Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3lsasVbImJhNZKQLWE7bUXDGk_E.roa
File: 3lsasVbImJhNZKQLWE7bUXDGk_E.roa (raw, json)
Hash identifier: GsaoggpqXDbcXxgyUoT8i0EOlaUyRHoBlKjWHIKtkN8=
Subject key identifier: DE:5B:1A:B1:56:C8:98:98:4D:64:A4:0B:58:4E:DB:51:70:C6:93:F1
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 019967F0E3760144493B7D24C8CC060B93C1
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3lsasVbImJhNZKQLWE7bUXDGk_E.roa
Signing time: Sat 20 Sep 2025 16:24:23 +0000
ROA not before: Sat 20 Sep 2025 16:24:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 64267
IP address blocks: 163.5.14.0/24 maxlen: 24
163.5.33.0/24 maxlen: 24
163.5.61.0/24 maxlen: 24
163.5.91.0/24 maxlen: 24
163.5.211.0/24 maxlen: 24
163.5.215.0/24 maxlen: 24
163.5.239.0/24 maxlen: 24
163.5.245.0/24 maxlen: 24
163.5.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:67:f0:e3:76:01:44:49:3b:7d:24:c8:cc:06:0b:93:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Sep 20 16:24:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de5b1ab156c898984d64a40b584edb5170c693f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:b7:ae:f5:29:4b:a6:82:6d:3f:fb:f9:2d:5a:
1f:e1:4a:4f:21:be:18:71:b5:fa:fb:87:a7:85:06:
68:90:54:f0:f6:79:df:0f:29:62:ab:4b:a0:ff:31:
ca:4e:2c:83:ae:6a:89:a8:05:39:2b:cb:42:21:aa:
6a:90:93:19:b1:53:8b:ea:19:3e:9a:3e:aa:b5:47:
29:6e:ef:f5:4b:ad:11:49:8d:0a:89:4e:72:82:69:
b2:68:cf:da:c4:ce:2e:ef:84:62:b1:d0:79:c1:4b:
d9:f0:a9:f5:1e:f0:d7:e6:33:65:e8:26:14:13:1b:
71:0b:a0:fa:d4:c3:ab:eb:f4:60:a1:6d:02:2a:c9:
25:75:c6:00:0d:04:46:9a:0f:e8:60:a6:6b:32:ad:
5b:fa:eb:56:35:c3:f3:ca:5c:80:27:c3:54:e0:fc:
48:ad:68:37:3c:67:62:fc:2d:1f:46:f6:2e:a2:3f:
f0:0a:d6:6a:0c:26:aa:d2:92:b7:94:59:5a:0f:2d:
49:5a:11:6a:52:43:4d:46:a5:33:64:00:e7:26:c5:
5a:da:f3:2d:7e:70:76:1d:0a:2e:47:38:b2:c1:f1:
1a:27:fa:8e:68:68:fc:c0:c8:c9:1e:e3:4a:0c:dd:
d8:cd:0f:e3:7e:6f:33:27:6e:6e:c3:ee:67:97:21:
f7:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:5B:1A:B1:56:C8:98:98:4D:64:A4:0B:58:4E:DB:51:70:C6:93:F1
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/3lsasVbImJhNZKQLWE7bUXDGk_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.14.0/24
163.5.33.0/24
163.5.61.0/24
163.5.91.0/24
163.5.211.0/24
163.5.215.0/24
163.5.239.0/24
163.5.245.0/24
163.5.255.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:9e:fb:82:a4:a1:10:c5:57:cf:2d:65:77:03:4e:4b:65:11:
ac:23:a3:ec:62:6f:35:78:46:2b:bb:0a:8c:aa:e2:25:02:37:
33:11:7c:5e:e8:4f:8d:96:e3:32:dc:8b:de:aa:b1:63:fa:0b:
10:b9:97:27:aa:36:0a:7a:a9:91:86:b2:e1:e2:81:a9:ab:7e:
f8:f9:1c:a5:1b:77:18:27:a8:a3:0f:a9:ce:9c:7c:f4:27:41:
f9:0b:9e:c4:38:7e:09:5f:ee:53:af:61:67:db:ba:b1:e8:20:
a5:22:c3:ff:e2:3c:8c:e3:f4:d4:5f:05:70:7e:d4:9d:ed:4b:
e6:9f:12:06:4e:3c:c1:88:01:70:46:c3:ba:c1:11:40:85:d4:
32:52:13:e5:2c:2a:68:b8:ff:cd:25:cf:e2:79:29:f6:51:ba:
d5:f3:3a:cf:88:9f:3e:d1:38:0f:51:4a:89:a2:0a:cf:78:1a:
42:01:09:48:e6:8f:06:27:57:8f:a4:48:87:cf:7f:63:14:d8:
ca:a0:b0:c7:03:c2:7d:84:03:ac:99:1c:ec:8d:38:f8:81:44:
69:a7:c0:5f:0b:ae:d5:5e:1f:10:f2:fa:e8:92:1d:ce:04:0f:
d4:a6:4d:d7:2c:db:07:fb:3b:fa:9a:2c:02:5b:39:e9:e3:51:
e8:ce:38:02
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZln8ON2AURJO30kyMwGC5PBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTIwMTYyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTViMWFiMTU2Yzg5ODk4NGQ2NGE0MGI1ODRlZGI1MTcwYzY5M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLeu9SlLpoJtP/v5LVof4UpPIb4Y
cbX6+4enhQZokFTw9nnfDyliq0ug/zHKTiyDrmqJqAU5K8tCIapqkJMZsVOL6hk+
mj6qtUcpbu/1S60RSY0KiU5ygmmyaM/axM4u74RisdB5wUvZ8Kn1HvDX5jNl6CYU
ExtxC6D61MOr6/RgoW0CKskldcYADQRGmg/oYKZrMq1b+utWNcPzylyAJ8NU4PxI
rWg3PGdi/C0fRvYuoj/wCtZqDCaq0pK3lFlaDy1JWhFqUkNNRqUzZADnJsVa2vMt
fnB2HQouRziywfEaJ/qOaGj8wMjJHuNKDN3YzQ/jfm8zJ25uw+5nlyH3/wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFN5bGrFWyJiYTWSkC1hO21FwxpPxMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvM2xzYXNWYkltSmhOWktRTFdFN2JVWERHa19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAowUOAwQA
owUhAwQAowU9AwQAowVbAwQAowXTAwQAowXXAwQAowXvAwQAowX1AwQAowX/MA0G
CSqGSIb3DQEBCwUAA4IBAQB+nvuCpKEQxVfPLWV3A05LZRGsI6PsYm81eEYruwqM
quIlAjczEXxe6E+NluMy3IveqrFj+gsQuZcnqjYKeqmRhrLh4oGpq374+RylG3cY
J6ijD6nOnHz0J0H5C57EOH4JX+5Tr2Fn27qx6CClIsP/4jyM4/TUXwVwftSd7Uvm
nxIGTjzBiAFwRsO6wRFAhdQyUhPlLCpouP/NJc/ieSn2UbrV8zrPiJ8+0TgPUUqJ
ogrPeBpCAQlI5o8GJ1ePpEiHz39jFNjKoLDHA8J9hAOsmRzsjTj4gURpp8BfC67V
Xh8Q8vrokh3OBA/Upk3XLNsH+zv6miwCWznp41HozjgC
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:43:17 2025 by rpki-client