Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MBzPzn_kSNB1-CueHa-Y37jY8lw.roa
File: MBzPzn_kSNB1-CueHa-Y37jY8lw.roa (raw, json)
Hash identifier: oGr3faYPzLlAggU0bJjv0PDro1xtUoojxb6+b0UUemg=
Subject key identifier: 30:1C:CF:CE:7F:E4:48:D0:75:F8:2B:9E:1D:AF:98:DF:B8:D8:F2:5C
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 01991203838FF1816BD655C21B3123A44BD7
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MBzPzn_kSNB1-CueHa-Y37jY8lw.roa
Signing time: Wed 03 Sep 2025 23:57:24 +0000
ROA not before: Wed 03 Sep 2025 23:57:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 5.182.185.0/24 maxlen: 24
5.182.196.0/24 maxlen: 24
5.182.197.0/24 maxlen: 24
79.98.183.0/24 maxlen: 24
92.249.29.0/24 maxlen: 24
94.154.171.0/24 maxlen: 24
94.154.178.0/24 maxlen: 24
103.130.176.0/24 maxlen: 24
103.130.177.0/24 maxlen: 24
103.210.13.0/24 maxlen: 24
103.210.14.0/24 maxlen: 24
103.210.15.0/24 maxlen: 24
103.216.198.0/24 maxlen: 24
104.232.36.0/24 maxlen: 24
147.78.207.0/24 maxlen: 24
162.218.93.0/24 maxlen: 24
185.52.138.0/24 maxlen: 24
185.52.139.0/24 maxlen: 24
185.161.190.0/24 maxlen: 24
185.187.214.0/24 maxlen: 24
185.187.215.0/24 maxlen: 24
185.198.89.0/24 maxlen: 24
185.198.90.0/24 maxlen: 24
185.198.91.0/24 maxlen: 24
185.201.42.0/24 maxlen: 24
185.208.152.0/24 maxlen: 24
185.208.153.0/24 maxlen: 24
185.208.154.0/24 maxlen: 24
185.230.121.0/24 maxlen: 24
185.253.120.0/24 maxlen: 24
185.253.121.0/24 maxlen: 24
192.145.70.0/24 maxlen: 24
212.60.13.0/24 maxlen: 24
2a0a:8f40:3::/48 maxlen: 48
2a0a:8f40:7::/48 maxlen: 48
2a0a:8f40:8::/48 maxlen: 48
2a0a:8f40:9::/48 maxlen: 48
2a0a:8f40:a::/48 maxlen: 48
2a0a:8f40:b::/48 maxlen: 48
2a0a:8f40:c::/48 maxlen: 48
2a0a:8f40:1c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 19:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:12:03:83:8f:f1:81:6b:d6:55:c2:1b:31:23:a4:4b:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Sep 3 23:57:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=301ccfce7fe448d075f82b9e1daf98dfb8d8f25c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:4d:83:c9:d6:bd:83:62:2b:64:a5:f5:ce:a5:
66:a5:3d:dd:cf:0d:98:dc:8d:ff:e8:a6:29:24:b7:
b2:3d:88:25:3a:95:55:04:44:34:44:4c:13:b2:c7:
7a:3c:06:b5:f5:11:25:fc:28:7b:c1:42:85:66:de:
b0:91:98:e9:39:9b:1a:4f:34:e8:ed:46:7a:6e:e5:
48:2b:e7:24:32:93:c0:9d:a7:2d:5b:be:6d:c4:3a:
ab:62:5f:f4:b7:8f:2e:cc:92:54:8b:ae:61:75:f1:
45:29:1b:a1:32:00:33:87:e5:2d:77:94:c0:e2:61:
ac:95:8c:54:5a:ac:17:6f:c4:e7:c5:21:87:81:46:
59:90:60:65:e6:09:01:16:44:a7:25:0c:76:59:e0:
4b:2b:46:54:87:86:9e:39:f7:66:4c:c4:ac:96:7b:
4f:bf:4c:c9:36:8a:30:fe:02:a0:13:db:a2:15:da:
ed:69:20:01:8e:e8:92:20:58:01:cc:88:e7:e7:47:
72:b7:c7:3c:2e:d5:4e:bc:af:2c:72:ff:cb:5c:3a:
2a:11:93:19:f1:fb:6a:96:ff:c1:b5:7c:f1:fb:b8:
d6:3a:00:66:63:a6:3c:f0:fa:85:52:60:5c:4f:57:
a4:0a:52:f3:66:a4:f1:8d:40:89:e7:b0:82:6f:0b:
52:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:1C:CF:CE:7F:E4:48:D0:75:F8:2B:9E:1D:AF:98:DF:B8:D8:F2:5C
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/MBzPzn_kSNB1-CueHa-Y37jY8lw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.185.0/24
5.182.196.0/23
79.98.183.0/24
92.249.29.0/24
94.154.171.0/24
94.154.178.0/24
103.130.176.0/23
103.210.13.0-103.210.15.255
103.216.198.0/24
104.232.36.0/24
147.78.207.0/24
162.218.93.0/24
185.52.138.0/23
185.161.190.0/24
185.187.214.0/23
185.198.89.0-185.198.91.255
185.201.42.0/24
185.208.152.0-185.208.154.255
185.230.121.0/24
185.253.120.0/23
192.145.70.0/24
212.60.13.0/24
IPv6:
2a0a:8f40:3::/48
2a0a:8f40:7::-2a0a:8f40:c:ffff:ffff:ffff:ffff:ffff
2a0a:8f40:1c::/48
Signature Algorithm: sha256WithRSAEncryption
27:85:e0:a6:0f:4b:f5:8d:e0:70:76:c9:73:55:f6:7e:ca:ab:
2f:4e:14:78:70:7a:f1:15:43:7b:f4:db:24:73:b8:69:72:c4:
ee:06:44:fe:bc:15:7e:31:b0:b9:52:9d:79:fd:17:b0:b4:b3:
5c:5d:fc:a4:a6:d3:ed:a1:cb:b9:71:6a:71:c6:9d:65:b5:57:
9a:ef:0d:f3:7c:14:81:80:24:76:77:9a:b5:95:02:8a:a6:b1:
f9:68:1d:7d:33:cb:de:7c:b1:e6:94:d1:18:28:9c:82:14:90:
e1:d9:dc:ef:2c:6a:25:3c:00:67:e8:49:e0:76:e1:02:98:b2:
c3:c4:dd:ad:a1:2a:4b:14:21:33:75:f3:78:47:9e:ef:d3:66:
bb:50:64:3f:d8:e4:cd:9f:3d:cf:59:07:ff:57:57:49:cb:a7:
f3:43:54:0d:0a:c3:85:a3:37:2a:ef:a5:84:99:ce:11:83:16:
43:fa:ec:b7:5b:fb:6f:e0:ee:cd:d3:21:27:17:0b:ec:1f:eb:
2c:4a:a2:14:64:76:a0:e8:40:c5:39:73:bc:97:f7:85:8f:10:
8d:b8:00:44:3d:70:ab:32:7a:04:e0:be:45:0d:fe:67:cc:a6:
ca:6b:81:0d:99:d3:5e:58:84:62:fc:09:27:be:4c:9e:35:89:
2a:25:2d:d0
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZkSA4OP8YFr1lXCGzEjpEvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwOTAzMjM1NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFjY2ZjZTdmZTQ0OGQwNzVmODJiOWUxZGFmOThkZmI4ZDhmMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm02Dyda9g2IrZKX1zqVmpT3dzw2Y
3I3/6KYpJLeyPYglOpVVBEQ0REwTssd6PAa19REl/Ch7wUKFZt6wkZjpOZsaTzTo
7UZ6buVIK+ckMpPAnactW75txDqrYl/0t48uzJJUi65hdfFFKRuhMgAzh+Utd5TA
4mGslYxUWqwXb8TnxSGHgUZZkGBl5gkBFkSnJQx2WeBLK0ZUh4aeOfdmTMSslntP
v0zJNoow/gKgE9uiFdrtaSABjuiSIFgBzIjn50dyt8c8LtVOvK8scv/LXDoqEZMZ
8ftqlv/BtXzx+7jWOgBmY6Y88PqFUmBcT1ekClLzZqTxjUCJ57CCbwtSyQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFDAcz85/5EjQdfgrnh2vmN+42PJcMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvTUJ6UHpuX2tTTkIxLUN1ZUhhLVkzN2pZOGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCBowQCAAEwgZwDBAAF
trkDBAEFtsQDBABPYrcDBABc+R0DBABemqsDBABemrIDBAFngrAwDAMEAGfSDQME
BGfSAAMEAGfYxgMEAGjoJAMEAJNOzwMEAKLaXQMEAbk0igMEALmhvgMEAbm71jAM
AwQAucZZAwQCucZYAwQAuckqMAwDBAO50JgDBAC50JoDBAC55nkDBAG5/XgDBADA
kUYDBADUPA0wLAQCAAIwJgMHACoKj0AAAzASAwcAKgqPQAAHAwcAKgqPQAAMAwcA
KgqPQAAcMA0GCSqGSIb3DQEBCwUAA4IBAQAnheCmD0v1jeBwdslzVfZ+yqsvThR4
cHrxFUN79Nskc7hpcsTuBkT+vBV+MbC5Up15/RewtLNcXfykptPtocu5cWpxxp1l
tVea7w3zfBSBgCR2d5q1lQKKprH5aB19M8vefLHmlNEYKJyCFJDh2dzvLGolPABn
6EngduECmLLDxN2toSpLFCEzdfN4R57v02a7UGQ/2OTNnz3PWQf/V1dJy6fzQ1QN
CsOFozcq76WEmc4RgxZD+uy3W/tv4O7N0yEnFwvsH+ssSqIUZHag6EDFOXO8l/eF
jxCNuABEPXCrMnoE4L5FDf5nzKbKa4ENmdNeWIRi/AknvkyeNYkqJS3Q
-----END CERTIFICATE-----
Generated at Sat Sep 6 04:38:13 2025 by rpki-client