Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/r-Vz77muH3GtkGjSTVPVUFOIuj4.roa
File: r-Vz77muH3GtkGjSTVPVUFOIuj4.roa (raw, json)
Hash identifier: OKhDGIHhw6aQnLhXFvmaGZV5yIgfpoo0HIcHhrdVrkk=
Subject key identifier: AF:E5:73:EF:B9:AE:1F:71:AD:90:68:D2:4D:53:D5:50:53:88:BA:3E
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019A179D1A451D4A3EC261C638904294E54E
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/r-Vz77muH3GtkGjSTVPVUFOIuj4.roa
Signing time: Fri 24 Oct 2025 19:06:03 +0000
ROA not before: Fri 24 Oct 2025 19:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214238
IP address blocks: 130.49.0.0/24 maxlen: 24
130.49.20.0/24 maxlen: 24
155.212.113.0/24 maxlen: 24
170.168.56.0/24 maxlen: 24
170.168.108.0/24 maxlen: 24
170.168.157.0/24 maxlen: 24
170.168.164.0/24 maxlen: 24
170.168.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:9d:1a:45:1d:4a:3e:c2:61:c6:38:90:42:94:e5:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Oct 24 19:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afe573efb9ae1f71ad9068d24d53d5505388ba3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:f7:60:11:4d:0e:05:4b:a5:dd:22:53:a1:5d:
50:a6:f6:f3:d6:50:c9:ef:3b:0d:04:44:b6:80:a4:
a9:13:16:28:53:65:e4:b9:88:03:ae:be:6f:ec:93:
9f:f4:b4:ce:bb:08:3a:a2:fd:d1:86:ae:54:f3:2a:
5a:d0:20:7b:83:69:4a:d1:fa:27:82:33:f1:e7:06:
e3:e8:92:1d:cc:63:b4:93:ff:23:09:5c:01:e2:74:
8b:a0:0b:ed:7c:5c:6b:f9:a0:80:2f:c3:c4:58:e3:
b6:3a:3d:f9:c7:54:e4:2c:b0:3f:69:b8:85:b0:1b:
e2:f6:58:19:89:89:48:4b:2a:ec:de:8d:cd:8b:d0:
fb:fd:85:b8:b8:ec:a3:b7:af:16:7d:d3:b9:f2:b0:
1b:20:2e:56:1e:88:67:66:79:de:46:5b:ec:5c:27:
9c:b4:57:61:3c:0d:7a:9a:ea:1f:ca:b9:f2:6a:44:
87:e4:af:88:41:64:50:c4:cf:c8:ed:f0:f1:26:57:
4d:5c:63:15:7d:ab:3a:4f:e3:76:42:5c:2b:04:1f:
6c:b2:24:d2:be:5e:a6:4b:37:b8:64:12:b0:02:56:
2c:ca:58:67:cb:dc:62:d5:a8:1b:13:28:9c:86:0b:
54:ed:a0:8e:a7:f0:ad:cc:78:f6:76:34:60:1d:81:
80:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:E5:73:EF:B9:AE:1F:71:AD:90:68:D2:4D:53:D5:50:53:88:BA:3E
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/r-Vz77muH3GtkGjSTVPVUFOIuj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.49.0.0/24
130.49.20.0/24
155.212.113.0/24
170.168.56.0/24
170.168.108.0/24
170.168.157.0/24
170.168.164.0/24
170.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:93:52:ee:46:62:f1:16:af:60:c4:27:fd:2f:57:45:4e:20:
5c:9c:a8:a8:48:76:75:39:94:10:f3:35:f1:d1:fe:2f:4e:55:
50:9d:4f:db:7f:03:c5:3e:30:b4:1a:c7:72:59:04:a8:0a:22:
1c:f1:08:95:59:09:d9:8a:e2:bb:55:9b:36:f7:b3:6e:47:fd:
4f:23:2d:0d:03:85:78:20:7e:79:40:14:36:ac:90:eb:9e:a1:
68:68:fd:45:e9:41:84:bd:a4:5a:02:c0:d0:ac:60:35:cc:e4:
e1:cf:77:ac:e6:14:04:0f:04:e6:2a:4a:fa:d1:4b:68:66:cb:
cb:06:7b:0a:78:9b:ef:df:7d:12:0d:19:6c:34:15:93:6b:a9:
45:61:28:83:56:a6:48:32:19:6d:0e:f8:cd:f7:c3:7c:ec:0d:
51:f2:d2:9d:ed:fe:f0:9e:d0:1a:c9:46:20:ef:46:c9:08:f5:
e7:a6:e4:c5:16:b5:6c:d8:49:b2:81:72:f3:e2:c1:e7:f2:06:
02:19:0f:f5:f9:ba:07:c3:55:e7:31:78:f3:c5:32:23:56:c9:
0d:d4:ec:0f:74:75:25:73:ae:09:85:69:e2:32:8f:73:2f:23:
ee:c7:86:0e:36:b7:12:f8:0a:e8:fc:61:7a:c6:f3:c7:5e:46:
d1:87:23:74
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoXnRpFHUo+wmHGOJBClOVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDI0MTkwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU1NzNlZmI5YWUxZjcxYWQ5MDY4ZDI0ZDUzZDU1MDUzODhiYTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/dgEU0OBUul3SJToV1Qpvbz1lDJ
7zsNBES2gKSpExYoU2XkuYgDrr5v7JOf9LTOuwg6ov3Rhq5U8ypa0CB7g2lK0fon
gjPx5wbj6JIdzGO0k/8jCVwB4nSLoAvtfFxr+aCAL8PEWOO2Oj35x1TkLLA/abiF
sBvi9lgZiYlISyrs3o3Ni9D7/YW4uOyjt68WfdO58rAbIC5WHohnZnneRlvsXCec
tFdhPA16muofyrnyakSH5K+IQWRQxM/I7fDxJldNXGMVfas6T+N2QlwrBB9ssiTS
vl6mSze4ZBKwAlYsylhny9xi1agbEyichgtU7aCOp/CtzHj2djRgHYGASQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK/lc++5rh9xrZBo0k1T1VBTiLo+MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvci1Wejc3bXVIM0d0a0dqU1RWUFZVRk9JdWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAgjEAAwQA
gjEUAwQAm9RxAwQAqqg4AwQAqqhsAwQAqqidAwQAqqikAwQAqqj3MA0GCSqGSIb3
DQEBCwUAA4IBAQB9k1LuRmLxFq9gxCf9L1dFTiBcnKioSHZ1OZQQ8zXx0f4vTlVQ
nU/bfwPFPjC0GsdyWQSoCiIc8QiVWQnZiuK7VZs297NuR/1PIy0NA4V4IH55QBQ2
rJDrnqFoaP1F6UGEvaRaAsDQrGA1zOThz3es5hQEDwTmKkr60UtoZsvLBnsKeJvv
330SDRlsNBWTa6lFYSiDVqZIMhltDvjN98N87A1R8tKd7f7wntAayUYg70bJCPXn
puTFFrVs2EmygXLz4sHn8gYCGQ/1+boHw1XnMXjzxTIjVskN1OwPdHUlc64JhWni
Mo9zLyPux4YONrcS+Aro/GF6xvPHXkbRhyN0
-----END CERTIFICATE-----
Generated at Sat Oct 25 09:40:01 2025 by rpki-client