Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/BrO3qC9sElz84kZt0TlGLTPrFfo.roa
File: BrO3qC9sElz84kZt0TlGLTPrFfo.roa (raw, json)
Hash identifier: Xac1gSwp3PaG99+Svk2b1wiRsCto7zOmCczTzvRnd5o=
Subject key identifier: 06:B3:B7:A8:2F:6C:12:5C:FC:E2:46:6D:D1:39:46:2D:33:EB:15:FA
Certificate issuer: /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial: 01990A132B50115D6E7452B0832DED649E8C
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/BrO3qC9sElz84kZt0TlGLTPrFfo.roa
Signing time: Tue 02 Sep 2025 10:57:32 +0000
ROA not before: Tue 02 Sep 2025 10:57:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16322
IP address blocks: 31.214.132.0/23 maxlen: 23
31.214.146.0/23 maxlen: 23
31.214.146.0/24 maxlen: 24
31.214.147.0/24 maxlen: 24
31.214.154.0/24 maxlen: 24
31.214.200.0/23 maxlen: 23
31.214.228.0/22 maxlen: 22
31.214.248.0/21 maxlen: 21
37.10.64.0/22 maxlen: 22
37.10.109.0/24 maxlen: 24
37.10.117.0/24 maxlen: 24
37.228.131.0/24 maxlen: 24
37.228.133.0/24 maxlen: 24
37.228.135.0/24 maxlen: 24
37.228.136.0/22 maxlen: 22
46.41.192.0/18 maxlen: 18
46.41.192.0/19 maxlen: 19
46.41.192.0/20 maxlen: 20
46.41.224.0/19 maxlen: 19
46.41.224.0/20 maxlen: 20
46.251.224.0/24 maxlen: 24
46.251.226.0/24 maxlen: 24
46.251.237.0/24 maxlen: 24
82.99.192.0/18 maxlen: 18
82.99.192.0/19 maxlen: 22
82.99.192.0/24 maxlen: 24
82.99.193.0/24 maxlen: 24
82.99.195.0/24 maxlen: 24
82.99.196.0/24 maxlen: 24
82.99.198.0/24 maxlen: 24
82.99.199.0/24 maxlen: 24
82.99.200.0/24 maxlen: 24
82.99.201.0/24 maxlen: 24
82.99.204.0/24 maxlen: 24
82.99.205.0/24 maxlen: 24
82.99.206.0/24 maxlen: 24
82.99.209.0/24 maxlen: 24
82.99.210.0/24 maxlen: 24
82.99.212.0/24 maxlen: 24
82.99.214.0/24 maxlen: 24
82.99.216.0/22 maxlen: 22
82.99.224.0/19 maxlen: 19
82.99.224.0/20 maxlen: 20
82.99.225.0/24 maxlen: 24
82.99.228.0/24 maxlen: 24
82.99.229.0/24 maxlen: 24
82.99.230.0/24 maxlen: 24
82.99.231.0/24 maxlen: 24
82.99.232.0/24 maxlen: 24
82.99.233.0/24 maxlen: 24
82.99.234.0/24 maxlen: 24
82.99.235.0/24 maxlen: 24
82.99.240.0/24 maxlen: 24
82.99.249.0/24 maxlen: 24
82.99.250.0/24 maxlen: 24
82.99.251.0/24 maxlen: 24
82.99.252.0/24 maxlen: 24
82.99.254.0/24 maxlen: 24
82.99.255.0/24 maxlen: 24
95.156.222.0/23 maxlen: 23
95.156.233.0/24 maxlen: 24
95.156.234.0/23 maxlen: 23
95.156.236.0/23 maxlen: 23
95.156.248.0/23 maxlen: 23
109.230.192.0/23 maxlen: 23
109.230.200.0/24 maxlen: 24
109.230.204.0/22 maxlen: 22
109.230.221.0/24 maxlen: 24
109.230.223.0/24 maxlen: 24
109.230.242.0/24 maxlen: 24
109.230.246.0/23 maxlen: 23
109.230.246.0/24 maxlen: 24
109.230.247.0/24 maxlen: 24
109.230.251.0/24 maxlen: 24
134.255.196.0/23 maxlen: 23
134.255.245.0/24 maxlen: 24
134.255.246.0/24 maxlen: 24
134.255.249.0/24 maxlen: 24
185.10.71.0/24 maxlen: 24
185.13.228.0/22 maxlen: 22
2a00:1a88::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.mft
rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 07:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0a:13:2b:50:11:5d:6e:74:52:b0:83:2d:ed:64:9e:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
Validity
Not Before: Sep 2 10:57:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06b3b7a82f6c125cfce2466dd139462d33eb15fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:1e:ba:e1:ab:7d:01:69:84:dc:46:cd:d2:21:
80:c3:a1:d4:d0:18:9e:ee:70:10:0a:3c:50:d0:82:
b1:e2:22:3e:5a:74:45:fb:98:70:1d:72:03:82:31:
f7:fc:d8:61:5d:e0:6b:89:f2:11:51:09:f2:87:35:
a4:3d:4e:cd:19:92:a1:d1:c7:7a:e8:57:5d:ca:8f:
9e:8f:ad:db:c8:53:e0:f9:f3:31:e6:cd:2c:4e:84:
9f:5f:72:05:16:4d:87:d7:82:75:0d:32:5e:46:54:
4e:84:99:b3:5a:52:39:55:7f:98:aa:4e:cc:e5:d6:
69:20:a0:49:1f:87:07:e2:cd:c8:3b:6f:a5:38:a8:
09:66:0c:76:76:bb:53:d2:39:db:5c:6a:eb:e9:69:
fd:b4:b7:d6:65:bc:ba:d4:e2:22:af:d1:2c:0e:24:
78:ed:c0:d3:ae:0e:76:af:a3:fc:21:72:77:95:76:
fb:23:8f:f9:b6:54:60:89:25:12:92:8e:f9:02:b2:
7a:a0:47:5b:d9:f8:54:23:72:61:09:97:63:a9:cd:
57:69:2f:fb:c8:e4:78:3c:e8:9d:78:26:77:7b:74:
23:37:84:fe:5f:e4:b8:ca:29:a7:2f:56:32:91:64:
d9:b9:7a:fc:87:cc:a9:58:d2:a7:18:0f:07:a0:df:
66:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:B3:B7:A8:2F:6C:12:5C:FC:E2:46:6D:D1:39:46:2D:33:EB:15:FA
X509v3 Authority Key Identifier:
keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/BrO3qC9sElz84kZt0TlGLTPrFfo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.132.0/23
31.214.146.0/23
31.214.154.0/24
31.214.200.0/23
31.214.228.0/22
31.214.248.0/21
37.10.64.0/22
37.10.109.0/24
37.10.117.0/24
37.228.131.0/24
37.228.133.0/24
37.228.135.0-37.228.139.255
46.41.192.0/18
46.251.224.0/24
46.251.226.0/24
46.251.237.0/24
82.99.192.0/18
95.156.222.0/23
95.156.233.0-95.156.237.255
95.156.248.0/23
109.230.192.0/23
109.230.200.0/24
109.230.204.0/22
109.230.221.0/24
109.230.223.0/24
109.230.242.0/24
109.230.246.0/23
109.230.251.0/24
134.255.196.0/23
134.255.245.0-134.255.246.255
134.255.249.0/24
185.10.71.0/24
185.13.228.0/22
IPv6:
2a00:1a88::/32
Signature Algorithm: sha256WithRSAEncryption
3f:e8:4c:e3:34:74:7c:bd:17:df:56:6c:52:aa:51:9e:7b:69:
c1:5c:ad:05:5a:32:ab:54:69:c0:8c:f2:1a:0e:c1:02:78:92:
24:b4:f2:ad:f2:85:33:14:2c:98:95:f7:13:ee:30:d9:dc:56:
61:07:b7:89:cd:f1:f4:a3:b4:98:e9:b3:50:00:da:0f:84:18:
f9:62:27:45:24:42:13:7f:e5:92:5f:a8:60:84:0a:48:2e:0c:
07:36:c4:49:1d:0f:85:1f:39:c5:fa:85:28:24:f8:13:2d:e0:
81:c5:f7:56:c4:45:49:89:6b:3b:02:ec:c7:27:d3:5b:22:1f:
12:78:9b:09:d5:57:04:04:18:22:48:56:7e:91:06:87:8b:c3:
e2:f1:a6:0d:b3:70:f8:f9:f1:e8:5d:4f:27:61:57:a8:f9:65:
b3:d7:b6:5a:86:1f:ae:8f:ba:54:3c:0c:d0:3d:18:66:81:f9:
ca:93:65:ac:e8:cd:4c:77:f0:dd:d9:48:a5:df:3e:85:7c:99:
1f:e0:6f:fb:12:ab:66:84:ce:ad:64:26:1e:c3:c5:70:e4:8d:
88:38:01:a0:1c:3d:60:bd:3f:e5:83:fd:61:a7:51:76:92:96:
3c:03:8f:ea:64:27:71:e4:68:c6:99:d4:be:86:91:c6:fd:7d:
a3:62:5e:d7
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgISAZkKEytQEV1udFKwgy3tZJ6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjUwOTAyMTA1NzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmIzYjdhODJmNmMxMjVjZmNlMjQ2NmRkMTM5NDYyZDMzZWIxNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzx664at9AWmE3EbN0iGAw6HU0Bie
7nAQCjxQ0IKx4iI+WnRF+5hwHXIDgjH3/NhhXeBrifIRUQnyhzWkPU7NGZKh0cd6
6Fddyo+ej63byFPg+fMx5s0sToSfX3IFFk2H14J1DTJeRlROhJmzWlI5VX+Yqk7M
5dZpIKBJH4cH4s3IO2+lOKgJZgx2drtT0jnbXGrr6Wn9tLfWZby61OIir9EsDiR4
7cDTrg52r6P8IXJ3lXb7I4/5tlRgiSUSko75ArJ6oEdb2fhUI3JhCZdjqc1XaS/7
yOR4POideCZ3e3QjN4T+X+S4yimnL1YykWTZuXr8h8ypWNKnGA8HoN9maQIDAQAB
o4IC9jCCAvIwHQYDVR0OBBYEFAazt6gvbBJc/OJGbdE5Ri0z6xX6MB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvQnJPM3FDOXNFbHo4NGtadDBUbEdMVFByRmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCgYIKwYBBQUHAQcBAf8EgfowgfcwgeUEAgABMIHeAwQB
H9aEAwQBH9aSAwQAH9aaAwQBH9bIAwQCH9bkAwQDH9b4AwQCJQpAAwQAJQptAwQA
JQp1AwQAJeSDAwQAJeSFMAwDBAAl5IcDBAIl5IgDBAYuKcADBAAu++ADBAAu++ID
BAAu++0DBAZSY8ADBAFfnN4wDAMEAF+c6QMEAV+c7AMEAV+c+AMEAW3mwAMEAG3m
yAMEAm3mzAMEAG3m3QMEAG3m3wMEAG3m8gMEAW3m9gMEAG3m+wMEAYb/xDAMAwQA
hv/1AwQAhv/2AwQAhv/5AwQAuQpHAwQCuQ3kMA0EAgACMAcDBQAqABqIMA0GCSqG
SIb3DQEBCwUAA4IBAQA/6EzjNHR8vRffVmxSqlGee2nBXK0FWjKrVGnAjPIaDsEC
eJIktPKt8oUzFCyYlfcT7jDZ3FZhB7eJzfH0o7SY6bNQANoPhBj5YidFJEITf+WS
X6hghApILgwHNsRJHQ+FHznF+oUoJPgTLeCBxfdWxEVJiWs7AuzHJ9NbIh8SeJsJ
1VcEBBgiSFZ+kQaHi8Pi8aYNs3D4+fHoXU8nYVeo+WWz17Zahh+uj7pUPAzQPRhm
gfnKk2Ws6M1Md/Dd2Uil3z6FfJkf4G/7EqtmhM6tZCYew8Vw5I2IOAGgHD1gvT/l
g/1hp1F2kpY8A4/qZCdx5GjGmdS+hpHG/X2jYl7X
-----END CERTIFICATE-----
Generated at Wed Sep 10 14:14:15 2025 by rpki-client