Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/Q0MV5WVNg3BRo8QsYAayBBop-DM.roa
File: Q0MV5WVNg3BRo8QsYAayBBop-DM.roa (raw, json)
Hash identifier: bnEa91pTIGMB4ltMbz3u4zgcOdVpRmwso3iKMaHa5jg=
Subject key identifier: 43:43:15:E5:65:4D:83:70:51:A3:C4:2C:60:06:B2:04:1A:29:F8:33
Certificate issuer: /CN=b8b3d4ace735613ecbc591dffc2985f3417667d3
Certificate serial: 0199ED217D4CD417058561607ACFC7CCB61A
Authority key identifier: B8:B3:D4:AC:E7:35:61:3E:CB:C5:91:DF:FC:29:85:F3:41:76:67:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uLPUrOc1YT7LxZHf_CmF80F2Z9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/Q0MV5WVNg3BRo8QsYAayBBop-DM.roa
Signing time: Thu 16 Oct 2025 13:06:58 +0000
ROA not before: Thu 16 Oct 2025 13:06:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206075
IP address blocks: 31.41.249.0/24 maxlen: 24
91.218.20.0/24 maxlen: 24
185.153.55.0/24 maxlen: 24
188.239.191.0/24 maxlen: 24
193.36.132.0/24 maxlen: 24
2a07:e040::/32 maxlen: 32
2a07:e041::/32 maxlen: 32
2a07:e042::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/uLPUrOc1YT7LxZHf_CmF80F2Z9M.crl
rsync://rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/uLPUrOc1YT7LxZHf_CmF80F2Z9M.mft
rsync://rpki.ripe.net/repository/DEFAULT/uLPUrOc1YT7LxZHf_CmF80F2Z9M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:21:7d:4c:d4:17:05:85:61:60:7a:cf:c7:cc:b6:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b8b3d4ace735613ecbc591dffc2985f3417667d3
Validity
Not Before: Oct 16 13:06:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=434315e5654d837051a3c42c6006b2041a29f833
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:61:95:f9:b5:6e:e0:d6:b5:5a:9b:48:fc:10:
87:f8:33:6b:00:a9:00:a8:11:0c:a9:98:f8:43:10:
c0:8c:e7:fa:c5:d4:b7:bd:60:08:9f:78:18:45:26:
a4:d4:e9:60:fc:ed:fa:68:54:33:44:63:ff:b3:d1:
9b:a6:c8:12:12:6a:28:64:d6:22:de:af:86:6b:0c:
4e:f2:e7:48:e3:b6:1b:56:d0:6e:9b:69:fa:eb:3f:
42:e6:08:fc:00:ca:4d:b1:4d:4e:d8:02:a7:72:be:
9f:02:85:b2:50:f3:f8:60:61:c0:42:3d:36:ae:ef:
ed:7d:29:ca:85:db:d4:5e:11:b8:a0:f7:94:a4:1a:
a2:73:4d:6b:3f:19:52:c7:6d:e2:82:ea:97:97:ea:
7a:34:41:95:fa:2a:cb:7e:f8:7f:4a:80:b9:c0:5d:
c8:59:a7:7d:a0:c6:fe:6b:67:9c:22:21:dd:45:29:
72:63:0c:af:36:cd:fc:6c:41:24:fb:d8:02:1f:39:
a9:e4:71:b2:ef:66:d7:b9:47:48:ab:be:ab:dc:8d:
26:ce:92:10:13:c1:fa:1f:17:59:cd:d2:b9:51:94:
97:9e:5a:0f:11:de:d6:ec:6d:6b:98:43:c3:36:28:
0a:70:cd:60:45:d7:dd:78:bd:e2:c1:25:97:3a:94:
d9:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:43:15:E5:65:4D:83:70:51:A3:C4:2C:60:06:B2:04:1A:29:F8:33
X509v3 Authority Key Identifier:
keyid:B8:B3:D4:AC:E7:35:61:3E:CB:C5:91:DF:FC:29:85:F3:41:76:67:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uLPUrOc1YT7LxZHf_CmF80F2Z9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/Q0MV5WVNg3BRo8QsYAayBBop-DM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/977ff4-d3da-43f7-a93a-442cc3649bac/1/uLPUrOc1YT7LxZHf_CmF80F2Z9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.249.0/24
91.218.20.0/24
185.153.55.0/24
188.239.191.0/24
193.36.132.0/24
IPv6:
2a07:e040::-2a07:e042:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
55:e3:26:f9:34:a3:d4:1f:10:d9:0c:74:91:22:b5:9a:43:c8:
da:92:04:76:67:bc:06:7c:4d:9d:40:d4:6f:88:1b:e4:eb:06:
6c:dc:5e:ff:4f:7e:ee:45:3a:be:40:47:27:69:20:12:68:44:
38:10:e3:d0:3c:5d:b8:4f:f8:7d:f4:68:79:ab:99:9d:65:fc:
b3:89:55:ee:fc:37:55:ee:19:ed:11:66:69:5b:f2:50:9d:5f:
2e:4b:6e:5d:57:95:44:ae:67:6a:24:f8:5f:bf:99:02:42:ed:
2b:17:a1:75:51:d1:16:1e:a1:70:3e:46:16:16:f5:cc:fd:27:
6d:34:fc:ff:38:ca:01:87:76:c9:63:36:a2:90:42:8e:17:fb:
e1:89:c3:fd:7a:68:f5:e5:5b:ba:95:51:b0:a4:7c:3b:a1:c1:
47:5a:67:c3:af:e1:cd:50:db:43:e9:ce:99:ac:a5:78:28:dc:
59:57:b1:f9:db:4a:ec:9f:68:a3:93:06:32:b6:51:3f:a2:63:
8e:6c:a1:0d:38:c3:db:d0:5b:29:be:b6:d2:f8:e5:6d:6b:9d:
7c:7c:11:c1:90:b9:da:2c:13:c2:a5:aa:e3:50:50:0f:0e:87:
57:d5:b1:2c:65:f8:f5:18:74:db:e2:54:19:44:93:67:98:b5:
5e:12:25:1b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZntIX1M1BcFhWFges/HzLYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YjNkNGFjZTczNTYxM2VjYmM1OTFkZmZjMjk4NWYzNDE3
NjY3ZDMwHhcNMjUxMDE2MTMwNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQzMTVlNTY1NGQ4MzcwNTFhM2M0MmM2MDA2YjIwNDFhMjlmODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWGV+bVu4Na1WptI/BCH+DNrAKkA
qBEMqZj4QxDAjOf6xdS3vWAIn3gYRSak1Olg/O36aFQzRGP/s9GbpsgSEmooZNYi
3q+GawxO8udI47YbVtBum2n66z9C5gj8AMpNsU1O2AKncr6fAoWyUPP4YGHAQj02
ru/tfSnKhdvUXhG4oPeUpBqic01rPxlSx23iguqXl+p6NEGV+irLfvh/SoC5wF3I
Wad9oMb+a2ecIiHdRSlyYwyvNs38bEEk+9gCHzmp5HGy72bXuUdIq76r3I0mzpIQ
E8H6HxdZzdK5UZSXnloPEd7W7G1rmEPDNigKcM1gRdfdeL3iwSWXOpTZgwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFENDFeVlTYNwUaPELGAGsgQaKfgzMB8GA1UdIwQY
MBaAFLiz1KznNWE+y8WR3/wphfNBdmfTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUxQVXJPYzFZVDdMeFpIZl9DbUY4MEYyWjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85NzdmZjQtZDNkYS00M2Y3LWE5M2Et
NDQyY2MzNjQ5YmFjLzEvUTBNVjVXVk5nM0JSbzhRc1lBYXlCQm9wLURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85NzdmZjQtZDNkYS00M2Y3LWE5M2EtNDQyY2MzNjQ5YmFj
LzEvdUxQVXJPYzFZVDdMeFpIZl9DbUY4MEYyWjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQAHyn5AwQA
W9oUAwQAuZk3AwQAvO+/AwQAwSSEMBYEAgACMBAwDgMFBioH4EADBQAqB+BCMA0G
CSqGSIb3DQEBCwUAA4IBAQBV4yb5NKPUHxDZDHSRIrWaQ8jakgR2Z7wGfE2dQNRv
iBvk6wZs3F7/T37uRTq+QEcnaSASaEQ4EOPQPF24T/h99Gh5q5mdZfyziVXu/DdV
7hntEWZpW/JQnV8uS25dV5VErmdqJPhfv5kCQu0rF6F1UdEWHqFwPkYWFvXM/Sdt
NPz/OMoBh3bJYzaikEKOF/vhicP9emj15Vu6lVGwpHw7ocFHWmfDr+HNUNtD6c6Z
rKV4KNxZV7H520rsn2ijkwYytlE/omOObKENOMPb0FspvrbS+OVta518fBHBkLna
LBPCparjUFAPDodX1bEsZfj1GHTb4lQZRJNnmLVeEiUb
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:20 2025 by rpki-client