Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IPBjPnxSIVvmSGcBy9yI7U96itA.roa
File: IPBjPnxSIVvmSGcBy9yI7U96itA.roa (raw, json)
Hash identifier: 33R3ZOy6ChkV5qeO5hqmZWS98dbexMjvZEVSQ8kFlso=
Subject key identifier: 20:F0:63:3E:7C:52:21:5B:E6:48:67:01:CB:DC:88:ED:4F:7A:8A:D0
Certificate issuer: /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial: 0199ECEB79AF1ECEC03DE14D21C7E6F87D07
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IPBjPnxSIVvmSGcBy9yI7U96itA.roa
Signing time: Thu 16 Oct 2025 12:07:59 +0000
ROA not before: Thu 16 Oct 2025 12:07:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43451
IP address blocks: 31.24.176.0/21 maxlen: 22
78.41.168.0/21 maxlen: 22
81.92.248.0/21 maxlen: 22
93.174.176.0/21 maxlen: 22
185.22.212.0/22 maxlen: 23
185.134.212.0/22 maxlen: 22
185.213.144.0/22 maxlen: 23
188.121.160.0/19 maxlen: 20
193.93.72.0/24 maxlen: 24
2a03:a200::/32 maxlen: 32
2a0b:f100::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.mft
rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ec:eb:79:af:1e:ce:c0:3d:e1:4d:21:c7:e6:f8:7d:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Validity
Not Before: Oct 16 12:07:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20f0633e7c52215be6486701cbdc88ed4f7a8ad0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:30:d9:cf:b5:96:4a:de:38:de:25:92:e0:68:
08:b3:82:7d:5e:9a:19:15:3d:6c:c8:8b:4d:b7:2a:
ad:bc:42:58:71:78:f3:e3:5e:1b:c6:9c:b7:28:67:
3b:ee:49:2a:6a:f4:d9:45:17:8e:99:48:e0:ae:df:
6e:63:df:8e:86:57:30:e3:74:80:01:27:07:c3:9b:
2f:d9:d4:38:a6:18:98:50:1d:4e:a7:59:cb:48:db:
41:07:3e:25:e2:c2:da:4f:4e:24:93:26:8d:49:a4:
ba:32:03:16:04:9e:15:f6:dc:8e:1e:cd:77:fb:63:
d5:ab:0e:33:c6:4b:3d:b9:ad:64:06:ae:4c:3a:f2:
19:ba:4d:e8:23:be:67:f7:3e:6b:71:c2:6b:5d:71:
53:b4:ae:b0:35:6c:67:4b:89:c2:7f:65:08:27:ba:
e7:72:dd:6d:16:85:72:6d:1f:0c:08:7f:37:81:21:
04:9a:25:0d:81:33:19:d9:c6:fd:ce:87:58:b5:bc:
24:85:85:90:9d:58:48:77:f4:0c:94:1a:3c:93:00:
8a:d5:1f:83:46:68:fa:55:65:a4:a2:b1:48:d7:c4:
cc:59:81:42:db:b5:a6:4a:bd:ad:4c:17:6f:e9:4f:
c3:ea:61:5c:33:bb:87:d3:f1:27:0f:b6:75:68:02:
8e:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F0:63:3E:7C:52:21:5B:E6:48:67:01:CB:DC:88:ED:4F:7A:8A:D0
X509v3 Authority Key Identifier:
keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/IPBjPnxSIVvmSGcBy9yI7U96itA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.176.0/21
78.41.168.0/21
81.92.248.0/21
93.174.176.0/21
185.22.212.0/22
185.134.212.0/22
185.213.144.0/22
188.121.160.0/19
193.93.72.0/24
IPv6:
2a03:a200::/32
2a0b:f100::/29
Signature Algorithm: sha256WithRSAEncryption
8c:9b:c1:7c:f4:3d:e0:21:fd:58:de:ea:bf:03:c9:9c:d8:84:
2b:a4:0b:11:11:09:ff:06:bc:62:02:2f:3e:16:55:74:14:c2:
f8:e8:87:f1:97:e5:1a:99:da:38:fb:28:71:e5:e7:64:82:da:
e9:be:da:50:34:4f:83:5d:18:21:f5:35:88:15:23:43:24:7a:
b4:eb:8f:06:8f:b4:b8:58:fd:78:18:9e:ef:f3:fd:75:e9:76:
3c:ba:af:eb:79:53:86:fc:29:a2:98:2d:10:b4:91:70:c9:5e:
45:ce:c2:73:ab:b1:af:10:e1:7e:07:f1:e5:28:05:4d:c5:34:
4b:b8:94:5c:e5:9a:0f:be:84:98:ce:3d:e6:ca:d9:c0:2b:58:
c1:e7:70:f7:f9:fe:f2:ce:ac:44:8f:5f:fb:3d:c2:38:c4:98:
01:00:54:2c:64:10:03:f4:c3:ed:7f:33:5f:c8:47:1e:78:54:
40:04:66:46:05:05:16:66:1f:7f:41:07:44:bf:68:73:79:a1:
07:eb:5f:35:cf:76:6f:f9:6c:23:b3:67:ed:22:a8:68:6c:74:
5a:43:8f:22:3b:40:04:54:5e:8d:e6:74:63:de:5c:61:34:a0:
56:81:7a:9d:1b:9e:8f:f6:69:a5:32:d9:1c:ef:13:a4:64:84:
13:ff:79:3c
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZns63mvHs7APeFNIcfm+H0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjUxMDE2MTIwNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGYwNjMzZTdjNTIyMTViZTY0ODY3MDFjYmRjODhlZDRmN2E4YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jDZz7WWSt443iWS4GgIs4J9XpoZ
FT1syItNtyqtvEJYcXjz414bxpy3KGc77kkqavTZRReOmUjgrt9uY9+Ohlcw43SA
AScHw5sv2dQ4phiYUB1Op1nLSNtBBz4l4sLaT04kkyaNSaS6MgMWBJ4V9tyOHs13
+2PVqw4zxks9ua1kBq5MOvIZuk3oI75n9z5rccJrXXFTtK6wNWxnS4nCf2UIJ7rn
ct1tFoVybR8MCH83gSEEmiUNgTMZ2cb9zodYtbwkhYWQnVhId/QMlBo8kwCK1R+D
Rmj6VWWkorFI18TMWYFC27WmSr2tTBdv6U/D6mFcM7uH0/EnD7Z1aAKOpwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCDwYz58UiFb5khnAcvciO1PeorQMB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvSVBCalBueFNJVnZtU0djQnk5eUk3VTk2aXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDHxiwAwQD
TimoAwQDUVz4AwQDXa6wAwQCuRbUAwQCuYbUAwQCudWQAwQFvHmgAwQAwV1IMBQE
AgACMA4DBQAqA6IAAwUDKgvxADANBgkqhkiG9w0BAQsFAAOCAQEAjJvBfPQ94CH9
WN7qvwPJnNiEK6QLEREJ/wa8YgIvPhZVdBTC+OiH8ZflGpnaOPsoceXnZILa6b7a
UDRPg10YIfU1iBUjQyR6tOuPBo+0uFj9eBie7/P9del2PLqv63lThvwpopgtELSR
cMleRc7Cc6uxrxDhfgfx5SgFTcU0S7iUXOWaD76EmM495srZwCtYwedw9/n+8s6s
RI9f+z3COMSYAQBULGQQA/TD7X8zX8hHHnhUQARmRgUFFmYff0EHRL9oc3mhB+tf
Nc92b/lsI7Nn7SKoaGx0WkOPIjtABFRejeZ0Y95cYTSgVoF6nRuej/ZppTLZHO8T
pGSEE/95PA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:42:25 2025 by rpki-client