Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/GCQqtakod1eJTRL6PjIZcoZqPbk.roa
File: GCQqtakod1eJTRL6PjIZcoZqPbk.roa (raw, json)
Hash identifier: uw7TYrAKDmGLJeaKrdOqVzvHJTnCYwW9/8HncjUd7nU=
Subject key identifier: 18:24:2A:B5:A9:28:77:57:89:4D:12:FA:3E:32:19:72:86:6A:3D:B9
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 01999BB5BD28C37A22571B1E0063D7833149
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/GCQqtakod1eJTRL6PjIZcoZqPbk.roa
Signing time: Tue 30 Sep 2025 17:40:02 +0000
ROA not before: Tue 30 Sep 2025 17:40:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43489
IP address blocks: 31.177.70.0/24 maxlen: 24
89.104.72.0/24 maxlen: 24
89.104.73.0/24 maxlen: 24
89.104.93.0/24 maxlen: 24
89.104.95.0/24 maxlen: 24
89.111.135.0/24 maxlen: 24
2a01:d8:8::/48 maxlen: 48
2a02:2090:6800::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9b:b5:bd:28:c3:7a:22:57:1b:1e:00:63:d7:83:31:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: Sep 30 17:40:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=18242ab5a9287757894d12fa3e321972866a3db9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:0e:c9:af:06:14:c3:2d:72:1e:51:5f:80:4a:
a0:c8:6a:95:bb:ec:f2:04:67:23:c4:3f:be:bc:91:
77:c3:b0:5e:d3:cb:28:47:7a:e1:fa:57:3f:65:ae:
8b:92:b4:b8:5b:c6:a2:a3:54:ad:4c:39:40:cd:7d:
9b:e1:b4:a6:47:7f:0a:e7:0c:4d:1a:f9:f5:19:4d:
ce:bf:54:e8:e1:ca:79:0a:3a:31:06:91:b7:0b:c4:
92:45:52:4b:7d:88:20:e7:36:87:e8:2e:30:0b:9d:
92:63:5b:be:c5:83:da:84:48:0e:fd:89:08:d7:1d:
55:8d:96:e4:d9:61:0b:39:aa:a9:19:b4:24:c0:25:
1b:2f:8e:1c:6d:af:00:4c:72:81:a4:84:a1:b4:6e:
ed:46:26:3e:b8:45:1b:c6:92:1c:3b:a3:a0:24:10:
13:1b:9c:ba:87:a2:5d:de:41:ba:f6:87:70:2b:87:
77:49:1d:6d:c4:e6:2d:fc:43:c9:59:05:c5:fc:f2:
92:e9:5e:1b:02:a3:60:38:83:64:78:0c:21:99:27:
fe:80:b8:e4:3e:04:6a:d0:89:de:b7:8b:11:c4:65:
50:5b:07:ca:67:66:17:14:af:44:0a:d4:7f:da:8e:
d9:f5:74:66:f4:56:5f:05:78:00:16:e7:57:a9:ea:
fa:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:24:2A:B5:A9:28:77:57:89:4D:12:FA:3E:32:19:72:86:6A:3D:B9
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/GCQqtakod1eJTRL6PjIZcoZqPbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.70.0/24
89.104.72.0/23
89.104.93.0/24
89.104.95.0/24
89.111.135.0/24
IPv6:
2a01:d8:8::/48
2a02:2090:6800::/48
Signature Algorithm: sha256WithRSAEncryption
47:44:4b:03:a6:3d:bf:2e:e7:be:a2:7c:fb:d8:4f:bf:7c:28:
3d:30:47:7c:b3:e9:41:17:78:a0:99:50:16:7b:fa:9a:8d:1e:
4d:2f:97:3f:52:9b:b2:00:15:31:ae:1c:d1:28:0b:48:e0:66:
54:12:25:d4:e8:4e:25:3b:3d:eb:3d:96:cb:2a:f5:8f:8c:e9:
10:4b:6b:41:53:cb:8e:e6:b4:1b:2e:74:f3:95:ee:fc:c1:39:
c5:52:9f:65:ba:28:6b:2e:5b:a3:7e:ed:fc:fa:ab:5a:ea:90:
46:5e:fe:ea:8d:e3:79:9a:97:1f:26:9a:f5:1e:9e:76:5e:9e:
fe:88:04:07:fc:6d:de:63:aa:4a:58:f0:42:3e:84:fd:99:20:
eb:f9:a4:a9:89:d9:81:84:1d:2f:cb:25:33:3a:a1:7d:8b:f3:
9e:4e:5e:b1:b8:68:1f:60:f6:64:fd:ab:02:e3:b2:cd:fe:fa:
d8:3f:f2:39:cb:36:ab:4e:04:b1:9a:20:12:d4:5a:4b:dd:ee:
3a:6f:3a:47:8b:ce:88:d3:78:95:86:41:29:c7:54:a4:bc:b6:
e8:90:7e:2e:2b:ec:19:14:fd:fe:89:44:0f:c9:ce:27:e9:2b:
bd:3d:51:e4:8a:33:61:42:f0:fe:cb:23:f4:6b:c2:1f:07:ef:
81:fe:a8:cd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZmbtb0ow3oiVxseAGPXgzFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwOTMwMTc0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI0MmFiNWE5Mjg3NzU3ODk0ZDEyZmEzZTMyMTk3Mjg2NmEzZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q7JrwYUwy1yHlFfgEqgyGqVu+zy
BGcjxD++vJF3w7Be08soR3rh+lc/Za6LkrS4W8aio1StTDlAzX2b4bSmR38K5wxN
Gvn1GU3Ov1To4cp5CjoxBpG3C8SSRVJLfYgg5zaH6C4wC52SY1u+xYPahEgO/YkI
1x1VjZbk2WELOaqpGbQkwCUbL44cba8ATHKBpIShtG7tRiY+uEUbxpIcO6OgJBAT
G5y6h6Jd3kG69odwK4d3SR1txOYt/EPJWQXF/PKS6V4bAqNgOINkeAwhmSf+gLjk
PgRq0Inet4sRxGVQWwfKZ2YXFK9ECtR/2o7Z9XRm9FZfBXgAFudXqer6eQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBgkKrWpKHdXiU0S+j4yGXKGaj25MB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvR0NRcXRha29kMWVKVFJMNlBqSVpjb1pxUGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQAH7FGAwQB
WWhIAwQAWWhdAwQAWWhfAwQAWW+HMBgEAgACMBIDBwAqAQDYAAgDBwAqAiCQaAAw
DQYJKoZIhvcNAQELBQADggEBAEdESwOmPb8u576ifPvYT798KD0wR3yz6UEXeKCZ
UBZ7+pqNHk0vlz9Sm7IAFTGuHNEoC0jgZlQSJdToTiU7Pes9lssq9Y+M6RBLa0FT
y47mtBsudPOV7vzBOcVSn2W6KGsuW6N+7fz6q1rqkEZe/uqN43malx8mmvUennZe
nv6IBAf8bd5jqkpY8EI+hP2ZIOv5pKmJ2YGEHS/LJTM6oX2L855OXrG4aB9g9mT9
qwLjss3++tg/8jnLNqtOBLGaIBLUWkvd7jpvOkeLzojTeJWGQSnHVKS8tuiQfi4r
7BkU/f6JRA/JzifpK709UeSKM2FC8P7LI/Rrwh8H74H+qM0=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:15 2025 by rpki-client