Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/BcNftQwPMoltW9ggxSfFbVdRRTs.roa
File: BcNftQwPMoltW9ggxSfFbVdRRTs.roa (raw, json)
Hash identifier: bzsxZMEffBu5FReY7gePI0ixDwk0iYrSrY+C2wAp8FU=
Subject key identifier: 05:C3:5F:B5:0C:0F:32:89:6D:5B:D8:20:C5:27:C5:6D:57:51:45:3B
Certificate issuer: /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial: 01978855F1E735C7213F8A461199C5E5CB24
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/BcNftQwPMoltW9ggxSfFbVdRRTs.roa
Signing time: Thu 19 Jun 2025 13:17:03 +0000
ROA not before: Thu 19 Jun 2025 13:17:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49685
IP address blocks: 31.3.8.0/21 maxlen: 24
31.3.96.0/21 maxlen: 24
31.223.160.0/20 maxlen: 24
37.17.208.0/20 maxlen: 24
37.34.48.0/21 maxlen: 24
37.230.96.0/21 maxlen: 24
46.226.56.0/21 maxlen: 24
78.108.128.0/20 maxlen: 24
79.170.88.0/21 maxlen: 24
80.84.224.0/19 maxlen: 24
80.246.192.0/20 maxlen: 24
80.246.207.0/24 maxlen: 24
80.255.240.0/20 maxlen: 24
81.4.64.0/19 maxlen: 24
81.4.96.0/22 maxlen: 24
81.4.112.0/21 maxlen: 24
81.21.136.0/21 maxlen: 24
81.30.32.0/20 maxlen: 24
83.96.128.0/17 maxlen: 24
85.10.160.0/19 maxlen: 24
85.10.172.0/22 maxlen: 24
85.10.176.0/22 maxlen: 24
85.158.248.0/22 maxlen: 24
85.158.252.0/23 maxlen: 24
85.222.224.0/21 maxlen: 24
89.31.96.0/21 maxlen: 24
91.142.240.0/20 maxlen: 24
91.189.208.0/22 maxlen: 24
91.205.32.0/22 maxlen: 24
91.216.162.0/24 maxlen: 24
93.191.128.0/21 maxlen: 24
94.142.208.0/21 maxlen: 24
141.138.192.0/20 maxlen: 24
141.255.176.0/22 maxlen: 24
141.255.180.0/22 maxlen: 24
171.33.128.0/21 maxlen: 24
171.33.128.0/24 maxlen: 24
176.74.224.0/19 maxlen: 24
178.18.80.0/20 maxlen: 24
185.3.208.0/22 maxlen: 24
185.15.248.0/22 maxlen: 24
185.21.188.0/22 maxlen: 24
185.65.52.0/22 maxlen: 24
185.69.232.0/22 maxlen: 24
185.84.72.0/22 maxlen: 24
185.89.152.0/22 maxlen: 24
185.95.68.0/22 maxlen: 24
185.105.204.0/22 maxlen: 24
185.105.216.0/22 maxlen: 24
185.110.172.0/22 maxlen: 24
185.110.173.0/24 maxlen: 24
185.110.200.0/22 maxlen: 24
193.93.172.0/22 maxlen: 24
193.138.204.0/22 maxlen: 24
193.242.119.0/24 maxlen: 24
194.60.207.0/24 maxlen: 24
213.187.240.0/21 maxlen: 24
217.21.240.0/20 maxlen: 24
217.149.128.0/20 maxlen: 24
2001:828::/32 maxlen: 48
2001:4cb8::/29 maxlen: 48
2001:4cb8:e::/48 maxlen: 48
2001:4cb8:40b::/48 maxlen: 48
2a00:c080::/32 maxlen: 48
2a02:348::/32 maxlen: 48
2a03:4f00::/32 maxlen: 48
2a03:5700::/32 maxlen: 48
2a05:2500::/32 maxlen: 48
2a05:a282::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.mft
rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:88:55:f1:e7:35:c7:21:3f:8a:46:11:99:c5:e5:cb:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Validity
Not Before: Jun 19 13:17:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05c35fb50c0f32896d5bd820c527c56d5751453b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:0f:bd:8a:79:15:54:af:29:73:7d:25:f7:1f:
6b:3b:2b:71:91:53:2a:4c:fd:d4:70:67:18:5e:2e:
ea:f5:63:5a:6f:e8:3f:71:24:9c:a3:00:b7:a2:a6:
4d:ad:43:fe:28:35:b5:9a:b5:69:40:ec:6a:60:49:
2d:b7:69:29:79:fc:2d:76:3d:b1:9d:d2:50:23:3a:
4f:99:34:50:36:eb:ad:97:4e:12:15:aa:d5:00:b7:
bf:98:ad:9a:17:1f:69:2d:a7:a0:e8:4d:83:23:fd:
73:73:79:3a:5a:bd:2e:5f:25:14:6d:a8:bc:c2:ed:
df:85:f3:d4:ba:3d:b6:e4:29:90:39:8c:01:e9:e7:
ce:9f:2a:1c:d3:5e:1e:35:17:62:ed:9e:3c:24:47:
4f:1b:0b:03:36:db:b8:10:9e:4c:04:aa:8b:ae:cc:
55:74:2e:4c:46:fc:2c:2d:25:30:ee:2b:6e:3c:2a:
5d:88:83:3e:84:2f:13:38:24:65:03:41:93:e2:b8:
56:fa:4b:b7:eb:d5:96:ea:1f:2c:75:34:7e:08:c5:
14:86:b8:6f:f2:9e:32:5f:86:b1:1c:08:65:77:88:
a1:8f:3f:5a:21:1d:2e:b4:20:9f:c9:44:a1:28:56:
b9:86:26:16:b5:6b:f9:bc:f0:c9:5a:35:f8:28:af:
2d:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C3:5F:B5:0C:0F:32:89:6D:5B:D8:20:C5:27:C5:6D:57:51:45:3B
X509v3 Authority Key Identifier:
keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/BcNftQwPMoltW9ggxSfFbVdRRTs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.3.8.0/21
31.3.96.0/21
31.223.160.0/20
37.17.208.0/20
37.34.48.0/21
37.230.96.0/21
46.226.56.0/21
78.108.128.0/20
79.170.88.0/21
80.84.224.0/19
80.246.192.0/20
80.255.240.0/20
81.4.64.0-81.4.99.255
81.4.112.0/21
81.21.136.0/21
81.30.32.0/20
83.96.128.0/17
85.10.160.0/19
85.158.248.0-85.158.253.255
85.222.224.0/21
89.31.96.0/21
91.142.240.0/20
91.189.208.0/22
91.205.32.0/22
91.216.162.0/24
93.191.128.0/21
94.142.208.0/21
141.138.192.0/20
141.255.176.0/21
171.33.128.0/21
176.74.224.0/19
178.18.80.0/20
185.3.208.0/22
185.15.248.0/22
185.21.188.0/22
185.65.52.0/22
185.69.232.0/22
185.84.72.0/22
185.89.152.0/22
185.95.68.0/22
185.105.204.0/22
185.105.216.0/22
185.110.172.0/22
185.110.200.0/22
193.93.172.0/22
193.138.204.0/22
193.242.119.0/24
194.60.207.0/24
213.187.240.0/21
217.21.240.0/20
217.149.128.0/20
IPv6:
2001:828::/32
2001:4cb8::/29
2a00:c080::/32
2a02:348::/32
2a03:4f00::/32
2a03:5700::/32
2a05:2500::/32
2a05:a282::/32
Signature Algorithm: sha256WithRSAEncryption
1e:a5:c7:0c:7d:26:92:c8:03:b0:a3:04:6f:63:e9:b3:60:be:
17:da:75:8f:0f:45:27:55:6f:24:b4:26:f8:ec:f8:1a:0f:ba:
2b:c6:5c:b8:91:6f:9c:48:92:ee:0e:70:63:6d:04:c3:cd:8f:
a8:f1:66:3e:7a:6b:31:8b:65:23:2e:9c:ec:9d:9e:16:ef:65:
6b:b9:d8:e4:01:5d:17:e2:84:e0:5c:55:da:18:2e:99:1c:43:
1c:71:db:26:3f:c4:0f:b6:af:4d:67:11:18:c1:d5:6f:7b:d4:
2d:de:2e:b5:4f:e0:5f:eb:a0:2a:29:db:81:bc:a5:76:48:67:
7a:ed:62:87:bd:8b:68:92:35:0c:95:6c:e0:f1:47:a9:78:7a:
d0:da:34:b9:2e:50:11:99:c6:32:29:f7:68:8f:26:1a:17:2e:
ca:34:0f:9b:bb:4c:65:bd:da:1e:06:e2:51:ef:41:29:6a:35:
15:9d:29:f2:1d:d9:c6:92:66:24:3d:d3:e8:58:2c:a5:6d:3d:
48:ea:e6:39:11:eb:73:45:cf:b6:2f:8e:f6:e0:9e:90:5a:c7:
05:7d:a5:27:8d:ee:7f:93:61:85:de:46:3b:87:d7:ec:b6:76:
8b:23:9b:57:11:d6:4b:97:6e:2f:b5:a6:3c:82:59:ed:9f:f7:
d3:55:1b:14
-----BEGIN CERTIFICATE-----
MIIGgzCCBWugAwIBAgISAZeIVfHnNcchP4pGEZnF5cskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjUwNjE5MTMxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWMzNWZiNTBjMGYzMjg5NmQ1YmQ4MjBjNTI3YzU2ZDU3NTE0NTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0w+9inkVVK8pc30l9x9rOytxkVMq
TP3UcGcYXi7q9WNab+g/cSScowC3oqZNrUP+KDW1mrVpQOxqYEktt2kpefwtdj2x
ndJQIzpPmTRQNuutl04SFarVALe/mK2aFx9pLaeg6E2DI/1zc3k6Wr0uXyUUbai8
wu3fhfPUuj225CmQOYwB6efOnyoc014eNRdi7Z48JEdPGwsDNtu4EJ5MBKqLrsxV
dC5MRvwsLSUw7ituPCpdiIM+hC8TOCRlA0GT4rhW+ku369WW6h8sdTR+CMUUhrhv
8p4yX4axHAhld4ihjz9aIR0utCCfyUShKFa5hiYWtWv5vPDJWjX4KK8tbQIDAQAB
o4IDjzCCA4swHQYDVR0OBBYEFAXDX7UMDzKJbVvYIMUnxW1XUUU7MB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvQmNOZnRRd1BNb2x0VzlnZ3hTZkZiVmRSUlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAUoEAgABMIIB
QgMEAx8DCAMEAx8DYAMEBB/foAMEBCUR0AMEAyUiMAMEAyXmYAMEAy7iOAMEBE5s
gAMEA0+qWAMEBVBU4AMEBFD2wAMEBFD/8DAMAwQGUQRAAwQCUQRgAwQDUQRwAwQD
URWIAwQEUR4gAwQHU2CAAwQFVQqgMAwDBANVnvgDBAFVnvwDBANV3uADBANZH2AD
BARbjvADBAJbvdADBAJbzSADBABb2KIDBANdv4ADBANejtADBASNisADBAON/7AD
BAOrIYADBAWwSuADBASyElADBAK5A9ADBAK5D/gDBAK5FbwDBAK5QTQDBAK5RegD
BAK5VEgDBAK5WZgDBAK5X0QDBAK5acwDBAK5adgDBAK5bqwDBAK5bsgDBALBXawD
BALBiswDBADB8ncDBADCPM8DBAPVu/ADBATZFfADBATZlYAwPgQCAAIwOAMFACAB
CCgDBQMgAUy4AwUAKgDAgAMFACoCA0gDBQAqA08AAwUAKgNXAAMFACoFJQADBQAq
BaKCMA0GCSqGSIb3DQEBCwUAA4IBAQAepccMfSaSyAOwowRvY+mzYL4X2nWPD0Un
VW8ktCb47PgaD7orxly4kW+cSJLuDnBjbQTDzY+o8WY+emsxi2UjLpzsnZ4W72Vr
udjkAV0X4oTgXFXaGC6ZHEMccdsmP8QPtq9NZxEYwdVve9Qt3i61T+Bf66AqKduB
vKV2SGd67WKHvYtokjUMlWzg8UepeHrQ2jS5LlARmcYyKfdojyYaFy7KNA+bu0xl
vdoeBuJR70EpajUVnSnyHdnGkmYkPdPoWCylbT1I6uY5EetzRc+2L4724J6QWscF
faUnje5/k2GF3kY7h9fstnaLI5tXEdZLl24vtaY8glntn/fTVRsU
-----END CERTIFICATE-----
Generated at Sun Jun 29 08:32:39 2025 by rpki-client