Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/3_QCRUqP5j-A85QtSE3WbvzuRjo.roa
File: 3_QCRUqP5j-A85QtSE3WbvzuRjo.roa (raw, json)
Hash identifier: lPftBAhburmf+O+6Y1nTniF1E3AkLdP+XahZboPyVNc=
Subject key identifier: DF:F4:02:45:4A:8F:E6:3F:80:F3:94:2D:48:4D:D6:6E:FC:EE:46:3A
Certificate issuer: /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial: 0197B1FDB14B6821E025DB3FB7FA5B7C0387
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/3_QCRUqP5j-A85QtSE3WbvzuRjo.roa
Signing time: Fri 27 Jun 2025 15:24:42 +0000
ROA not before: Fri 27 Jun 2025 15:24:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13213
IP address blocks: 31.24.224.0/21 maxlen: 24
37.123.112.0/21 maxlen: 24
37.123.112.0/24 maxlen: 24
46.23.64.0/21 maxlen: 21
46.23.72.0/22 maxlen: 22
46.23.76.0/22 maxlen: 24
77.92.64.0/21 maxlen: 21
77.92.72.0/22 maxlen: 22
77.92.76.0/23 maxlen: 23
77.92.78.0/23 maxlen: 23
77.92.80.0/20 maxlen: 20
82.163.72.0/21 maxlen: 24
83.170.64.0/18 maxlen: 24
88.202.176.0/23 maxlen: 23
88.202.177.0/24 maxlen: 24
88.202.178.0/24 maxlen: 24
88.202.179.0/24 maxlen: 24
88.202.180.0/22 maxlen: 22
88.202.184.0/24 maxlen: 24
88.202.185.0/24 maxlen: 24
88.202.186.0/23 maxlen: 23
88.202.188.0/22 maxlen: 22
88.202.224.0/21 maxlen: 24
91.109.240.0/21 maxlen: 21
109.123.64.0/18 maxlen: 24
176.67.160.0/21 maxlen: 21
176.67.169.0/24 maxlen: 24
176.67.171.0/24 maxlen: 24
176.67.172.0/22 maxlen: 24
185.7.224.0/22 maxlen: 24
2a02:2498::/47 maxlen: 47
2a02:2498:4::/48 maxlen: 48
2a02:2498:5::/48 maxlen: 48
2a02:2498:16::/48 maxlen: 48
2a02:2498:1000::/36 maxlen: 36
2a02:2498:257b::/48 maxlen: 48
2a02:2498:53aa::/48 maxlen: 48
2a02:2498:6d7b::/48 maxlen: 48
2a02:2498:9000::/36 maxlen: 36
2a02:2498:9001::/48 maxlen: 48
2a02:2498:a000::/36 maxlen: 36
2a02:2498:b000::/36 maxlen: 36
2a02:2498:e000::/36 maxlen: 36
2a02:2498:e004::/48 maxlen: 48
2a02:2498:f000::/36 maxlen: 36
2a02:2498:f000::/48 maxlen: 48
2a02:2498:f001::/48 maxlen: 48
2a02:2498:f002::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 06:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:b1:fd:b1:4b:68:21:e0:25:db:3f:b7:fa:5b:7c:03:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Validity
Not Before: Jun 27 15:24:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dff402454a8fe63f80f3942d484dd66efcee463a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:5c:1d:cf:98:3d:1f:4f:d5:d0:2e:29:cb:1f:
ff:42:f1:4d:46:db:90:0e:99:75:ef:fc:41:52:e2:
2b:4a:f4:2c:60:42:0f:57:b0:9a:5d:1b:92:9c:65:
f4:b6:46:51:e2:d3:cf:3c:48:d3:e1:63:f2:06:77:
10:f1:74:c5:71:12:d1:d0:07:d9:c9:53:bf:79:8b:
da:57:70:c9:b1:8e:aa:e3:31:42:2f:00:b2:d2:bc:
73:73:65:af:1e:2b:25:20:b9:06:c3:1e:17:b7:2a:
6f:e8:7a:67:52:3c:bc:5c:89:cd:62:fc:2e:8f:c3:
05:78:04:3f:25:88:6a:aa:6c:f8:4b:42:95:ab:d3:
ae:3b:3c:2a:bd:e6:ae:b1:fb:c6:13:f4:88:cb:c1:
6e:31:82:a5:2b:97:d3:83:af:c9:3f:83:61:9f:17:
cc:64:35:04:a8:4e:d0:4b:4d:6a:18:e9:e1:13:b6:
ac:ad:9e:41:b2:6c:d8:e9:fe:9d:de:44:39:0c:19:
0f:93:b2:41:07:89:8b:88:f2:04:4a:b9:20:40:86:
ea:9d:60:77:64:84:d1:78:0a:94:2b:f4:3a:73:96:
49:ef:9c:5e:45:e0:4f:35:b9:ff:91:43:d6:f3:3d:
e6:db:4e:51:35:28:16:9d:0c:35:ff:b1:7b:b8:28:
84:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:F4:02:45:4A:8F:E6:3F:80:F3:94:2D:48:4D:D6:6E:FC:EE:46:3A
X509v3 Authority Key Identifier:
keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/3_QCRUqP5j-A85QtSE3WbvzuRjo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.224.0/21
37.123.112.0/21
46.23.64.0/20
77.92.64.0/19
82.163.72.0/21
83.170.64.0/18
88.202.176.0/20
88.202.224.0/21
91.109.240.0/21
109.123.64.0/18
176.67.160.0/21
176.67.169.0/24
176.67.171.0-176.67.175.255
185.7.224.0/22
IPv6:
2a02:2498::/47
2a02:2498:4::/47
2a02:2498:16::/48
2a02:2498:1000::/36
2a02:2498:257b::/48
2a02:2498:53aa::/48
2a02:2498:6d7b::/48
2a02:2498:9000::-2a02:2498:bfff:ffff:ffff:ffff:ffff:ffff
2a02:2498:e000::/35
Signature Algorithm: sha256WithRSAEncryption
8e:88:4d:20:23:a0:d8:6a:f1:e6:05:17:be:ea:69:05:2b:38:
b5:e2:6c:db:09:aa:5a:f8:f5:29:41:66:e5:11:47:4d:fc:cd:
8b:07:4c:f8:c8:29:b2:e7:d1:ac:e5:62:8a:77:1c:a7:60:65:
5b:d5:76:9a:12:9e:9e:eb:86:c3:7c:00:99:0f:c0:4f:e8:3b:
2a:bc:c4:e4:c5:33:51:e6:6e:17:71:07:22:fd:3e:86:20:97:
dc:fd:71:45:c1:02:0c:68:e1:fc:ed:fb:29:1c:f8:38:b9:2f:
09:d9:19:3a:4c:94:2b:02:59:c2:69:75:eb:2e:81:b9:4c:82:
e8:8b:4a:63:2c:8c:fc:3f:b8:a0:86:88:fa:ff:e9:a9:73:f6:
e3:1b:ab:c5:54:24:02:47:87:04:14:89:7a:5e:60:57:e9:5f:
39:07:45:82:76:6c:58:7a:81:45:e3:a6:07:e6:0d:a2:c8:9b:
d7:fb:4f:b8:c4:a6:97:2e:69:9c:27:f6:5e:9a:1e:71:4e:72:
ff:d3:1d:f1:95:d4:c7:52:76:e8:be:53:48:89:36:44:60:9b:
bc:2f:51:12:e6:2d:8f:e8:92:03:21:65:f6:d3:a0:ec:99:09:
02:24:17:e1:ec:b3:73:b0:43:ea:b6:88:ef:d4:c0:c2:62:5e:
73:3e:a5:11
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgISAZex/bFLaCHgJds/t/pbfAOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjUwNjI3MTUyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY0MDI0NTRhOGZlNjNmODBmMzk0MmQ0ODRkZDY2ZWZjZWU0NjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVwdz5g9H0/V0C4pyx//QvFNRtuQ
Dpl17/xBUuIrSvQsYEIPV7CaXRuSnGX0tkZR4tPPPEjT4WPyBncQ8XTFcRLR0AfZ
yVO/eYvaV3DJsY6q4zFCLwCy0rxzc2WvHislILkGwx4Xtypv6HpnUjy8XInNYvwu
j8MFeAQ/JYhqqmz4S0KVq9OuOzwqveausfvGE/SIy8FuMYKlK5fTg6/JP4NhnxfM
ZDUEqE7QS01qGOnhE7asrZ5BsmzY6f6d3kQ5DBkPk7JBB4mLiPIESrkgQIbqnWB3
ZITReAqUK/Q6c5ZJ75xeReBPNbn/kUPW8z3m205RNSgWnQw1/7F7uCiESQIDAQAB
o4ICwjCCAr4wHQYDVR0OBBYEFN/0AkVKj+Y/gPOULUhN1m787kY6MB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvM19RQ1JVcVA1ai1BODVRdFNFM1didnp1UmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHXBggrBgEFBQcBBwEB/wSBxzCBxDBiBAIAATBcAwQDHxjg
AwQDJXtwAwQELhdAAwQFTVxAAwQDUqNIAwQGU6pAAwQEWMqwAwQDWMrgAwQDW23w
AwQGbXtAAwQDsEOgAwQAsEOpMAwDBACwQ6sDBASwQ6ADBAK5B+AwXgQCAAIwWAMH
ASoCJJgAAAMHASoCJJgABAMHACoCJJgAFgMGBCoCJJgQAwcAKgIkmCV7AwcAKgIk
mFOqAwcAKgIkmG17MBADBgQqAiSYkAMGBioCJJiAAwYFKgIkmOAwDQYJKoZIhvcN
AQELBQADggEBAI6ITSAjoNhq8eYFF77qaQUrOLXibNsJqlr49SlBZuURR038zYsH
TPjIKbLn0azlYop3HKdgZVvVdpoSnp7rhsN8AJkPwE/oOyq8xOTFM1HmbhdxByL9
PoYgl9z9cUXBAgxo4fzt+ykc+Di5LwnZGTpMlCsCWcJpdesugblMguiLSmMsjPw/
uKCGiPr/6alz9uMbq8VUJAJHhwQUiXpeYFfpXzkHRYJ2bFh6gUXjpgfmDaLIm9f7
T7jEppcuaZwn9l6aHnFOcv/THfGV1MdSdui+U0iJNkRgm7wvURLmLY/okgMhZfbT
oOyZCQIkF+Hss3OwQ+q2iO/UwMJiXnM+pRE=
-----END CERTIFICATE-----
Generated at Mon Jun 30 09:59:04 2025 by rpki-client