Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Ik6QwSrfDqHUI7Ij7qbG8q-IHQM.roa
File: Ik6QwSrfDqHUI7Ij7qbG8q-IHQM.roa (raw, json)
Hash identifier: sfqW1SHNQD9LIu80Ra3gYUQ7btog4CT5/tG0jAIfAgU=
Subject key identifier: 22:4E:90:C1:2A:DF:0E:A1:D4:23:B2:23:EE:A6:C6:F2:AF:88:1D:03
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 01999B2B7D9775ED8BE5E2C16DF5F7797A62
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Ik6QwSrfDqHUI7Ij7qbG8q-IHQM.roa
Signing time: Tue 30 Sep 2025 15:09:02 +0000
ROA not before: Tue 30 Sep 2025 15:09:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7018
IP address blocks: 36.255.212.0/24 maxlen: 24
63.246.144.0/24 maxlen: 24
103.216.197.0/24 maxlen: 24
103.216.199.0/24 maxlen: 24
162.218.91.0/24 maxlen: 24
185.171.126.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 10:02:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9b:2b:7d:97:75:ed:8b:e5:e2:c1:6d:f5:f7:79:7a:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Sep 30 15:09:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=224e90c12adf0ea1d423b223eea6c6f2af881d03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:28:1a:fc:38:61:44:83:95:98:98:7a:5f:ee:
02:25:38:7f:4b:bd:39:16:62:30:d0:4c:ca:87:08:
fc:fb:a8:10:b2:a4:35:24:a0:1d:a4:60:23:ea:30:
dd:b2:53:e9:ab:2f:71:c9:c2:d0:cd:3d:c3:a2:cb:
83:4e:25:54:42:bc:f1:54:60:b3:8a:3d:cc:75:e3:
0b:3c:37:d0:7d:49:c3:97:9b:ff:ee:d0:0f:a3:25:
db:ad:c6:fa:5d:26:ca:c7:1d:0d:5a:35:79:72:45:
85:eb:a8:90:87:d4:3f:dd:b9:89:97:4f:96:dd:1d:
eb:54:1c:4e:38:6b:63:43:63:88:87:45:0e:0a:e7:
cb:6a:cb:fc:a9:ee:c9:8e:38:16:6e:b2:bf:01:1c:
a4:d4:47:d6:82:d2:b4:2b:23:dd:f1:b1:8c:36:c0:
8f:86:8a:3c:2a:64:e6:e2:e5:32:c8:f7:d1:02:74:
f6:dd:07:7f:b1:5c:ea:29:15:9d:d3:04:05:ee:67:
3b:0f:2f:e8:c2:55:6c:f6:e5:12:b6:3e:dd:ec:b2:
46:de:c6:40:de:17:d7:bb:23:02:0f:18:04:11:4f:
69:16:57:0c:7a:0b:52:45:ee:5e:75:b5:74:3c:17:
2a:68:fc:46:26:ae:bb:a7:79:3a:51:db:d4:9b:5f:
14:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:4E:90:C1:2A:DF:0E:A1:D4:23:B2:23:EE:A6:C6:F2:AF:88:1D:03
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Ik6QwSrfDqHUI7Ij7qbG8q-IHQM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
36.255.212.0/24
63.246.144.0/24
103.216.197.0/24
103.216.199.0/24
162.218.91.0/24
185.171.126.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:09:90:bd:f0:13:a7:fb:7b:a6:b4:e6:a1:bc:cb:29:97:79:
c2:b8:8c:a9:d9:d0:8c:63:b2:35:dc:e7:26:43:26:5a:c9:a0:
64:8a:1c:6a:2c:d6:a1:81:4a:66:c9:2f:39:b7:9d:eb:f7:4b:
60:a0:67:bd:b1:54:98:b3:9a:7a:46:46:e0:c8:2d:f6:85:95:
c1:01:9a:aa:b0:f7:af:02:28:8f:0b:f7:08:0a:20:70:82:81:
ff:6a:01:97:b7:07:3f:bf:09:5b:8d:b6:9e:91:00:ac:ea:32:
4a:37:ff:c9:4c:e7:6c:c7:6e:b1:b5:8f:ec:b8:05:11:b5:05:
f6:0a:af:56:1c:11:63:83:8e:08:fc:5a:3d:59:61:26:5a:ad:
e4:7f:d5:ee:ad:08:7a:57:ea:dc:9d:c8:bd:a6:7c:90:85:3b:
60:9d:6a:ad:fd:e6:63:04:5f:d9:fa:b7:a7:88:f9:f4:07:67:
6a:a1:72:16:90:7c:15:43:07:c6:fd:bd:4a:48:a1:b3:b8:e5:
1d:4e:a4:55:0e:df:12:99:38:ff:79:d3:49:f4:0d:42:ea:aa:
85:b2:86:44:47:88:6c:fe:52:ba:e7:dc:55:3e:67:90:77:40:
ca:d7:72:67:be:5f:97:e4:e2:73:b5:12:22:21:54:59:f2:1b:
31:ff:b8:fb
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZmbK32Xde2L5eLBbfX3eXpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwOTMwMTUwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRlOTBjMTJhZGYwZWExZDQyM2IyMjNlZWE2YzZmMmFmODgxZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iga/DhhRIOVmJh6X+4CJTh/S705
FmIw0EzKhwj8+6gQsqQ1JKAdpGAj6jDdslPpqy9xycLQzT3DosuDTiVUQrzxVGCz
ij3MdeMLPDfQfUnDl5v/7tAPoyXbrcb6XSbKxx0NWjV5ckWF66iQh9Q/3bmJl0+W
3R3rVBxOOGtjQ2OIh0UOCufLasv8qe7JjjgWbrK/ARyk1EfWgtK0KyPd8bGMNsCP
hoo8KmTm4uUyyPfRAnT23Qd/sVzqKRWd0wQF7mc7Dy/owlVs9uUStj7d7LJG3sZA
3hfXuyMCDxgEEU9pFlcMegtSRe5edbV0PBcqaPxGJq67p3k6UdvUm18U9QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCJOkMEq3w6h1COyI+6mxvKviB0DMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvSWs2UXdTcmZEcUhVSTdJajdxYkc4cS1JSFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJP/UAwQA
P/aQAwQAZ9jFAwQAZ9jHAwQAotpbAwQAuat+MA0GCSqGSIb3DQEBCwUAA4IBAQBf
CZC98BOn+3umtOahvMspl3nCuIyp2dCMY7I13OcmQyZayaBkihxqLNahgUpmyS85
t53r90tgoGe9sVSYs5p6RkbgyC32hZXBAZqqsPevAiiPC/cICiBwgoH/agGXtwc/
vwlbjbaekQCs6jJKN//JTOdsx26xtY/suAURtQX2Cq9WHBFjg44I/Fo9WWEmWq3k
f9XurQh6V+rcnci9pnyQhTtgnWqt/eZjBF/Z+reniPn0B2dqoXIWkHwVQwfG/b1K
SKGzuOUdTqRVDt8SmTj/edNJ9A1C6qqFsoZER4hs/lK659xVPmeQd0DK13Jnvl+X
5OJztRIiIVRZ8hsx/7j7
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:09:13 2025 by rpki-client