Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/qvbIy1Yavbj0233wHe2zrZHk0AA.roa
File: qvbIy1Yavbj0233wHe2zrZHk0AA.roa (raw, json)
Hash identifier: DKGDUdsoqfrfl7IYExYBHFE+EjcRxcEIzjOcF3VhFhQ=
Subject key identifier: AA:F6:C8:CB:56:1A:BD:B8:F4:DB:7D:F0:1D:ED:B3:AD:91:E4:D0:00
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 01982C9C1E8AB8EF35031D4D387127706EFD
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/qvbIy1Yavbj0233wHe2zrZHk0AA.roa
Signing time: Mon 21 Jul 2025 10:51:25 +0000
ROA not before: Mon 21 Jul 2025 10:51:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9125
IP address blocks: 5.172.33.0/24 maxlen: 24
5.172.34.0/23 maxlen: 23
5.172.34.0/24 maxlen: 24
5.172.36.0/22 maxlen: 22
5.172.36.0/23 maxlen: 23
89.23.65.0/24 maxlen: 24
89.23.67.0/24 maxlen: 24
89.23.68.0/23 maxlen: 23
89.23.70.0/24 maxlen: 24
89.23.74.0/24 maxlen: 24
89.23.75.0/24 maxlen: 24
89.23.77.0/24 maxlen: 24
89.23.78.0/24 maxlen: 24
89.23.79.0/24 maxlen: 24
89.23.83.0/24 maxlen: 24
89.23.84.0/24 maxlen: 24
89.23.86.0/24 maxlen: 24
89.23.88.0/24 maxlen: 24
89.23.90.0/24 maxlen: 24
92.42.248.0/22 maxlen: 22
92.42.252.0/24 maxlen: 24
92.42.253.0/24 maxlen: 24
92.42.254.0/24 maxlen: 24
92.42.255.0/24 maxlen: 24
93.93.192.0/21 maxlen: 21
95.140.112.0/22 maxlen: 22
95.140.115.0/24 maxlen: 24
95.140.116.0/22 maxlen: 22
95.140.120.0/23 maxlen: 23
95.140.124.0/22 maxlen: 22
95.140.125.0/24 maxlen: 24
109.111.224.0/24 maxlen: 24
109.111.225.0/24 maxlen: 24
109.111.226.0/24 maxlen: 24
109.111.227.0/24 maxlen: 24
109.111.228.0/24 maxlen: 24
109.111.229.0/24 maxlen: 24
109.111.230.0/23 maxlen: 23
109.111.232.0/22 maxlen: 22
109.111.236.0/22 maxlen: 22
109.111.240.0/24 maxlen: 24
109.111.243.0/24 maxlen: 24
109.111.244.0/24 maxlen: 24
109.111.245.0/24 maxlen: 24
109.111.246.0/24 maxlen: 24
109.111.247.0/24 maxlen: 24
109.111.248.0/24 maxlen: 24
109.111.249.0/24 maxlen: 24
109.111.250.0/24 maxlen: 24
109.111.252.0/23 maxlen: 23
109.111.254.0/24 maxlen: 24
109.111.255.0/24 maxlen: 24
178.254.128.0/21 maxlen: 21
178.254.133.0/24 maxlen: 24
178.254.136.0/22 maxlen: 22
178.254.140.0/22 maxlen: 22
178.254.144.0/24 maxlen: 24
178.254.145.0/24 maxlen: 24
178.254.146.0/24 maxlen: 24
178.254.148.0/24 maxlen: 24
178.254.149.0/24 maxlen: 24
178.254.151.0/24 maxlen: 24
178.254.152.0/24 maxlen: 24
178.254.153.0/24 maxlen: 24
178.254.154.0/24 maxlen: 24
178.254.155.0/24 maxlen: 24
178.254.156.0/24 maxlen: 24
178.254.157.0/24 maxlen: 24
178.254.158.0/24 maxlen: 24
178.254.159.0/24 maxlen: 24
178.254.163.0/24 maxlen: 24
178.254.165.0/24 maxlen: 24
178.254.169.0/24 maxlen: 24
178.254.172.0/24 maxlen: 24
178.254.175.0/24 maxlen: 24
178.254.177.0/24 maxlen: 24
178.254.182.0/24 maxlen: 24
178.254.183.0/24 maxlen: 24
178.254.184.0/24 maxlen: 24
178.254.187.0/24 maxlen: 24
178.254.188.0/22 maxlen: 24
185.157.44.0/24 maxlen: 24
193.104.68.0/24 maxlen: 24
217.169.208.0/20 maxlen: 20
217.169.208.0/22 maxlen: 22
217.169.212.0/22 maxlen: 22
217.169.216.0/22 maxlen: 22
217.169.219.0/24 maxlen: 24
217.169.220.0/22 maxlen: 22
2a02:b58::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2c:9c:1e:8a:b8:ef:35:03:1d:4d:38:71:27:70:6e:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Jul 21 10:51:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aaf6c8cb561abdb8f4db7df01dedb3ad91e4d000
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:5b:74:e7:8b:b1:e1:6f:08:e4:f4:d2:1e:f8:
67:d7:62:bc:09:6b:d0:ce:f9:d6:25:b0:0a:9e:fe:
b1:71:13:a8:d5:bf:cc:1f:6f:c7:34:15:3f:9e:24:
d7:1c:c1:ab:4d:1d:ec:de:cc:8d:b9:3f:26:fd:76:
0c:d7:12:40:c6:65:60:ad:d3:2b:39:0f:cc:fd:1f:
cc:da:89:cd:8d:51:24:cc:a5:85:00:9f:1b:6a:39:
c8:60:20:66:a4:a3:e6:c3:68:31:8c:75:05:05:7b:
be:8f:60:f6:ee:be:ea:cd:1a:60:c8:83:40:e8:b9:
7f:aa:a0:8a:a0:0d:d0:35:97:5b:c1:95:62:c3:50:
6a:4a:81:39:ae:cd:dc:27:2e:b6:2d:9d:b4:ed:dd:
e2:6f:d5:6b:da:16:10:31:52:fd:f6:d4:5f:d8:cf:
29:a8:d5:dc:f3:26:c1:b9:a7:f8:3f:0b:b4:0c:28:
59:7b:74:97:b7:79:e8:49:84:69:5a:04:1c:79:c1:
28:e4:19:15:1d:98:b1:23:43:52:72:b0:96:87:37:
d7:fc:2d:c3:50:2e:e0:af:09:d1:32:35:13:8c:06:
fc:d8:6e:93:56:b2:1f:6b:c8:1a:ba:83:1d:c9:08:
02:83:b8:4a:06:9a:7c:84:83:49:a6:8f:cb:79:cc:
9d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:F6:C8:CB:56:1A:BD:B8:F4:DB:7D:F0:1D:ED:B3:AD:91:E4:D0:00
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/qvbIy1Yavbj0233wHe2zrZHk0AA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.33.0-5.172.39.255
89.23.65.0/24
89.23.67.0-89.23.70.255
89.23.74.0/23
89.23.77.0-89.23.79.255
89.23.83.0-89.23.84.255
89.23.86.0/24
89.23.88.0/24
89.23.90.0/24
92.42.248.0/21
93.93.192.0/21
95.140.112.0-95.140.121.255
95.140.124.0/22
109.111.224.0-109.111.240.255
109.111.243.0-109.111.250.255
109.111.252.0/22
178.254.128.0-178.254.146.255
178.254.148.0/23
178.254.151.0-178.254.159.255
178.254.163.0/24
178.254.165.0/24
178.254.169.0/24
178.254.172.0/24
178.254.175.0/24
178.254.177.0/24
178.254.182.0-178.254.184.255
178.254.187.0-178.254.191.255
185.157.44.0/24
193.104.68.0/24
217.169.208.0/20
IPv6:
2a02:b58::/32
Signature Algorithm: sha256WithRSAEncryption
41:ff:b7:1b:f3:0d:7e:8a:46:ce:3e:41:2d:85:84:44:1d:76:
d0:15:1e:22:78:b7:cb:3d:27:4d:52:3d:c5:4a:df:28:b7:75:
e8:b6:f2:ab:bc:fc:fa:d4:d5:e1:39:88:ff:b7:4a:b2:17:5f:
26:ac:fd:08:f5:d5:2e:74:44:18:37:d3:0c:86:38:61:37:cc:
93:d7:2b:54:5b:05:1f:c9:63:f6:76:59:a9:f6:cd:00:05:01:
97:1a:7d:f3:97:91:d9:3d:24:5c:cd:26:98:80:97:23:06:c9:
1d:db:59:87:0d:d6:95:ce:2a:55:72:1b:ab:c6:18:96:38:ec:
2b:96:44:ab:f7:1a:41:c7:ef:1c:9a:52:68:22:cd:c0:d8:5c:
8f:2d:85:33:76:e4:46:37:c3:3a:4b:31:95:bd:0b:4b:5b:57:
38:14:95:57:58:ba:22:0e:d3:e9:1a:33:52:42:7b:29:59:07:
68:22:47:52:66:d6:23:e1:b4:10:e5:eb:1b:53:33:1a:6f:38:
50:6a:86:95:e1:b4:f2:90:4f:8a:ba:b4:58:d7:3b:22:a8:b3:
b1:1a:ee:0b:0d:04:6e:7b:2c:39:21:4e:a4:46:ba:59:5d:11:
61:37:e9:9e:5d:07:5b:79:96:32:98:ac:98:b8:f4:d2:2e:c8:
c3:6f:ab:56
-----BEGIN CERTIFICATE-----
MIIGHDCCBQSgAwIBAgISAZgsnB6KuO81Ax1NOHEncG79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNzIxMTA1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWY2YzhjYjU2MWFiZGI4ZjRkYjdkZjAxZGVkYjNhZDkxZTRkMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1t054ux4W8I5PTSHvhn12K8CWvQ
zvnWJbAKnv6xcROo1b/MH2/HNBU/niTXHMGrTR3s3syNuT8m/XYM1xJAxmVgrdMr
OQ/M/R/M2onNjVEkzKWFAJ8bajnIYCBmpKPmw2gxjHUFBXu+j2D27r7qzRpgyINA
6Ll/qqCKoA3QNZdbwZViw1BqSoE5rs3cJy62LZ207d3ib9Vr2hYQMVL99tRf2M8p
qNXc8ybBuaf4Pwu0DChZe3SXt3noSYRpWgQcecEo5BkVHZixI0NScrCWhzfX/C3D
UC7grwnRMjUTjAb82G6TVrIfa8gauoMdyQgCg7hKBpp8hINJpo/LecydPQIDAQAB
o4IDKDCCAyQwHQYDVR0OBBYEFKr2yMtWGr249Nt98B3ts62R5NAAMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvcXZiSXkxWWF2YmowMjMzd0hlMnpyWkhrMEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPAYIKwYBBQUHAQcBAf8EggErMIIBJzCCARQEAgABMIIB
DDAMAwQABawhAwQDBawgAwQAWRdBMAwDBABZF0MDBABZF0YDBAFZF0owDAMEAFkX
TQMEBFkXQDAMAwQAWRdTAwQAWRdUAwQAWRdWAwQAWRdYAwQAWRdaAwQDXCr4AwQD
XV3AMAwDBARfjHADBAFfjHgDBAJfjHwwDAMEBW1v4AMEAG1v8DAMAwQAbW/zAwQA
bW/6AwQCbW/8MAwDBAey/oADBACy/pIDBAGy/pQwDAMEALL+lwMEBbL+gAMEALL+
owMEALL+pQMEALL+qQMEALL+rAMEALL+rwMEALL+sTAMAwQBsv62AwQAsv64MAwD
BACy/rsDBAay/oADBAC5nSwDBADBaEQDBATZqdAwDQQCAAIwBwMFACoCC1gwDQYJ
KoZIhvcNAQELBQADggEBAEH/txvzDX6KRs4+QS2FhEQddtAVHiJ4t8s9J01SPcVK
3yi3dei28qu8/PrU1eE5iP+3SrIXXyas/Qj11S50RBg30wyGOGE3zJPXK1RbBR/J
Y/Z2Wan2zQAFAZcaffOXkdk9JFzNJpiAlyMGyR3bWYcN1pXOKlVyG6vGGJY47CuW
RKv3GkHH7xyaUmgizcDYXI8thTN25EY3wzpLMZW9C0tbVzgUlVdYuiIO0+kaM1JC
eylZB2giR1Jm1iPhtBDl6xtTMxpvOFBqhpXhtPKQT4q6tFjXOyKos7Ea7gsNBG57
LDkhTqRGulldEWE36Z5dB1t5ljKYrJi49NIuyMNvq1Y=
-----END CERTIFICATE-----
Generated at Wed Jul 23 12:16:17 2025 by rpki-client