Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/bbqQj4K9oCtb9vHzZ0O_Q_z4tG0.roa
File: bbqQj4K9oCtb9vHzZ0O_Q_z4tG0.roa (raw, json)
Hash identifier: bjeA27ehP6hHKbOMaqdRjm7JjAyOX+742VV9v2kh3Lo=
Subject key identifier: 6D:BA:90:8F:82:BD:A0:2B:5B:F6:F1:F3:67:43:BF:43:FC:F8:B4:6D
Certificate issuer: /CN=1913cb4856821d14cd2e0b767c2931a22c154e7c
Certificate serial: 0199305E7B6C9AD389107327331E4ED3F166
Authority key identifier: 19:13:CB:48:56:82:1D:14:CD:2E:0B:76:7C:29:31:A2:2C:15:4E:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/bbqQj4K9oCtb9vHzZ0O_Q_z4tG0.roa
Signing time: Tue 09 Sep 2025 21:25:22 +0000
ROA not before: Tue 09 Sep 2025 21:25:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202246
IP address blocks: 109.68.128.0/21 maxlen: 21
109.204.176.0/20 maxlen: 20
109.204.176.0/22 maxlen: 22
109.204.180.0/23 maxlen: 23
109.204.184.0/22 maxlen: 22
109.204.188.0/23 maxlen: 23
171.22.241.0/24 maxlen: 24
178.22.16.0/21 maxlen: 21
185.25.200.0/22 maxlen: 24
185.128.16.0/22 maxlen: 22
2a10:a5c0::/29 maxlen: 29
2a10:a5c0::/32 maxlen: 32
2a10:a5c0::/36 maxlen: 36
2a10:a5c0:1000::/36 maxlen: 36
2a10:a5c0:4000::/36 maxlen: 36
2a10:a5c0:5000::/36 maxlen: 36
2a10:a5c0:8000::/36 maxlen: 36
2a10:a5c0:9000::/36 maxlen: 36
2a10:a5c0:c000::/36 maxlen: 36
2a10:a5c0:d000::/36 maxlen: 36
2a10:a5c1::/32 maxlen: 32
2a10:a5c2::/32 maxlen: 32
2a10:a5c3::/32 maxlen: 32
2a10:a5c4::/32 maxlen: 32
2a10:a5c5::/32 maxlen: 32
2a10:a5c6::/32 maxlen: 32
2a10:a5c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.mft
rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:30:5e:7b:6c:9a:d3:89:10:73:27:33:1e:4e:d3:f1:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1913cb4856821d14cd2e0b767c2931a22c154e7c
Validity
Not Before: Sep 9 21:25:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6dba908f82bda02b5bf6f1f36743bf43fcf8b46d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:ff:e8:d6:3d:31:32:9d:11:3c:78:b6:b5:01:
28:9a:c6:e2:5d:26:fa:90:87:44:b0:7a:56:bd:a7:
a3:c8:31:96:8c:19:c9:a6:bf:d7:3e:b6:b0:ad:ce:
75:9c:ec:9b:ab:57:3f:09:af:e6:d8:31:ac:45:0b:
72:81:03:07:5c:d7:77:9f:ae:f3:1b:6a:19:4e:75:
0e:9a:6b:0f:44:5b:ba:90:42:e8:ac:77:4b:27:dd:
ad:51:4f:f7:b2:1d:80:5b:a0:be:1e:74:1b:5a:26:
85:9f:2f:cc:d3:1f:ab:a4:59:fa:54:b8:ee:4c:80:
ca:8c:24:8f:fd:c1:84:ae:7b:9c:ea:0c:3c:46:45:
98:53:e6:7d:e6:48:92:ba:4b:5c:10:90:d8:53:e6:
a1:75:c7:7f:af:bd:da:15:99:8e:89:b7:f3:68:31:
33:d6:91:49:d1:4c:16:94:e5:a4:50:13:be:18:cc:
74:fb:5c:b9:e2:d3:52:1a:e1:93:bf:77:19:27:be:
83:3c:42:38:2c:1e:4a:f2:a1:23:36:41:e2:b5:ea:
bb:a3:84:64:22:bc:6a:5d:0b:12:e7:c5:02:a8:68:
a9:86:5e:7a:a5:6f:36:49:bc:9f:18:e3:af:3d:01:
3f:57:f5:ea:5e:a8:2c:03:0b:80:bb:89:1a:a5:31:
3b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:BA:90:8F:82:BD:A0:2B:5B:F6:F1:F3:67:43:BF:43:FC:F8:B4:6D
X509v3 Authority Key Identifier:
keyid:19:13:CB:48:56:82:1D:14:CD:2E:0B:76:7C:29:31:A2:2C:15:4E:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/bbqQj4K9oCtb9vHzZ0O_Q_z4tG0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.68.128.0/21
109.204.176.0/20
171.22.241.0/24
178.22.16.0/21
185.25.200.0/22
185.128.16.0/22
IPv6:
2a10:a5c0::/29
Signature Algorithm: sha256WithRSAEncryption
0c:21:98:77:ec:a4:21:f6:ed:b8:2a:a4:b1:44:7d:20:63:70:
85:84:b9:b3:44:65:e8:df:06:eb:b3:eb:55:4d:ca:af:26:52:
51:d6:72:93:62:ed:e2:b0:1d:3f:06:a2:ff:d5:04:7a:61:5d:
e3:81:a0:37:86:55:6b:6b:69:eb:35:38:9d:c9:c2:fc:34:c1:
86:b5:dc:1f:4a:0c:56:8a:2b:8d:da:6f:c0:29:79:e4:b0:43:
7e:d3:68:64:dc:d3:03:79:cc:01:ce:69:4f:04:c7:1e:3e:14:
dc:c8:e9:0c:94:0c:42:eb:4d:dd:bd:9e:c5:a5:b3:4c:64:a9:
f5:45:52:91:ef:49:0b:77:96:87:ff:07:ab:dc:f7:f1:e6:83:
b7:e6:88:b8:ac:fe:19:68:81:d5:b5:51:05:42:a5:00:cc:49:
33:aa:68:d3:48:13:07:42:08:05:45:0b:2c:bc:c3:c8:03:b2:
54:67:79:ad:43:3d:7f:ab:70:89:38:51:7e:09:4b:20:3f:58:
54:a2:7f:f1:0b:9f:75:6e:56:0b:f1:f8:b5:39:1e:c3:5c:bc:
df:3d:c7:9e:e4:0d:11:b3:2d:ea:6e:39:09:d0:79:cb:3e:93:
47:51:c6:b5:72:0e:5d:da:7c:63:3f:3d:56:e3:d5:a4:ae:4c:
c6:44:50:15
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZkwXntsmtOJEHMnMx5O0/FmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MTNjYjQ4NTY4MjFkMTRjZDJlMGI3NjdjMjkzMWEyMmMx
NTRlN2MwHhcNMjUwOTA5MjEyNTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJhOTA4ZjgyYmRhMDJiNWJmNmYxZjM2NzQzYmY0M2ZjZjhiNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP/o1j0xMp0RPHi2tQEomsbiXSb6
kIdEsHpWvaejyDGWjBnJpr/XPrawrc51nOybq1c/Ca/m2DGsRQtygQMHXNd3n67z
G2oZTnUOmmsPRFu6kELorHdLJ92tUU/3sh2AW6C+HnQbWiaFny/M0x+rpFn6VLju
TIDKjCSP/cGErnuc6gw8RkWYU+Z95kiSuktcEJDYU+ahdcd/r73aFZmOibfzaDEz
1pFJ0UwWlOWkUBO+GMx0+1y54tNSGuGTv3cZJ76DPEI4LB5K8qEjNkHiteq7o4Rk
IrxqXQsS58UCqGiphl56pW82SbyfGOOvPQE/V/XqXqgsAwuAu4kapTE7SQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFG26kI+CvaArW/bx82dDv0P8+LRtMB8GA1UdIwQY
MBaAFBkTy0hWgh0UzS4LdnwpMaIsFU58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JQTFNGYUNIUlROTGd0MmZDa3hvaXdWVG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xOTc3ZGUtMWRmNC00MDRjLTlkYTkt
MDc3OWRmMWRkNjRkLzEvYmJxUWo0SzlvQ3RiOXZIelowT19RX3o0dEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xOTc3ZGUtMWRmNC00MDRjLTlkYTktMDc3OWRmMWRkNjRk
LzEvR1JQTFNGYUNIUlROTGd0MmZDa3hvaXdWVG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDbUSAAwQE
bcywAwQAqxbxAwQDshYQAwQCuRnIAwQCuYAQMA0EAgACMAcDBQMqEKXAMA0GCSqG
SIb3DQEBCwUAA4IBAQAMIZh37KQh9u24KqSxRH0gY3CFhLmzRGXo3wbrs+tVTcqv
JlJR1nKTYu3isB0/BqL/1QR6YV3jgaA3hlVra2nrNTidycL8NMGGtdwfSgxWiiuN
2m/AKXnksEN+02hk3NMDecwBzmlPBMcePhTcyOkMlAxC603dvZ7FpbNMZKn1RVKR
70kLd5aH/wer3Pfx5oO35oi4rP4ZaIHVtVEFQqUAzEkzqmjTSBMHQggFRQssvMPI
A7JUZ3mtQz1/q3CJOFF+CUsgP1hUon/xC591blYL8fi1OR7DXLzfPcee5A0Rsy3q
bjkJ0HnLPpNHUca1cg5d2nxjPz1W49WkrkzGRFAV
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:23 2025 by rpki-client