2b:f7:2f:d5:
7e:ee:9d:f9
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZnfW3pgl9ILZImxYLtQ2XRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDEzMjA1NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNlYzE5MDlkYWU0YmM3OWE0MjJkMmQ1Mjg0OGQxMzJkODJmZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZabrFG4spRQdFPp1Y42yAHOHmcb
GVGg7QrDATblb+t3jj2hEM+pRgY2oD8R5V37fDQiYMH4kzYNbiOsgS8HXIDv3Duu
JQwVYHlpAsjmz7qnHus+3xGNZBhF/h71TD8011vEAkcbcPaGSZ6aAkfBpdhe68EZ
XP6+TR/f420tycDvijJWOr7DCAcbAxFXU827qRLiFgB0Vk9LWjlHleNAvSP19yAm
Xe9bSKWiQuuiOK0i0/4648HUxkGpBpvyhZGUGXYbQgJ956qWL8ChRk3DcA1xs6bx
vmcLnDKVJS641Icli2yoLEOPkChs6aO/8aEq7HMgEV9zFRpzWRLaelIM7QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFNg+wZCdrkvHmkItLVKEjRMtgv0LMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvMkQ3QmtKMnVTOGVhUWkwdFVvU05FeTJDX1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAQCtBMAwD
BABAK0kDBAJAK0gwDAMEAEArXQMEBUArQAMEAkArbDAMAwQCQCt0AwQCQCt4AwQA
TSQ9AwQDTSRIAwQCbcXsAwQAsGBYAwQBsGBaAwQDwSTQMA0GCSqGSIb3DQEBCwUA
A4IBAQBglqtWPZVTxX4+kOsXpFoI0hkUi8kr9UcgKYgbhTQlyvjtUxCp4px7CpL4
IMtISUcO7eC4oeu7iOQnmsMoKigex12y+3S1w4IjDNOM7ndY25sMFQq/G5gRsgyH
sZxpma67i6eLHfhZMqsgsEspXkIfGasS4+W228ezt9XKYOBvB0xlJeNhFgCIHtMO
6RptMIwKnsbeZY+dUPusnG6i3E1uhhsMPBVKTIWCZ1mzCSCVjNxXTOypyEwLwnNV
h2S3PEqeGLZdLL2ZqmLZ8ALsdnkQcNd48Iy5fECpdEnd172zAEQ7ut4bGIAgPdVA
kLn61J34TtpgIId80iv3L9V+7p35
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:35 2025 by rpki-client