Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/z7wKEosRanqwqr-IGrCZf5B3bV4.roa
File: z7wKEosRanqwqr-IGrCZf5B3bV4.roa (raw, json)
Hash identifier: g7UC1rPFgf2T8h6W4nFGH6UpSJT6qEoCS5wMgde3YT8=
Subject key identifier: CF:BC:0A:12:8B:11:6A:7A:B0:AA:BF:88:1A:B0:99:7F:90:77:6D:5E
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019A00ADC4807EE1F8597E1BBE2978937AB6
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/z7wKEosRanqwqr-IGrCZf5B3bV4.roa
Signing time: Mon 20 Oct 2025 08:12:59 +0000
ROA not before: Mon 20 Oct 2025 08:12:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 32787
IP address blocks: 2.17.108.0/22 maxlen: 22
2.17.120.0/22 maxlen: 22
2.17.192.0/22 maxlen: 22
2.17.192.0/24 maxlen: 24
2.17.193.0/24 maxlen: 24
2.17.194.0/24 maxlen: 24
2.17.195.0/24 maxlen: 24
2.18.212.0/22 maxlen: 22
2.19.4.0/22 maxlen: 22
2.21.112.0/24 maxlen: 24
2.21.113.0/24 maxlen: 24
2.21.114.0/24 maxlen: 24
2.21.115.0/24 maxlen: 24
2.21.116.0/24 maxlen: 24
2.21.117.0/24 maxlen: 24
2.21.118.0/24 maxlen: 24
2.21.119.0/24 maxlen: 24
2.21.120.0/24 maxlen: 24
2.21.121.0/24 maxlen: 24
2.21.123.0/24 maxlen: 24
2.21.124.0/24 maxlen: 24
2.21.125.0/24 maxlen: 24
2.21.126.0/24 maxlen: 24
2.21.127.0/24 maxlen: 24
2.21.175.0/24 maxlen: 24
2.23.128.0/23 maxlen: 23
2.23.130.0/23 maxlen: 23
2.23.132.0/23 maxlen: 23
2.23.134.0/24 maxlen: 24
2.23.135.0/24 maxlen: 24
92.122.184.0/24 maxlen: 24
92.122.185.0/24 maxlen: 24
92.122.207.0/24 maxlen: 24
93.191.168.0/24 maxlen: 24
93.191.169.0/24 maxlen: 24
93.191.172.0/24 maxlen: 24
95.100.157.0/24 maxlen: 24
95.100.180.0/24 maxlen: 24
95.100.212.0/24 maxlen: 24
95.100.213.0/24 maxlen: 24
95.100.214.0/24 maxlen: 24
95.100.215.0/24 maxlen: 24
95.100.253.0/24 maxlen: 24
95.101.117.0/24 maxlen: 24
95.101.118.0/24 maxlen: 24
95.101.204.0/22 maxlen: 22
2a02:2370:1::/48 maxlen: 48
2a02:2370:2::/48 maxlen: 48
2a02:2370:3::/48 maxlen: 48
2a02:2370:4::/48 maxlen: 48
2a02:2370:5::/48 maxlen: 48
2a02:2370:6::/48 maxlen: 48
2a02:2370:101::/48 maxlen: 48
2a02:2370:102::/48 maxlen: 48
2a02:2370:103::/48 maxlen: 48
2a02:2370:104::/48 maxlen: 48
2a02:2370:105::/48 maxlen: 48
2a02:2370:106::/48 maxlen: 48
2a02:2370:200::/48 maxlen: 48
2a02:2370:201::/48 maxlen: 48
2a02:2370:202::/48 maxlen: 48
2a02:2370:203::/48 maxlen: 48
2a02:2370:204::/48 maxlen: 48
2a02:2370:205::/48 maxlen: 48
2a02:2370:206::/48 maxlen: 48
2a02:2370:207::/48 maxlen: 48
2a02:2370:208::/48 maxlen: 48
2a02:2370:209::/48 maxlen: 48
2a02:2370:20a::/48 maxlen: 48
2a02:2370:20b::/48 maxlen: 48
2a02:2370:20c::/48 maxlen: 48
2a02:2370:4000::/48 maxlen: 48
2a02:2370:8000::/48 maxlen: 48
2a02:2370:c000::/48 maxlen: 48
2a02:2370:f000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 20:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:ad:c4:80:7e:e1:f8:59:7e:1b:be:29:78:93:7a:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Oct 20 08:12:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cfbc0a128b116a7ab0aabf881ab0997f90776d5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:8c:4a:40:e2:68:26:f0:87:ec:ac:14:49:88:
ce:34:87:e1:b7:69:f9:8c:2a:c1:73:3e:5c:55:4e:
c2:21:29:0d:52:23:b9:ef:63:73:c0:7a:8d:8a:6f:
49:07:7e:e3:18:d9:03:ee:38:f3:9a:d9:ce:da:f0:
35:49:c5:a8:ac:8b:0a:23:9b:a2:1f:b6:7d:74:1a:
0f:d1:20:50:f6:69:1e:34:34:d6:06:52:17:3e:8b:
35:9b:ab:3f:5e:cb:ca:4e:0b:89:aa:6e:39:30:e9:
e4:4a:46:25:82:17:a5:d4:31:9d:de:82:2d:35:74:
3e:0c:38:7b:b4:4e:9a:95:40:ed:a0:27:86:89:7d:
4f:c4:20:c9:cc:1c:a0:53:e2:5b:93:cc:f9:3c:54:
e1:fa:cb:e0:49:6b:e6:46:0f:cd:45:57:9f:69:ff:
d0:c5:03:a9:9d:59:e5:9b:dc:85:3d:c0:bf:14:8f:
fa:1d:00:fc:68:bd:89:0b:d0:5e:43:46:eb:d1:62:
20:f1:ad:84:69:31:7e:8f:6b:f2:c7:a9:9e:65:c2:
ae:aa:a8:eb:f5:60:15:3a:d9:51:f8:a1:c8:71:09:
c5:53:57:90:33:7f:a9:3b:e6:25:3f:ac:69:55:cf:
86:52:d3:6d:f9:87:e1:b7:21:99:cc:13:4d:e8:bd:
f1:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:BC:0A:12:8B:11:6A:7A:B0:AA:BF:88:1A:B0:99:7F:90:77:6D:5E
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/z7wKEosRanqwqr-IGrCZf5B3bV4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.17.108.0/22
2.17.120.0/22
2.17.192.0/22
2.18.212.0/22
2.19.4.0/22
2.21.112.0-2.21.121.255
2.21.123.0-2.21.127.255
2.21.175.0/24
2.23.128.0/21
92.122.184.0/23
92.122.207.0/24
93.191.168.0/23
93.191.172.0/24
95.100.157.0/24
95.100.180.0/24
95.100.212.0/22
95.100.253.0/24
95.101.117.0-95.101.118.255
95.101.204.0/22
IPv6:
2a02:2370:1::-2a02:2370:6:ffff:ffff:ffff:ffff:ffff
2a02:2370:101::-2a02:2370:106:ffff:ffff:ffff:ffff:ffff
2a02:2370:200::-2a02:2370:20c:ffff:ffff:ffff:ffff:ffff
2a02:2370:4000::/48
2a02:2370:8000::/48
2a02:2370:c000::/48
2a02:2370:f000::/48
Signature Algorithm: sha256WithRSAEncryption
3e:e7:12:1f:da:2e:ed:6e:d8:f2:8f:1c:59:7e:d7:f7:bd:64:
77:24:3e:af:72:7a:ba:67:cc:5d:fa:3d:ab:a6:f5:c3:ce:af:
80:22:cb:91:d0:bd:87:7f:07:09:99:48:fa:90:1b:9c:4c:cf:
7e:95:ea:02:13:b4:a9:eb:ac:f5:0f:d1:15:a8:27:55:3a:0d:
0b:65:ea:9a:90:e4:ba:70:33:1e:bb:e9:a1:1c:97:80:8d:50:
a2:db:40:70:ad:e2:1a:20:18:26:85:ba:ab:e3:99:b3:ef:a7:
5a:1b:c9:e5:0a:c9:f9:20:30:f7:67:ce:c2:16:b5:9a:33:fd:
4b:a1:a1:9e:5f:be:74:63:cf:45:b0:a3:16:ef:3c:4b:40:a1:
c7:f0:d9:d5:8b:17:77:03:00:b7:a5:94:bf:2b:16:a7:e1:31:
81:36:f5:01:51:36:56:c1:63:e7:f3:03:c6:3d:90:03:cc:63:
e7:f0:00:01:28:1a:6b:0f:a8:6f:c4:b5:54:1e:94:00:aa:66:
a7:95:f4:93:48:74:b0:cc:eb:e6:d0:20:c5:74:f3:2e:a0:62:
f0:08:7c:50:fd:a8:37:fc:f1:35:5f:b2:96:be:56:9b:af:27:
6b:4a:51:7f:b9:df:1a:cf:6a:8f:94:51:71:72:ed:f5:49:67:
8d:3a:6f:e7
-----BEGIN CERTIFICATE-----
MIIF7jCCBNagAwIBAgISAZoArcSAfuH4WX4bvil4k3q2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUxMDIwMDgxMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmJjMGExMjhiMTE2YTdhYjBhYWJmODgxYWIwOTk3ZjkwNzc2ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroxKQOJoJvCH7KwUSYjONIfht2n5
jCrBcz5cVU7CISkNUiO572NzwHqNim9JB37jGNkD7jjzmtnO2vA1ScWorIsKI5ui
H7Z9dBoP0SBQ9mkeNDTWBlIXPos1m6s/XsvKTguJqm45MOnkSkYlghel1DGd3oIt
NXQ+DDh7tE6alUDtoCeGiX1PxCDJzBygU+Jbk8z5PFTh+svgSWvmRg/NRVefaf/Q
xQOpnVnlm9yFPcC/FI/6HQD8aL2JC9BeQ0br0WIg8a2EaTF+j2vyx6meZcKuqqjr
9WAVOtlR+KHIcQnFU1eQM3+pO+YlP6xpVc+GUtNt+YfhtyGZzBNN6L3xmQIDAQAB
o4IC+jCCAvYwHQYDVR0OBBYEFM+8ChKLEWp6sKq/iBqwmX+Qd21eMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvejd3S0Vvc1JhbnF3cXItSUdyQ1pmNUIzYlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDgYIKwYBBQUHAQcBAf8Egf4wgfswgZEEAgABMIGKAwQC
AhFsAwQCAhF4AwQCAhHAAwQCAhLUAwQCAhMEMAwDBAQCFXADBAECFXgwDAMEAAIV
ewMEBwIVAAMEAAIVrwMEAwIXgAMEAVx6uAMEAFx6zwMEAV2/qAMEAF2/rAMEAF9k
nQMEAF9ktAMEAl9k1AMEAF9k/TAMAwQAX2V1AwQAX2V2AwQCX2XMMGUEAgACMF8w
EgMHACoCI3AAAQMHACoCI3AABjASAwcAKgIjcAEBAwcAKgIjcAEGMBEDBgEqAiNw
AgMHACoCI3ACDAMHACoCI3BAAAMHACoCI3CAAAMHACoCI3DAAAMHACoCI3DwADAN
BgkqhkiG9w0BAQsFAAOCAQEAPucSH9ou7W7Y8o8cWX7X971kdyQ+r3J6umfMXfo9
q6b1w86vgCLLkdC9h38HCZlI+pAbnEzPfpXqAhO0qeus9Q/RFagnVToNC2XqmpDk
unAzHrvpoRyXgI1QottAcK3iGiAYJoW6q+OZs++nWhvJ5QrJ+SAw92fOwha1mjP9
S6Ghnl++dGPPRbCjFu88S0Chx/DZ1YsXdwMAt6WUvysWp+ExgTb1AVE2VsFj5/MD
xj2QA8xj5/AAASgaaw+ob8S1VB6UAKpmp5X0k0h0sMzr5tAgxXTzLqBi8Ah8UP2o
N/zxNV+ylr5Wm68na0pRf7nfGs9qj5RRcXLt9UlnjTpv5w==
-----END CERTIFICATE-----
Generated at Wed Oct 22 05:45:59 2025 by rpki-client