Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/3zqfORCdmAQhCBJ7wuytTgGzZpo.roa
File: 3zqfORCdmAQhCBJ7wuytTgGzZpo.roa (raw, json)
Hash identifier: +GYcuS49a0taqSXWJ2e7eMKTOj5Srw2BrzQEPcEzHkQ=
Subject key identifier: DF:3A:9F:39:10:9D:98:04:21:08:12:7B:C2:EC:AD:4E:01:B3:66:9A
Certificate issuer: /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial: 01999B6E538940E5802F4979CBD4B81840F4
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/3zqfORCdmAQhCBJ7wuytTgGzZpo.roa
Signing time: Tue 30 Sep 2025 16:22:02 +0000
ROA not before: Tue 30 Sep 2025 16:22:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29119
IP address blocks: 43.251.0.0/22 maxlen: 22
45.6.44.0/22 maxlen: 22
45.120.220.0/22 maxlen: 22
62.106.67.0/24 maxlen: 24
83.143.168.0/21 maxlen: 21
93.95.16.0/21 maxlen: 21
103.85.32.0/22 maxlen: 22
103.228.128.0/22 maxlen: 22
128.0.40.0/24 maxlen: 24
202.58.108.0/22 maxlen: 22
212.86.96.0/24 maxlen: 24
212.86.98.0/24 maxlen: 24
212.86.106.0/24 maxlen: 24
212.118.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9b:6e:53:89:40:e5:80:2f:49:79:cb:d4:b8:18:40:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Validity
Not Before: Sep 30 16:22:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df3a9f39109d98042108127bc2ecad4e01b3669a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:e7:39:0c:8f:ba:31:d3:38:1c:30:2e:28:2b:
b2:17:50:1a:85:dc:46:54:e7:1b:14:89:1d:55:b4:
f3:16:10:74:89:e9:05:d8:87:54:cb:8f:ef:aa:d4:
d9:ba:05:a2:71:a6:86:0e:87:bf:ee:9d:7c:21:59:
d0:a8:17:c0:c4:0c:98:a0:cc:87:67:b9:60:da:ec:
b1:47:f5:d0:be:a7:e5:71:52:1e:da:2d:7d:d2:66:
a9:30:4e:b5:3e:18:5e:9e:c8:05:72:8b:25:11:da:
97:65:e4:8f:97:0b:4c:7b:f2:ac:79:1f:39:1f:4c:
82:09:fd:ed:d6:1e:1d:c8:8b:78:a4:b4:45:03:0a:
74:6f:c1:96:46:6d:08:f3:63:39:eb:b4:e8:7d:22:
f6:87:e4:52:96:74:47:b7:62:d2:dd:40:0f:a2:00:
5c:a8:7c:44:81:7b:f3:4c:24:75:67:8e:20:cd:ba:
24:f7:8e:95:10:32:bf:a4:7e:ce:16:19:3a:d7:70:
89:4d:ba:db:8e:83:d2:e5:39:15:93:39:8e:86:11:
ff:7e:38:5d:58:30:aa:52:c7:36:a3:63:77:ba:23:
73:60:20:49:08:55:58:c2:b2:3f:5d:14:03:5b:d1:
a9:28:e0:87:2d:20:89:f1:85:de:55:08:63:f6:63:
00:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:3A:9F:39:10:9D:98:04:21:08:12:7B:C2:EC:AD:4E:01:B3:66:9A
X509v3 Authority Key Identifier:
keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/3zqfORCdmAQhCBJ7wuytTgGzZpo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.251.0.0/22
45.6.44.0/22
45.120.220.0/22
62.106.67.0/24
83.143.168.0/21
93.95.16.0/21
103.85.32.0/22
103.228.128.0/22
128.0.40.0/24
202.58.108.0/22
212.86.96.0/24
212.86.98.0/24
212.86.106.0/24
212.118.61.0/24
Signature Algorithm: sha256WithRSAEncryption
a7:32:56:ed:c6:5a:ec:b3:9a:12:92:21:48:6c:03:ef:b4:20:
a8:8d:79:42:73:8b:94:1c:f3:28:ef:33:82:ad:96:d7:93:e6:
b0:72:21:05:1d:23:86:ef:f4:66:b0:54:f2:13:0e:11:ce:0c:
e7:85:2c:1d:6b:39:c3:79:f5:a1:93:4f:83:fa:5e:e4:40:e7:
ed:1c:5f:35:a0:67:09:1b:01:e1:f4:63:43:2a:39:f0:f9:8a:
ee:a3:af:01:08:dc:01:55:8c:9e:60:c9:4d:4b:85:3f:c5:66:
8a:40:b2:28:b1:aa:ff:43:dc:c5:42:1a:c2:92:11:df:2c:78:
c4:5f:27:5c:b7:8a:fd:5e:22:3a:2e:33:2d:7d:ac:7b:04:c9:
ba:07:ac:d1:e4:a4:5c:7c:fd:7d:98:46:70:ab:23:14:9f:bc:
5e:ea:c5:c4:b3:4f:c5:82:98:26:de:db:a9:b0:2a:0b:ea:09:
23:9a:76:73:76:67:a1:22:ca:5b:f3:61:cf:61:9e:94:a2:89:
1f:08:7e:e8:dd:8f:5e:ad:f2:eb:e1:0e:ee:83:2e:a8:08:20:
da:0f:d8:23:7a:13:b5:d5:7e:1e:0b:53:25:99:f4:32:11:fb:
ed:ba:5f:29:2d:e5:d9:58:f4:5d:43:36:2e:a0:a5:93:5a:04:
19:c8:d4:48
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZmbblOJQOWAL0l5y9S4GED0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjUwOTMwMTYyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjNhOWYzOTEwOWQ5ODA0MjEwODEyN2JjMmVjYWQ0ZTAxYjM2NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoec5DI+6MdM4HDAuKCuyF1AahdxG
VOcbFIkdVbTzFhB0iekF2IdUy4/vqtTZugWicaaGDoe/7p18IVnQqBfAxAyYoMyH
Z7lg2uyxR/XQvqflcVIe2i190mapME61PhhensgFcoslEdqXZeSPlwtMe/KseR85
H0yCCf3t1h4dyIt4pLRFAwp0b8GWRm0I82M567TofSL2h+RSlnRHt2LS3UAPogBc
qHxEgXvzTCR1Z44gzbok946VEDK/pH7OFhk613CJTbrbjoPS5TkVkzmOhhH/fjhd
WDCqUsc2o2N3uiNzYCBJCFVYwrI/XRQDW9GpKOCHLSCJ8YXeVQhj9mMAdwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFN86nzkQnZgEIQgSe8LsrU4Bs2aaMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvM3pxZk9SQ2RtQVFoQ0JKN3d1eXRUZ0d6WnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCK/sAAwQC
LQYsAwQCLXjcAwQAPmpDAwQDU4+oAwQDXV8QAwQCZ1UgAwQCZ+SAAwQAgAAoAwQC
yjpsAwQA1FZgAwQA1FZiAwQA1FZqAwQA1HY9MA0GCSqGSIb3DQEBCwUAA4IBAQCn
Mlbtxlrss5oSkiFIbAPvtCCojXlCc4uUHPMo7zOCrZbXk+awciEFHSOG7/RmsFTy
Ew4RzgznhSwdaznDefWhk0+D+l7kQOftHF81oGcJGwHh9GNDKjnw+Yruo68BCNwB
VYyeYMlNS4U/xWaKQLIosar/Q9zFQhrCkhHfLHjEXydct4r9XiI6LjMtfax7BMm6
B6zR5KRcfP19mEZwqyMUn7xe6sXEs0/Fgpgm3tupsCoL6gkjmnZzdmehIspb82HP
YZ6UookfCH7o3Y9erfLr4Q7ugy6oCCDaD9gjehO11X4eC1MlmfQyEfvtul8pLeXZ
WPRdQzYuoKWTWgQZyNRI
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:08:58 2025 by rpki-client