Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MarPqAKLnLs3JHOx2TaEpLM7hdg.roa
File: MarPqAKLnLs3JHOx2TaEpLM7hdg.roa (raw, json)
Hash identifier: oZ++sruGxBQDgf5YcQmFffmW21Vj1WeJ1Od9xvKdOsw=
Subject key identifier: 31:AA:CF:A8:02:8B:9C:BB:37:24:73:B1:D9:36:84:A4:B3:3B:85:D8
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0198791D2E9DC2C41C91A8DF2BDEE2B1C210
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MarPqAKLnLs3JHOx2TaEpLM7hdg.roa
Signing time: Tue 05 Aug 2025 07:23:32 +0000
ROA not before: Tue 05 Aug 2025 07:23:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 22:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:1d:2e:9d:c2:c4:1c:91:a8:df:2b:de:e2:b1:c2:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Aug 5 07:23:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=31aacfa8028b9cbb372473b1d93684a4b33b85d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:3d:1f:34:21:b3:9d:91:76:d5:06:3b:50:47:
cd:2c:3f:76:4a:da:ef:96:0a:29:9b:6d:a0:f8:75:
07:58:02:14:1b:83:df:e0:30:e6:c3:57:ef:47:9d:
41:ac:ae:2f:69:c6:db:ab:dd:82:96:82:ba:42:12:
cd:9d:0d:97:05:29:63:4c:81:f4:ef:1f:72:f3:78:
67:b2:de:ff:d2:de:c3:d9:c7:c4:79:ee:c3:5a:03:
b7:48:e5:1a:6a:70:42:37:5f:3e:f5:1f:dc:68:d4:
cf:35:1e:68:47:78:eb:3c:03:aa:45:b2:a5:0d:eb:
9e:52:c7:e6:d6:c6:34:80:22:39:93:48:15:47:d2:
d6:a2:ec:e0:f1:29:08:99:95:06:74:3e:23:4c:4f:
2c:05:38:fd:f1:a5:e1:a2:e3:d9:4e:91:d4:a5:32:
ad:a4:a8:dc:d5:68:10:e3:a7:03:5d:fe:2e:70:70:
82:71:ca:a1:24:bf:9a:2c:48:0d:b2:99:d4:cb:3e:
d6:d6:2a:bd:a8:3b:d4:01:98:60:56:ee:59:49:05:
c8:6d:6e:70:dd:47:4f:3d:4c:a7:e7:8f:d7:8e:63:
e9:14:02:f7:2e:17:a3:26:7e:e3:93:4e:21:dc:5a:
b1:36:65:56:bb:7d:60:23:e9:27:29:73:12:6e:57:
8b:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:AA:CF:A8:02:8B:9C:BB:37:24:73:B1:D9:36:84:A4:B3:3B:85:D8
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MarPqAKLnLs3JHOx2TaEpLM7hdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
35:8d:77:4c:a7:12:54:a9:36:ff:19:a6:6a:ef:42:78:5d:ea:
6e:5c:ac:a5:47:69:7d:a7:bf:24:e0:e8:e7:1e:3e:b0:0d:52:
76:f1:f3:12:3d:f2:c3:e7:22:9f:05:b4:ae:d0:98:79:57:00:
1c:5e:f4:d8:08:78:fe:a8:2a:87:cc:6b:7f:3c:81:6f:3d:6f:
83:56:dc:f6:f8:36:04:56:33:57:c2:91:a1:15:8d:e3:53:e2:
fc:59:fd:6f:11:fd:64:16:65:a7:13:c6:f8:1b:11:66:9e:06:
fe:1e:b7:dd:14:fe:d9:d2:0e:22:b0:0c:31:04:ec:39:7a:2a:
18:18:c6:03:98:0b:c5:21:d3:34:c4:cc:a1:d0:8d:e7:d9:e0:
c3:bc:51:50:a3:4c:ba:fc:51:b4:2b:83:79:c0:06:25:18:cc:
22:06:fa:5f:cd:43:5a:f0:4a:68:27:d2:e9:14:25:6f:ff:cc:
08:cd:df:86:b7:79:a6:51:4d:a0:27:c4:13:77:bd:d9:b4:5f:
28:8a:1b:74:f3:5b:08:b6:0b:b3:30:fa:4a:17:66:09:1e:9c:
1d:18:25:11:ee:a6:cd:60:04:11:1c:64:5c:40:3e:0e:10:9a:
24:e1:01:14:b3:df:70:66:18:f2:e2:a4:6b:38:a7:c7:74:e6:
c3:d8:1b:90
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZh5HS6dwsQckajfK97iscIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwODA1MDcyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWFhY2ZhODAyOGI5Y2JiMzcyNDczYjFkOTM2ODRhNGIzM2I4NWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5T0fNCGznZF21QY7UEfNLD92Strv
lgopm22g+HUHWAIUG4Pf4DDmw1fvR51BrK4vacbbq92CloK6QhLNnQ2XBSljTIH0
7x9y83hnst7/0t7D2cfEee7DWgO3SOUaanBCN18+9R/caNTPNR5oR3jrPAOqRbKl
DeueUsfm1sY0gCI5k0gVR9LWouzg8SkImZUGdD4jTE8sBTj98aXhouPZTpHUpTKt
pKjc1WgQ46cDXf4ucHCCccqhJL+aLEgNspnUyz7W1iq9qDvUAZhgVu5ZSQXIbW5w
3UdPPUyn54/XjmPpFAL3LhejJn7jk04h3FqxNmVWu31gI+knKXMSbleLfQIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFDGqz6gCi5y7NyRzsdk2hKSzO4XYMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvTWFyUHFBS0xuTHMzSkhPeDJUYUVwTE03aGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEAbm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQA1jXdMpxJUqTb/GaZq70J4XepuXKylR2l9p78k4OjnHj6w
DVJ28fMSPfLD5yKfBbSu0Jh5VwAcXvTYCHj+qCqHzGt/PIFvPW+DVtz2+DYEVjNX
wpGhFY3jU+L8Wf1vEf1kFmWnE8b4GxFmngb+HrfdFP7Z0g4isAwxBOw5eioYGMYD
mAvFIdM0xMyh0I3n2eDDvFFQo0y6/FG0K4N5wAYlGMwiBvpfzUNa8EpoJ9LpFCVv
/8wIzd+Gt3mmUU2gJ8QTd73ZtF8oiht081sItguzMPpKF2YJHpwdGCUR7qbNYAQR
HGRcQD4OEJok4QEUs99wZhjy4qRrOKfHdObD2BuQ
-----END CERTIFICATE-----
Generated at Mon Aug 11 07:23:39 2025 by rpki-client