Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/3bMVFRs8FOeJcOkO2XYWLqzrrkg.roa
File: 3bMVFRs8FOeJcOkO2XYWLqzrrkg.roa (raw, json)
Hash identifier: jcRVVzJYs1NWamGAFlutgx67H4FacWZP/qMYz6OqYpI=
Subject key identifier: DD:B3:15:15:1B:3C:14:E7:89:70:E9:0E:D9:76:16:2E:AC:EB:AE:48
Certificate issuer: /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial: 0199472BC74EECBB69297DE9EF77AFB7490D
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/3bMVFRs8FOeJcOkO2XYWLqzrrkg.roa
Signing time: Sun 14 Sep 2025 07:41:15 +0000
ROA not before: Sun 14 Sep 2025 07:41:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213176
IP address blocks: 209.35.224.0/24 maxlen: 24
209.35.225.0/24 maxlen: 24
209.35.226.0/24 maxlen: 24
209.35.227.0/24 maxlen: 24
209.35.228.0/24 maxlen: 24
209.35.229.0/24 maxlen: 24
209.35.230.0/24 maxlen: 24
209.35.231.0/24 maxlen: 24
209.35.233.0/24 maxlen: 24
209.35.234.0/24 maxlen: 24
209.35.235.0/24 maxlen: 24
209.35.236.0/24 maxlen: 24
209.35.237.0/24 maxlen: 24
209.35.238.0/24 maxlen: 24
209.35.239.0/24 maxlen: 24
209.35.240.0/24 maxlen: 24
209.35.241.0/24 maxlen: 24
209.35.242.0/24 maxlen: 24
209.35.243.0/24 maxlen: 24
209.35.244.0/24 maxlen: 24
209.35.245.0/24 maxlen: 24
209.35.246.0/24 maxlen: 24
209.35.247.0/24 maxlen: 24
209.35.248.0/24 maxlen: 24
209.35.249.0/24 maxlen: 24
209.35.250.0/24 maxlen: 24
209.35.251.0/24 maxlen: 24
209.35.252.0/24 maxlen: 24
209.35.253.0/24 maxlen: 24
212.59.64.0/24 maxlen: 24
212.59.65.0/24 maxlen: 24
212.59.66.0/24 maxlen: 24
212.59.67.0/24 maxlen: 24
212.59.68.0/24 maxlen: 24
212.59.69.0/24 maxlen: 24
212.59.70.0/24 maxlen: 24
212.59.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 Oct 2025 22:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:47:2b:c7:4e:ec:bb:69:29:7d:e9:ef:77:af:b7:49:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Validity
Not Before: Sep 14 07:41:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddb315151b3c14e78970e90ed976162eacebae48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:bd:b8:cf:a2:e7:d8:c5:30:94:c3:e3:f3:79:
eb:1f:e9:ad:33:e9:5e:f3:e2:6b:99:50:18:5e:e2:
c0:08:c9:20:cd:9a:ce:67:7b:66:dc:6a:ba:72:82:
5e:cb:71:b4:93:05:4c:21:f1:2d:1b:02:df:cb:dc:
7e:8b:61:0f:a6:78:9a:16:34:1f:c2:4b:fc:e4:b1:
39:b1:14:a3:3e:72:d5:2c:49:32:92:3e:b1:fc:3a:
c9:9b:21:53:46:59:dc:ef:ca:ef:20:d1:ee:7f:ae:
91:6f:9f:ef:4c:e4:b7:3d:ed:a9:27:c6:37:23:0a:
74:db:85:0a:4d:59:96:1f:56:a2:59:e5:61:9d:a2:
dd:17:c4:92:27:e3:69:0f:b1:16:8d:34:aa:28:2f:
a8:c3:7a:47:5b:3a:29:f2:0c:24:3c:ef:9d:46:14:
80:07:16:5f:99:c7:ac:34:0f:3e:13:5f:94:34:2b:
cc:f9:f1:58:87:f2:24:fc:1b:22:f3:f7:98:3a:c2:
b2:73:24:5e:83:ca:e6:7f:d7:cf:b3:e6:16:c9:b8:
ef:4f:57:53:52:6f:9e:85:f4:4b:bb:71:3b:d6:f3:
2b:cc:a3:b3:46:73:12:4b:ad:df:eb:58:0e:3a:9d:
a8:21:c8:0b:18:96:87:30:ef:da:52:7b:2a:33:2f:
cd:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:B3:15:15:1B:3C:14:E7:89:70:E9:0E:D9:76:16:2E:AC:EB:AE:48
X509v3 Authority Key Identifier:
keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/3bMVFRs8FOeJcOkO2XYWLqzrrkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
209.35.224.0/21
209.35.233.0-209.35.253.255
212.59.64.0/21
Signature Algorithm: sha256WithRSAEncryption
a3:36:5d:cc:02:e0:8a:cc:3f:01:91:85:7b:1e:51:87:fc:21:
fd:b2:59:39:4b:a2:3c:d0:75:51:13:7a:d2:85:46:80:f8:4c:
b9:1c:40:10:ed:bf:f6:5e:cf:af:82:e3:63:45:42:20:f5:44:
d3:fd:04:d7:2b:98:d0:18:7d:dd:a3:de:75:0f:f2:50:7e:3a:
1a:70:56:ee:03:64:c2:4e:95:86:44:85:6e:86:22:d7:c5:6b:
0c:67:d8:9b:18:d0:6e:62:26:59:a0:98:47:37:a7:5e:90:45:
11:1b:5c:4d:19:e5:36:aa:cd:c9:b7:50:f7:a3:78:04:0f:4c:
eb:3a:2e:b1:53:ea:0f:29:80:d3:1b:a0:37:9a:dd:52:83:23:
e5:c4:75:fd:3e:5d:6a:72:f8:fa:72:e5:84:28:c0:db:55:22:
29:93:fb:a3:f8:68:fe:4a:18:14:4e:5a:7e:5b:c7:44:b5:db:
01:b9:9b:75:4b:b7:86:ac:dc:7f:ea:04:db:df:3c:a2:f9:5e:
6c:b4:7e:80:db:22:67:ed:76:1d:8c:b8:4b:75:11:b2:4a:6f:
c7:2b:9e:0b:76:c4:3a:ae:94:69:37:98:4b:e3:9f:f0:6e:8b:
fa:28:66:ac:7f:de:db:6d:3d:c8:fb:07:b7:7b:2c:23:a9:69:
bf:8d:26:7a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZlHK8dO7LtpKX3p73evt0kNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjUwOTE0MDc0MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGIzMTUxNTFiM2MxNGU3ODk3MGU5MGVkOTc2MTYyZWFjZWJhZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr24z6Ln2MUwlMPj83nrH+mtM+le
8+JrmVAYXuLACMkgzZrOZ3tm3Gq6coJey3G0kwVMIfEtGwLfy9x+i2EPpniaFjQf
wkv85LE5sRSjPnLVLEkykj6x/DrJmyFTRlnc78rvINHuf66Rb5/vTOS3Pe2pJ8Y3
Iwp024UKTVmWH1aiWeVhnaLdF8SSJ+NpD7EWjTSqKC+ow3pHWzop8gwkPO+dRhSA
BxZfmcesNA8+E1+UNCvM+fFYh/Ik/Bsi8/eYOsKycyReg8rmf9fPs+YWybjvT1dT
Um+ehfRLu3E71vMrzKOzRnMSS63f61gOOp2oIcgLGJaHMO/aUnsqMy/NWwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN2zFRUbPBTniXDpDtl2Fi6s665IMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvM2JNVkZSczhGT2VKY09rTzJYWVdMcXpycmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQD0SPgMAwD
BADRI+kDBAHRI/wDBAPUO0AwDQYJKoZIhvcNAQELBQADggEBAKM2XcwC4IrMPwGR
hXseUYf8If2yWTlLojzQdVETetKFRoD4TLkcQBDtv/Zez6+C42NFQiD1RNP9BNcr
mNAYfd2j3nUP8lB+OhpwVu4DZMJOlYZEhW6GItfFawxn2JsY0G5iJlmgmEc3p16Q
RREbXE0Z5Taqzcm3UPejeAQPTOs6LrFT6g8pgNMboDea3VKDI+XEdf0+XWpy+Ppy
5YQowNtVIimT+6P4aP5KGBROWn5bx0S12wG5m3VLt4as3H/qBNvfPKL5Xmy0foDb
Imftdh2MuEt1EbJKb8crngt2xDqulGk3mEvjn/Bui/ooZqx/3tttPcj7B7d7LCOp
ab+NJno=
-----END CERTIFICATE-----
Generated at Tue Oct 14 03:18:44 2025 by rpki-client