Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Z3835702684lqYvr6YcO1CBN9v8.roa
File: Z3835702684lqYvr6YcO1CBN9v8.roa (raw, json)
Hash identifier: ix7qVq4wKUu1ecDe/rFafECXz6RKxGTKJ4zfcl+Dsfw=
Subject key identifier: 67:7F:37:E7:BD:36:EB:CE:25:A9:8B:EB:E9:87:0E:D4:20:4D:F6:FF
Certificate issuer: /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial: 0198248C60A14DBFAD03A826F4B1F6289E5C
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Z3835702684lqYvr6YcO1CBN9v8.roa
Signing time: Sat 19 Jul 2025 21:17:16 +0000
ROA not before: Sat 19 Jul 2025 21:17:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56910
IP address blocks: 31.177.56.0/21 maxlen: 24
86.106.173.0/24 maxlen: 24
91.220.184.0/24 maxlen: 24
185.4.236.0/24 maxlen: 24
185.36.232.0/22 maxlen: 24
185.106.38.0/24 maxlen: 24
185.106.39.0/24 maxlen: 24
185.109.16.0/22 maxlen: 24
188.214.127.0/24 maxlen: 24
2a04:3e00::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 22:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:24:8c:60:a1:4d:bf:ad:03:a8:26:f4:b1:f6:28:9e:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Validity
Not Before: Jul 19 21:17:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=677f37e7bd36ebce25a98bebe9870ed4204df6ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:32:a2:f9:ee:29:df:99:b1:68:de:9f:70:7c:
75:e2:45:de:c9:2f:c4:57:ff:70:de:bc:ce:98:e2:
f5:a9:87:4e:77:7d:04:41:61:ad:94:8a:a1:c5:3e:
80:10:a5:53:35:b3:cd:e7:59:67:92:e4:5a:c6:7a:
80:18:c2:cb:ee:3c:4f:cf:ff:f7:d3:21:46:92:d9:
ec:0d:67:7c:05:ad:e6:1e:42:a1:fb:2c:e6:d1:d6:
38:29:c5:89:fa:48:8e:34:9f:c5:c7:7f:fa:5d:92:
65:04:62:08:d2:69:fd:49:ed:ce:82:8a:cd:ed:70:
93:bc:07:f4:d3:49:45:21:43:21:82:1e:72:64:41:
e4:7c:95:f4:9c:08:4d:3b:48:97:af:37:ab:d1:4e:
39:53:00:88:0c:1d:11:12:12:75:94:65:f8:c6:b8:
56:6b:f8:28:c0:1c:cf:e5:74:19:7a:51:45:6a:2e:
e6:6b:e8:06:c9:ec:6e:4c:6c:eb:b4:cf:45:a2:1f:
fe:ff:6f:85:b3:ce:00:14:19:d6:d4:57:e0:f3:56:
04:79:ea:cd:5b:35:41:bf:da:bf:2e:9a:ec:cc:38:
31:0e:6b:7f:5b:01:0a:54:84:6a:7d:04:40:fb:a4:
bb:57:bc:8d:61:32:01:b2:b2:52:7a:a1:41:50:75:
e4:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:7F:37:E7:BD:36:EB:CE:25:A9:8B:EB:E9:87:0E:D4:20:4D:F6:FF
X509v3 Authority Key Identifier:
keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Z3835702684lqYvr6YcO1CBN9v8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.56.0/21
86.106.173.0/24
91.220.184.0/24
185.4.236.0/24
185.36.232.0/22
185.106.38.0/23
185.109.16.0/22
188.214.127.0/24
IPv6:
2a04:3e00::/29
Signature Algorithm: sha256WithRSAEncryption
5f:fd:ca:73:43:1b:a3:29:db:82:b4:2d:42:51:72:19:7b:55:
4a:37:70:1c:c7:b3:18:5e:43:f3:1f:0b:29:36:72:57:3b:81:
6a:d1:03:ca:d6:16:75:db:83:2f:02:38:d1:4e:e7:23:32:09:
bc:e8:77:5a:64:86:dd:88:34:e5:c7:a4:f0:59:da:e3:29:67:
81:0f:9e:cf:4a:6c:2f:d0:37:dd:83:53:80:51:ef:74:ee:5b:
57:7a:2e:fe:3a:78:28:b8:e4:4b:e1:e5:4f:0a:34:f1:90:0e:
53:84:21:e9:ae:b8:d0:f9:a9:99:b1:63:b5:5a:c4:41:27:04:
65:92:9f:1d:a2:a0:5a:b2:82:16:71:0f:68:bc:da:96:52:9f:
84:8a:4c:42:3f:66:f8:81:80:61:86:93:8e:45:36:18:63:1a:
de:92:c0:8d:77:4b:48:bf:d9:29:38:e8:a1:b6:07:2c:19:97:
0d:d9:19:e8:b4:bd:ed:ee:3e:c2:4e:ca:5a:d8:b6:b3:73:0f:
21:1d:6f:2c:bf:60:37:8f:39:c7:a7:89:69:25:4b:82:49:b3:
6d:c2:34:e0:62:f5:e9:ef:46:65:0b:00:d2:05:5c:39:da:e2:
10:b8:fd:fb:02:dc:65:15:37:73:92:a5:40:fb:59:bb:c1:c8:
ed:99:1f:05
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZgkjGChTb+tA6gm9LH2KJ5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjUwNzE5MjExNzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdmMzdlN2JkMzZlYmNlMjVhOThiZWJlOTg3MGVkNDIwNGRmNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TKi+e4p35mxaN6fcHx14kXeyS/E
V/9w3rzOmOL1qYdOd30EQWGtlIqhxT6AEKVTNbPN51lnkuRaxnqAGMLL7jxPz//3
0yFGktnsDWd8Ba3mHkKh+yzm0dY4KcWJ+kiONJ/Fx3/6XZJlBGII0mn9Se3OgorN
7XCTvAf000lFIUMhgh5yZEHkfJX0nAhNO0iXrzer0U45UwCIDB0REhJ1lGX4xrhW
a/gowBzP5XQZelFFai7ma+gGyexuTGzrtM9Foh/+/2+Fs84AFBnW1Ffg81YEeerN
WzVBv9q/LprszDgxDmt/WwEKVIRqfQRA+6S7V7yNYTIBsrJSeqFBUHXkYwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGd/N+e9NuvOJamL6+mHDtQgTfb/MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvWjM4MzU3MDI2ODRscVl2cjZZY08xQ0JOOXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDH7E4AwQA
VmqtAwQAW9y4AwQAuQTsAwQCuSToAwQBuWomAwQCuW0QAwQAvNZ/MA0EAgACMAcD
BQMqBD4AMA0GCSqGSIb3DQEBCwUAA4IBAQBf/cpzQxujKduCtC1CUXIZe1VKN3Ac
x7MYXkPzHwspNnJXO4Fq0QPK1hZ124MvAjjRTucjMgm86HdaZIbdiDTlx6TwWdrj
KWeBD57PSmwv0Dfdg1OAUe907ltXei7+OngouORL4eVPCjTxkA5ThCHprrjQ+amZ
sWO1WsRBJwRlkp8doqBasoIWcQ9ovNqWUp+EikxCP2b4gYBhhpOORTYYYxreksCN
d0tIv9kpOOihtgcsGZcN2RnotL3t7j7CTspa2Lazcw8hHW8sv2A3jznHp4lpJUuC
SbNtwjTgYvXp70ZlCwDSBVw52uIQuP37AtxlFTdzkqVA+1m7wcjtmR8F
-----END CERTIFICATE-----
Generated at Mon Jul 21 07:30:13 2025 by rpki-client