Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/zIQrtixaP8FSodiktmvc2r9jLQ0.roa
File: zIQrtixaP8FSodiktmvc2r9jLQ0.roa (raw, json)
Hash identifier: TQFktjGswL7qarOYLhb3l7yDbaMo37GtBSGaVvZU4Bw=
Subject key identifier: CC:84:2B:B6:2C:5A:3F:C1:52:A1:D8:A4:B6:6B:DC:DA:BF:63:2D:0D
Certificate issuer: /CN=b467367967dc763349fd0b50e31f75b823028590
Certificate serial: 019A302CF1CBEBCC97D3C86006DB9069D579
Authority key identifier: B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/zIQrtixaP8FSodiktmvc2r9jLQ0.roa
Signing time: Wed 29 Oct 2025 13:34:03 +0000
ROA not before: Wed 29 Oct 2025 13:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199484
IP address blocks: 37.75.8.0/21 maxlen: 24
185.28.0.0/22 maxlen: 24
185.40.72.0/22 maxlen: 22
185.40.72.0/24 maxlen: 24
185.40.73.0/24 maxlen: 24
185.40.74.0/24 maxlen: 24
185.40.75.0/24 maxlen: 24
185.81.236.0/22 maxlen: 24
185.153.248.0/22 maxlen: 22
185.153.248.0/24 maxlen: 24
185.153.249.0/24 maxlen: 24
185.153.250.0/24 maxlen: 24
185.153.251.0/24 maxlen: 24
185.155.148.0/24 maxlen: 24
185.155.149.0/24 maxlen: 24
195.142.0.0/22 maxlen: 24
195.142.104.0/21 maxlen: 24
195.142.132.0/22 maxlen: 24
195.142.152.0/22 maxlen: 22
195.142.152.0/24 maxlen: 24
195.142.184.0/24 maxlen: 24
195.142.193.0/24 maxlen: 24
195.142.194.0/24 maxlen: 24
195.155.96.0/24 maxlen: 24
195.155.97.0/24 maxlen: 24
195.155.98.0/24 maxlen: 24
195.155.99.0/24 maxlen: 24
2a07:89c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.mft
rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:30:2c:f1:cb:eb:cc:97:d3:c8:60:06:db:90:69:d5:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b467367967dc763349fd0b50e31f75b823028590
Validity
Not Before: Oct 29 13:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc842bb62c5a3fc152a1d8a4b66bdcdabf632d0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:48:5b:ae:2a:4a:d9:64:23:e4:b5:b2:40:98:
42:06:5c:60:50:5c:e1:ce:e2:4f:1c:95:2b:cb:64:
77:38:3a:f0:a9:83:f0:18:b7:fc:8d:ed:c9:53:0f:
be:a2:38:e6:4e:ad:48:f7:f4:16:59:1d:9d:6f:1d:
89:a1:a2:cf:49:87:11:62:a2:05:67:89:ff:1b:7f:
b4:0e:88:2a:9c:17:29:1d:e9:c0:3b:6a:70:bf:df:
b2:cf:19:d8:2f:5b:fe:71:3d:48:ea:5b:47:e5:7a:
31:fe:45:ab:e6:5e:1a:55:a4:24:72:17:4d:27:d5:
76:91:84:fa:b4:3e:4d:a4:ac:2c:6f:84:26:69:8d:
c8:b2:a2:60:dd:41:ca:68:bb:72:8f:61:00:d9:84:
a2:9e:32:f5:d0:c0:8c:c0:11:43:a7:36:d9:b4:c9:
28:e2:1a:b0:a1:43:c5:c4:64:5b:e7:58:56:33:13:
2c:72:bd:e9:c3:b6:3b:3f:55:2b:d4:0d:53:c1:d9:
26:dd:34:e4:7f:38:78:ea:0a:1f:ec:79:21:59:1e:
ba:c8:7a:ef:08:0b:6e:ce:9b:73:3c:86:49:01:4e:
38:7d:46:7f:aa:1b:54:45:1f:f3:4c:63:fc:f4:63:
2d:07:1e:a4:fc:9e:bb:cb:20:f8:64:69:3a:bb:20:
4e:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:84:2B:B6:2C:5A:3F:C1:52:A1:D8:A4:B6:6B:DC:DA:BF:63:2D:0D
X509v3 Authority Key Identifier:
keyid:B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/zIQrtixaP8FSodiktmvc2r9jLQ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.75.8.0/21
185.28.0.0/22
185.40.72.0/22
185.81.236.0/22
185.153.248.0/22
185.155.148.0/23
195.142.0.0/22
195.142.104.0/21
195.142.132.0/22
195.142.152.0/22
195.142.184.0/24
195.142.193.0-195.142.194.255
195.155.96.0/22
IPv6:
2a07:89c0::/48
Signature Algorithm: sha256WithRSAEncryption
1e:24:2f:d5:f4:0f:58:d7:6f:f2:f6:8c:26:02:b8:e9:d5:41:
44:f4:8b:16:79:29:27:1e:a6:27:48:15:2f:b2:b7:0f:0b:48:
7a:d4:c5:85:fc:4e:13:2a:93:3c:02:7e:fe:4a:de:80:9b:1c:
5b:df:f7:dc:08:a8:bd:a4:89:6e:cf:d3:e9:5b:60:f8:d5:c9:
e0:61:fd:fb:83:df:ba:95:a3:73:16:dd:8d:b3:f8:a6:76:f9:
90:39:13:90:e9:a9:d0:07:3f:8e:6e:9c:22:05:18:bc:8e:27:
cc:8b:9f:30:9a:34:67:d3:31:54:56:e5:ab:20:6b:d1:86:7b:
88:8b:4f:66:95:d7:cb:91:f0:f9:00:42:07:4a:a9:4c:63:4a:
29:83:be:10:d5:d5:19:6a:c2:fe:82:fd:bb:ed:c8:7e:65:3f:
74:9f:1b:45:f7:38:44:77:bf:ad:ad:00:a1:96:ea:55:e3:a9:
f0:d7:aa:f5:59:31:93:95:52:97:b9:cc:26:dd:7a:7f:37:aa:
c0:60:31:6f:4f:58:b9:a6:0c:da:15:ad:3f:4e:d2:a0:0a:19:
6c:08:c3:ef:ca:fb:0a:9a:7e:b8:f8:c4:ee:1d:e5:a7:0d:5c:
c4:81:cc:ba:7c:94:2f:9f:0c:98:e1:a5:c6:11:64:92:2c:4e:
88:46:e6:35
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAZowLPHL68yX08hgBtuQadV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjczNjc5NjdkYzc2MzM0OWZkMGI1MGUzMWY3NWI4MjMw
Mjg1OTAwHhcNMjUxMDI5MTMzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg0MmJiNjJjNWEzZmMxNTJhMWQ4YTRiNjZiZGNkYWJmNjMyZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0hbripK2WQj5LWyQJhCBlxgUFzh
zuJPHJUry2R3ODrwqYPwGLf8je3JUw++ojjmTq1I9/QWWR2dbx2JoaLPSYcRYqIF
Z4n/G3+0DogqnBcpHenAO2pwv9+yzxnYL1v+cT1I6ltH5Xox/kWr5l4aVaQkchdN
J9V2kYT6tD5NpKwsb4QmaY3IsqJg3UHKaLtyj2EA2YSinjL10MCMwBFDpzbZtMko
4hqwoUPFxGRb51hWMxMscr3pw7Y7P1Ur1A1Twdkm3TTkfzh46gof7HkhWR66yHrv
CAtuzptzPIZJAU44fUZ/qhtURR/zTGP89GMtBx6k/J67yyD4ZGk6uyBOVQIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFMyEK7YsWj/BUqHYpLZr3Nq/Yy0NMB8GA1UdIwQY
MBaAFLRnNnln3HYzSf0LUOMfdbgjAoWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMt
YjgxMzczYzQwZGM5LzEveklRcnRpeGFQOEZTb2Rpa3RtdmMycjlqTFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMtYjgxMzczYzQwZGM5
LzEvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wXAQCAAEwVgMEAyVLCAME
ArkcAAMEArkoSAMEArlR7AMEArmZ+AMEAbmblAMEAsOOAAMEA8OOaAMEAsOOhAME
AsOOmAMEAMOOuDAMAwQAw47BAwQAw47CAwQCw5tgMA8EAgACMAkDBwAqB4nAAAAw
DQYJKoZIhvcNAQELBQADggEBAB4kL9X0D1jXb/L2jCYCuOnVQUT0ixZ5KScepidI
FS+ytw8LSHrUxYX8ThMqkzwCfv5K3oCbHFvf99wIqL2kiW7P0+lbYPjVyeBh/fuD
37qVo3MW3Y2z+KZ2+ZA5E5DpqdAHP45unCIFGLyOJ8yLnzCaNGfTMVRW5asga9GG
e4iLT2aV18uR8PkAQgdKqUxjSimDvhDV1Rlqwv6C/bvtyH5lP3SfG0X3OER3v62t
AKGW6lXjqfDXqvVZMZOVUpe5zCbden83qsBgMW9PWLmmDNoVrT9O0qAKGWwIw+/K
+wqafrj4xO4d5acNXMSBzLp8lC+fDJjhpcYRZJIsTohG5jU=
-----END CERTIFICATE-----
Generated at Wed Nov 5 01:44:40 2025 by rpki-client