Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/39kht1dMkPPkyzVEUtQczwfTvnI.roa
File: 39kht1dMkPPkyzVEUtQczwfTvnI.roa (raw, json)
Hash identifier: nGaIvUiJ54BR8itFDRSZZFTb/ADjvMX1q4ZciY7jeK8=
Subject key identifier: DF:D9:21:B7:57:4C:90:F3:E4:CB:35:44:52:D4:1C:CF:07:D3:BE:72
Certificate issuer: /CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
Certificate serial: 01997B387D41DE3A96A012066C8FAC5423E6
Authority key identifier: A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/39kht1dMkPPkyzVEUtQczwfTvnI.roa
Signing time: Wed 24 Sep 2025 10:15:23 +0000
ROA not before: Wed 24 Sep 2025 10:15:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210403
IP address blocks: 31.207.32.0/24 maxlen: 24
31.207.33.0/24 maxlen: 24
31.207.34.0/24 maxlen: 24
31.207.35.0/24 maxlen: 24
31.207.36.0/24 maxlen: 24
31.207.37.0/24 maxlen: 24
31.207.38.0/24 maxlen: 24
31.207.39.0/24 maxlen: 24
78.24.248.0/21 maxlen: 24
78.138.45.0/24 maxlen: 24
78.138.58.0/24 maxlen: 24
83.229.19.0/24 maxlen: 24
91.199.179.0/24 maxlen: 24
91.216.107.0/24 maxlen: 24
91.234.194.0/24 maxlen: 24
91.234.195.0/24 maxlen: 24
180.149.196.0/24 maxlen: 24
180.149.197.0/24 maxlen: 24
180.149.198.0/24 maxlen: 24
180.149.199.0/24 maxlen: 24
185.98.128.0/24 maxlen: 24
185.98.129.0/24 maxlen: 24
185.98.131.0/24 maxlen: 24
185.98.136.0/24 maxlen: 24
185.98.137.0/24 maxlen: 24
185.98.138.0/24 maxlen: 24
185.98.139.0/24 maxlen: 24
185.135.132.0/24 maxlen: 24
185.170.12.0/22 maxlen: 22
185.238.116.0/24 maxlen: 24
192.162.68.0/24 maxlen: 24
192.162.69.0/24 maxlen: 24
192.162.70.0/24 maxlen: 24
192.162.71.0/24 maxlen: 24
193.37.145.0/24 maxlen: 24
193.203.239.0/24 maxlen: 24
194.126.193.0/24 maxlen: 24
195.110.34.0/24 maxlen: 24
195.110.35.0/24 maxlen: 24
213.156.132.0/22 maxlen: 24
213.156.132.0/24 maxlen: 24
213.156.133.0/24 maxlen: 24
213.156.134.0/24 maxlen: 24
213.156.135.0/24 maxlen: 24
213.255.195.0/24 maxlen: 24
2a00:7ee0::/48 maxlen: 48
2a00:7ee0:1::/48 maxlen: 48
2a00:7ee0:2::/48 maxlen: 48
2a00:7ee0:8::/48 maxlen: 48
2a00:7ee0:9::/48 maxlen: 48
2a00:7ee0:40::/44 maxlen: 48
2a00:7ee0:40::/48 maxlen: 48
2a00:7ee0:41::/48 maxlen: 48
2a00:7ee0:2000::/48 maxlen: 48
2a00:7ee0:3000::/36 maxlen: 48
2a00:7ee0:3000::/48 maxlen: 48
2a00:7ee0:4000::/36 maxlen: 36
2a00:7ee0:4000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.mft
rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 16:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7b:38:7d:41:de:3a:96:a0:12:06:6c:8f:ac:54:23:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
Validity
Not Before: Sep 24 10:15:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dfd921b7574c90f3e4cb354452d41ccf07d3be72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:8f:b5:43:c1:6f:34:3a:91:37:33:d4:16:89:
35:6a:24:9e:ae:3b:63:27:cc:e3:d9:e6:90:54:7f:
06:a1:a6:12:28:31:37:58:24:73:29:a4:54:4a:1e:
e2:bb:2b:91:98:7a:87:76:e9:c4:98:7b:50:1a:30:
f5:51:fb:a5:c1:3f:c6:2c:c1:6e:ae:d3:db:97:a2:
61:23:de:b7:2b:1d:be:c3:8f:19:e9:87:3a:58:39:
7d:66:e2:b7:2e:08:cb:40:60:0a:82:4d:27:98:e2:
cd:ca:b7:d2:80:4b:91:b5:83:b3:a0:39:e2:cf:29:
60:3e:69:48:20:f7:a3:b3:6b:10:fb:ee:bb:01:60:
a4:5c:4f:d5:ce:34:2b:b8:62:c9:e2:c0:e9:32:39:
74:38:0c:a4:55:13:d4:14:55:f6:ef:19:65:2b:43:
f7:32:d6:ec:36:8c:a8:db:c1:8c:ae:55:ca:7e:9b:
d9:ab:18:e6:ea:f2:80:cb:c3:b2:9f:45:fb:22:60:
0c:b1:62:cc:d8:eb:36:59:54:30:f1:55:d2:83:38:
ec:cd:16:08:85:dd:c0:53:5a:7f:12:d4:fd:9e:6d:
8a:7a:eb:63:99:91:08:15:68:70:f2:8b:85:2a:65:
c1:fc:a8:d4:eb:c0:73:c3:0c:07:5e:ce:4e:1e:d7:
bc:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:D9:21:B7:57:4C:90:F3:E4:CB:35:44:52:D4:1C:CF:07:D3:BE:72
X509v3 Authority Key Identifier:
keyid:A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/39kht1dMkPPkyzVEUtQczwfTvnI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.207.32.0/21
78.24.248.0/21
78.138.45.0/24
78.138.58.0/24
83.229.19.0/24
91.199.179.0/24
91.216.107.0/24
91.234.194.0/23
180.149.196.0/22
185.98.128.0/23
185.98.131.0/24
185.98.136.0/22
185.135.132.0/24
185.170.12.0/22
185.238.116.0/24
192.162.68.0/22
193.37.145.0/24
193.203.239.0/24
194.126.193.0/24
195.110.34.0/23
213.156.132.0/22
213.255.195.0/24
IPv6:
2a00:7ee0::-2a00:7ee0:2:ffff:ffff:ffff:ffff:ffff
2a00:7ee0:8::/47
2a00:7ee0:40::/44
2a00:7ee0:2000::/48
2a00:7ee0:3000::-2a00:7ee0:4fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
30:a3:9e:fe:cb:1a:cf:18:ff:fa:95:6c:36:9d:4d:85:da:50:
58:a5:aa:7f:e5:bc:d8:9c:e0:81:fc:90:97:ed:e7:3d:6f:f1:
30:27:f2:ba:72:7a:45:e4:0c:9e:79:ec:79:13:c2:60:76:02:
73:c9:1d:85:d2:0e:1d:d2:07:36:5c:8f:98:57:fb:85:c7:03:
b9:be:38:0f:e1:11:1a:19:41:d9:f6:47:81:88:84:3d:26:1a:
01:15:5f:0f:06:8b:a6:42:7a:c5:c4:61:96:f6:47:65:4b:09:
da:97:a7:4b:44:ca:61:a7:4f:d3:33:18:2b:15:fb:30:16:6c:
09:a9:d9:41:3e:82:c8:28:21:9a:7e:06:19:dd:4f:cf:2b:8d:
a9:2e:7a:ca:91:e7:8a:64:fb:03:e8:97:e2:d7:a8:ab:4e:9a:
7d:31:3a:1e:3a:98:2a:60:c4:a1:4f:74:52:bf:38:25:e1:25:
91:a1:58:b6:33:a7:ae:b7:57:50:0e:19:a3:f3:3e:b5:a3:b8:
60:37:db:b7:d3:46:28:e9:4c:fb:34:f7:b7:42:87:16:9f:3a:
57:a7:54:da:de:5f:3c:ac:54:cf:66:56:04:f3:42:82:59:f0:
10:e6:7f:d8:4d:27:5b:4e:4f:f6:d2:ac:c5:8c:4d:1b:9f:1c:
8c:2c:c3:44
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAZl7OH1B3jqWoBIGbI+sVCPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZDMyMTZjY2NjODYzZWNhMGMzZGQxODk5NDFiMWI5ZWEz
N2NhY2QwHhcNMjUwOTI0MTAxNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmQ5MjFiNzU3NGM5MGYzZTRjYjM1NDQ1MmQ0MWNjZjA3ZDNiZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuI+1Q8FvNDqRNzPUFok1aiSerjtj
J8zj2eaQVH8GoaYSKDE3WCRzKaRUSh7iuyuRmHqHdunEmHtQGjD1UfulwT/GLMFu
rtPbl6JhI963Kx2+w48Z6Yc6WDl9ZuK3LgjLQGAKgk0nmOLNyrfSgEuRtYOzoDni
zylgPmlIIPejs2sQ++67AWCkXE/VzjQruGLJ4sDpMjl0OAykVRPUFFX27xllK0P3
MtbsNoyo28GMrlXKfpvZqxjm6vKAy8Oyn0X7ImAMsWLM2Os2WVQw8VXSgzjszRYI
hd3AU1p/EtT9nm2KeutjmZEIFWhw8ouFKmXB/KjU68BzwwwHXs5OHte84wIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFN/ZIbdXTJDz5Ms1RFLUHM8H075yMB8GA1UdIwQY
MBaAFKDTIWzMyGPsoMPdGJlBsbnqN8rNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0Mzgt
MGQ0NGMwNGE4NDQ4LzEvMzlraHQxZE1rUFBreXpWRVV0UWN6d2ZUdm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0MzgtMGQ0NGMwNGE4NDQ4
LzEvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHoBggrBgEFBQcBBwEB/wSB2DCB1TCBiwQCAAEwgYQDBAMf
zyADBANOGPgDBABOii0DBABOijoDBABT5RMDBABbx7MDBABb2GsDBAFb6sIDBAK0
lcQDBAG5YoADBAC5YoMDBAK5YogDBAC5h4QDBAK5qgwDBAC57nQDBALAokQDBADB
JZEDBADBy+8DBADCfsEDBAHDbiIDBALVnIQDBADV/8MwRQQCAAIwPzAQAwUFKgB+
4AMHACoAfuAAAgMHASoAfuAACAMHBCoAfuAAQAMHACoAfuAgADAQAwYEKgB+4DAD
BgQqAH7gQDANBgkqhkiG9w0BAQsFAAOCAQEAMKOe/ssazxj/+pVsNp1NhdpQWKWq
f+W82JzggfyQl+3nPW/xMCfyunJ6ReQMnnnseRPCYHYCc8kdhdIOHdIHNlyPmFf7
hccDub44D+ERGhlB2fZHgYiEPSYaARVfDwaLpkJ6xcRhlvZHZUsJ2penS0TKYadP
0zMYKxX7MBZsCanZQT6CyCghmn4GGd1PzyuNqS56ypHnimT7A+iX4teoq06afTE6
HjqYKmDEoU90Ur84JeElkaFYtjOnrrdXUA4Zo/M+taO4YDfbt9NGKOlM+zT3t0KH
Fp86V6dU2t5fPKxUz2ZWBPNCglnwEOZ/2E0nW05P9tKsxYxNG58cjCzDRA==
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:55:14 2025 by rpki-client