Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/Q3DzC8Xezd_wUJe_qmHOdRY16z8.roa
File: Q3DzC8Xezd_wUJe_qmHOdRY16z8.roa (raw, json)
Hash identifier: UbPlIZy2nFY/zJS4B8sCeti8RZE/Rxf0ELKnlfBMfvg=
Subject key identifier: 43:70:F3:0B:C5:DE:CD:DF:F0:50:97:BF:AA:61:CE:75:16:35:EB:3F
Certificate issuer: /CN=7031374eb9679109e91a38e28b17bf260ab9d3ab
Certificate serial: 019A006C14EFFB081D18240B3DEF61AAF51C
Authority key identifier: 70:31:37:4E:B9:67:91:09:E9:1A:38:E2:8B:17:BF:26:0A:B9:D3:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cDE3TrlnkQnpGjjiixe_Jgq506s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/Q3DzC8Xezd_wUJe_qmHOdRY16z8.roa
Signing time: Mon 20 Oct 2025 07:01:14 +0000
ROA not before: Mon 20 Oct 2025 07:01:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214286
IP address blocks: 185.223.136.0/24 maxlen: 24
185.223.137.0/24 maxlen: 24
185.223.138.0/24 maxlen: 24
185.223.139.0/24 maxlen: 24
2a14:43c0:1000::/36 maxlen: 36
2a14:43c0:2000::/36 maxlen: 36
2a14:43c0:3000::/36 maxlen: 36
2a14:43c0:4000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/cDE3TrlnkQnpGjjiixe_Jgq506s.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/cDE3TrlnkQnpGjjiixe_Jgq506s.mft
rsync://rpki.ripe.net/repository/DEFAULT/cDE3TrlnkQnpGjjiixe_Jgq506s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 04:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:00:6c:14:ef:fb:08:1d:18:24:0b:3d:ef:61:aa:f5:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7031374eb9679109e91a38e28b17bf260ab9d3ab
Validity
Not Before: Oct 20 07:01:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4370f30bc5decddff05097bfaa61ce751635eb3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:f0:d5:24:71:d3:0e:49:5b:b9:28:45:54:43:
21:77:e1:aa:4c:88:f4:e1:be:ee:7d:48:0c:00:93:
cb:a6:23:5a:8a:96:68:79:6b:1e:a7:97:c4:aa:74:
2d:31:be:e4:1b:dc:ce:d2:86:b8:b7:c8:1f:a9:93:
21:17:ee:b0:93:a3:36:93:cf:1c:60:f0:61:48:fc:
c7:de:fb:61:63:84:38:cd:e4:20:b2:23:aa:55:9b:
2b:bd:2e:e8:ab:f3:9d:5c:be:31:43:d2:df:22:53:
38:0c:c5:c1:66:3c:27:40:84:5f:da:51:56:77:70:
82:b2:8d:f0:8a:c0:af:06:30:73:0d:a9:27:48:bf:
c0:8d:10:bb:76:7c:88:f1:76:4b:1e:84:5f:85:da:
ea:32:ef:77:b4:8d:95:3f:8e:09:d9:a6:81:6f:8a:
fc:ac:ab:b7:c0:33:0a:b8:fa:28:9b:72:77:df:6d:
ba:3a:e2:ef:08:de:db:eb:49:3d:5d:eb:9a:a4:36:
a0:08:62:42:0a:68:06:92:a0:fa:db:1f:b4:bf:c8:
a3:e9:3c:41:8c:32:74:75:87:0d:e3:3c:62:f8:19:
6e:54:30:24:0a:ba:a4:b1:2e:60:38:dc:76:aa:fb:
90:c2:3d:0b:24:00:57:3d:6c:2d:96:b6:42:ad:b4:
2d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:70:F3:0B:C5:DE:CD:DF:F0:50:97:BF:AA:61:CE:75:16:35:EB:3F
X509v3 Authority Key Identifier:
keyid:70:31:37:4E:B9:67:91:09:E9:1A:38:E2:8B:17:BF:26:0A:B9:D3:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cDE3TrlnkQnpGjjiixe_Jgq506s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/Q3DzC8Xezd_wUJe_qmHOdRY16z8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d8b73b-5013-43cd-ba2b-2c2180714e71/1/cDE3TrlnkQnpGjjiixe_Jgq506s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.223.136.0/22
IPv6:
2a14:43c0:1000::-2a14:43c0:4fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3c:15:61:06:dc:b0:0f:9d:71:c3:f8:65:02:e4:0c:cf:d2:54:
14:45:c7:c4:40:93:55:87:18:b1:0a:c0:c9:0e:85:33:a1:97:
ca:75:54:99:5e:32:4e:49:11:a9:fd:da:21:5c:4a:ea:d3:01:
3c:64:d5:07:a7:45:97:b1:e8:3f:00:52:37:80:b6:f1:00:64:
a7:a9:ed:ae:66:3e:de:78:a4:52:da:77:2c:aa:1b:19:78:a3:
d5:39:2d:cd:53:38:1e:48:e3:f8:bb:94:9e:19:a7:01:89:eb:
ba:66:7e:3b:3b:fa:b2:42:af:5e:14:14:d9:d1:ef:aa:f1:90:
b3:d2:16:5d:2c:69:31:e7:ee:0b:56:33:ef:95:ca:af:37:d3:
e3:c5:ca:c2:92:ab:ce:c1:06:c5:b5:94:5c:0e:61:d7:74:50:
4d:cb:04:69:ae:56:4b:6b:7a:7f:71:b5:f2:88:3c:79:00:26:
69:1f:63:60:bf:8c:5b:56:64:ad:ff:95:cc:99:19:1c:75:6a:
1c:0d:db:81:5d:73:71:ac:2f:66:c6:e2:0d:1b:a5:75:5b:61:
5f:e3:89:b2:e0:7c:18:d8:a4:10:c3:69:08:36:46:b2:37:31:
82:40:f2:e2:66:12:ef:43:63:b0:fc:3f:d5:84:36:e5:8b:ea:
f4:e0:77:d5
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZoAbBTv+wgdGCQLPe9hqvUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMzEzNzRlYjk2NzkxMDllOTFhMzhlMjhiMTdiZjI2MGFi
OWQzYWIwHhcNMjUxMDIwMDcwMTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzcwZjMwYmM1ZGVjZGRmZjA1MDk3YmZhYTYxY2U3NTE2MzVlYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vDVJHHTDklbuShFVEMhd+GqTIj0
4b7ufUgMAJPLpiNaipZoeWsep5fEqnQtMb7kG9zO0oa4t8gfqZMhF+6wk6M2k88c
YPBhSPzH3vthY4Q4zeQgsiOqVZsrvS7oq/OdXL4xQ9LfIlM4DMXBZjwnQIRf2lFW
d3CCso3wisCvBjBzDaknSL/AjRC7dnyI8XZLHoRfhdrqMu93tI2VP44J2aaBb4r8
rKu3wDMKuPoom3J33226OuLvCN7b60k9XeuapDagCGJCCmgGkqD62x+0v8ij6TxB
jDJ0dYcN4zxi+BluVDAkCrqksS5gONx2qvuQwj0LJABXPWwtlrZCrbQt1QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFENw8wvF3s3f8FCXv6phznUWNes/MB8GA1UdIwQY
MBaAFHAxN065Z5EJ6Ro44osXvyYKudOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0RFM1RybG5rUW5wR2pqaWl4ZV9KZ3E1MDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kOGI3M2ItNTAxMy00M2NkLWJhMmIt
MmMyMTgwNzE0ZTcxLzEvUTNEekM4WGV6ZF93VUplX3FtSE9kUlkxNno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kOGI3M2ItNTAxMy00M2NkLWJhMmItMmMyMTgwNzE0ZTcx
LzEvY0RFM1RybG5rUW5wR2pqaWl4ZV9KZ3E1MDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQCud+IMBgE
AgACMBIwEAMGBCoUQ8AQAwYEKhRDwEAwDQYJKoZIhvcNAQELBQADggEBADwVYQbc
sA+dccP4ZQLkDM/SVBRFx8RAk1WHGLEKwMkOhTOhl8p1VJleMk5JEan92iFcSurT
ATxk1QenRZex6D8AUjeAtvEAZKep7a5mPt54pFLadyyqGxl4o9U5Lc1TOB5I4/i7
lJ4ZpwGJ67pmfjs7+rJCr14UFNnR76rxkLPSFl0saTHn7gtWM++Vyq830+PFysKS
q87BBsW1lFwOYdd0UE3LBGmuVktren9xtfKIPHkAJmkfY2C/jFtWZK3/lcyZGRx1
ahwN24Fdc3GsL2bG4g0bpXVbYV/jibLgfBjYpBDDaQg2RrI3MYJA8uJmEu9DY7D8
P9WENuWL6vTgd9U=
-----END CERTIFICATE-----
Generated at Wed Oct 22 10:00:46 2025 by rpki-client