Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tsuB-6RNWOxWEgmxk8BNezwOpK8.roa
File: tsuB-6RNWOxWEgmxk8BNezwOpK8.roa (raw, json)
Hash identifier: KLDwV71ApvREbiVGYxRd1lWezdMZ5iGIuiS8ll5wfsM=
Subject key identifier: B6:CB:81:FB:A4:4D:58:EC:56:12:09:B1:93:C0:4D:7B:3C:0E:A4:AF
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 01992E87E7F8575414797C0A00D6F6C7FE0A
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tsuB-6RNWOxWEgmxk8BNezwOpK8.roa
Signing time: Tue 09 Sep 2025 12:51:22 +0000
ROA not before: Tue 09 Sep 2025 12:51:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25159
IP address blocks: 31.173.0.0/21 maxlen: 21
31.173.8.0/21 maxlen: 21
31.173.16.0/21 maxlen: 21
31.173.24.0/21 maxlen: 21
31.173.32.0/19 maxlen: 19
31.173.60.0/24 maxlen: 24
31.173.64.0/21 maxlen: 21
31.173.72.0/21 maxlen: 21
31.173.80.0/21 maxlen: 21
31.173.88.0/21 maxlen: 21
37.28.176.0/21 maxlen: 21
37.29.32.0/21 maxlen: 21
46.229.128.0/22 maxlen: 22
62.64.0.0/20 maxlen: 20
62.64.16.0/20 maxlen: 20
78.25.112.0/22 maxlen: 22
78.25.116.0/23 maxlen: 23
78.25.118.0/24 maxlen: 24
78.25.119.0/24 maxlen: 24
83.222.212.0/22 maxlen: 22
83.222.216.0/21 maxlen: 21
83.229.211.0/24 maxlen: 24
83.229.254.0/24 maxlen: 24
85.26.144.0/20 maxlen: 20
91.205.168.0/23 maxlen: 23
91.205.170.0/23 maxlen: 23
94.25.131.0/24 maxlen: 24
94.25.144.0/20 maxlen: 20
94.25.160.0/24 maxlen: 24
94.25.164.0/24 maxlen: 24
94.25.168.0/22 maxlen: 22
94.25.172.0/22 maxlen: 22
94.25.176.0/21 maxlen: 21
94.25.184.0/21 maxlen: 21
109.188.64.0/19 maxlen: 19
109.188.96.0/21 maxlen: 21
109.188.112.0/23 maxlen: 23
109.188.114.0/24 maxlen: 24
109.188.124.0/24 maxlen: 24
109.188.125.0/24 maxlen: 24
128.204.76.0/22 maxlen: 22
128.204.76.0/23 maxlen: 23
128.204.78.0/23 maxlen: 23
178.176.0.0/19 maxlen: 19
178.176.32.0/21 maxlen: 21
178.176.40.0/21 maxlen: 21
178.176.52.0/22 maxlen: 22
178.176.72.0/21 maxlen: 21
178.176.92.0/22 maxlen: 22
178.177.0.0/18 maxlen: 18
178.177.3.0/24 maxlen: 24
178.178.192.0/22 maxlen: 22
178.178.198.0/23 maxlen: 23
178.178.204.0/24 maxlen: 24
178.178.205.0/24 maxlen: 24
178.178.216.0/21 maxlen: 21
178.178.235.0/24 maxlen: 24
178.178.236.0/24 maxlen: 24
188.170.0.0/19 maxlen: 19
188.170.24.0/23 maxlen: 23
188.170.25.0/24 maxlen: 24
188.170.32.0/21 maxlen: 21
188.170.40.0/21 maxlen: 21
193.201.228.0/22 maxlen: 22
195.16.96.0/19 maxlen: 19
195.16.110.0/23 maxlen: 23
195.16.114.0/23 maxlen: 23
195.230.70.0/23 maxlen: 23
195.230.91.0/24 maxlen: 24
195.230.92.0/24 maxlen: 24
212.69.96.0/19 maxlen: 19
212.69.106.0/24 maxlen: 24
212.69.113.0/24 maxlen: 24
212.69.114.0/24 maxlen: 24
212.69.125.0/24 maxlen: 24
213.243.109.0/24 maxlen: 24
213.243.116.0/24 maxlen: 24
2a03:d000:4000::/36 maxlen: 36
2a03:d000:4100::/40 maxlen: 40
2a03:d000:4200::/40 maxlen: 40
2a03:d000:4300::/40 maxlen: 40
2a03:d000:4400::/40 maxlen: 40
2a03:d004::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 06:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2e:87:e7:f8:57:54:14:79:7c:0a:00:d6:f6:c7:fe:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Sep 9 12:51:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b6cb81fba44d58ec561209b193c04d7b3c0ea4af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:3f:88:4f:18:c7:fa:18:8b:25:ca:91:c0:4d:
1c:f7:c5:8a:03:f5:70:ec:7c:67:87:8f:47:eb:6e:
ff:8a:a1:1a:f9:ae:4e:fb:5f:25:66:0a:8d:6c:3c:
a7:67:a1:67:83:94:24:26:7c:54:7c:e3:6e:6d:8d:
65:d0:72:83:6f:48:ff:4d:3d:a9:b4:7f:fa:7a:53:
fd:84:00:1a:3f:e5:a2:3e:2b:1f:1f:ff:3a:78:a9:
bf:96:51:c2:52:36:e9:df:10:5e:71:a5:e1:e0:cc:
41:7b:51:a5:04:95:a4:75:3c:ab:52:42:76:c5:53:
34:dc:f6:df:8d:e6:df:94:8e:d9:17:ca:66:d0:51:
8f:6e:28:6a:7c:68:e1:3f:bc:ea:f3:b7:02:3f:93:
1e:bc:77:76:22:87:0f:23:83:91:99:75:65:d5:25:
61:80:3f:6f:33:59:4e:2e:ee:ca:ad:5f:7c:80:85:
50:43:8e:d1:ee:8f:ba:c7:9f:54:68:c5:39:d6:a3:
5e:37:ec:41:19:93:77:b2:54:1f:74:bf:92:01:4e:
34:8b:01:fa:d2:e2:28:c3:b7:b6:fd:11:22:75:bf:
0a:87:aa:2a:92:1f:41:c3:f7:71:6e:4b:0e:b7:c2:
4e:e9:19:63:4a:70:3b:01:da:7b:0a:92:ca:d4:7d:
db:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:CB:81:FB:A4:4D:58:EC:56:12:09:B1:93:C0:4D:7B:3C:0E:A4:AF
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tsuB-6RNWOxWEgmxk8BNezwOpK8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.173.0.0-31.173.95.255
37.28.176.0/21
37.29.32.0/21
46.229.128.0/22
62.64.0.0/19
78.25.112.0/21
83.222.212.0-83.222.223.255
83.229.211.0/24
83.229.254.0/24
85.26.144.0/20
91.205.168.0/22
94.25.131.0/24
94.25.144.0-94.25.160.255
94.25.164.0/24
94.25.168.0-94.25.191.255
109.188.64.0-109.188.103.255
109.188.112.0-109.188.114.255
109.188.124.0/23
128.204.76.0/22
178.176.0.0-178.176.47.255
178.176.52.0/22
178.176.72.0/21
178.176.92.0/22
178.177.0.0/18
178.178.192.0/22
178.178.198.0/23
178.178.204.0/23
178.178.216.0/21
178.178.235.0-178.178.236.255
188.170.0.0-188.170.47.255
193.201.228.0/22
195.16.96.0/19
195.230.70.0/23
195.230.91.0-195.230.92.255
212.69.96.0/19
213.243.109.0/24
213.243.116.0/24
IPv6:
2a03:d000:4000::/36
2a03:d004::/40
Signature Algorithm: sha256WithRSAEncryption
06:71:ea:e4:48:48:19:3e:1b:d7:45:03:82:e7:22:09:ff:10:
8a:b2:df:e6:d7:4e:58:b8:dc:51:48:eb:43:fa:97:0d:f0:b8:
e8:d4:e7:c1:40:f4:32:62:b7:6a:22:64:2e:3a:9b:26:0b:a4:
ad:f1:7f:ba:93:c3:5a:3b:9b:9d:01:87:06:06:e4:95:e8:05:
c8:8e:73:15:fa:1e:49:75:10:5b:83:a1:22:71:80:25:a4:41:
d9:be:52:7a:de:76:05:1b:91:d8:d3:79:30:f6:74:9d:11:bb:
18:6f:69:09:99:97:04:18:a2:8b:3d:9a:a2:ae:5f:e5:ea:42:
59:c7:7f:66:2b:99:a8:f1:84:c6:b1:4c:5a:e8:5d:d1:b2:dc:
f5:86:ce:0c:e7:55:c6:5b:6d:32:54:9d:a4:2a:60:a4:a9:66:
5f:02:59:81:1c:56:52:52:4f:15:89:46:a4:cd:51:68:56:41:
a3:2e:9b:b7:99:1a:f1:e1:ed:1a:43:3f:14:39:01:98:a2:0b:
9b:00:b2:bc:08:3e:4a:dd:c8:d5:c8:a1:b5:9f:ef:31:4c:cf:
5e:b4:9c:53:61:a4:c0:ea:73:ce:a9:6f:d0:f0:b1:a9:12:c7:
96:4d:6b:34:85:38:5a:cc:92:ec:33:a1:5a:d9:22:f0:ee:73:
6e:33:bc:ef
-----BEGIN CERTIFICATE-----
MIIGRDCCBSygAwIBAgISAZkuh+f4V1QUeXwKANb2x/4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwOTA5MTI1MTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmNiODFmYmE0NGQ1OGVjNTYxMjA5YjE5M2MwNGQ3YjNjMGVhNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz+ITxjH+hiLJcqRwE0c98WKA/Vw
7Hxnh49H627/iqEa+a5O+18lZgqNbDynZ6Fng5QkJnxUfONubY1l0HKDb0j/TT2p
tH/6elP9hAAaP+WiPisfH/86eKm/llHCUjbp3xBecaXh4MxBe1GlBJWkdTyrUkJ2
xVM03PbfjebflI7ZF8pm0FGPbihqfGjhP7zq87cCP5MevHd2IocPI4ORmXVl1SVh
gD9vM1lOLu7KrV98gIVQQ47R7o+6x59UaMU51qNeN+xBGZN3slQfdL+SAU40iwH6
0uIow7e2/REidb8Kh6oqkh9Bw/dxbksOt8JO6RljSnA7Adp7CpLK1H3bqwIDAQAB
o4IDUDCCA0wwHQYDVR0OBBYEFLbLgfukTVjsVhIJsZPATXs8DqSvMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvdHN1Qi02Uk5XT3hXRWdteGs4Qk5lendPcEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBZAYIKwYBBQUHAQcBAf8EggFTMIIBTzCCATMEAgABMIIB
KzALAwMAH60DBAUfrUADBAMlHLADBAMlHSADBAIu5YADBAU+QAADBANOGXAwDAME
AlPe1AMEBVPewAMEAFPl0wMEAFPl/gMEBFUakAMEAlvNqAMEAF4ZgzAMAwQEXhmQ
AwQAXhmgAwQAXhmkMAwDBANeGagDBAZeGYAwDAMEBm28QAMEA228YDAMAwQEbbxw
AwQAbbxyAwQBbbx8AwQCgMxMMAsDAwSysAMEBLKwIAMEArKwNAMEA7KwSAMEArKw
XAMEBrKxAAMEArKywAMEAbKyxgMEAbKyzAMEA7Ky2DAMAwQAsrLrAwQAsrLsMAsD
AwG8qgMEBLyqIAMEAsHJ5AMEBcMQYAMEAcPmRjAMAwQAw+ZbAwQAw+ZcAwQF1EVg
AwQA1fNtAwQA1fN0MBYEAgACMBADBgQqA9AAQAMGACoD0AQAMA0GCSqGSIb3DQEB
CwUAA4IBAQAGcerkSEgZPhvXRQOC5yIJ/xCKst/m105YuNxRSOtD+pcN8Ljo1OfB
QPQyYrdqImQuOpsmC6St8X+6k8NaO5udAYcGBuSV6AXIjnMV+h5JdRBbg6EicYAl
pEHZvlJ63nYFG5HY03kw9nSdEbsYb2kJmZcEGKKLPZqirl/l6kJZx39mK5mo8YTG
sUxa6F3Rstz1hs4M51XGW20yVJ2kKmCkqWZfAlmBHFZSUk8ViUakzVFoVkGjLpu3
mRrx4e0aQz8UOQGYogubALK8CD5K3cjVyKG1n+8xTM9etJxTYaTA6nPOqW/Q8LGp
EseWTWs0hThazJLsM6Fa2SLw7nNuM7zv
-----END CERTIFICATE-----
Generated at Wed Sep 10 14:38:23 2025 by rpki-client