Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sd1GZ3Xe0GkJpFnoB9zfphQl8o4.roa
File: sd1GZ3Xe0GkJpFnoB9zfphQl8o4.roa (raw, json)
Hash identifier: vyRdnhIYTvR+ot2sIernptI0bIFRXMBIkZB7mBlWebc=
Subject key identifier: B1:DD:46:67:75:DE:D0:69:09:A4:59:E8:07:DC:DF:A6:14:25:F2:8E
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 0197AAE0B4F3356E9A22D781AC474A6A963D
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sd1GZ3Xe0GkJpFnoB9zfphQl8o4.roa
Signing time: Thu 26 Jun 2025 06:15:42 +0000
ROA not before: Thu 26 Jun 2025 06:15:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25159
IP address blocks: 31.173.0.0/21 maxlen: 21
31.173.8.0/21 maxlen: 21
31.173.16.0/21 maxlen: 21
31.173.24.0/21 maxlen: 21
31.173.32.0/19 maxlen: 19
31.173.60.0/24 maxlen: 24
31.173.64.0/21 maxlen: 21
31.173.72.0/21 maxlen: 21
31.173.80.0/21 maxlen: 21
31.173.88.0/21 maxlen: 21
37.28.176.0/21 maxlen: 21
37.29.32.0/21 maxlen: 21
46.229.128.0/22 maxlen: 22
62.64.0.0/20 maxlen: 20
62.64.16.0/20 maxlen: 20
78.25.112.0/22 maxlen: 22
78.25.116.0/23 maxlen: 23
78.25.118.0/24 maxlen: 24
78.25.119.0/24 maxlen: 24
83.222.212.0/22 maxlen: 22
83.222.216.0/21 maxlen: 21
83.229.211.0/24 maxlen: 24
83.229.254.0/24 maxlen: 24
85.26.144.0/20 maxlen: 20
91.205.168.0/23 maxlen: 23
91.205.170.0/23 maxlen: 23
94.25.131.0/24 maxlen: 24
94.25.144.0/20 maxlen: 20
94.25.160.0/24 maxlen: 24
94.25.164.0/24 maxlen: 24
94.25.168.0/22 maxlen: 22
94.25.172.0/22 maxlen: 22
94.25.176.0/21 maxlen: 21
94.25.184.0/21 maxlen: 21
109.188.64.0/19 maxlen: 19
109.188.96.0/21 maxlen: 21
109.188.112.0/23 maxlen: 23
109.188.114.0/24 maxlen: 24
109.188.124.0/24 maxlen: 24
109.188.125.0/24 maxlen: 24
128.204.76.0/22 maxlen: 22
128.204.76.0/23 maxlen: 23
128.204.78.0/23 maxlen: 23
178.176.0.0/19 maxlen: 19
178.176.32.0/21 maxlen: 21
178.176.40.0/21 maxlen: 21
178.176.52.0/22 maxlen: 22
178.176.72.0/21 maxlen: 21
178.176.92.0/22 maxlen: 22
178.177.0.0/18 maxlen: 18
178.177.3.0/24 maxlen: 24
178.178.192.0/22 maxlen: 22
178.178.198.0/23 maxlen: 23
178.178.204.0/24 maxlen: 24
178.178.205.0/24 maxlen: 24
178.178.216.0/21 maxlen: 21
178.178.235.0/24 maxlen: 24
178.178.236.0/24 maxlen: 24
188.170.0.0/19 maxlen: 19
188.170.24.0/23 maxlen: 23
188.170.24.0/24 maxlen: 24
188.170.25.0/24 maxlen: 24
188.170.32.0/21 maxlen: 21
188.170.40.0/21 maxlen: 21
193.201.228.0/22 maxlen: 22
195.16.96.0/19 maxlen: 19
195.16.110.0/23 maxlen: 23
195.16.114.0/23 maxlen: 23
195.230.70.0/23 maxlen: 23
195.230.91.0/24 maxlen: 24
195.230.92.0/24 maxlen: 24
212.69.96.0/19 maxlen: 19
212.69.106.0/24 maxlen: 24
212.69.113.0/24 maxlen: 24
212.69.114.0/24 maxlen: 24
212.69.125.0/24 maxlen: 24
213.243.109.0/24 maxlen: 24
213.243.116.0/24 maxlen: 24
2a03:d000:4000::/36 maxlen: 36
2a03:d000:4100::/40 maxlen: 40
2a03:d000:4200::/40 maxlen: 40
2a03:d000:4300::/40 maxlen: 40
2a03:d000:4400::/40 maxlen: 40
2a03:d004::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:aa:e0:b4:f3:35:6e:9a:22:d7:81:ac:47:4a:6a:96:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Jun 26 06:15:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b1dd466775ded06909a459e807dcdfa61425f28e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:90:2f:d8:99:74:ab:ea:3b:97:90:73:b3:07:
b7:63:25:55:36:65:a4:91:8a:16:a4:fa:f8:84:95:
61:da:3d:0c:bf:91:99:a8:ea:0a:23:59:eb:6d:d9:
54:05:47:7d:74:52:e1:65:ea:2c:49:73:72:1a:5a:
e9:02:27:85:c0:53:08:ad:2a:22:21:2c:d1:43:76:
ec:35:97:30:b2:61:d6:ac:b7:cc:67:45:2e:3a:49:
44:8c:63:66:76:ca:8e:3d:fa:27:c2:b2:8f:8c:53:
6d:e2:ee:b4:7d:50:88:58:80:73:2d:cb:e2:0c:1b:
23:e9:f4:0d:aa:56:a9:38:6c:2f:c1:cf:72:1a:41:
28:5f:93:bc:51:9d:88:03:57:2e:1a:c4:e3:dc:8b:
df:b4:ed:e0:a2:cc:3c:fc:cf:ab:51:05:e2:9a:fb:
1a:f2:ec:44:6d:b7:5e:f5:80:83:58:50:57:19:e8:
5b:0c:cb:7a:da:16:72:b7:03:94:ed:4b:de:22:1b:
2b:1d:33:4d:7d:ca:82:e4:f7:46:df:3e:4e:1b:e7:
cd:30:f0:3c:1e:78:a8:0c:ec:ac:c5:21:2a:b9:11:
86:69:ef:f2:cd:95:61:db:ae:8c:fe:dc:d0:d9:1f:
03:5b:89:14:3e:48:ab:8c:45:6a:e9:0f:4f:0e:96:
bd:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:DD:46:67:75:DE:D0:69:09:A4:59:E8:07:DC:DF:A6:14:25:F2:8E
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sd1GZ3Xe0GkJpFnoB9zfphQl8o4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.173.0.0-31.173.95.255
37.28.176.0/21
37.29.32.0/21
46.229.128.0/22
62.64.0.0/19
78.25.112.0/21
83.222.212.0-83.222.223.255
83.229.211.0/24
83.229.254.0/24
85.26.144.0/20
91.205.168.0/22
94.25.131.0/24
94.25.144.0-94.25.160.255
94.25.164.0/24
94.25.168.0-94.25.191.255
109.188.64.0-109.188.103.255
109.188.112.0-109.188.114.255
109.188.124.0/23
128.204.76.0/22
178.176.0.0-178.176.47.255
178.176.52.0/22
178.176.72.0/21
178.176.92.0/22
178.177.0.0/18
178.178.192.0/22
178.178.198.0/23
178.178.204.0/23
178.178.216.0/21
178.178.235.0-178.178.236.255
188.170.0.0-188.170.47.255
193.201.228.0/22
195.16.96.0/19
195.230.70.0/23
195.230.91.0-195.230.92.255
212.69.96.0/19
213.243.109.0/24
213.243.116.0/24
IPv6:
2a03:d000:4000::/36
2a03:d004::/40
Signature Algorithm: sha256WithRSAEncryption
39:92:ca:68:4c:8e:fc:69:9d:41:97:47:ab:e4:6c:f9:97:c2:
ef:40:ab:d1:8e:0a:e0:0b:f7:74:55:40:10:9d:52:e7:3b:96:
28:6c:bd:06:56:4a:cc:4f:7d:10:b5:40:81:88:08:31:74:3d:
61:3e:12:b7:3c:27:d2:64:eb:1c:07:cc:8d:5d:c9:d7:85:a3:
19:02:59:7a:9a:95:fa:e7:32:23:d6:28:7c:a6:15:28:43:1a:
16:05:f1:96:83:1a:15:e1:93:4c:07:42:b8:5e:58:2b:64:63:
57:eb:71:ca:07:ec:2c:d1:6c:2a:8b:34:b4:58:9d:8a:ab:2b:
22:43:3f:06:38:7d:5c:0c:b0:30:6b:42:24:85:6d:3c:59:d3:
08:0b:ee:3e:cb:43:b7:b4:58:f0:e5:25:e5:ba:89:b8:5b:c5:
73:07:90:5e:df:9b:ae:18:8c:e4:2d:2b:6a:07:56:37:43:a1:
cf:6a:45:2e:49:8f:1f:92:dc:d5:cc:0e:cd:c1:7f:cf:cc:c5:
fe:41:a5:cb:38:50:ad:f3:52:15:bf:34:53:22:57:a7:01:61:
f2:45:b4:1f:38:cb:20:50:30:3b:51:41:37:ce:31:8a:db:e3:
62:eb:03:07:83:16:7c:37:e6:c6:bd:0e:16:8e:45:74:d9:a3:
eb:13:2a:be
-----BEGIN CERTIFICATE-----
MIIGRDCCBSygAwIBAgISAZeq4LTzNW6aIteBrEdKapY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwNjI2MDYxNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWRkNDY2Nzc1ZGVkMDY5MDlhNDU5ZTgwN2RjZGZhNjE0MjVmMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZAv2Jl0q+o7l5Bzswe3YyVVNmWk
kYoWpPr4hJVh2j0Mv5GZqOoKI1nrbdlUBUd9dFLhZeosSXNyGlrpAieFwFMIrSoi
ISzRQ3bsNZcwsmHWrLfMZ0UuOklEjGNmdsqOPfonwrKPjFNt4u60fVCIWIBzLcvi
DBsj6fQNqlapOGwvwc9yGkEoX5O8UZ2IA1cuGsTj3IvftO3gosw8/M+rUQXimvsa
8uxEbbde9YCDWFBXGehbDMt62hZytwOU7UveIhsrHTNNfcqC5PdG3z5OG+fNMPA8
HnioDOysxSEquRGGae/yzZVh266M/tzQ2R8DW4kUPkirjEVq6Q9PDpa9qQIDAQAB
o4IDUDCCA0wwHQYDVR0OBBYEFLHdRmd13tBpCaRZ6Afc36YUJfKOMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvc2QxR1ozWGUwR2tKcEZub0I5emZwaFFsOG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBZAYIKwYBBQUHAQcBAf8EggFTMIIBTzCCATMEAgABMIIB
KzALAwMAH60DBAUfrUADBAMlHLADBAMlHSADBAIu5YADBAU+QAADBANOGXAwDAME
AlPe1AMEBVPewAMEAFPl0wMEAFPl/gMEBFUakAMEAlvNqAMEAF4ZgzAMAwQEXhmQ
AwQAXhmgAwQAXhmkMAwDBANeGagDBAZeGYAwDAMEBm28QAMEA228YDAMAwQEbbxw
AwQAbbxyAwQBbbx8AwQCgMxMMAsDAwSysAMEBLKwIAMEArKwNAMEA7KwSAMEArKw
XAMEBrKxAAMEArKywAMEAbKyxgMEAbKyzAMEA7Ky2DAMAwQAsrLrAwQAsrLsMAsD
AwG8qgMEBLyqIAMEAsHJ5AMEBcMQYAMEAcPmRjAMAwQAw+ZbAwQAw+ZcAwQF1EVg
AwQA1fNtAwQA1fN0MBYEAgACMBADBgQqA9AAQAMGACoD0AQAMA0GCSqGSIb3DQEB
CwUAA4IBAQA5kspoTI78aZ1Bl0er5Gz5l8LvQKvRjgrgC/d0VUAQnVLnO5YobL0G
VkrMT30QtUCBiAgxdD1hPhK3PCfSZOscB8yNXcnXhaMZAll6mpX65zIj1ih8phUo
QxoWBfGWgxoV4ZNMB0K4XlgrZGNX63HKB+ws0WwqizS0WJ2KqysiQz8GOH1cDLAw
a0IkhW08WdMIC+4+y0O3tFjw5SXluom4W8VzB5Be35uuGIzkLStqB1Y3Q6HPakUu
SY8fktzVzA7NwX/PzMX+QaXLOFCt81IVvzRTIlenAWHyRbQfOMsgUDA7UUE3zjGK
2+Ni6wMHgxZ8N+bGvQ4WjkV02aPrEyq+
-----END CERTIFICATE-----
Generated at Sun Jun 29 05:04:54 2025 by rpki-client