Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/bZMlD1Y77PgWJ1xWmATYPpeyC0k.roa
File: bZMlD1Y77PgWJ1xWmATYPpeyC0k.roa (raw, json)
Hash identifier: XSw5SUqzb2aaTCuEPmjgnH1OQzmaZQAkoLsb10FnfxI=
Subject key identifier: 6D:93:25:0F:56:3B:EC:F8:16:27:5C:56:98:04:D8:3E:97:B2:0B:49
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 019867E4A2A00653AB1F8BE220E98353288E
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/bZMlD1Y77PgWJ1xWmATYPpeyC0k.roa
Signing time: Fri 01 Aug 2025 23:08:13 +0000
ROA not before: Fri 01 Aug 2025 23:08:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 103.17.97.0/24 maxlen: 24
109.111.32.0/22 maxlen: 22
109.111.34.0/23 maxlen: 24
109.111.36.0/23 maxlen: 23
109.111.40.0/23 maxlen: 23
109.111.44.0/22 maxlen: 22
109.111.48.0/20 maxlen: 20
185.65.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 05:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:67:e4:a2:a0:06:53:ab:1f:8b:e2:20:e9:83:53:28:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Aug 1 23:08:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d93250f563becf816275c569804d83e97b20b49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:87:89:8c:66:55:7a:8b:58:7b:98:5f:d3:ed:
52:d7:e1:bf:10:bf:02:bf:40:ef:e4:59:5c:9d:d5:
59:1e:bb:84:08:c0:72:86:47:17:f1:8e:a7:59:71:
14:3f:40:b0:0b:d7:18:c6:e8:f9:be:4b:b8:15:6d:
a9:3f:8d:03:4a:e2:e3:79:1d:c4:e4:42:a8:c0:06:
ef:91:83:46:4c:22:aa:a9:22:07:8b:a4:cb:23:aa:
ec:74:39:57:2c:cd:f5:d2:eb:59:fd:42:28:e1:f1:
16:72:29:73:9c:c6:5a:7c:61:4a:85:50:c9:7a:a0:
06:27:57:70:8a:82:79:b8:8c:0d:6e:a5:01:b2:53:
e2:4a:ce:a2:ef:37:e7:4d:0d:b3:bd:50:f0:f9:87:
1f:57:89:6a:18:fb:97:45:4c:2a:9e:06:a1:f2:b7:
62:ce:e0:34:f3:10:ee:76:63:d1:c5:3c:24:f3:1c:
bb:13:6d:d8:14:c3:2a:9a:8c:d7:fb:b3:89:dc:81:
6e:28:fd:2c:d2:5e:da:d4:65:37:b9:d0:3a:be:a6:
ce:03:7b:ad:ca:11:cb:6d:10:13:2e:77:d7:d3:b6:
55:a1:f5:1c:b2:be:b3:d8:ec:9d:6a:30:28:7d:aa:
26:2c:5c:57:44:c1:b1:fa:8a:53:6e:df:6e:fc:9e:
20:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:93:25:0F:56:3B:EC:F8:16:27:5C:56:98:04:D8:3E:97:B2:0B:49
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/bZMlD1Y77PgWJ1xWmATYPpeyC0k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.17.97.0/24
109.111.32.0-109.111.37.255
109.111.40.0/23
109.111.44.0-109.111.63.255
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
69:51:71:c6:57:0b:88:91:0a:35:86:91:dd:6a:34:d6:79:ec:
66:76:fe:58:b1:fe:d0:81:1f:3e:e1:4b:71:61:40:7b:46:f4:
bf:ef:73:15:a8:fe:37:b9:62:15:13:5d:0f:81:25:7f:43:23:
ae:ed:48:db:11:90:84:6d:a4:02:83:17:fd:0e:f0:a5:a3:a0:
6d:c0:90:28:01:5b:34:e8:2a:2a:87:7e:b7:1b:2f:85:77:e4:
7a:9a:cc:8c:e8:2d:89:ca:2e:ca:48:b1:ea:eb:77:40:b1:0a:
35:5e:74:a8:a0:5e:c0:40:86:7c:77:4a:15:63:da:a7:f0:5d:
8a:33:61:59:13:79:a8:f4:f3:77:35:73:1d:2e:c8:21:57:17:
35:fc:8d:04:2e:35:60:04:5f:1a:19:d7:5b:0d:b6:25:40:bb:
15:44:39:3d:40:78:3c:3e:8d:7d:43:fa:88:69:85:c9:5b:6d:
6f:7e:3e:b0:0a:2b:a8:e7:05:a2:57:4a:07:d6:bc:55:87:9f:
19:85:bd:2c:8b:fd:7c:ce:db:1b:9f:87:3e:46:44:28:d5:80:
17:4d:56:a7:0f:8f:72:d5:4c:c8:da:2a:25:1f:de:66:e0:e4:
dc:9e:4e:c6:02:70:15:36:34:e1:2b:b2:83:d7:84:8e:eb:99:
97:6f:a4:1a
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZhn5KKgBlOrH4viIOmDUyiOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODAxMjMwODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDkzMjUwZjU2M2JlY2Y4MTYyNzVjNTY5ODA0ZDgzZTk3YjIwYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4eJjGZVeotYe5hf0+1S1+G/EL8C
v0Dv5FlcndVZHruECMByhkcX8Y6nWXEUP0CwC9cYxuj5vku4FW2pP40DSuLjeR3E
5EKowAbvkYNGTCKqqSIHi6TLI6rsdDlXLM310utZ/UIo4fEWcilznMZafGFKhVDJ
eqAGJ1dwioJ5uIwNbqUBslPiSs6i7zfnTQ2zvVDw+YcfV4lqGPuXRUwqngah8rdi
zuA08xDudmPRxTwk8xy7E23YFMMqmozX+7OJ3IFuKP0s0l7a1GU3udA6vqbOA3ut
yhHLbRATLnfX07ZVofUcsr6z2OydajAofaomLFxXRMGx+opTbt9u/J4gfwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFG2TJQ9WO+z4FidcVpgE2D6XsgtJMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvYlpNbEQxWTc3UGdXSjF4V21BVFlQcGV5QzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAZxFhMAwD
BAVtbyADBAFtbyQDBAFtbygwDAMEAm1vLAMEBm1vAAMEALlBPjANBgkqhkiG9w0B
AQsFAAOCAQEAaVFxxlcLiJEKNYaR3Wo01nnsZnb+WLH+0IEfPuFLcWFAe0b0v+9z
Faj+N7liFRNdD4Elf0Mjru1I2xGQhG2kAoMX/Q7wpaOgbcCQKAFbNOgqKod+txsv
hXfkeprMjOgticouykix6ut3QLEKNV50qKBewECGfHdKFWPap/BdijNhWRN5qPTz
dzVzHS7IIVcXNfyNBC41YARfGhnXWw22JUC7FUQ5PUB4PD6NfUP6iGmFyVttb34+
sAorqOcFoldKB9a8VYefGYW9LIv9fM7bG5+HPkZEKNWAF01Wpw+PctVMyNoqJR/e
ZuDk3J5OxgJwFTY04Suyg9eEjuuZl2+kGg==
-----END CERTIFICATE-----
Generated at Mon Aug 4 14:57:01 2025 by rpki-client