Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u65FQ52RoDixeFWsBxwXX4K6U6o.roa
File: u65FQ52RoDixeFWsBxwXX4K6U6o.roa (raw, json)
Hash identifier: JmYwggyhPhcUZW5N8CU5r25YjJb9/r1Xo6xkDDeeu8o=
Subject key identifier: BB:AE:45:43:9D:91:A0:38:B1:78:55:AC:07:1C:17:5F:82:BA:53:AA
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0198D1398118CAD04BBDDA93041D28627713
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u65FQ52RoDixeFWsBxwXX4K6U6o.roa
Signing time: Fri 22 Aug 2025 10:01:03 +0000
ROA not before: Fri 22 Aug 2025 10:01:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
87.120.38.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.132.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.88.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.37.0/24 maxlen: 32
93.123.47.0/24 maxlen: 24
93.123.64.0/24 maxlen: 32
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/22 maxlen: 24
94.156.177.0/24 maxlen: 24
94.156.227.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.28.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.219.127.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.59.28.0/23 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d1:39:81:18:ca:d0:4b:bd:da:93:04:1d:28:62:77:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 22 10:01:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bbae45439d91a038b17855ac071c175f82ba53aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:93:ba:cc:12:1b:29:8f:8e:3c:b0:e3:02:71:
e2:dd:4b:30:9d:73:c3:22:dd:d9:e6:64:10:9c:35:
ab:f7:74:69:33:eb:b7:74:e6:68:c8:62:0b:9c:c1:
d2:a8:ab:4c:89:84:93:8c:e0:39:9c:35:bc:90:6f:
29:8b:c0:bc:6a:96:bd:46:e5:30:49:9f:8f:91:b4:
dc:26:04:a4:ea:07:be:61:83:b7:a4:57:68:ba:cb:
f0:aa:9b:27:8f:03:a4:59:b0:d2:46:9b:a5:ed:e0:
9e:c6:17:5d:89:7a:b9:69:a1:71:16:e3:9d:39:01:
a2:43:07:c5:dd:47:0e:54:3b:dc:fe:91:9a:59:e3:
85:ed:5b:11:2d:dc:11:70:c9:a0:41:61:25:46:6b:
83:e9:90:ef:05:d9:f4:58:1c:fa:58:fa:8f:6b:2b:
fd:cb:f3:1d:b0:4b:ae:cc:57:e1:fe:4d:54:49:c6:
9d:34:a4:db:1b:49:06:32:5a:87:e5:91:23:79:17:
1c:3a:2c:e5:4d:fe:b4:d1:ee:f3:4a:17:bb:cc:cb:
1f:6a:13:f3:63:df:30:63:68:90:a3:c5:de:27:86:
87:30:89:36:3c:8b:89:93:15:93:fc:be:66:b7:27:
d1:9f:75:5d:64:c2:86:5e:8f:d6:f7:2d:f7:0a:45:
df:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:AE:45:43:9D:91:A0:38:B1:78:55:AC:07:1C:17:5F:82:BA:53:AA
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u65FQ52RoDixeFWsBxwXX4K6U6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
81.161.238.0/24
82.115.211.0/24
83.219.97.0/24
84.54.48.0/24
85.217.128.0/24
87.120.38.0/24
87.120.87.0/24
87.120.126.0/24
87.120.132.0/24
87.120.166.0/24
87.121.20.0/23
87.121.45.0/24
87.121.87.0-87.121.88.255
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.37.0/24
93.123.47.0/24
93.123.64.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.162.0/23
94.156.64.0/22
94.156.177.0/24
94.156.227.0/24
94.156.239.0/24
141.98.6.0/24
171.22.28.0/24
178.215.227.0/24
185.216.84.0/22
185.219.127.0/24
193.25.216.0/24
193.35.18.0/24
193.222.98.0/24
194.55.186.0/24
194.59.28.0/23
194.169.175.0/24
195.178.111.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:46:a5:ed:b7:3f:2f:54:db:2d:d3:ae:be:dd:ef:0f:ef:b0:
f1:2a:41:7e:0d:f9:09:ce:44:ba:22:a1:aa:bd:04:7a:71:7f:
07:a7:fe:31:e8:a1:59:36:aa:8f:97:df:72:45:e0:fb:7f:87:
f8:3b:eb:ca:8d:a2:e6:61:43:1b:d0:b7:fb:ef:0e:07:67:d2:
87:c6:76:2a:ff:c9:8d:e8:21:fd:c2:5a:3e:d2:5f:cb:a4:3f:
f0:99:36:e9:d1:5e:b1:c6:c6:7e:50:54:ec:45:2a:65:3a:8b:
4a:23:b0:36:c5:88:21:dd:4a:fc:2f:6a:f0:96:62:37:1d:e1:
d1:d9:6f:c9:c4:90:5d:5d:b9:18:c0:c9:ee:34:df:15:e9:f0:
18:bb:cc:81:c4:08:0d:42:5c:d1:f7:0a:ef:40:fa:b1:d4:f9:
8f:1d:7d:92:dc:7e:72:55:8b:b9:45:46:6c:18:93:af:70:c3:
0c:97:c1:d7:ba:0f:3e:5d:87:ea:5c:09:aa:1a:55:5c:08:af:
03:8b:c2:b3:1c:01:b8:bf:d6:3b:4a:5b:eb:8a:ab:69:0f:43:
0d:ea:68:09:8e:89:33:25:3f:29:15:b3:ee:5b:06:fd:35:b9:
83:82:13:d6:3f:f9:54:23:ef:05:73:7c:c7:44:98:f1:9c:9d:
c8:85:ef:b1
-----BEGIN CERTIFICATE-----
MIIGOzCCBSOgAwIBAgISAZjROYEYytBLvdqTBB0oYncTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODIyMTAwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFlNDU0MzlkOTFhMDM4YjE3ODU1YWMwNzFjMTc1ZjgyYmE1M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5O6zBIbKY+OPLDjAnHi3UswnXPD
It3Z5mQQnDWr93RpM+u3dOZoyGILnMHSqKtMiYSTjOA5nDW8kG8pi8C8apa9RuUw
SZ+PkbTcJgSk6ge+YYO3pFdousvwqpsnjwOkWbDSRpul7eCexhddiXq5aaFxFuOd
OQGiQwfF3UcOVDvc/pGaWeOF7VsRLdwRcMmgQWElRmuD6ZDvBdn0WBz6WPqPayv9
y/MdsEuuzFfh/k1UScadNKTbG0kGMlqH5ZEjeRccOizlTf600e7zShe7zMsfahPz
Y98wY2iQo8XeJ4aHMIk2PIuJkxWT/L5mtyfRn3VdZMKGXo/W9y33CkXftQIDAQAB
o4IDRzCCA0MwHQYDVR0OBBYEFLuuRUOdkaA4sXhVrAccF1+CulOqMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdTY1RlE1MlJvRGl4ZUZXc0J4d1hYNEs2VTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBWwYIKwYBBQUHAQcBAf8EggFKMIIBRjCCAUIEAgABMIIB
OgMEAgX8hAMEAB8N0wMEAC0JnQMEAC1C5AMEAC1C5wMEAC1RJwMEAC1Z9wMEAC1a
WQMEAC2LagMEAS2NngMEAFGh7gMEAFJz0wMEAFPbYQMEAFQ2MAMEAFXZgAMEAFd4
JgMEAFd4VwMEAFd4fgMEAFd4hAMEAFd4pgMEAVd5FAMEAFd5LTAMAwQAV3lXAwQA
V3lYAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkyAwQAXXslAwQAXXsvAwQAXXtAAwQA
XXttAwQAXXt1AwQAXXt3AwQAXmd9AwQBXpqiAwQCXpxAAwQAXpyxAwQAXpzjAwQA
XpzvAwQAjWIGAwQAqxYcAwQAstfjAwQCudhUAwQAudt/AwQAwRnYAwQAwSMSAwQA
wd5iAwQAwje6AwQBwjscAwQAwqmvAwQAw7JvMA0GCSqGSIb3DQEBCwUAA4IBAQBN
RqXttz8vVNst066+3e8P77DxKkF+DfkJzkS6IqGqvQR6cX8Hp/4x6KFZNqqPl99y
ReD7f4f4O+vKjaLmYUMb0Lf77w4HZ9KHxnYq/8mN6CH9wlo+0l/LpD/wmTbp0V6x
xsZ+UFTsRSplOotKI7A2xYgh3Ur8L2rwlmI3HeHR2W/JxJBdXbkYwMnuNN8V6fAY
u8yBxAgNQlzR9wrvQPqx1PmPHX2S3H5yVYu5RUZsGJOvcMMMl8HXug8+XYfqXAmq
GlVcCK8Di8KzHAG4v9Y7SlvriqtpD0MN6mgJjokzJT8pFbPuWwb9NbmDghPWP/lU
I+8Fc3zHRJjxnJ3Ihe+x
-----END CERTIFICATE-----
Generated at Sat Aug 23 09:03:30 2025 by rpki-client