Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/g2ksWtxpPbPFQrOSviBQAOSUcSs.roa
File: g2ksWtxpPbPFQrOSviBQAOSUcSs.roa (raw, json)
Hash identifier: S1SF/AyZjw5ZhUKFDKMzcO8zhjr04XXNLLkxtApWuio=
Subject key identifier: 83:69:2C:5A:DC:69:3D:B3:C5:42:B3:92:BE:20:50:00:E4:94:71:2B
Certificate issuer: /CN=17c203e3f365923a843d3220317a1c68cf74de0f
Certificate serial: 01995BB4BCB95E2E76B32FF44DAA673B547E
Authority key identifier: 17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/g2ksWtxpPbPFQrOSviBQAOSUcSs.roa
Signing time: Thu 18 Sep 2025 07:23:15 +0000
ROA not before: Thu 18 Sep 2025 07:23:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12993
IP address blocks: 37.203.32.0/21 maxlen: 21
37.203.32.0/23 maxlen: 23
37.203.37.0/24 maxlen: 24
37.203.38.0/24 maxlen: 24
37.203.39.0/24 maxlen: 24
81.94.224.0/20 maxlen: 20
81.94.229.0/24 maxlen: 24
89.111.0.0/18 maxlen: 18
89.111.22.0/24 maxlen: 24
89.111.25.0/24 maxlen: 24
89.111.26.0/24 maxlen: 24
89.111.38.0/24 maxlen: 24
178.16.16.0/20 maxlen: 20
185.34.24.0/22 maxlen: 22
185.34.24.0/23 maxlen: 23
185.34.26.0/23 maxlen: 23
185.219.156.0/22 maxlen: 22
193.108.144.0/22 maxlen: 24
193.108.144.0/23 maxlen: 23
193.108.146.0/24 maxlen: 24
193.108.185.0/24 maxlen: 24
194.9.175.0/24 maxlen: 24
2a00:17c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl
rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.mft
rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Sep 2025 07:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:5b:b4:bc:b9:5e:2e:76:b3:2f:f4:4d:aa:67:3b:54:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17c203e3f365923a843d3220317a1c68cf74de0f
Validity
Not Before: Sep 18 07:23:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=83692c5adc693db3c542b392be205000e494712b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:94:0a:37:66:7b:70:31:ed:ae:fe:fd:12:27:
cf:7f:85:18:b0:f0:50:28:fb:1c:61:ca:52:83:8c:
78:ab:db:90:57:62:97:2e:01:33:2a:54:a4:ad:4b:
9e:53:54:2c:e4:66:1c:e6:6b:7c:69:d6:97:b1:63:
ce:f3:1e:ff:d2:d6:d8:1f:4a:84:41:2d:d1:54:bc:
5a:ac:e5:b3:2f:6c:11:01:ed:5c:52:91:d9:c3:79:
c9:68:f8:39:e6:68:9c:54:52:d9:17:1f:df:a5:cc:
a1:75:a9:c2:95:4e:00:24:39:1e:0c:b8:62:58:e2:
ea:d2:fe:77:22:4e:5e:63:c2:0a:c9:5e:ba:7c:92:
e9:a1:f7:f0:06:b2:e6:9f:60:49:5d:49:56:2e:9d:
06:b1:ff:b0:09:a7:ce:36:a6:d0:f4:d3:68:a4:0f:
0c:8d:d1:ae:8c:80:31:ee:9d:f2:63:9c:10:1c:4f:
e3:bb:2d:5b:75:4f:2f:39:58:ce:d0:cf:86:13:4b:
a0:f5:11:ef:54:e1:5b:93:a1:0e:56:5e:25:71:24:
a7:f3:83:dc:a6:d5:02:3f:f0:fb:30:9a:6e:c9:ea:
dd:ce:12:d9:ad:fe:77:37:63:43:0b:c5:6a:bc:59:
5e:4c:73:5e:bc:0f:8c:30:40:0f:d2:2c:5b:d3:05:
bc:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:69:2C:5A:DC:69:3D:B3:C5:42:B3:92:BE:20:50:00:E4:94:71:2B
X509v3 Authority Key Identifier:
keyid:17:C2:03:E3:F3:65:92:3A:84:3D:32:20:31:7A:1C:68:CF:74:DE:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8ID4_NlkjqEPTIgMXocaM903g8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/g2ksWtxpPbPFQrOSviBQAOSUcSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/89ae8e-4674-455d-9f23-ac67a36e4aab/1/F8ID4_NlkjqEPTIgMXocaM903g8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.203.32.0/21
81.94.224.0/20
89.111.0.0/18
178.16.16.0/20
185.34.24.0/22
185.219.156.0/22
193.108.144.0/22
193.108.185.0/24
194.9.175.0/24
IPv6:
2a00:17c0::/32
Signature Algorithm: sha256WithRSAEncryption
47:45:d2:d4:3b:fe:bc:23:84:ef:68:40:f9:90:be:34:9c:5d:
99:37:60:2c:72:33:d0:ba:79:7d:49:87:c7:c9:61:5b:b8:a5:
41:50:fb:fb:0b:f2:1e:36:c3:b0:88:1d:4c:81:60:c1:80:45:
bc:75:24:5a:32:83:ce:ff:ba:8e:53:26:e3:83:17:13:4c:17:
36:83:90:51:4f:da:57:59:67:50:07:00:e0:9b:0a:6e:e6:67:
c7:0e:f1:c5:7e:d0:a0:f9:b7:1a:11:f4:bf:94:38:eb:2c:62:
05:41:82:be:ab:9e:20:35:15:b0:6b:c2:c4:03:98:c8:24:74:
90:77:be:20:53:9f:47:b0:e7:75:c2:3e:3a:ee:d8:36:7c:00:
04:18:38:57:60:e3:ea:11:a4:97:e2:44:97:50:71:2a:52:27:
40:81:b1:82:5b:15:cc:9a:1b:5f:9e:46:98:04:12:0d:e7:71:
ca:05:ef:23:f6:b8:c1:e9:78:82:32:ea:b5:34:fd:ab:b8:23:
f0:d0:0a:43:6b:e2:4a:ba:41:43:d8:9c:c6:12:30:6f:7d:6d:
b6:aa:24:40:a6:e5:b7:c8:8d:e4:7e:18:5c:10:d0:2b:d2:7f:
4a:03:86:fa:e1:b6:52:bd:54:e3:b5:f0:4d:df:55:df:c9:fd:
62:3a:eb:ca
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZlbtLy5Xi52sy/0TapnO1R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YzIwM2UzZjM2NTkyM2E4NDNkMzIyMDMxN2ExYzY4Y2Y3
NGRlMGYwHhcNMjUwOTE4MDcyMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY5MmM1YWRjNjkzZGIzYzU0MmIzOTJiZTIwNTAwMGU0OTQ3MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpQKN2Z7cDHtrv79EifPf4UYsPBQ
KPscYcpSg4x4q9uQV2KXLgEzKlSkrUueU1Qs5GYc5mt8adaXsWPO8x7/0tbYH0qE
QS3RVLxarOWzL2wRAe1cUpHZw3nJaPg55micVFLZFx/fpcyhdanClU4AJDkeDLhi
WOLq0v53Ik5eY8IKyV66fJLpoffwBrLmn2BJXUlWLp0Gsf+wCafONqbQ9NNopA8M
jdGujIAx7p3yY5wQHE/juy1bdU8vOVjO0M+GE0ug9RHvVOFbk6EOVl4lcSSn84Pc
ptUCP/D7MJpuyerdzhLZrf53N2NDC8VqvFleTHNevA+MMEAP0ixb0wW8+wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFINpLFrcaT2zxUKzkr4gUADklHErMB8GA1UdIwQY
MBaAFBfCA+PzZZI6hD0yIDF6HGjPdN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMt
YWM2N2EzNmU0YWFiLzEvZzJrc1d0eHBQYlBGUXJPU3ZpQlFBT1NVY1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84OWFlOGUtNDY3NC00NTVkLTlmMjMtYWM2N2EzNmU0YWFi
LzEvRjhJRDRfTmxranFFUFRJZ01Yb2NhTTkwM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJcsgAwQE
UV7gAwQGWW8AAwQEshAQAwQCuSIYAwQCuducAwQCwWyQAwQAwWy5AwQAwgmvMA0E
AgACMAcDBQAqABfAMA0GCSqGSIb3DQEBCwUAA4IBAQBHRdLUO/68I4TvaED5kL40
nF2ZN2AscjPQunl9SYfHyWFbuKVBUPv7C/IeNsOwiB1MgWDBgEW8dSRaMoPO/7qO
UybjgxcTTBc2g5BRT9pXWWdQBwDgmwpu5mfHDvHFftCg+bcaEfS/lDjrLGIFQYK+
q54gNRWwa8LEA5jIJHSQd74gU59HsOd1wj467tg2fAAEGDhXYOPqEaSX4kSXUHEq
UidAgbGCWxXMmhtfnkaYBBIN53HKBe8j9rjB6XiCMuq1NP2ruCPw0ApDa+JKukFD
2JzGEjBvfW22qiRApuW3yI3kfhhcENAr0n9KA4b64bZSvVTjtfBN31Xfyf1iOuvK
-----END CERTIFICATE-----
Generated at Fri Sep 19 16:29:29 2025 by rpki-client