Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/2ey3vHhd3-QInNXrg-NGMozvrhY.roa
File: 2ey3vHhd3-QInNXrg-NGMozvrhY.roa (raw, json)
Hash identifier: ovgLpC9Adt54hQhibAMsDZRZRFyhlOqmedeXSHCh2UU=
Subject key identifier: D9:EC:B7:BC:78:5D:DF:E4:08:9C:D5:EB:83:E3:46:32:8C:EF:AE:16
Certificate issuer: /CN=d4cf0fbd5f6e1759903cc69de0dc4ea24c1f83df
Certificate serial: 01997B82A539783BC5323D3D3656E40C8372
Authority key identifier: D4:CF:0F:BD:5F:6E:17:59:90:3C:C6:9D:E0:DC:4E:A2:4C:1F:83:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1M8PvV9uF1mQPMad4NxOokwfg98.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/2ey3vHhd3-QInNXrg-NGMozvrhY.roa
Signing time: Wed 24 Sep 2025 11:36:23 +0000
ROA not before: Wed 24 Sep 2025 11:36:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40994
IP address blocks: 31.14.17.0/24 maxlen: 24
46.102.156.0/24 maxlen: 24
46.102.157.0/24 maxlen: 24
83.138.55.0/24 maxlen: 24
86.106.182.0/23 maxlen: 24
94.177.8.0/23 maxlen: 24
104.143.0.0/23 maxlen: 24
110.172.148.0/24 maxlen: 24
193.219.97.0/24 maxlen: 24
203.34.137.0/24 maxlen: 24
203.98.67.0/24 maxlen: 24
205.147.200.0/23 maxlen: 24
2a0d:f302::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/1M8PvV9uF1mQPMad4NxOokwfg98.crl
rsync://rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/1M8PvV9uF1mQPMad4NxOokwfg98.mft
rsync://rpki.ripe.net/repository/DEFAULT/1M8PvV9uF1mQPMad4NxOokwfg98.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7b:82:a5:39:78:3b:c5:32:3d:3d:36:56:e4:0c:83:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4cf0fbd5f6e1759903cc69de0dc4ea24c1f83df
Validity
Not Before: Sep 24 11:36:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9ecb7bc785ddfe4089cd5eb83e346328cefae16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:4f:11:61:75:da:03:ef:1a:c0:61:10:14:ae:
d0:7c:ca:ef:ed:cc:08:39:0b:24:19:c3:8b:53:0b:
97:d9:4d:28:44:cc:d5:f8:ad:73:2f:a6:08:a9:bc:
96:9a:ce:cc:2a:88:9c:5d:a2:a8:65:fe:14:b5:9d:
fb:2c:65:f7:04:c8:a5:93:c0:c2:ad:2b:29:9e:39:
99:33:f8:14:b6:20:a3:db:e1:49:91:c4:93:a7:02:
af:b6:50:e0:49:0c:a2:33:27:27:2c:09:7c:9c:b5:
29:34:89:53:19:6b:ec:76:5e:d5:7b:fb:60:b7:db:
65:8b:1b:00:15:f2:60:54:5a:49:b6:7a:96:83:5c:
fd:4d:ba:d5:d6:f7:f5:a0:87:d9:2d:e8:82:22:20:
b3:9e:20:69:54:06:e8:40:34:2e:0e:55:f4:99:72:
2f:d7:a5:41:ad:09:3d:73:59:11:39:20:76:fb:d9:
53:58:43:68:13:67:19:53:1f:c2:22:55:59:8e:51:
f5:eb:31:bb:6c:42:0f:42:9f:c5:48:47:aa:40:ad:
5a:d2:69:f8:73:44:9b:59:6a:f0:b0:c8:66:4b:38:
8a:c5:57:bc:e7:d7:b6:68:6a:88:82:d2:6a:22:16:
1e:65:29:a1:96:29:70:76:72:7f:ec:38:96:39:1e:
06:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:EC:B7:BC:78:5D:DF:E4:08:9C:D5:EB:83:E3:46:32:8C:EF:AE:16
X509v3 Authority Key Identifier:
keyid:D4:CF:0F:BD:5F:6E:17:59:90:3C:C6:9D:E0:DC:4E:A2:4C:1F:83:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M8PvV9uF1mQPMad4NxOokwfg98.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/2ey3vHhd3-QInNXrg-NGMozvrhY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/d34fa2-3a37-4308-b783-5857f1c17624/1/1M8PvV9uF1mQPMad4NxOokwfg98.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.17.0/24
46.102.156.0/23
83.138.55.0/24
86.106.182.0/23
94.177.8.0/23
104.143.0.0/23
110.172.148.0/24
193.219.97.0/24
203.34.137.0/24
203.98.67.0/24
205.147.200.0/23
IPv6:
2a0d:f302::/32
Signature Algorithm: sha256WithRSAEncryption
8f:7c:c7:73:8e:0c:39:c9:7a:8c:ac:59:35:39:0d:2a:14:57:
bc:8c:c6:7a:62:e3:89:fa:78:a1:a9:1d:4c:84:22:d0:d2:19:
f1:6c:11:e1:c4:6a:88:0c:09:a7:4c:1c:fa:44:5b:2e:87:6f:
32:08:f0:e8:6c:d5:28:a9:20:79:2d:23:3b:87:9a:b8:bb:51:
61:c3:04:00:41:0d:c8:04:35:bb:4e:d9:24:f4:e4:08:57:e8:
99:b5:9b:f1:f5:1b:96:18:ee:b8:2a:83:e9:82:8a:9f:74:eb:
1e:74:de:7d:42:f2:0a:ce:99:b9:1c:a1:9d:b1:fe:1e:58:d2:
67:f2:13:69:11:76:28:5c:7f:16:de:8f:ba:86:2c:49:d9:03:
1a:cf:bf:e7:7f:21:5f:52:f4:b7:03:b5:e4:10:b9:ad:d7:37:
bf:10:fa:4c:ee:81:70:42:76:a2:87:45:54:08:4f:33:a8:bd:
18:a0:37:38:30:01:d9:5d:a3:fc:b4:50:c4:ae:ff:66:8b:6e:
4e:50:84:ce:9e:7f:02:88:9b:55:16:85:98:85:e5:1a:b6:2a:
fc:48:e1:b1:5b:e5:ae:e2:54:33:79:fc:3f:65:b6:a0:b8:58:
f4:30:97:d3:0d:81:4b:e3:fe:79:e2:98:89:b8:fa:cc:c2:94:
9b:75:6e:a8
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZl7gqU5eDvFMj09NlbkDINyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2YwZmJkNWY2ZTE3NTk5MDNjYzY5ZGUwZGM0ZWEyNGMx
ZjgzZGYwHhcNMjUwOTI0MTEzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWVjYjdiYzc4NWRkZmU0MDg5Y2Q1ZWI4M2UzNDYzMjhjZWZhZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU8RYXXaA+8awGEQFK7QfMrv7cwI
OQskGcOLUwuX2U0oRMzV+K1zL6YIqbyWms7MKoicXaKoZf4UtZ37LGX3BMilk8DC
rSspnjmZM/gUtiCj2+FJkcSTpwKvtlDgSQyiMycnLAl8nLUpNIlTGWvsdl7Ve/tg
t9tlixsAFfJgVFpJtnqWg1z9TbrV1vf1oIfZLeiCIiCzniBpVAboQDQuDlX0mXIv
16VBrQk9c1kROSB2+9lTWENoE2cZUx/CIlVZjlH16zG7bEIPQp/FSEeqQK1a0mn4
c0SbWWrwsMhmSziKxVe859e2aGqIgtJqIhYeZSmhlilwdnJ/7DiWOR4GiQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFNnst7x4Xd/kCJzV64PjRjKM764WMB8GA1UdIwQY
MBaAFNTPD71fbhdZkDzGneDcTqJMH4PfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU04UHZWOXVGMW1RUE1hZDROeE9va3dmZzk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9kMzRmYTItM2EzNy00MzA4LWI3ODMt
NTg1N2YxYzE3NjI0LzEvMmV5M3ZIaGQzLVFJbk5YcmctTkdNb3p2cmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9kMzRmYTItM2EzNy00MzA4LWI3ODMtNTg1N2YxYzE3NjI0
LzEvMU04UHZWOXVGMW1RUE1hZDROeE9va3dmZzk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQAHw4RAwQB
LmacAwQAU4o3AwQBVmq2AwQBXrEIAwQBaI8AAwQAbqyUAwQAwdthAwQAyyKJAwQA
y2JDAwQBzZPIMA0EAgACMAcDBQAqDfMCMA0GCSqGSIb3DQEBCwUAA4IBAQCPfMdz
jgw5yXqMrFk1OQ0qFFe8jMZ6YuOJ+nihqR1MhCLQ0hnxbBHhxGqIDAmnTBz6RFsu
h28yCPDobNUoqSB5LSM7h5q4u1FhwwQAQQ3IBDW7Ttkk9OQIV+iZtZvx9RuWGO64
KoPpgoqfdOsedN59QvIKzpm5HKGdsf4eWNJn8hNpEXYoXH8W3o+6hixJ2QMaz7/n
fyFfUvS3A7XkELmt1ze/EPpM7oFwQnaih0VUCE8zqL0YoDc4MAHZXaP8tFDErv9m
i25OUITOnn8CiJtVFoWYheUatir8SOGxW+Wu4lQzefw/ZbaguFj0MJfTDYFL4/55
4piJuPrMwpSbdW6o
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:55 2025 by rpki-client