Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2zSqcJ9Y-8gFEYLEn8boP0u6rS4.roa
File: 2zSqcJ9Y-8gFEYLEn8boP0u6rS4.roa (raw, json)
Hash identifier: haGjzU6eyI1x756FuVAVNLEoh000mU3ZA/CDoJfpaAY=
Subject key identifier: DB:34:AA:70:9F:58:FB:C8:05:11:82:C4:9F:C6:E8:3F:4B:BA:AD:2E
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 019A27A1C18414A00A69536353707319DE48
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2zSqcJ9Y-8gFEYLEn8boP0u6rS4.roa
Signing time: Mon 27 Oct 2025 21:45:03 +0000
ROA not before: Mon 27 Oct 2025 21:45:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 37.97.120.0/24 maxlen: 24
64.43.65.0/24 maxlen: 24
64.43.73.0/24 maxlen: 24
64.43.74.0/24 maxlen: 24
64.43.75.0/24 maxlen: 24
64.43.88.0/24 maxlen: 24
64.43.89.0/24 maxlen: 24
64.43.90.0/24 maxlen: 24
64.43.91.0/24 maxlen: 24
64.43.93.0/24 maxlen: 24
64.43.94.0/24 maxlen: 24
64.43.95.0/24 maxlen: 24
64.43.108.0/24 maxlen: 24
64.43.109.0/24 maxlen: 24
64.43.110.0/24 maxlen: 24
64.43.111.0/24 maxlen: 24
64.43.116.0/24 maxlen: 24
64.43.117.0/24 maxlen: 24
64.43.118.0/24 maxlen: 24
64.43.119.0/24 maxlen: 24
64.43.120.0/24 maxlen: 24
64.43.121.0/24 maxlen: 24
64.43.122.0/24 maxlen: 24
64.43.123.0/24 maxlen: 24
77.36.61.0/24 maxlen: 24
77.36.72.0/24 maxlen: 24
77.36.73.0/24 maxlen: 24
77.36.74.0/24 maxlen: 24
77.36.75.0/24 maxlen: 24
77.36.76.0/24 maxlen: 24
77.36.77.0/24 maxlen: 24
77.36.78.0/24 maxlen: 24
77.36.79.0/24 maxlen: 24
81.161.8.0/24 maxlen: 24
81.161.9.0/24 maxlen: 24
81.161.10.0/24 maxlen: 24
81.161.11.0/24 maxlen: 24
91.232.19.0/24 maxlen: 24
91.235.167.0/24 maxlen: 24
91.238.40.0/24 maxlen: 24
91.238.41.0/24 maxlen: 24
91.240.154.0/24 maxlen: 24
91.245.88.0/24 maxlen: 24
91.245.89.0/24 maxlen: 24
91.246.200.0/24 maxlen: 24
93.120.32.0/24 maxlen: 24
93.120.43.0/24 maxlen: 24
93.120.73.0/24 maxlen: 24
109.197.236.0/24 maxlen: 24
109.197.237.0/24 maxlen: 24
109.197.238.0/24 maxlen: 24
109.197.239.0/24 maxlen: 24
176.96.88.0/24 maxlen: 24
176.96.90.0/24 maxlen: 24
176.96.91.0/24 maxlen: 24
176.102.120.0/24 maxlen: 24
176.102.121.0/24 maxlen: 24
176.102.122.0/24 maxlen: 24
176.102.123.0/24 maxlen: 24
176.103.240.0/24 maxlen: 24
176.103.241.0/24 maxlen: 24
176.103.242.0/24 maxlen: 24
176.103.243.0/24 maxlen: 24
176.103.244.0/24 maxlen: 24
176.103.245.0/24 maxlen: 24
176.103.246.0/24 maxlen: 24
176.103.247.0/24 maxlen: 24
193.36.208.0/24 maxlen: 24
193.36.209.0/24 maxlen: 24
193.36.210.0/24 maxlen: 24
193.36.211.0/24 maxlen: 24
193.36.212.0/24 maxlen: 24
193.36.213.0/24 maxlen: 24
193.36.214.0/24 maxlen: 24
193.36.215.0/24 maxlen: 24
193.221.83.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:27:a1:c1:84:14:a0:0a:69:53:63:53:70:73:19:de:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 27 21:45:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db34aa709f58fbc8051182c49fc6e83f4bbaad2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:48:b9:60:75:e6:66:69:ef:51:78:f4:4e:60:
98:57:a3:9c:ad:d2:16:58:29:5b:a9:11:4c:d8:f0:
75:45:79:40:0e:1c:c2:07:b5:67:b1:57:e9:54:3e:
d0:93:18:a6:e0:9d:a4:b0:28:3b:c7:0a:36:7b:6d:
d4:1e:75:e6:dd:05:c1:e6:19:3d:76:64:6e:49:a3:
46:b7:4c:11:84:c9:f4:4f:99:15:38:23:85:3d:2f:
c4:78:4a:56:33:7c:8d:ab:85:af:e1:cc:98:45:79:
c7:b8:7c:71:b2:48:ea:2b:56:73:76:36:d6:d8:8a:
99:13:52:09:65:b0:46:a6:65:3b:34:4e:33:6a:9d:
9d:21:61:76:80:f8:e3:3e:6d:56:67:14:b1:c6:09:
47:8f:bc:21:d4:b6:58:a3:53:03:9e:d7:be:21:32:
1d:09:cd:c8:28:0a:b4:e9:ea:18:8b:e1:7d:e4:85:
f2:64:92:69:eb:99:35:02:a9:05:58:f4:f6:30:36:
c9:72:67:b9:b6:2e:c1:43:5d:c7:47:50:d9:88:3b:
6f:0d:f8:08:ef:a8:28:76:cb:18:91:e1:2b:c5:00:
fe:f8:2e:f9:f0:ab:cc:73:df:4d:1e:73:79:ab:9b:
cb:da:99:fd:1b:f1:87:76:7e:43:48:21:8e:a6:1f:
25:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:34:AA:70:9F:58:FB:C8:05:11:82:C4:9F:C6:E8:3F:4B:BA:AD:2E
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/2zSqcJ9Y-8gFEYLEn8boP0u6rS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.120.0/24
64.43.65.0/24
64.43.73.0-64.43.75.255
64.43.88.0/22
64.43.93.0-64.43.95.255
64.43.108.0/22
64.43.116.0-64.43.123.255
77.36.61.0/24
77.36.72.0/21
81.161.8.0/22
91.232.19.0/24
91.235.167.0/24
91.238.40.0/23
91.240.154.0/24
91.245.88.0/23
91.246.200.0/24
93.120.32.0/24
93.120.43.0/24
93.120.73.0/24
109.197.236.0/22
176.96.88.0/24
176.96.90.0/23
176.102.120.0/22
176.103.240.0/21
193.36.208.0/21
193.221.83.0/24
Signature Algorithm: sha256WithRSAEncryption
59:77:cc:c5:0c:40:1a:89:63:70:40:77:1f:01:19:4a:6b:ff:
80:06:5b:70:16:6c:6a:4c:93:fb:4a:cf:61:78:8a:8c:ac:b0:
25:02:6e:fe:26:cd:eb:43:52:41:24:05:70:64:d8:fa:c0:8a:
14:91:60:60:03:42:7d:e1:6f:7f:6b:42:66:fb:4b:5b:10:a6:
31:23:5a:80:2d:72:76:69:59:68:54:d2:44:37:ba:3b:c9:b7:
cc:d3:45:28:9f:7e:85:7d:b2:45:d5:74:49:d9:52:ff:11:06:
ad:dc:c4:7f:c2:63:60:46:b2:4f:9c:7b:61:0b:e2:64:64:05:
06:c5:6c:df:64:ed:8f:b5:45:16:c1:39:52:7d:f6:8d:7f:74:
d6:cc:47:50:57:ec:97:74:c2:d3:b8:fe:fd:ba:1a:6a:b4:b0:
fd:c6:71:38:a8:fa:24:48:fa:ef:97:42:79:1a:cb:6e:7e:67:
ab:1d:56:0d:79:06:6b:a6:ee:af:e6:75:58:5e:a9:50:26:4c:
3b:4e:b4:b9:51:65:f5:ba:15:30:83:df:7b:98:8e:80:ea:64:
9c:ce:1e:11:52:16:6b:74:41:4f:98:dc:a4:56:b3:83:41:c5:
04:de:1f:9d:53:68:c5:16:57:33:11:fa:6c:dd:89:90:df:cc:
d2:ee:ee:a5
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAZonocGEFKAKaVNjU3BzGd5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDI3MjE0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM0YWE3MDlmNThmYmM4MDUxMTgyYzQ5ZmM2ZTgzZjRiYmFhZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAski5YHXmZmnvUXj0TmCYV6OcrdIW
WClbqRFM2PB1RXlADhzCB7VnsVfpVD7Qkxim4J2ksCg7xwo2e23UHnXm3QXB5hk9
dmRuSaNGt0wRhMn0T5kVOCOFPS/EeEpWM3yNq4Wv4cyYRXnHuHxxskjqK1ZzdjbW
2IqZE1IJZbBGpmU7NE4zap2dIWF2gPjjPm1WZxSxxglHj7wh1LZYo1MDnte+ITId
Cc3IKAq06eoYi+F95IXyZJJp65k1AqkFWPT2MDbJcme5ti7BQ13HR1DZiDtvDfgI
76godssYkeErxQD++C758KvMc99NHnN5q5vL2pn9G/GHdn5DSCGOph8lewIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFNs0qnCfWPvIBRGCxJ/G6D9Luq0uMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvMnpTcWNKOVktOGdGRVlMRW44Ym9QMHU2clM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHRBggrBgEFBQcBBwEB/wSBwTCBvjCBuwQCAAEwgbQDBAAl
YXgDBABAK0EwDAMEAEArSQMEAkArSAMEAkArWDAMAwQAQCtdAwQFQCtAAwQCQCts
MAwDBAJAK3QDBAJAK3gDBABNJD0DBANNJEgDBAJRoQgDBABb6BMDBABb66cDBAFb
7igDBABb8JoDBAFb9VgDBABb9sgDBABdeCADBABdeCsDBABdeEkDBAJtxewDBACw
YFgDBAGwYFoDBAKwZngDBAOwZ/ADBAPBJNADBADB3VMwDQYJKoZIhvcNAQELBQAD
ggEBAFl3zMUMQBqJY3BAdx8BGUpr/4AGW3AWbGpMk/tKz2F4ioyssCUCbv4mzetD
UkEkBXBk2PrAihSRYGADQn3hb39rQmb7S1sQpjEjWoAtcnZpWWhU0kQ3ujvJt8zT
RSiffoV9skXVdEnZUv8RBq3cxH/CY2BGsk+ce2EL4mRkBQbFbN9k7Y+1RRbBOVJ9
9o1/dNbMR1BX7Jd0wtO4/v26Gmq0sP3GcTio+iRI+u+XQnkay25+Z6sdVg15Bmum
7q/mdVheqVAmTDtOtLlRZfW6FTCD33uYjoDqZJzOHhFSFmt0QU+Y3KRWs4NBxQTe
H51TaMUWVzMR+mzdiZDfzNLu7qU=
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:12:51 2025 by rpki-client