Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/dKiiYEuCprC3AOoAMLpWRXhcGBQ.roa
File: dKiiYEuCprC3AOoAMLpWRXhcGBQ.roa (raw, json)
Hash identifier: 0WP2E0pAfFrtZraTWqyuvItd/X3MNJyZXv47/Gpv9Z8=
Subject key identifier: 74:A8:A2:60:4B:82:A6:B0:B7:00:EA:00:30:BA:56:45:78:5C:18:14
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 0199CE73C898F4BDFD9282FFAA4496543EBF
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/dKiiYEuCprC3AOoAMLpWRXhcGBQ.roa
Signing time: Fri 10 Oct 2025 14:08:38 +0000
ROA not before: Fri 10 Oct 2025 14:08:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 32787
IP address blocks: 2.17.108.0/22 maxlen: 22
2.17.120.0/22 maxlen: 22
2.17.192.0/22 maxlen: 22
2.17.192.0/24 maxlen: 24
2.17.193.0/24 maxlen: 24
2.17.194.0/24 maxlen: 24
2.17.195.0/24 maxlen: 24
2.18.212.0/22 maxlen: 22
2.19.4.0/22 maxlen: 22
2.21.112.0/24 maxlen: 24
2.21.113.0/24 maxlen: 24
2.21.114.0/24 maxlen: 24
2.21.115.0/24 maxlen: 24
2.21.116.0/24 maxlen: 24
2.21.117.0/24 maxlen: 24
2.21.118.0/24 maxlen: 24
2.21.119.0/24 maxlen: 24
2.21.120.0/24 maxlen: 24
2.21.121.0/24 maxlen: 24
2.21.123.0/24 maxlen: 24
2.21.124.0/24 maxlen: 24
2.21.125.0/24 maxlen: 24
2.21.126.0/24 maxlen: 24
2.21.127.0/24 maxlen: 24
2.21.175.0/24 maxlen: 24
2.23.128.0/23 maxlen: 23
2.23.130.0/23 maxlen: 23
2.23.132.0/23 maxlen: 23
2.23.135.0/24 maxlen: 24
92.122.184.0/24 maxlen: 24
92.122.185.0/24 maxlen: 24
92.122.207.0/24 maxlen: 24
93.191.168.0/24 maxlen: 24
93.191.169.0/24 maxlen: 24
93.191.172.0/24 maxlen: 24
95.100.157.0/24 maxlen: 24
95.100.180.0/24 maxlen: 24
95.100.212.0/24 maxlen: 24
95.100.213.0/24 maxlen: 24
95.100.214.0/24 maxlen: 24
95.100.215.0/24 maxlen: 24
95.100.253.0/24 maxlen: 24
95.101.117.0/24 maxlen: 24
95.101.118.0/24 maxlen: 24
95.101.204.0/22 maxlen: 22
2a02:2370:1::/48 maxlen: 48
2a02:2370:2::/48 maxlen: 48
2a02:2370:3::/48 maxlen: 48
2a02:2370:4::/48 maxlen: 48
2a02:2370:5::/48 maxlen: 48
2a02:2370:6::/48 maxlen: 48
2a02:2370:101::/48 maxlen: 48
2a02:2370:102::/48 maxlen: 48
2a02:2370:103::/48 maxlen: 48
2a02:2370:104::/48 maxlen: 48
2a02:2370:105::/48 maxlen: 48
2a02:2370:106::/48 maxlen: 48
2a02:2370:200::/48 maxlen: 48
2a02:2370:201::/48 maxlen: 48
2a02:2370:202::/48 maxlen: 48
2a02:2370:203::/48 maxlen: 48
2a02:2370:204::/48 maxlen: 48
2a02:2370:205::/48 maxlen: 48
2a02:2370:206::/48 maxlen: 48
2a02:2370:207::/48 maxlen: 48
2a02:2370:208::/48 maxlen: 48
2a02:2370:209::/48 maxlen: 48
2a02:2370:20a::/48 maxlen: 48
2a02:2370:20b::/48 maxlen: 48
2a02:2370:20c::/48 maxlen: 48
2a02:2370:4000::/48 maxlen: 48
2a02:2370:8000::/48 maxlen: 48
2a02:2370:c000::/48 maxlen: 48
2a02:2370:f000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 05:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:73:c8:98:f4:bd:fd:92:82:ff:aa:44:96:54:3e:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Oct 10 14:08:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=74a8a2604b82a6b0b700ea0030ba5645785c1814
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:29:d6:dd:71:2e:42:c4:6a:c3:0e:4b:52:1a:
e6:d7:ca:5a:45:d8:78:3e:c3:1b:c3:2c:42:cf:36:
6f:5e:03:e5:98:6c:fd:fc:75:02:0e:6c:13:aa:3b:
1f:4d:5e:1c:4f:fa:ea:59:cb:a3:2b:9f:93:23:52:
e7:ee:5e:ed:a7:19:64:1a:3b:93:f3:93:49:c2:61:
2d:7d:8e:5a:30:d2:40:18:ed:b1:13:a1:08:c7:1a:
fc:21:8f:45:90:54:7c:bc:4b:10:bc:4a:0c:09:bc:
f7:69:ad:68:35:1d:c5:71:59:d3:16:09:f6:9f:df:
40:6d:96:f9:5a:b2:e7:17:c5:2e:49:a2:bb:62:31:
e2:b5:56:35:fa:43:bd:f5:74:29:9d:78:f6:42:ed:
b3:11:bd:52:eb:e5:e6:ab:37:38:75:e6:bf:c9:42:
e5:51:1e:10:f4:cf:e5:00:1c:be:9a:14:f0:84:4c:
0e:7f:43:f1:0f:c5:f5:33:39:fe:73:1c:be:f5:c1:
7c:12:3c:78:05:55:dd:ec:94:4b:0a:c5:40:1a:ef:
1c:9b:3c:ba:c4:3e:27:bd:b6:6a:fe:cc:24:86:56:
c6:82:d1:0a:a9:c5:f0:a5:0b:d1:b3:e0:61:c3:9f:
a4:37:20:f0:df:4b:e5:25:80:85:97:bd:2c:46:3f:
dd:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:A8:A2:60:4B:82:A6:B0:B7:00:EA:00:30:BA:56:45:78:5C:18:14
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/dKiiYEuCprC3AOoAMLpWRXhcGBQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.17.108.0/22
2.17.120.0/22
2.17.192.0/22
2.18.212.0/22
2.19.4.0/22
2.21.112.0-2.21.121.255
2.21.123.0-2.21.127.255
2.21.175.0/24
2.23.128.0-2.23.133.255
2.23.135.0/24
92.122.184.0/23
92.122.207.0/24
93.191.168.0/23
93.191.172.0/24
95.100.157.0/24
95.100.180.0/24
95.100.212.0/22
95.100.253.0/24
95.101.117.0-95.101.118.255
95.101.204.0/22
IPv6:
2a02:2370:1::-2a02:2370:6:ffff:ffff:ffff:ffff:ffff
2a02:2370:101::-2a02:2370:106:ffff:ffff:ffff:ffff:ffff
2a02:2370:200::-2a02:2370:20c:ffff:ffff:ffff:ffff:ffff
2a02:2370:4000::/48
2a02:2370:8000::/48
2a02:2370:c000::/48
2a02:2370:f000::/48
Signature Algorithm: sha256WithRSAEncryption
69:e9:5c:cc:0e:2e:94:ed:44:47:ed:7e:f9:ee:e4:60:65:b8:
da:02:10:d8:49:22:be:71:b1:44:f7:54:7d:80:f1:f6:02:7b:
86:b1:1d:7a:f4:8b:7b:50:0e:98:c0:9c:63:3e:81:77:8e:41:
43:86:01:8a:e1:67:67:5b:0f:e4:71:da:cd:b1:de:20:d5:b5:
a3:25:0c:69:7e:40:85:70:e7:4a:18:94:58:a9:01:47:61:ad:
66:63:a1:ee:ee:46:71:45:c9:df:62:20:5b:37:d4:c9:5d:a8:
60:bb:34:52:a2:6b:ce:03:21:16:86:46:33:c4:b7:4f:4c:52:
cc:a2:d8:66:61:9d:7a:bf:7c:dd:07:39:5a:7d:5b:81:2c:25:
d6:fa:27:5e:46:2e:23:db:55:eb:dd:53:6d:60:2d:b9:9d:65:
9d:73:5c:71:ce:7f:6c:fe:1d:f9:29:2c:1f:70:2f:2b:cc:cb:
ff:5b:fe:84:24:9b:a3:07:fb:8c:2c:72:1b:8a:44:4b:0e:7a:
89:38:4e:a2:a0:b6:fd:ee:7b:5d:c3:49:d2:e5:70:59:b2:d4:
61:40:4f:d8:69:62:1e:2b:0d:5c:11:3c:80:85:79:d1:c0:40:
e4:46:f9:d4:68:e2:ff:63:dc:1e:02:d8:fb:bd:1c:b6:3d:42:
3b:01:66:05
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISAZnOc8iY9L39koL/qkSWVD6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUxMDEwMTQwODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGE4YTI2MDRiODJhNmIwYjcwMGVhMDAzMGJhNTY0NTc4NWMxODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwynW3XEuQsRqww5LUhrm18paRdh4
PsMbwyxCzzZvXgPlmGz9/HUCDmwTqjsfTV4cT/rqWcujK5+TI1Ln7l7tpxlkGjuT
85NJwmEtfY5aMNJAGO2xE6EIxxr8IY9FkFR8vEsQvEoMCbz3aa1oNR3FcVnTFgn2
n99AbZb5WrLnF8UuSaK7YjHitVY1+kO99XQpnXj2Qu2zEb1S6+Xmqzc4dea/yULl
UR4Q9M/lABy+mhTwhEwOf0PxD8X1Mzn+cxy+9cF8Ejx4BVXd7JRLCsVAGu8cmzy6
xD4nvbZq/swkhlbGgtEKqcXwpQvRs+Bhw5+kNyDw30vlJYCFl70sRj/dNwIDAQAB
o4IDCjCCAwYwHQYDVR0OBBYEFHSoomBLgqawtwDqADC6VkV4XBgUMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvZEtpaVlFdUNwckMzQU9vQU1McFdSWGhjR0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHgYIKwYBBQUHAQcBAf8EggENMIIBCTCBnwQCAAEwgZgD
BAICEWwDBAICEXgDBAICEcADBAICEtQDBAICEwQwDAMEBAIVcAMEAQIVeDAMAwQA
AhV7AwQHAhUAAwQAAhWvMAwDBAcCF4ADBAECF4QDBAACF4cDBAFcergDBABces8D
BAFdv6gDBABdv6wDBABfZJ0DBABfZLQDBAJfZNQDBABfZP0wDAMEAF9ldQMEAF9l
dgMEAl9lzDBlBAIAAjBfMBIDBwAqAiNwAAEDBwAqAiNwAAYwEgMHACoCI3ABAQMH
ACoCI3ABBjARAwYBKgIjcAIDBwAqAiNwAgwDBwAqAiNwQAADBwAqAiNwgAADBwAq
AiNwwAADBwAqAiNw8AAwDQYJKoZIhvcNAQELBQADggEBAGnpXMwOLpTtREftfvnu
5GBluNoCENhJIr5xsUT3VH2A8fYCe4axHXr0i3tQDpjAnGM+gXeOQUOGAYrhZ2db
D+Rx2s2x3iDVtaMlDGl+QIVw50oYlFipAUdhrWZjoe7uRnFFyd9iIFs31MldqGC7
NFKia84DIRaGRjPEt09MUsyi2GZhnXq/fN0HOVp9W4EsJdb6J15GLiPbVevdU21g
LbmdZZ1zXHHOf2z+HfkpLB9wLyvMy/9b/oQkm6MH+4wschuKREsOeok4TqKgtv3u
e13DSdLlcFmy1GFAT9hpYh4rDVwRPICFedHAQORG+dRo4v9j3B4C2Pu9HLY9QjsB
ZgU=
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:24 2025 by rpki-client