Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qZ3eCm0q-dW22qf_cQ2jfAt5GsI.roa
File: qZ3eCm0q-dW22qf_cQ2jfAt5GsI.roa (raw, json)
Hash identifier: qrbrOjeddjSG3ZBSuGOYqbjNe2f328eWm35liiFnG90=
Subject key identifier: A9:9D:DE:0A:6D:2A:F9:D5:B6:DA:A7:FF:71:0D:A3:7C:0B:79:1A:C2
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 0198A58D68176841D584AD1409D870B0212E
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qZ3eCm0q-dW22qf_cQ2jfAt5GsI.roa
Signing time: Wed 13 Aug 2025 22:29:24 +0000
ROA not before: Wed 13 Aug 2025 22:29:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20115
IP address blocks: 36.255.212.0/24 maxlen: 24
103.216.199.0/24 maxlen: 24
162.218.91.0/24 maxlen: 24
185.171.126.0/24 maxlen: 24
212.60.14.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 14:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a5:8d:68:17:68:41:d5:84:ad:14:09:d8:70:b0:21:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Aug 13 22:29:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a99dde0a6d2af9d5b6daa7ff710da37c0b791ac2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:15:f8:e5:8d:1b:6f:29:19:84:dd:54:a0:08:
ec:96:af:95:5f:40:d2:38:1e:8e:cd:e0:7e:d3:0c:
da:d7:82:06:42:a5:54:c5:83:0d:5f:87:8c:f5:6a:
28:f0:10:3e:60:ef:bf:4d:b2:b7:4f:0b:db:09:cf:
b6:03:5c:70:61:c4:8a:fa:c9:55:69:a1:1c:d4:bd:
33:47:0e:34:da:74:e4:9a:ba:c0:7d:ae:82:f7:cb:
13:7e:3a:6d:ed:11:97:0b:50:98:43:8d:a4:c5:67:
52:09:16:c8:67:03:e9:26:5b:94:20:90:62:cf:32:
c0:65:96:bc:f1:e8:d6:45:93:4f:18:55:4a:99:87:
9b:eb:cc:3a:67:12:ee:9e:39:63:6a:82:fe:1d:12:
1b:68:6b:c6:45:44:3b:58:0b:d9:2d:d1:da:2b:f8:
d5:63:27:4e:99:66:c2:f4:29:86:12:35:98:6f:ca:
91:4c:e2:b3:93:da:36:3a:ba:3c:18:00:f4:d2:88:
97:e6:19:bf:19:68:a1:f4:49:35:18:f1:a7:9b:85:
2a:5d:3e:af:f8:ba:74:e6:59:b6:b2:3a:3b:4a:d4:
18:1a:4b:02:bb:d3:74:8e:96:7a:10:09:6a:25:7d:
c3:c1:d0:ef:2e:d6:57:24:6b:69:07:56:27:ab:e7:
c8:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:9D:DE:0A:6D:2A:F9:D5:B6:DA:A7:FF:71:0D:A3:7C:0B:79:1A:C2
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/qZ3eCm0q-dW22qf_cQ2jfAt5GsI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
36.255.212.0/24
103.216.199.0/24
162.218.91.0/24
185.171.126.0/24
212.60.14.0/24
Signature Algorithm: sha256WithRSAEncryption
18:4c:d9:28:4f:a6:79:fa:ff:cc:59:82:a7:48:79:5e:cf:30:
45:b1:20:cd:ad:b5:25:ab:9c:be:5a:c1:90:3f:6b:0f:e0:c7:
50:00:e1:f9:c3:95:67:85:01:71:5e:7a:33:37:b3:c4:a9:25:
cf:00:ef:fb:48:47:a8:71:1c:2e:23:88:71:42:c1:d1:f4:23:
47:46:8c:ff:e8:b7:08:6d:33:09:9d:c1:62:d2:f9:aa:7b:ee:
c1:55:9e:58:42:95:85:44:e6:5b:b0:1b:0a:a5:84:a7:22:21:
f7:70:34:40:c8:7b:3c:29:ed:02:8c:8a:1a:a9:cf:8b:5f:75:
07:fa:e5:90:fc:92:27:3f:f6:15:fe:c5:a5:b0:ea:25:d8:db:
92:e6:48:99:12:08:12:2f:8b:ae:2c:e2:ce:40:e5:83:5a:35:
0c:c6:18:78:fd:02:1a:54:d5:57:84:c7:7c:db:63:77:4a:0c:
c0:1a:80:f3:48:80:85:4f:fd:23:b1:e1:cf:4b:97:4c:2d:a5:
13:8f:0d:08:c1:47:75:d8:30:6d:89:db:2c:e2:bb:8f:00:2c:
ec:c1:c6:4e:0a:fa:13:48:b1:82:de:99:c3:78:23:88:5d:b4:
1f:28:7f:c3:39:a0:1f:5d:14:b8:ae:8b:77:43:eb:b2:5d:68:
8a:97:25:61
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZiljWgXaEHVhK0UCdhwsCEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwODEzMjIyOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTlkZGUwYTZkMmFmOWQ1YjZkYWE3ZmY3MTBkYTM3YzBiNzkxYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRX45Y0bbykZhN1UoAjslq+VX0DS
OB6OzeB+0wza14IGQqVUxYMNX4eM9Woo8BA+YO+/TbK3TwvbCc+2A1xwYcSK+slV
aaEc1L0zRw402nTkmrrAfa6C98sTfjpt7RGXC1CYQ42kxWdSCRbIZwPpJluUIJBi
zzLAZZa88ejWRZNPGFVKmYeb68w6ZxLunjljaoL+HRIbaGvGRUQ7WAvZLdHaK/jV
YydOmWbC9CmGEjWYb8qRTOKzk9o2Oro8GAD00oiX5hm/GWih9Ek1GPGnm4UqXT6v
+Lp05lm2sjo7StQYGksCu9N0jpZ6EAlqJX3DwdDvLtZXJGtpB1Ynq+fIywIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKmd3gptKvnVttqn/3ENo3wLeRrCMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvcVozZUNtMHEtZFcyMnFmX2NRMmpmQXQ1R3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAJP/UAwQA
Z9jHAwQAotpbAwQAuat+AwQA1DwOMA0GCSqGSIb3DQEBCwUAA4IBAQAYTNkoT6Z5
+v/MWYKnSHlezzBFsSDNrbUlq5y+WsGQP2sP4MdQAOH5w5VnhQFxXnozN7PEqSXP
AO/7SEeocRwuI4hxQsHR9CNHRoz/6LcIbTMJncFi0vmqe+7BVZ5YQpWFROZbsBsK
pYSnIiH3cDRAyHs8Ke0CjIoaqc+LX3UH+uWQ/JInP/YV/sWlsOol2NuS5kiZEggS
L4uuLOLOQOWDWjUMxhh4/QIaVNVXhMd822N3SgzAGoDzSICFT/0jseHPS5dMLaUT
jw0IwUd12DBtidss4ruPACzswcZOCvoTSLGC3pnDeCOIXbQfKH/DOaAfXRS4rot3
Q+uyXWiKlyVh
-----END CERTIFICATE-----
Generated at Sat Aug 23 19:48:08 2025 by rpki-client