Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zbvJrdPshbotPQyPGnFnidcK6wA.roa
File: zbvJrdPshbotPQyPGnFnidcK6wA.roa (raw, json)
Hash identifier: 4V/PSIA+oGiJgsqfMgOIzGTlXqlzWiAeWsYU/BgGl/s=
Subject key identifier: CD:BB:C9:AD:D3:EC:85:BA:2D:3D:0C:8F:1A:71:67:89:D7:0A:EB:00
Certificate issuer: /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial: 019A2890B3B6349191B34557441A48B2CEE3
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zbvJrdPshbotPQyPGnFnidcK6wA.roa
Signing time: Tue 28 Oct 2025 02:06:03 +0000
ROA not before: Tue 28 Oct 2025 02:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29076
IP address blocks: 37.202.12.0/24 maxlen: 24
37.202.13.0/24 maxlen: 24
37.202.15.0/24 maxlen: 24
212.113.114.0/23 maxlen: 23
212.113.115.0/24 maxlen: 24
212.113.125.0/24 maxlen: 24
212.113.126.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:28:90:b3:b6:34:91:91:b3:45:57:44:1a:48:b2:ce:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Validity
Not Before: Oct 28 02:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cdbbc9add3ec85ba2d3d0c8f1a716789d70aeb00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2a:7b:61:b1:2a:d7:6d:3d:84:bc:a1:db:f7:
85:a1:76:d6:55:5e:b2:1e:98:97:cc:6e:cd:30:6b:
8e:bf:77:0b:56:f3:ed:c1:89:61:79:d8:c6:ee:57:
86:5a:cd:1f:82:5a:c0:56:14:d5:f7:03:8a:bb:09:
e3:1e:27:b8:f6:e9:12:b1:28:e8:18:c0:31:4e:4d:
b6:f0:b1:8d:fe:37:2c:1e:af:a1:10:e1:75:93:ae:
61:a0:a9:b4:d6:0c:ac:ea:88:af:27:45:70:d3:28:
42:ee:60:30:a4:06:be:4b:31:db:95:2f:93:aa:f4:
72:2f:00:82:96:9c:63:5e:f1:e0:e8:86:3d:96:27:
b2:50:0a:82:18:f3:69:2d:2c:e1:2d:83:61:fc:89:
d1:41:a8:91:b4:92:12:91:cd:5b:dd:db:17:e9:43:
8e:01:48:7b:53:79:5b:56:2a:f8:82:00:6a:2a:74:
80:e5:87:cd:05:77:89:e8:32:4a:7f:7b:14:05:41:
da:6e:2e:33:c3:65:f8:89:13:76:af:6c:4e:f1:e1:
77:09:09:55:13:27:7b:2f:3a:cb:da:34:f9:77:90:
27:cb:39:4b:ef:17:c5:25:bc:15:58:a9:dd:c4:ce:
a6:89:df:6f:00:fc:5c:06:9e:9e:db:3f:55:10:f9:
38:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:BB:C9:AD:D3:EC:85:BA:2D:3D:0C:8F:1A:71:67:89:D7:0A:EB:00
X509v3 Authority Key Identifier:
keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zbvJrdPshbotPQyPGnFnidcK6wA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.12.0/23
37.202.15.0/24
212.113.114.0/23
212.113.125.0-212.113.126.255
Signature Algorithm: sha256WithRSAEncryption
82:3a:3d:89:4e:85:34:4d:85:0f:34:c1:7b:cb:cf:10:6f:e1:
6a:50:81:2c:f4:85:3b:f5:6b:b3:51:97:5c:cc:b8:b2:20:65:
a6:f9:4e:23:ea:a9:01:a6:b2:bf:1d:a2:8a:6b:2e:09:38:76:
30:97:94:96:9e:ad:a8:f2:96:7c:01:09:b8:74:a3:8b:68:76:
2b:ad:96:e8:fb:d4:8d:03:10:ba:4f:c1:8a:5d:db:b1:ac:d8:
4c:c6:9d:90:c6:b9:cb:06:22:5d:e6:53:b5:44:3d:18:dd:47:
b7:96:ec:1c:84:ce:6f:3b:15:2c:f5:61:c9:78:2c:b4:28:d2:
76:1a:f4:be:5f:0c:4c:f9:e1:73:f8:c5:d3:cb:5c:7e:dc:d9:
81:3f:cd:f0:81:05:26:93:ce:c9:59:19:1c:17:ef:31:b9:1a:
5f:ec:1d:88:41:4c:dd:a4:bb:72:3f:21:f0:d3:18:37:dd:39:
49:66:25:f4:17:0d:f8:5f:20:66:19:6b:8a:e1:5a:57:be:d2:
59:a1:1a:8e:cb:cb:a4:3d:cc:4d:b7:99:d7:a6:99:32:e7:62:
40:7b:d0:cf:09:e6:c9:1d:b0:05:02:aa:61:e4:21:9e:5f:02:
27:e8:9f:13:4e:69:17:f0:24:e8:b6:2f:28:d6:26:d8:74:14:
a3:5c:3a:c7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZookLO2NJGRs0VXRBpIss7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUxMDI4MDIwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGJiYzlhZGQzZWM4NWJhMmQzZDBjOGYxYTcxNjc4OWQ3MGFlYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArip7YbEq1209hLyh2/eFoXbWVV6y
HpiXzG7NMGuOv3cLVvPtwYlhedjG7leGWs0fglrAVhTV9wOKuwnjHie49ukSsSjo
GMAxTk228LGN/jcsHq+hEOF1k65hoKm01gys6oivJ0Vw0yhC7mAwpAa+SzHblS+T
qvRyLwCClpxjXvHg6IY9lieyUAqCGPNpLSzhLYNh/InRQaiRtJISkc1b3dsX6UOO
AUh7U3lbVir4ggBqKnSA5YfNBXeJ6DJKf3sUBUHabi4zw2X4iRN2r2xO8eF3CQlV
Eyd7LzrL2jT5d5AnyzlL7xfFJbwVWKndxM6mid9vAPxcBp6e2z9VEPk47QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFM27ya3T7IW6LT0MjxpxZ4nXCusAMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvemJ2SnJkUHNoYm90UFF5UEduRm5pZGNLNndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBJcoMAwQA
JcoPAwQB1HFyMAwDBADUcX0DBADUcX4wDQYJKoZIhvcNAQELBQADggEBAII6PYlO
hTRNhQ80wXvLzxBv4WpQgSz0hTv1a7NRl1zMuLIgZab5TiPqqQGmsr8dooprLgk4
djCXlJaerajylnwBCbh0o4todiutluj71I0DELpPwYpd27Gs2EzGnZDGucsGIl3m
U7VEPRjdR7eW7ByEzm87FSz1Ycl4LLQo0nYa9L5fDEz54XP4xdPLXH7c2YE/zfCB
BSaTzslZGRwX7zG5Gl/sHYhBTN2ku3I/IfDTGDfdOUlmJfQXDfhfIGYZa4rhWle+
0lmhGo7Ly6Q9zE23mdemmTLnYkB70M8J5skdsAUCqmHkIZ5fAifonxNOaRfwJOi2
LyjWJth0FKNcOsc=
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:26 2025 by rpki-client