Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/l05lA3ihNrsbi6O1jQgYe6U6RiI.roa
File: l05lA3ihNrsbi6O1jQgYe6U6RiI.roa (raw, json)
Hash identifier: cFNLHeKumGIo0r4P/u4GyYnqlWIoiMqc4hH4vqv6oWg=
Subject key identifier: 97:4E:65:03:78:A1:36:BB:1B:8B:A3:B5:8D:08:18:7B:A5:3A:46:22
Certificate issuer: /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial: 019939DD1A88D4A0F9E2848BED99B176DC2A
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/l05lA3ihNrsbi6O1jQgYe6U6RiI.roa
Signing time: Thu 11 Sep 2025 17:40:15 +0000
ROA not before: Thu 11 Sep 2025 17:40:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199959
IP address blocks: 31.220.14.0/24 maxlen: 24
45.12.52.0/23 maxlen: 23
45.12.91.0/24 maxlen: 24
185.238.249.0/24 maxlen: 24
185.238.251.0/24 maxlen: 24
193.9.45.0/24 maxlen: 24
194.40.248.0/24 maxlen: 24
212.108.122.0/24 maxlen: 24
2a14:640:2::/48 maxlen: 48
2a14:640:3::/48 maxlen: 48
2a14:640:4::/48 maxlen: 48
2a14:640:5::/48 maxlen: 48
2a14:640:6::/48 maxlen: 48
2a14:640:7::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:39:dd:1a:88:d4:a0:f9:e2:84:8b:ed:99:b1:76:dc:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Validity
Not Before: Sep 11 17:40:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=974e650378a136bb1b8ba3b58d08187ba53a4622
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:c9:c0:df:6b:b5:64:e3:89:bd:51:c2:d0:b4:
f7:dd:b7:27:f2:4d:42:51:32:bd:ae:1b:73:c7:ae:
f1:f5:27:e8:9b:35:b9:cf:3d:3e:a0:05:95:98:bc:
9b:d0:52:1b:35:c6:9e:3c:a2:53:9a:d5:e2:0c:2e:
23:57:d0:16:34:21:64:41:46:03:d1:94:7c:ab:ff:
8d:60:c7:b0:94:01:6e:f3:34:f7:61:2c:80:64:27:
27:4c:cf:b4:29:7b:55:d7:d3:fe:79:8d:c3:4a:11:
16:9a:42:66:70:f7:0e:90:98:c0:f3:c6:33:c3:75:
cc:ea:ad:db:c6:d5:b5:a4:17:01:bb:5b:ed:2d:e6:
df:9b:0d:77:a1:48:31:b0:72:62:76:5e:f4:22:ce:
8c:d5:75:30:4f:12:bc:aa:12:16:53:e9:1a:85:c3:
49:ff:8d:5c:eb:f8:14:5e:52:59:68:5d:70:92:3d:
61:2f:9f:93:36:9b:8c:c3:db:14:32:73:42:c0:80:
bb:af:81:87:8e:b1:fd:7b:44:3b:ed:0a:e8:25:14:
0b:44:33:4c:e3:b6:38:03:6f:2e:31:70:b9:c1:4f:
c4:53:1c:dd:1d:09:a3:65:c1:0f:65:93:25:07:9e:
9d:43:09:c3:32:bd:d9:ec:ba:1d:20:99:26:98:7e:
b1:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:4E:65:03:78:A1:36:BB:1B:8B:A3:B5:8D:08:18:7B:A5:3A:46:22
X509v3 Authority Key Identifier:
keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/l05lA3ihNrsbi6O1jQgYe6U6RiI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.14.0/24
45.12.52.0/23
45.12.91.0/24
185.238.249.0/24
185.238.251.0/24
193.9.45.0/24
194.40.248.0/24
212.108.122.0/24
IPv6:
2a14:640:2::-2a14:640:7:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
14:ea:35:f8:cb:aa:08:dd:5a:7a:91:81:c1:2b:50:f3:20:b1:
fb:2c:41:8d:be:39:ba:66:e7:91:54:f0:f2:2f:22:4b:e9:9d:
f5:9e:d8:32:d7:f1:8c:8f:89:11:fa:58:6b:3a:f0:dd:3a:76:
00:54:51:92:65:33:cf:fe:c2:b6:4e:fd:03:8b:1f:9a:ce:e0:
86:76:a4:f0:6e:9f:6f:08:a8:0f:cd:2f:c9:f4:b3:d8:aa:15:
d5:29:87:5b:8e:f1:3d:6a:6b:6f:1a:98:46:e3:99:19:46:35:
18:35:29:81:31:4c:55:78:6c:5b:f3:b2:8e:e0:73:4d:55:0b:
04:d2:c0:ee:09:9a:b1:78:1e:73:b6:72:af:23:00:06:a4:5f:
db:98:a2:43:c7:30:e6:eb:9d:9b:cf:c2:e5:f1:5b:24:e8:dc:
bb:ca:c9:99:5e:db:ae:f3:77:5f:5b:a5:66:67:8d:87:06:a3:
07:28:45:19:12:fe:63:ed:1f:82:4b:6c:1c:2b:7b:63:84:24:
5e:e1:88:9b:78:27:9a:ea:58:74:98:05:3a:94:9c:89:f2:0f:
34:03:e2:93:3c:f3:7c:35:bc:52:ea:ee:5a:ff:fb:48:65:79:
49:bc:ea:4e:29:c9:78:5b:cd:74:a8:c2:96:1f:0c:8e:eb:95:
ea:c9:cb:85
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZk53RqI1KD54oSL7ZmxdtwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwOTExMTc0MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRlNjUwMzc4YTEzNmJiMWI4YmEzYjU4ZDA4MTg3YmE1M2E0NjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MnA32u1ZOOJvVHC0LT33bcn8k1C
UTK9rhtzx67x9SfomzW5zz0+oAWVmLyb0FIbNcaePKJTmtXiDC4jV9AWNCFkQUYD
0ZR8q/+NYMewlAFu8zT3YSyAZCcnTM+0KXtV19P+eY3DShEWmkJmcPcOkJjA88Yz
w3XM6q3bxtW1pBcBu1vtLebfmw13oUgxsHJidl70Is6M1XUwTxK8qhIWU+kahcNJ
/41c6/gUXlJZaF1wkj1hL5+TNpuMw9sUMnNCwIC7r4GHjrH9e0Q77QroJRQLRDNM
47Y4A28uMXC5wU/EUxzdHQmjZcEPZZMlB56dQwnDMr3Z7LodIJkmmH6xSQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJdOZQN4oTa7G4ujtY0IGHulOkYiMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvbDA1bEEzaWhOcnNiaTZPMWpRZ1llNlU2UmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA2BAIAATAwAwQAH9wOAwQB
LQw0AwQALQxbAwQAue75AwQAue77AwQAwQktAwQAwij4AwQA1Gx6MBoEAgACMBQw
EgMHASoUBkAAAgMHAyoUBkAAADANBgkqhkiG9w0BAQsFAAOCAQEAFOo1+MuqCN1a
epGBwStQ8yCx+yxBjb45umbnkVTw8i8iS+md9Z7YMtfxjI+JEfpYazrw3Tp2AFRR
kmUzz/7Ctk79A4sfms7ghnak8G6fbwioD80vyfSz2KoV1SmHW47xPWprbxqYRuOZ
GUY1GDUpgTFMVXhsW/OyjuBzTVULBNLA7gmasXgec7ZyryMABqRf25iiQ8cw5uud
m8/C5fFbJOjcu8rJmV7brvN3X1ulZmeNhwajByhFGRL+Y+0fgktsHCt7Y4QkXuGI
m3gnmupYdJgFOpScifIPNAPikzzzfDW8UuruWv/7SGV5SbzqTinJeFvNdKjClh8M
juuV6snLhQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:10:36 2025 by rpki-client