Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/aKI4K4s2w_a8uyDN7S7H6E1pZk0.roa
File: aKI4K4s2w_a8uyDN7S7H6E1pZk0.roa (raw, json)
Hash identifier: FsEPXU+SsEkYqv+c2yVXywYULp4eiT19GoSHc/aS2BA=
Subject key identifier: 68:A2:38:2B:8B:36:C3:F6:BC:BB:20:CD:ED:2E:C7:E8:4D:69:66:4D
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 0199C2893D8EDCD2F542DB09CFD6CB9A64B4
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/aKI4K4s2w_a8uyDN7S7H6E1pZk0.roa
Signing time: Wed 08 Oct 2025 06:36:38 +0000
ROA not before: Wed 08 Oct 2025 06:36:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24589
IP address blocks: 31.42.80.0/20 maxlen: 20
83.243.88.0/21 maxlen: 21
84.38.136.0/21 maxlen: 21
87.99.64.0/19 maxlen: 19
87.99.64.0/24 maxlen: 24
87.99.65.0/24 maxlen: 24
87.99.66.0/24 maxlen: 24
87.99.67.0/24 maxlen: 24
87.99.95.0/24 maxlen: 24
88.135.128.0/19 maxlen: 19
91.90.224.0/19 maxlen: 29
91.90.225.0/24 maxlen: 24
91.90.230.0/24 maxlen: 24
91.90.231.0/24 maxlen: 24
91.90.236.0/24 maxlen: 24
91.90.237.0/25 maxlen: 25
91.90.238.0/24 maxlen: 24
91.90.252.64/29 maxlen: 29
91.90.255.0/24 maxlen: 24
91.233.214.0/23 maxlen: 23
109.197.208.0/21 maxlen: 21
109.197.208.0/24 maxlen: 24
109.229.192.0/19 maxlen: 19
171.25.218.0/23 maxlen: 23
176.103.176.0/22 maxlen: 22
176.103.184.0/24 maxlen: 24
176.106.48.0/20 maxlen: 20
176.106.100.0/23 maxlen: 23
176.106.160.0/20 maxlen: 20
176.106.176.0/21 maxlen: 21
185.47.10.0/24 maxlen: 24
185.47.11.0/24 maxlen: 24
193.111.244.0/22 maxlen: 22
193.238.212.0/22 maxlen: 22
193.238.212.128/25 maxlen: 25
193.238.216.0/21 maxlen: 21
194.9.212.0/22 maxlen: 22
194.9.212.0/24 maxlen: 24
195.69.88.0/22 maxlen: 22
213.110.64.0/23 maxlen: 23
213.110.76.0/22 maxlen: 22
213.110.80.0/20 maxlen: 20
2a01:8ca0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c2:89:3d:8e:dc:d2:f5:42:db:09:cf:d6:cb:9a:64:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: Oct 8 06:36:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68a2382b8b36c3f6bcbb20cded2ec7e84d69664d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:a6:fb:66:8b:63:2d:be:79:03:21:82:8f:4d:
54:d6:07:00:e8:7b:2b:bc:02:26:4a:e7:53:b8:47:
a6:ab:91:35:88:12:9c:a0:aa:09:9b:6b:14:da:fe:
c6:b8:ee:7d:7d:e8:2c:eb:73:85:fd:39:1e:09:86:
ba:17:09:88:eb:3d:48:4e:7d:6d:27:f8:03:85:a6:
f1:03:1c:1a:e5:7c:08:8c:e1:0f:c5:b6:79:3e:dc:
bd:fa:70:bd:31:ea:05:b1:71:3d:8e:d0:75:2e:ce:
d8:87:8f:5a:ab:52:ac:9b:4f:8e:c4:2b:a4:82:d9:
53:18:a5:48:bd:91:db:fb:bb:f5:56:dc:10:1f:eb:
33:e2:a5:0f:94:df:f5:b1:c4:0e:2c:88:27:5a:62:
3e:65:ab:25:7f:20:93:25:c6:ca:6d:03:f4:8d:50:
1f:bf:32:6f:7d:4f:a8:98:62:23:35:72:c0:28:8b:
a1:19:9c:bb:92:59:00:89:1d:9a:59:91:55:7b:71:
4b:75:82:c0:bd:92:a5:4a:1b:60:71:ec:db:65:99:
11:b2:4f:d8:5d:61:fa:ee:fa:9d:03:66:cb:5b:8f:
08:d5:9e:ea:54:54:3c:96:9d:bd:e5:30:46:eb:71:
c9:aa:3a:d4:f6:49:14:59:35:2a:06:18:23:fb:db:
57:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:A2:38:2B:8B:36:C3:F6:BC:BB:20:CD:ED:2E:C7:E8:4D:69:66:4D
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/aKI4K4s2w_a8uyDN7S7H6E1pZk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.80.0/20
83.243.88.0/21
84.38.136.0/21
87.99.64.0/19
88.135.128.0/19
91.90.224.0/19
91.233.214.0/23
109.197.208.0/21
109.229.192.0/19
171.25.218.0/23
176.103.176.0/22
176.103.184.0/24
176.106.48.0/20
176.106.100.0/23
176.106.160.0-176.106.183.255
185.47.10.0/23
193.111.244.0/22
193.238.212.0-193.238.223.255
194.9.212.0/22
195.69.88.0/22
213.110.64.0/23
213.110.76.0-213.110.95.255
IPv6:
2a01:8ca0::/32
Signature Algorithm: sha256WithRSAEncryption
36:a2:39:95:b6:eb:92:6f:38:64:67:d0:b4:29:d8:f3:92:b1:
be:fa:7b:20:2b:30:27:9a:d4:57:ca:96:a6:d1:82:bf:79:48:
3e:e7:6b:e4:c5:b0:47:e5:f1:34:56:ab:0b:91:a6:d2:94:c0:
78:83:6d:54:c3:9e:42:28:fa:98:8b:b1:01:1d:fe:0d:5d:34:
fe:c2:1a:36:80:a4:b8:2d:b2:be:39:cf:30:2d:9d:8e:bc:25:
9d:04:e0:46:4e:db:de:91:33:68:90:5b:8c:fe:50:0a:db:18:
a9:44:b0:51:3c:35:a3:21:31:ca:5d:70:ea:ed:4f:80:0b:da:
0e:31:c1:60:ec:36:a9:e9:db:f8:81:88:f5:31:03:87:32:f0:
04:63:89:85:e4:7a:74:b4:df:1e:d3:c6:ea:ca:eb:80:98:ac:
a5:11:18:dc:60:26:f2:8a:0c:f6:90:df:de:f8:91:65:d3:2d:
6f:43:1e:db:76:f7:df:11:9d:29:9a:ac:28:e4:e0:c5:78:92:
21:5d:8b:8a:68:c7:30:2f:d8:88:89:85:0a:81:43:73:a5:0c:
8c:72:14:82:26:5b:75:9f:b2:9d:70:b1:bd:b0:30:81:5d:c9:
e3:0c:eb:20:22:eb:ad:ee:a6:ae:5d:2e:19:72:85:70:3d:df:
07:a5:2d:6e
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgISAZnCiT2O3NL1QtsJz9bLmmS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUxMDA4MDYzNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEyMzgyYjhiMzZjM2Y2YmNiYjIwY2RlZDJlYzdlODRkNjk2NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qb7ZotjLb55AyGCj01U1gcA6Hsr
vAImSudTuEemq5E1iBKcoKoJm2sU2v7GuO59fegs63OF/TkeCYa6FwmI6z1ITn1t
J/gDhabxAxwa5XwIjOEPxbZ5Pty9+nC9MeoFsXE9jtB1Ls7Yh49aq1Ksm0+OxCuk
gtlTGKVIvZHb+7v1VtwQH+sz4qUPlN/1scQOLIgnWmI+ZaslfyCTJcbKbQP0jVAf
vzJvfU+omGIjNXLAKIuhGZy7klkAiR2aWZFVe3FLdYLAvZKlShtgcezbZZkRsk/Y
XWH67vqdA2bLW48I1Z7qVFQ8lp295TBG63HJqjrU9kkUWTUqBhgj+9tXJwIDAQAB
o4ICszCCAq8wHQYDVR0OBBYEFGiiOCuLNsP2vLsgze0ux+hNaWZNMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvYUtJNEs0czJ3X2E4dXlETjdTN0g2RTFwWmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHIBggrBgEFBQcBBwEB/wSBuDCBtTCBowQCAAEwgZwDBAQf
KlADBANT81gDBANUJogDBAVXY0ADBAVYh4ADBAVbWuADBAFb6dYDBANtxdADBAVt
5cADBAGrGdoDBAKwZ7ADBACwZ7gDBASwajADBAGwamQwDAMEBbBqoAMEA7BqsAME
AbkvCgMEAsFv9DAMAwQCwe7UAwQFwe7AAwQCwgnUAwQCw0VYAwQB1W5AMAwDBALV
bkwDBAXVbkAwDQQCAAIwBwMFACoBjKAwDQYJKoZIhvcNAQELBQADggEBADaiOZW2
65JvOGRn0LQp2POSsb76eyArMCea1FfKlqbRgr95SD7na+TFsEfl8TRWqwuRptKU
wHiDbVTDnkIo+piLsQEd/g1dNP7CGjaApLgtsr45zzAtnY68JZ0E4EZO296RM2iQ
W4z+UArbGKlEsFE8NaMhMcpdcOrtT4AL2g4xwWDsNqnp2/iBiPUxA4cy8ARjiYXk
enS03x7TxurK64CYrKURGNxgJvKKDPaQ3974kWXTLW9DHtt2998RnSmarCjk4MV4
kiFdi4poxzAv2IiJhQqBQ3OlDIxyFIImW3Wfsp1wsb2wMIFdyeMM6yAi663upq5d
LhlyhXA93welLW4=
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:14:57 2025 by rpki-client