Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/Z38SMtL5uMOLU0VlRKbXQTIHGyc.roa
File: Z38SMtL5uMOLU0VlRKbXQTIHGyc.roa (raw, json)
Hash identifier: R5vGo48cGvAIvWP0YwGxyobaSGbcKYIYG0GtkewB3gM=
Subject key identifier: 67:7F:12:32:D2:F9:B8:C3:8B:53:45:65:44:A6:D7:41:32:07:1B:27
Certificate issuer: /CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Certificate serial: 019933D30CC2ED3DC27DA26BF275A464C835
Authority key identifier: 31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/Z38SMtL5uMOLU0VlRKbXQTIHGyc.roa
Signing time: Wed 10 Sep 2025 13:31:33 +0000
ROA not before: Wed 10 Sep 2025 13:31:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43009
IP address blocks: 81.23.248.0/24 maxlen: 24
81.23.249.0/24 maxlen: 24
81.23.250.0/24 maxlen: 24
81.23.251.0/24 maxlen: 24
81.23.252.0/24 maxlen: 24
81.23.253.0/24 maxlen: 24
81.23.254.0/24 maxlen: 24
81.23.255.0/24 maxlen: 24
185.255.8.0/24 maxlen: 24
185.255.9.0/24 maxlen: 24
185.255.10.0/24 maxlen: 24
185.255.11.0/24 maxlen: 24
193.105.74.0/24 maxlen: 24
202.22.160.0/24 maxlen: 24
202.22.161.0/24 maxlen: 24
202.22.162.0/24 maxlen: 24
202.22.163.0/24 maxlen: 24
202.22.164.0/24 maxlen: 24
202.22.165.0/24 maxlen: 24
202.22.166.0/24 maxlen: 24
202.22.168.0/24 maxlen: 24
202.22.169.0/24 maxlen: 24
202.22.171.0/24 maxlen: 24
202.22.172.0/24 maxlen: 24
202.22.173.0/24 maxlen: 24
202.22.174.0/24 maxlen: 24
202.22.175.0/24 maxlen: 24
2a0c:55c0:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.mft
rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 17 Sep 2025 04:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:33:d3:0c:c2:ed:3d:c2:7d:a2:6b:f2:75:a4:64:c8:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Validity
Not Before: Sep 10 13:31:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=677f1232d2f9b8c38b53456544a6d74132071b27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:9d:01:57:ba:3e:9b:ca:18:2f:65:82:7c:f2:
37:94:0a:33:a1:b0:1c:d9:1f:f9:c0:16:88:82:bf:
2e:f4:e3:2e:a5:ae:8a:7e:1f:e9:a5:f4:34:0d:3c:
c1:78:ce:c1:e6:97:3a:83:29:1a:80:39:5a:7f:1d:
f7:d0:0d:be:e2:f1:33:9b:29:0d:e3:d1:ec:b7:6c:
57:a3:09:67:9a:54:f0:a1:e9:30:99:a9:a8:ef:e9:
bd:a2:85:23:77:a7:5d:4b:c6:30:1e:0a:01:8b:49:
6a:63:5f:4f:c3:2d:89:5b:94:df:9e:83:b2:e3:a9:
5d:a9:64:8e:d7:b7:6b:47:e1:88:77:a2:ae:4a:43:
4c:ff:24:d3:68:c1:94:66:bd:45:e9:cd:b5:ca:74:
c1:54:b0:81:66:52:aa:08:9d:4d:d2:70:c2:83:49:
9e:f8:0f:07:4e:a0:b3:7b:07:fc:3c:f8:53:ce:bc:
76:d8:a2:30:3f:60:94:dc:50:27:ea:8d:e9:a9:51:
4a:79:42:8c:88:99:4e:39:00:8d:ab:42:3f:4a:f3:
e1:0f:0d:84:29:d0:c3:d1:7a:29:75:13:97:5d:6f:
4a:2c:6b:0e:95:a6:c1:4d:12:71:6d:01:a7:9c:ea:
89:f1:e0:00:d9:21:32:93:ef:03:1a:fc:4b:ef:83:
1b:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:7F:12:32:D2:F9:B8:C3:8B:53:45:65:44:A6:D7:41:32:07:1B:27
X509v3 Authority Key Identifier:
keyid:31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/Z38SMtL5uMOLU0VlRKbXQTIHGyc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.23.248.0/21
185.255.8.0/22
193.105.74.0/24
202.22.160.0-202.22.166.255
202.22.168.0/23
202.22.171.0-202.22.175.255
IPv6:
2a0c:55c0:1::/48
Signature Algorithm: sha256WithRSAEncryption
35:cb:77:66:79:04:93:f4:9e:c4:bd:4d:c9:88:c1:74:6c:02:
c3:ba:6f:fc:14:24:72:0a:ff:c8:6c:4c:cc:3e:b0:10:4d:09:
fe:ae:43:c8:86:b8:a8:bb:3e:86:5d:3c:91:aa:08:f8:2d:8c:
8c:1e:30:e6:00:8d:1d:bb:25:e5:e8:b5:a7:76:7e:3b:74:eb:
95:2d:70:33:c8:40:9f:b4:31:a3:26:c1:99:24:14:23:23:5d:
b2:bd:dc:84:db:a4:58:11:4c:16:a7:b8:4d:b9:ab:10:d0:ca:
dd:17:43:46:28:aa:03:a7:09:38:97:19:48:18:d8:e6:5b:03:
84:68:b9:37:ad:0c:ee:4a:f4:14:cf:6a:e5:64:ca:9c:7d:99:
a2:4a:b5:a4:60:13:07:52:92:7b:5c:28:81:d9:37:40:7a:91:
4c:b9:9e:f8:55:1d:09:b6:10:a7:0a:b2:b9:91:d1:f1:94:fb:
d3:03:55:2e:4a:03:d8:91:97:4b:1e:80:c4:cb:15:8d:8a:3e:
5d:0a:80:ee:9f:4b:35:1d:79:e3:76:2d:12:98:1f:d0:1d:67:
f3:e1:a2:47:95:35:63:22:c0:f3:9c:71:0b:8a:00:8a:b0:e3:
3f:c7:fa:64:04:ff:a7:ed:89:9b:d0:e2:86:40:1e:96:13:9c:
bf:16:5f:bd
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZkz0wzC7T3CfaJr8nWkZMg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWI5YjJkYjRhM2JkZGY4YzkyZmM1MGI5NzEzMDQzZGQ1
NmRjMzgwHhcNMjUwOTEwMTMzMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdmMTIzMmQyZjliOGMzOGI1MzQ1NjU0NGE2ZDc0MTMyMDcxYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu50BV7o+m8oYL2WCfPI3lAozobAc
2R/5wBaIgr8u9OMupa6Kfh/ppfQ0DTzBeM7B5pc6gykagDlafx330A2+4vEzmykN
49Hst2xXowlnmlTwoekwmamo7+m9ooUjd6ddS8YwHgoBi0lqY19Pwy2JW5TfnoOy
46ldqWSO17drR+GId6KuSkNM/yTTaMGUZr1F6c21ynTBVLCBZlKqCJ1N0nDCg0me
+A8HTqCzewf8PPhTzrx22KIwP2CU3FAn6o3pqVFKeUKMiJlOOQCNq0I/SvPhDw2E
KdDD0XopdROXXW9KLGsOlabBTRJxbQGnnOqJ8eAA2SEyk+8DGvxL74MbaQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGd/EjLS+bjDi1NFZUSm10EyBxsnMB8GA1UdIwQY
MBaAFDHrmy20o73fjJL8ULlxMEPdVtw4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgt
YmQyNGYwMDM1NzhmLzEvWjM4U010TDV1TU9MVTBWbFJLYlhRVElIR3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgtYmQyNGYwMDM1Nzhm
LzEvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA6BAIAATA0AwQDURf4AwQC
uf8IAwQAwWlKMAwDBAXKFqADBADKFqYDBAHKFqgwDAMEAMoWqwMEBMoWoDAPBAIA
AjAJAwcAKgxVwAABMA0GCSqGSIb3DQEBCwUAA4IBAQA1y3dmeQST9J7EvU3JiMF0
bALDum/8FCRyCv/IbEzMPrAQTQn+rkPIhriouz6GXTyRqgj4LYyMHjDmAI0duyXl
6LWndn47dOuVLXAzyECftDGjJsGZJBQjI12yvdyE26RYEUwWp7hNuasQ0MrdF0NG
KKoDpwk4lxlIGNjmWwOEaLk3rQzuSvQUz2rlZMqcfZmiSrWkYBMHUpJ7XCiB2TdA
epFMuZ74VR0JthCnCrK5kdHxlPvTA1UuSgPYkZdLHoDEyxWNij5dCoDun0s1HXnj
di0SmB/QHWfz4aJHlTVjIsDznHELigCKsOM/x/pkBP+n7Ymb0OKGQB6WE5y/Fl+9
-----END CERTIFICATE-----
Generated at Tue Sep 16 08:54:39 2025 by rpki-client