Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/KZIUSongntyb8cmh04ohuVf-RH4.roa
File: KZIUSongntyb8cmh04ohuVf-RH4.roa (raw, json)
Hash identifier: EqZXG+hM0Nf7quHml742UmbfXBrPEdr6jmp61c5zxV4=
Subject key identifier: 29:92:14:4A:89:E0:9E:DC:9B:F1:C9:A1:D3:8A:21:B9:57:FE:44:7E
Certificate issuer: /CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
Certificate serial: 0199982C47C009B0E822193E2D9580757208
Authority key identifier: B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/KZIUSongntyb8cmh04ohuVf-RH4.roa
Signing time: Tue 30 Sep 2025 01:11:02 +0000
ROA not before: Tue 30 Sep 2025 01:11:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200590
IP address blocks: 5.188.64.0/22 maxlen: 24
5.188.152.0/22 maxlen: 24
77.240.33.0/24 maxlen: 24
77.240.35.0/24 maxlen: 24
77.240.44.0/22 maxlen: 24
79.143.20.0/22 maxlen: 24
82.115.60.0/24 maxlen: 24
82.115.61.0/24 maxlen: 24
82.115.62.0/24 maxlen: 24
84.252.156.0/22 maxlen: 24
87.255.194.0/23 maxlen: 24
87.255.196.0/22 maxlen: 24
87.255.200.0/23 maxlen: 24
89.223.0.0/24 maxlen: 24
89.223.2.0/24 maxlen: 24
91.147.88.0/24 maxlen: 24
91.147.89.0/24 maxlen: 24
91.147.90.0/24 maxlen: 24
91.147.91.0/24 maxlen: 24
91.147.100.0/22 maxlen: 24
91.231.67.0/24 maxlen: 24
93.190.240.0/22 maxlen: 24
94.126.201.0/24 maxlen: 24
178.238.78.0/23 maxlen: 24
185.97.112.0/22 maxlen: 24
185.182.216.0/24 maxlen: 24
185.182.217.0/24 maxlen: 24
188.94.152.0/23 maxlen: 24
193.106.98.0/24 maxlen: 24
194.76.124.0/22 maxlen: 24
2a06:580::/29 maxlen: 40
2a06:580:4::/48 maxlen: 48
2a06:580:5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.mft
rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:98:2c:47:c0:09:b0:e8:22:19:3e:2d:95:80:75:72:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b09fff8e8ffd8f8e7d9a7b66d1cc73dc39281ef6
Validity
Not Before: Sep 30 01:11:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2992144a89e09edc9bf1c9a1d38a21b957fe447e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:45:d5:ed:1b:e3:32:15:25:86:73:95:db:fb:
0a:8d:2a:2a:1f:05:d4:aa:cc:9e:b2:f6:e0:ef:91:
01:81:32:0d:60:e8:e6:09:fd:fe:45:7a:e2:55:28:
6f:dd:89:df:f7:9a:52:e1:2b:4d:f6:f5:15:3e:14:
02:3e:df:ad:56:d4:10:e6:af:c5:24:7b:19:f9:07:
9a:00:95:29:ee:7e:59:d4:9b:e7:de:ae:0a:3b:cf:
82:3e:21:bf:cf:17:74:a3:54:c0:0e:ef:56:68:c4:
27:64:e8:45:ba:38:22:79:11:e8:08:e4:c8:a2:90:
20:a9:09:a5:1b:df:c1:66:e4:71:d1:fd:dc:35:09:
ca:d5:7d:3b:98:72:50:4c:84:6c:fe:d5:5a:6e:7f:
c6:5b:b6:18:62:97:cb:32:cc:d7:e9:2e:98:d9:24:
25:26:a5:6f:3c:f9:5f:85:e0:5d:e3:de:dc:2a:ea:
d6:03:3a:eb:02:23:30:2f:03:3d:e1:8e:cf:83:05:
4a:27:4a:31:6d:16:63:64:d3:0e:62:0d:b0:b4:56:
6e:22:6a:d2:05:5b:40:0d:9a:1e:a8:bc:6f:92:a0:
09:4d:37:93:f9:fd:4d:82:c4:aa:0e:ca:1f:e7:ef:
c2:c7:3e:58:56:7a:5e:39:b9:dc:d9:1c:12:9c:f0:
79:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:92:14:4A:89:E0:9E:DC:9B:F1:C9:A1:D3:8A:21:B9:57:FE:44:7E
X509v3 Authority Key Identifier:
keyid:B0:9F:FF:8E:8F:FD:8F:8E:7D:9A:7B:66:D1:CC:73:DC:39:28:1E:F6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJ__jo_9j459mntm0cxz3DkoHvY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/KZIUSongntyb8cmh04ohuVf-RH4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/8fbc7e-1f47-487c-8292-e5a77f7a7aa2/1/sJ__jo_9j459mntm0cxz3DkoHvY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.188.64.0/22
5.188.152.0/22
77.240.33.0/24
77.240.35.0/24
77.240.44.0/22
79.143.20.0/22
82.115.60.0-82.115.62.255
84.252.156.0/22
87.255.194.0-87.255.201.255
89.223.0.0/24
89.223.2.0/24
91.147.88.0/22
91.147.100.0/22
91.231.67.0/24
93.190.240.0/22
94.126.201.0/24
178.238.78.0/23
185.97.112.0/22
185.182.216.0/23
188.94.152.0/23
193.106.98.0/24
194.76.124.0/22
IPv6:
2a06:580::/29
Signature Algorithm: sha256WithRSAEncryption
e3:ae:11:53:27:4c:a8:e5:8a:35:70:e4:90:17:3d:15:f0:bb:
b7:c7:23:cd:a8:f1:3e:81:01:e6:a7:82:d0:f2:82:ee:c3:62:
92:2a:be:c9:a4:65:62:80:b4:28:0e:0f:59:e2:89:f4:91:0f:
36:f3:24:97:7c:bc:83:28:7d:94:2a:03:a5:fb:14:68:79:eb:
2a:46:c9:27:03:81:ca:8b:3f:c1:22:6b:d9:ea:3e:a6:2c:16:
b1:d5:3a:56:74:51:a0:70:68:29:9f:91:1d:4f:30:01:37:58:
63:6e:02:7c:39:72:e4:e4:1a:43:bd:b6:52:ae:15:36:d2:87:
85:a6:5a:36:3c:92:29:d7:70:1b:06:e4:7b:95:86:6b:52:de:
15:d5:19:94:64:e4:9b:d3:9e:26:8c:7c:d8:89:42:01:6a:92:
31:16:5e:e0:6f:b9:d9:1f:d0:35:5d:74:45:62:8e:e3:c5:d3:
a4:a5:ce:5b:40:b3:05:9b:98:87:58:62:e9:3a:04:7e:2d:75:
2a:71:6a:f5:f2:65:d5:e6:b9:c9:53:7e:aa:fa:6c:7b:1f:48:
3b:18:69:55:94:ae:4d:63:b7:9a:6f:15:da:c0:1a:69:9e:b9:
46:5c:a4:07:27:f8:1e:aa:f6:dd:c6:9a:03:e4:d1:e7:a1:11:
46:6c:0c:6a
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZmYLEfACbDoIhk+LZWAdXIIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOWZmZjhlOGZmZDhmOGU3ZDlhN2I2NmQxY2M3M2RjMzky
ODFlZjYwHhcNMjUwOTMwMDExMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTkyMTQ0YTg5ZTA5ZWRjOWJmMWM5YTFkMzhhMjFiOTU3ZmU0NDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUXV7RvjMhUlhnOV2/sKjSoqHwXU
qsyesvbg75EBgTINYOjmCf3+RXriVShv3Ynf95pS4StN9vUVPhQCPt+tVtQQ5q/F
JHsZ+QeaAJUp7n5Z1Jvn3q4KO8+CPiG/zxd0o1TADu9WaMQnZOhFujgieRHoCOTI
opAgqQmlG9/BZuRx0f3cNQnK1X07mHJQTIRs/tVabn/GW7YYYpfLMszX6S6Y2SQl
JqVvPPlfheBd497cKurWAzrrAiMwLwM94Y7PgwVKJ0oxbRZjZNMOYg2wtFZuImrS
BVtADZoeqLxvkqAJTTeT+f1NgsSqDsof5+/Cxz5YVnpeObnc2RwSnPB5OwIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFCmSFEqJ4J7cm/HJodOKIblX/kR+MB8GA1UdIwQY
MBaAFLCf/46P/Y+OfZp7ZtHMc9w5KB72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0pfX2pvXzlqNDU5bW50bTBjeHozRGtvSHZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy84ZmJjN2UtMWY0Ny00ODdjLTgyOTIt
ZTVhNzdmN2E3YWEyLzEvS1pJVVNvbmdudHliOGNtaDA0b2h1VmYtUkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy84ZmJjN2UtMWY0Ny00ODdjLTgyOTItZTVhNzdmN2E3YWEy
LzEvc0pfX2pvXzlqNDU5bW50bTBjeHozRGtvSHZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBmwQCAAEwgZQDBAIF
vEADBAIFvJgDBABN8CEDBABN8CMDBAJN8CwDBAJPjxQwDAMEAlJzPAMEAFJzPgME
AlT8nDAMAwQBV//CAwQBV//IAwQAWd8AAwQAWd8CAwQCW5NYAwQCW5NkAwQAW+dD
AwQCXb7wAwQAXn7JAwQBsu5OAwQCuWFwAwQBubbYAwQBvF6YAwQAwWpiAwQCwkx8
MA0EAgACMAcDBQMqBgWAMA0GCSqGSIb3DQEBCwUAA4IBAQDjrhFTJ0yo5Yo1cOSQ
Fz0V8Lu3xyPNqPE+gQHmp4LQ8oLuw2KSKr7JpGVigLQoDg9Z4on0kQ828ySXfLyD
KH2UKgOl+xRoeesqRsknA4HKiz/BImvZ6j6mLBax1TpWdFGgcGgpn5EdTzABN1hj
bgJ8OXLk5BpDvbZSrhU20oeFplo2PJIp13AbBuR7lYZrUt4V1RmUZOSb054mjHzY
iUIBapIxFl7gb7nZH9A1XXRFYo7jxdOkpc5bQLMFm5iHWGLpOgR+LXUqcWr18mXV
5rnJU36q+mx7H0g7GGlVlK5NY7eabxXawBppnrlGXKQHJ/geqvbdxpoD5NHnoRFG
bAxq
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:00:57 2025 by rpki-client