Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/P_iUOgMaJ7rXO7K4WDZZsBzBZ5Q.roa
File: P_iUOgMaJ7rXO7K4WDZZsBzBZ5Q.roa (raw, json)
Hash identifier: B6V3ZktWnX1VGGSIcT0+YSbHtjhQ5hbPdYV334LRu4o=
Subject key identifier: 3F:F8:94:3A:03:1A:27:BA:D7:3B:B2:B8:58:36:59:B0:1C:C1:67:94
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 01990EFFE19BDED40824524438B7039D2442
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/P_iUOgMaJ7rXO7K4WDZZsBzBZ5Q.roa
Signing time: Wed 03 Sep 2025 09:54:34 +0000
ROA not before: Wed 03 Sep 2025 09:54:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197706
IP address blocks: 31.171.152.0/24 maxlen: 24
31.171.153.0/24 maxlen: 24
31.171.154.0/24 maxlen: 24
31.171.155.0/24 maxlen: 24
31.171.156.0/24 maxlen: 24
31.171.157.0/24 maxlen: 24
31.171.158.0/24 maxlen: 24
31.171.159.0/24 maxlen: 24
45.142.25.0/24 maxlen: 24
45.142.26.0/24 maxlen: 24
45.142.27.0/24 maxlen: 24
62.101.160.0/24 maxlen: 24
62.101.161.0/24 maxlen: 24
62.101.162.0/24 maxlen: 24
62.101.163.0/24 maxlen: 24
62.101.164.0/24 maxlen: 24
62.101.165.0/24 maxlen: 24
62.101.166.0/24 maxlen: 24
62.101.167.0/24 maxlen: 24
103.69.32.0/24 maxlen: 24
103.69.33.0/24 maxlen: 24
103.69.34.0/24 maxlen: 24
103.69.35.0/24 maxlen: 24
103.93.40.0/24 maxlen: 24
103.93.41.0/24 maxlen: 24
103.93.42.0/24 maxlen: 24
103.93.43.0/24 maxlen: 24
103.124.164.0/24 maxlen: 24
103.124.165.0/24 maxlen: 24
103.124.166.0/24 maxlen: 24
103.124.167.0/24 maxlen: 24
103.204.120.0/24 maxlen: 24
103.204.121.0/24 maxlen: 24
103.204.122.0/24 maxlen: 24
103.204.123.0/24 maxlen: 24
103.254.240.0/24 maxlen: 24
103.254.241.0/24 maxlen: 24
103.254.242.0/24 maxlen: 24
103.254.243.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.133.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.136.0/24 maxlen: 24
109.104.137.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.140.0/22 maxlen: 22
109.104.140.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.156.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.158.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
144.48.52.0/24 maxlen: 24
144.48.53.0/24 maxlen: 24
144.48.54.0/24 maxlen: 24
144.48.55.0/24 maxlen: 24
185.53.100.0/24 maxlen: 24
185.53.101.0/24 maxlen: 24
185.153.125.0/24 maxlen: 24
185.153.126.0/24 maxlen: 24
185.153.127.0/24 maxlen: 24
199.168.120.0/24 maxlen: 24
199.168.121.0/24 maxlen: 24
199.168.122.0/24 maxlen: 24
199.168.123.0/24 maxlen: 24
2a04:27c0::/29 maxlen: 48
2a04:27c0:fffd::/48 maxlen: 48
2a04:27c0:fffe::/48 maxlen: 48
2a09:6e40::/29 maxlen: 48
2a09:6e47::/48 maxlen: 48
2a09:6ec0::/29 maxlen: 48
2a0d:27c0::/29 maxlen: 48
2a0d:27c4::/32 maxlen: 32
2a0d:42c0::/29 maxlen: 48
2a0d:4a40::/29 maxlen: 48
2a0d:4a46::/32 maxlen: 32
2a0e:3f00::/29 maxlen: 48
2a0e:3f01::/48 maxlen: 48
2a0e:4f00::/29 maxlen: 48
2a0e:4f05::/32 maxlen: 32
2a0e:d4c0::/29 maxlen: 48
2a0f:42c0::/29 maxlen: 48
2a0f:a880::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:ff:e1:9b:de:d4:08:24:52:44:38:b7:03:9d:24:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Sep 3 09:54:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ff8943a031a27bad73bb2b8583659b01cc16794
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:b2:77:f3:a1:85:83:75:86:57:30:e4:9e:1f:
08:70:f5:3f:2c:5c:59:06:e4:5e:ca:94:37:53:1c:
6b:97:75:8e:98:9b:bf:79:b6:97:32:a3:b5:1f:d4:
ca:bb:d0:b7:dd:88:ca:23:61:e6:16:6c:ad:05:14:
15:da:29:1f:2f:60:f0:44:f8:af:94:bc:23:9c:cf:
8a:9f:d2:83:77:94:a7:b9:20:41:ae:9e:e6:03:ec:
ee:59:a4:ad:4c:26:37:fd:7c:04:26:0c:5a:1d:1e:
07:92:d9:0d:08:2a:9a:f8:21:45:3c:3b:f3:79:b9:
d6:95:3c:7c:f9:0b:83:b6:89:ed:15:ce:89:b1:f3:
82:72:d0:48:12:16:a2:4e:ad:8d:c7:8a:57:0f:0d:
35:cf:50:c0:c8:74:49:f3:94:30:49:dd:14:7f:79:
0d:d8:65:f0:7b:52:42:c3:a3:03:bf:0b:a0:78:67:
16:7b:f8:8b:31:c6:fa:ef:53:15:fe:50:7d:29:1e:
ab:ff:f4:6e:70:32:b0:5a:e6:9a:6f:ca:03:60:19:
a0:5c:7f:16:48:89:1c:d5:5d:cb:ff:d3:d7:bc:89:
cf:ed:a5:1b:75:2b:8b:0a:b1:b4:ff:6a:41:aa:03:
48:65:0f:f9:4d:57:23:e4:18:b4:48:7e:19:28:59:
0c:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:F8:94:3A:03:1A:27:BA:D7:3B:B2:B8:58:36:59:B0:1C:C1:67:94
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/P_iUOgMaJ7rXO7K4WDZZsBzBZ5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.152.0/21
45.142.25.0-45.142.27.255
62.101.160.0/21
103.69.32.0/22
103.93.40.0/22
103.124.164.0/22
103.204.120.0/22
103.254.240.0/22
109.104.132.0/23
109.104.135.0-109.104.143.255
109.104.156.0/22
144.48.52.0/22
185.53.100.0/23
185.153.125.0-185.153.127.255
199.168.120.0/22
IPv6:
2a04:27c0::/29
2a09:6e40::/29
2a09:6ec0::/29
2a0d:27c0::/29
2a0d:42c0::/29
2a0d:4a40::/29
2a0e:3f00::/29
2a0e:4f00::/29
2a0e:d4c0::/29
2a0f:42c0::/29
2a0f:a880::/29
Signature Algorithm: sha256WithRSAEncryption
32:e6:62:eb:3e:b5:8c:8b:af:06:53:73:72:c9:78:bf:32:38:
16:42:38:ad:37:b3:93:c4:f7:5a:3c:14:07:a4:c8:a9:f7:2e:
a4:6c:50:e0:5c:f0:d6:28:ab:83:b2:9b:fc:b9:4c:8e:5c:93:
d8:3c:31:71:85:6a:92:2b:9f:b3:61:d4:fd:9e:6c:77:a6:e0:
b3:48:af:26:82:4d:31:e7:22:e8:e7:f3:ca:2d:3a:72:97:f5:
fa:0e:0b:ac:9f:bd:91:9f:3f:dc:c9:68:86:a3:9a:24:93:80:
60:97:52:fb:c2:0a:e7:66:41:f6:09:81:87:15:e7:b1:45:06:
59:7e:eb:f8:f1:a9:85:9f:d3:06:fe:bf:26:d1:cf:c5:36:a2:
8d:17:5d:14:c2:cd:43:44:4c:9b:63:84:f5:0e:01:15:cd:b5:
73:35:31:e9:a4:ca:43:94:d1:47:2b:35:aa:eb:f3:76:28:64:
b1:d3:b9:4d:a1:83:7e:a1:70:37:36:e1:71:9c:a6:9c:34:ea:
47:a8:c3:98:a2:2f:4b:2e:20:0b:e7:dd:f2:c9:60:20:ce:7e:
5d:c8:33:c9:9b:dc:92:c7:2d:8e:67:0b:bf:09:5c:d1:75:93:
b3:26:40:55:e6:7b:2f:32:cc:78:27:7e:34:83:e7:ef:fe:04:
ba:81:dd:70
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZkO/+Gb3tQIJFJEOLcDnSRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwOTAzMDk1NDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY4OTQzYTAzMWEyN2JhZDczYmIyYjg1ODM2NTliMDFjYzE2Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17J386GFg3WGVzDknh8IcPU/LFxZ
BuReypQ3Uxxrl3WOmJu/ebaXMqO1H9TKu9C33YjKI2HmFmytBRQV2ikfL2DwRPiv
lLwjnM+Kn9KDd5SnuSBBrp7mA+zuWaStTCY3/XwEJgxaHR4HktkNCCqa+CFFPDvz
ebnWlTx8+QuDtontFc6JsfOCctBIEhaiTq2Nx4pXDw01z1DAyHRJ85QwSd0Uf3kN
2GXwe1JCw6MDvwugeGcWe/iLMcb671MV/lB9KR6r//RucDKwWuaab8oDYBmgXH8W
SIkc1V3L/9PXvInP7aUbdSuLCrG0/2pBqgNIZQ/5TVcj5Bi0SH4ZKFkMwQIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFD/4lDoDGie61zuyuFg2WbAcwWeUMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvUF9pVU9nTWFKN3JYTzdLNFdEWlpzQnpCWjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzB4BAIAATByAwQDH6uY
MAwDBAAtjhkDBAItjhgDBAM+ZaADBAJnRSADBAJnXSgDBAJnfKQDBAJnzHgDBAJn
/vADBAFtaIQwDAMEAG1ohwMEBG1ogAMEAm1onAMEApAwNAMEAbk1ZDAMAwQAuZl9
AwQHuZkAAwQCx6h4MFMEAgACME0DBQMqBCfAAwUDKgluQAMFAyoJbsADBQMqDSfA
AwUDKg1CwAMFAyoNSkADBQMqDj8AAwUDKg5PAAMFAyoO1MADBQMqD0LAAwUDKg+o
gDANBgkqhkiG9w0BAQsFAAOCAQEAMuZi6z61jIuvBlNzcsl4vzI4FkI4rTezk8T3
WjwUB6TIqfcupGxQ4Fzw1iirg7Kb/LlMjlyT2DwxcYVqkiufs2HU/Z5sd6bgs0iv
JoJNMeci6Ofzyi06cpf1+g4LrJ+9kZ8/3MlohqOaJJOAYJdS+8IK52ZB9gmBhxXn
sUUGWX7r+PGphZ/TBv6/JtHPxTaijRddFMLNQ0RMm2OE9Q4BFc21czUx6aTKQ5TR
Rys1quvzdihksdO5TaGDfqFwNzbhcZymnDTqR6jDmKIvSy4gC+fd8slgIM5+Xcgz
yZvcksctjmcLvwlc0XWTsyZAVeZ7LzLMeCd+NIPn7/4EuoHdcA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 09:56:45 2025 by rpki-client