Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/q13-9N0ob4EuZWCOBMGdrrmovYs.roa
File: q13-9N0ob4EuZWCOBMGdrrmovYs.roa (raw, json)
Hash identifier: eeKbIgwTI3WJxgPRBQEnAOsOn9kelg3Nk/9eNVvZbRQ=
Subject key identifier: AB:5D:FE:F4:DD:28:6F:81:2E:65:60:8E:04:C1:9D:AE:B9:A8:BD:8B
Certificate issuer: /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial: 01981EA99084E3C21ABB45832C1C842AC72C
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/q13-9N0ob4EuZWCOBMGdrrmovYs.roa
Signing time: Fri 18 Jul 2025 17:51:25 +0000
ROA not before: Fri 18 Jul 2025 17:51:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199959
IP address blocks: 31.220.14.0/24 maxlen: 24
45.12.52.0/23 maxlen: 23
45.12.91.0/24 maxlen: 24
185.238.249.0/24 maxlen: 24
185.238.251.0/24 maxlen: 24
193.9.45.0/24 maxlen: 24
2a14:640:2::/48 maxlen: 48
2a14:640:3::/48 maxlen: 48
2a14:640:4::/48 maxlen: 48
2a14:640:5::/48 maxlen: 48
2a14:640:6::/48 maxlen: 48
2a14:640:7::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 25 Jul 2025 17:00:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:1e:a9:90:84:e3:c2:1a:bb:45:83:2c:1c:84:2a:c7:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Validity
Not Before: Jul 18 17:51:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab5dfef4dd286f812e65608e04c19daeb9a8bd8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:38:9b:8b:22:b3:1c:2c:cd:25:a6:bc:d2:ed:
a0:3b:8c:fd:f5:48:38:51:73:7b:ab:23:be:b0:12:
91:6c:66:a8:e1:7e:05:ec:14:f5:00:bc:cb:94:d4:
b2:7b:22:0d:92:37:37:6f:9e:c4:9e:20:9d:ea:57:
6f:b4:42:b9:59:e6:b8:59:4a:cb:f9:8a:6e:67:08:
0c:59:bf:95:5f:ec:b6:43:9b:9a:18:9a:83:6c:25:
28:5b:dc:f8:65:bb:e9:36:a2:54:a1:fa:38:cd:f7:
d1:93:29:24:e0:ba:65:fd:34:1a:a8:ee:7b:d2:c7:
0c:84:a7:07:b0:85:41:a8:9a:79:34:7b:b4:09:ff:
c0:c5:97:66:15:b4:85:bd:28:9b:fa:66:ce:76:36:
5f:86:35:3a:07:85:26:b1:9f:9e:fa:52:2f:45:07:
54:dd:d6:2c:46:33:d5:ad:2a:8c:7b:89:82:3e:f5:
e4:5a:b6:fa:47:d9:4e:c2:f9:ec:52:b9:8d:30:08:
a6:22:d9:a5:86:88:14:74:41:f4:91:ff:6f:3f:c0:
be:c3:f7:28:05:17:19:37:cc:b2:fe:3b:59:96:23:
29:34:53:29:9b:a6:ce:8d:e5:9e:58:5a:64:24:ca:
d0:65:9d:5c:68:d6:e3:30:1f:d8:bf:4c:1f:46:ac:
b3:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:5D:FE:F4:DD:28:6F:81:2E:65:60:8E:04:C1:9D:AE:B9:A8:BD:8B
X509v3 Authority Key Identifier:
keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/q13-9N0ob4EuZWCOBMGdrrmovYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.14.0/24
45.12.52.0/23
45.12.91.0/24
185.238.249.0/24
185.238.251.0/24
193.9.45.0/24
IPv6:
2a14:640:2::-2a14:640:7:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6d:e2:73:3e:4b:52:7d:a5:26:6d:b2:02:50:37:59:d1:94:8f:
b0:d3:2f:59:92:51:3d:4b:d3:be:f5:4f:37:f0:02:64:47:b3:
32:37:fe:d1:e6:13:d1:d3:73:cd:bc:1f:3d:06:9b:c9:d6:58:
b7:05:98:d3:8c:13:0d:04:e5:b6:53:1d:11:4d:f8:e9:69:2e:
06:be:6b:de:27:b0:c3:84:9c:e6:8c:f7:fd:86:4a:20:0d:2c:
07:4d:20:0f:7a:96:bf:e1:f8:3f:e6:f2:e1:b9:f2:5b:f5:cc:
eb:c9:32:2f:9e:2b:78:35:1e:b6:94:7b:17:58:14:5d:f5:58:
26:b7:c6:7c:22:5c:a9:dc:f8:4f:4b:12:a4:e3:7a:6f:e6:e8:
59:2a:7d:89:ee:df:9b:c7:af:16:43:3a:34:9e:ac:65:d1:eb:
b7:f4:f2:b8:99:a4:95:ff:4f:09:35:10:8f:2e:43:9b:ef:b0:
d0:12:7e:1d:2b:ab:e3:e7:cd:2c:40:50:79:f6:92:77:de:ce:
83:d3:bf:38:cd:16:7e:70:cc:60:18:6a:d0:e1:45:1c:62:2a:
cd:92:1a:08:9f:c4:5f:d6:8f:89:b1:a7:10:29:35:17:d1:12:
7a:18:d5:30:3c:53:8d:d7:fb:23:15:35:aa:88:65:03:0f:cf:
99:a2:2e:d4
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZgeqZCE48Iau0WDLByEKscsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwNzE4MTc1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVkZmVmNGRkMjg2ZjgxMmU2NTYwOGUwNGMxOWRhZWI5YThiZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzibiyKzHCzNJaa80u2gO4z99Ug4
UXN7qyO+sBKRbGao4X4F7BT1ALzLlNSyeyINkjc3b57EniCd6ldvtEK5Wea4WUrL
+YpuZwgMWb+VX+y2Q5uaGJqDbCUoW9z4ZbvpNqJUofo4zffRkykk4Lpl/TQaqO57
0scMhKcHsIVBqJp5NHu0Cf/AxZdmFbSFvSib+mbOdjZfhjU6B4UmsZ+e+lIvRQdU
3dYsRjPVrSqMe4mCPvXkWrb6R9lOwvnsUrmNMAimItmlhogUdEH0kf9vP8C+w/co
BRcZN8yy/jtZliMpNFMpm6bOjeWeWFpkJMrQZZ1caNbjMB/Yv0wfRqyzYwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKtd/vTdKG+BLmVgjgTBna65qL2LMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvcTEzLTlOMG9iNEV1WldDT0JNR2Rycm1vdllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAqBAIAATAkAwQAH9wOAwQB
LQw0AwQALQxbAwQAue75AwQAue77AwQAwQktMBoEAgACMBQwEgMHASoUBkAAAgMH
AyoUBkAAADANBgkqhkiG9w0BAQsFAAOCAQEAbeJzPktSfaUmbbICUDdZ0ZSPsNMv
WZJRPUvTvvVPN/ACZEezMjf+0eYT0dNzzbwfPQabydZYtwWY04wTDQTltlMdEU34
6WkuBr5r3ieww4Sc5oz3/YZKIA0sB00gD3qWv+H4P+by4bnyW/XM68kyL54reDUe
tpR7F1gUXfVYJrfGfCJcqdz4T0sSpON6b+boWSp9ie7fm8evFkM6NJ6sZdHrt/Ty
uJmklf9PCTUQjy5Dm++w0BJ+HSur4+fNLEBQefaSd97Og9O/OM0WfnDMYBhq0OFF
HGIqzZIaCJ/EX9aPibGnECk1F9ESehjVMDxTjdf7IxU1qohlAw/PmaIu1A==
-----END CERTIFICATE-----
Generated at Fri Jul 25 01:05:23 2025 by rpki-client