Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/q2eujhaGxjto_h4mpcBHS_tUO-c.roa
File: q2eujhaGxjto_h4mpcBHS_tUO-c.roa (raw, json)
Hash identifier: A8Qfn4Eyu6/KJoJdotmmc1YYF1CYLR184Z3dlvuyTnQ=
Subject key identifier: AB:67:AE:8E:16:86:C6:3B:68:FE:1E:26:A5:C0:47:4B:FB:54:3B:E7
Certificate issuer: /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial: 0199327C2969246C5984D2F0397329708A72
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/q2eujhaGxjto_h4mpcBHS_tUO-c.roa
Signing time: Wed 10 Sep 2025 07:17:01 +0000
ROA not before: Wed 10 Sep 2025 07:17:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214036
IP address blocks: 31.172.80.0/24 maxlen: 32
31.172.83.0/24 maxlen: 32
31.172.87.0/24 maxlen: 32
79.133.41.0/24 maxlen: 32
79.133.46.0/24 maxlen: 32
79.133.51.0/24 maxlen: 32
79.133.56.0/24 maxlen: 32
79.133.57.0/24 maxlen: 32
84.200.16.0/24 maxlen: 32
84.200.17.0/24 maxlen: 32
84.200.24.0/24 maxlen: 32
84.200.27.0/24 maxlen: 32
84.200.73.0/24 maxlen: 32
84.200.77.0/24 maxlen: 32
84.200.80.0/24 maxlen: 32
84.200.81.0/24 maxlen: 32
84.200.87.0/24 maxlen: 32
84.200.89.0/24 maxlen: 32
84.200.91.0/24 maxlen: 32
84.200.125.0/24 maxlen: 32
84.200.128.0/24 maxlen: 32
84.200.154.0/24 maxlen: 32
84.200.192.0/24 maxlen: 32
84.200.193.0/24 maxlen: 32
84.200.205.0/24 maxlen: 32
84.201.4.0/24 maxlen: 32
84.201.5.0/24 maxlen: 32
84.201.6.0/24 maxlen: 32
84.201.20.0/24 maxlen: 32
159.100.6.0/24 maxlen: 32
159.100.9.0/24 maxlen: 32
159.100.13.0/24 maxlen: 32
159.100.14.0/24 maxlen: 32
159.100.17.0/24 maxlen: 32
159.100.18.0/24 maxlen: 32
159.100.19.0/24 maxlen: 32
159.100.20.0/24 maxlen: 32
159.100.22.0/24 maxlen: 32
159.100.29.0/24 maxlen: 32
159.100.30.0/24 maxlen: 32
212.224.86.0/24 maxlen: 32
212.224.88.0/24 maxlen: 32
212.224.93.0/24 maxlen: 32
212.224.107.0/24 maxlen: 32
212.224.125.0/24 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 07:17:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:32:7c:29:69:24:6c:59:84:d2:f0:39:73:29:70:8a:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Validity
Not Before: Sep 10 07:17:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab67ae8e1686c63b68fe1e26a5c0474bfb543be7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:65:e9:f4:bf:b0:12:2f:d7:45:86:29:d5:b4:
c7:ed:ef:7d:46:ed:2d:81:dd:76:ff:5a:b7:1f:3c:
f0:30:ad:be:43:73:87:35:8a:ab:7e:63:1c:d0:f5:
1a:9d:7a:a5:3a:e4:b3:0e:77:8a:d0:00:3a:46:e4:
0f:48:93:8d:b8:27:fe:3b:ca:61:c6:ac:3a:c6:b7:
7d:60:7a:68:ea:5e:24:34:da:01:87:5b:de:49:0c:
11:e7:3b:35:c3:ca:48:7c:4e:8e:97:3b:9d:5b:a1:
b1:aa:f0:38:c6:f3:c5:04:1b:7f:ab:ed:84:05:6f:
d0:45:55:d3:6b:05:ad:8f:d1:3d:cc:29:49:9e:83:
be:58:c4:14:59:f6:f4:86:49:19:c8:19:03:c7:41:
69:82:99:5d:89:f2:f5:e2:27:0f:4f:5e:c9:1b:37:
8c:df:96:a1:88:09:00:81:18:a2:68:a7:5a:f8:33:
c6:f2:da:25:6d:0b:37:df:4d:35:87:ef:96:75:cf:
7e:ae:2c:1b:60:97:aa:cd:a9:57:d3:51:88:e9:fa:
82:26:57:44:84:bb:0e:65:d0:49:dc:77:2b:81:68:
b3:04:72:f6:29:4d:b8:a8:e2:eb:cc:b4:b4:a6:09:
6d:96:88:b6:cc:3b:81:56:43:16:5a:be:a1:45:10:
61:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:67:AE:8E:16:86:C6:3B:68:FE:1E:26:A5:C0:47:4B:FB:54:3B:E7
X509v3 Authority Key Identifier:
keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/q2eujhaGxjto_h4mpcBHS_tUO-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.80.0/24
31.172.83.0/24
31.172.87.0/24
79.133.41.0/24
79.133.46.0/24
79.133.51.0/24
79.133.56.0/23
84.200.16.0/23
84.200.24.0/24
84.200.27.0/24
84.200.73.0/24
84.200.77.0/24
84.200.80.0/23
84.200.87.0/24
84.200.89.0/24
84.200.91.0/24
84.200.125.0/24
84.200.128.0/24
84.200.154.0/24
84.200.192.0/23
84.200.205.0/24
84.201.4.0-84.201.6.255
84.201.20.0/24
159.100.6.0/24
159.100.9.0/24
159.100.13.0-159.100.14.255
159.100.17.0-159.100.20.255
159.100.22.0/24
159.100.29.0-159.100.30.255
212.224.86.0/24
212.224.88.0/24
212.224.93.0/24
212.224.107.0/24
212.224.125.0/24
Signature Algorithm: sha256WithRSAEncryption
44:be:a7:a7:b0:ec:9b:ba:56:a9:09:61:73:33:17:47:b0:56:
94:51:e0:e6:40:d8:f8:7b:d9:29:de:c3:c3:4f:ab:7a:b4:e4:
cf:04:53:4c:3e:5b:20:93:1a:a3:ed:68:7e:79:12:b2:0c:35:
af:bb:ac:9b:f5:fe:06:87:70:42:f4:31:00:02:02:30:a1:35:
41:b8:37:bd:4f:e7:e2:1a:dd:b0:84:e8:27:00:50:dc:c2:99:
fe:49:a8:db:67:3c:45:71:35:0f:00:67:1f:92:31:5a:e5:6e:
66:47:4a:17:b7:3f:e3:3c:21:ce:75:5b:39:55:f4:55:56:bb:
5d:42:3c:00:2e:86:7c:4c:3c:40:af:ef:e2:c2:c7:ce:ae:7d:
a0:1a:2b:08:1a:73:70:b9:24:6b:c6:7a:1e:f2:a3:be:7c:a4:
6b:49:df:c7:80:62:8b:4e:d7:0c:5e:5d:fe:cb:9b:eb:da:19:
f2:2a:44:7b:1d:5c:0a:53:76:a8:b8:a6:53:d4:15:5b:6d:e8:
c7:65:5f:15:a4:04:3f:62:c0:f2:9d:cf:63:49:c2:60:f6:c7:
54:0a:42:30:7b:9f:af:3d:db:27:b1:6c:15:85:09:fd:95:c3:
64:9a:51:73:ed:b0:a7:69:4f:49:6b:ac:d6:b4:5e:39:84:1b:
a4:a3:e1:d8
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAZkyfClpJGxZhNLwOXMpcIpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjUwOTEwMDcxNzAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjY3YWU4ZTE2ODZjNjNiNjhmZTFlMjZhNWMwNDc0YmZiNTQzYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWXp9L+wEi/XRYYp1bTH7e99Ru0t
gd12/1q3HzzwMK2+Q3OHNYqrfmMc0PUanXqlOuSzDneK0AA6RuQPSJONuCf+O8ph
xqw6xrd9YHpo6l4kNNoBh1veSQwR5zs1w8pIfE6OlzudW6GxqvA4xvPFBBt/q+2E
BW/QRVXTawWtj9E9zClJnoO+WMQUWfb0hkkZyBkDx0FpgpldifL14icPT17JGzeM
35ahiAkAgRiiaKda+DPG8tolbQs33001h++Wdc9+riwbYJeqzalX01GI6fqCJldE
hLsOZdBJ3HcrgWizBHL2KU24qOLrzLS0pgltloi2zDuBVkMWWr6hRRBhRQIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFKtnro4WhsY7aP4eJqXAR0v7VDvnMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvcTJldWpoYUd4anRvX2g0bXBjQkhTX3RVTy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgfMEAgABMIHsAwQA
H6xQAwQAH6xTAwQAH6xXAwQAT4UpAwQAT4UuAwQAT4UzAwQBT4U4AwQBVMgQAwQA
VMgYAwQAVMgbAwQAVMhJAwQAVMhNAwQBVMhQAwQAVMhXAwQAVMhZAwQAVMhbAwQA
VMh9AwQAVMiAAwQAVMiaAwQBVMjAAwQAVMjNMAwDBAJUyQQDBABUyQYDBABUyRQD
BACfZAYDBACfZAkwDAMEAJ9kDQMEAJ9kDjAMAwQAn2QRAwQAn2QUAwQAn2QWMAwD
BACfZB0DBACfZB4DBADU4FYDBADU4FgDBADU4F0DBADU4GsDBADU4H0wDQYJKoZI
hvcNAQELBQADggEBAES+p6ew7Ju6VqkJYXMzF0ewVpRR4OZA2Ph72Snew8NPq3q0
5M8EU0w+WyCTGqPtaH55ErIMNa+7rJv1/gaHcEL0MQACAjChNUG4N71P5+Ia3bCE
6CcAUNzCmf5JqNtnPEVxNQ8AZx+SMVrlbmZHShe3P+M8Ic51WzlV9FVWu11CPAAu
hnxMPECv7+LCx86ufaAaKwgac3C5JGvGeh7yo758pGtJ38eAYotO1wxeXf7Lm+va
GfIqRHsdXApTdqi4plPUFVtt6MdlXxWkBD9iwPKdz2NJwmD2x1QKQjB7n6892yex
bBWFCf2Vw2SaUXPtsKdpT0lrrNa0XjmEG6Sj4dg=
-----END CERTIFICATE-----
Generated at Wed Sep 10 16:30:53 2025 by rpki-client