Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/ctIdcbAxzlgE61iaJYeLZI-atK4.roa
File: ctIdcbAxzlgE61iaJYeLZI-atK4.roa (raw, json)
Hash identifier: xe/X44jbVuhNTWtEZLlddMSK0Nf/sdgGvPMIEXHpN6g=
Subject key identifier: 72:D2:1D:71:B0:31:CE:58:04:EB:58:9A:25:87:8B:64:8F:9A:B4:AE
Certificate issuer: /CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Certificate serial: 01998587A409CCDFFB893FC48B6A1F15AF63
Authority key identifier: 9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/ctIdcbAxzlgE61iaJYeLZI-atK4.roa
Signing time: Fri 26 Sep 2025 10:18:03 +0000
ROA not before: Fri 26 Sep 2025 10:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20676
IP address blocks: 62.8.128.0/17 maxlen: 17
62.8.168.0/21 maxlen: 21
62.8.176.0/20 maxlen: 20
62.145.0.0/19 maxlen: 19
62.206.0.0/16 maxlen: 16
62.206.164.0/24 maxlen: 24
62.206.165.0/24 maxlen: 24
62.206.166.0/24 maxlen: 24
83.236.0.0/16 maxlen: 16
83.236.0.0/20 maxlen: 20
83.236.16.0/20 maxlen: 20
83.236.32.0/21 maxlen: 21
84.245.128.0/18 maxlen: 18
85.8.132.0/22 maxlen: 22
87.193.0.0/16 maxlen: 16
87.234.0.0/16 maxlen: 16
92.193.0.0/16 maxlen: 16
92.194.0.0/16 maxlen: 16
92.195.0.0/16 maxlen: 16
92.195.0.0/17 maxlen: 17
92.195.128.0/17 maxlen: 17
92.196.0.0/14 maxlen: 14
92.196.0.0/19 maxlen: 19
92.196.96.0/20 maxlen: 20
92.196.112.0/20 maxlen: 20
92.196.128.0/20 maxlen: 20
92.196.144.0/20 maxlen: 20
92.196.160.0/20 maxlen: 20
92.196.176.0/20 maxlen: 20
92.196.192.0/20 maxlen: 20
92.196.208.0/20 maxlen: 20
92.196.224.0/19 maxlen: 19
92.197.130.0/24 maxlen: 24
92.198.96.0/19 maxlen: 19
92.198.144.0/20 maxlen: 20
92.198.160.0/19 maxlen: 19
92.198.192.0/20 maxlen: 20
92.198.208.0/20 maxlen: 20
92.198.224.0/20 maxlen: 20
92.198.240.0/20 maxlen: 20
92.199.16.0/20 maxlen: 20
92.199.64.0/20 maxlen: 20
92.199.96.0/20 maxlen: 20
92.199.112.0/20 maxlen: 20
92.199.128.0/20 maxlen: 20
92.199.144.0/20 maxlen: 20
92.199.176.0/20 maxlen: 20
92.199.208.0/20 maxlen: 20
185.144.188.0/22 maxlen: 22
194.9.127.0/24 maxlen: 24
194.140.96.0/20 maxlen: 20
195.32.128.0/17 maxlen: 17
195.80.192.0/19 maxlen: 19
195.90.0.0/19 maxlen: 19
195.90.8.0/21 maxlen: 21
195.158.160.0/19 maxlen: 19
212.4.160.0/19 maxlen: 19
212.4.176.0/20 maxlen: 20
212.5.0.0/19 maxlen: 19
212.5.8.0/21 maxlen: 21
212.5.16.0/20 maxlen: 20
212.60.192.0/18 maxlen: 18
212.63.32.0/19 maxlen: 19
212.84.208.0/20 maxlen: 20
212.84.224.0/19 maxlen: 19
212.105.192.0/19 maxlen: 19
212.110.192.0/19 maxlen: 19
212.202.0.0/16 maxlen: 16
212.202.0.0/19 maxlen: 19
212.202.40.0/21 maxlen: 21
212.202.48.0/20 maxlen: 20
212.202.168.0/21 maxlen: 21
212.202.176.0/20 maxlen: 20
213.148.128.0/19 maxlen: 19
213.148.128.0/24 maxlen: 24
213.148.129.0/24 maxlen: 24
213.148.130.0/24 maxlen: 24
213.148.133.0/24 maxlen: 24
213.160.0.0/19 maxlen: 19
213.160.0.0/24 maxlen: 24
213.217.64.0/18 maxlen: 18
217.146.128.0/19 maxlen: 19
2001:658::/29 maxlen: 29
2001:1a80::/29 maxlen: 29
2001:1a80:800::/48 maxlen: 48
2001:1a80:801::/48 maxlen: 48
2001:1a80:802::/48 maxlen: 48
2001:1a81:1000::/36 maxlen: 40
2001:1a81:1000::/40 maxlen: 48
2001:1a81:2000::/36 maxlen: 40
2001:1a81:2000::/40 maxlen: 48
2001:1a81:3000::/36 maxlen: 40
2001:1a81:3000::/40 maxlen: 48
2001:1a81:4000::/36 maxlen: 40
2001:1a81:4000::/40 maxlen: 48
2001:1a81:5000::/36 maxlen: 40
2001:1a81:5000::/40 maxlen: 48
2001:1a81:6000::/36 maxlen: 40
2001:1a81:6000::/40 maxlen: 48
2001:1a81:7000::/36 maxlen: 40
2001:1a81:7000::/40 maxlen: 48
2a09:7100::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:85:87:a4:09:cc:df:fb:89:3f:c4:8b:6a:1f:15:af:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Validity
Not Before: Sep 26 10:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72d21d71b031ce5804eb589a25878b648f9ab4ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:4c:84:73:b7:df:5a:71:b7:2e:83:92:12:de:
d2:2d:8a:10:2f:3b:3f:f8:40:a5:3e:b6:5a:89:a5:
0a:c7:d3:7f:bf:88:be:62:2f:52:e5:e6:5f:eb:d0:
bd:b5:03:3c:b0:82:ee:bd:32:f6:1b:81:9a:b0:5e:
9b:9f:f3:60:52:1c:67:90:c9:c8:95:cb:16:82:ac:
a7:bf:ab:84:da:76:4f:e0:31:90:11:71:24:1c:7c:
1d:b1:a4:11:76:37:12:2f:02:27:e4:8c:05:40:6f:
67:e3:c8:2f:95:a3:b1:6b:bf:5d:1a:1b:7a:98:ae:
86:b5:47:2b:8a:4d:9f:99:01:18:cd:f2:6b:2d:20:
5f:5e:47:6a:fe:2e:bd:da:c1:1b:8f:df:4b:72:d1:
0c:35:80:9f:63:c4:6d:ba:a9:84:f6:04:c6:c3:d8:
0f:4c:56:cb:d7:f0:1e:dd:9a:fc:19:52:97:ab:94:
e8:5e:3e:a7:c3:34:2a:50:8f:2b:3b:76:1e:ab:ad:
2d:d9:90:18:24:e3:75:27:f6:4c:fb:2e:04:3c:de:
73:ae:ab:7a:f2:10:71:19:00:95:40:a8:8f:4f:3f:
70:0f:08:77:53:ff:08:7c:36:b8:49:d9:29:fe:db:
37:47:61:dd:c8:af:58:dd:40:ea:a3:c2:0c:3a:f9:
84:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:D2:1D:71:B0:31:CE:58:04:EB:58:9A:25:87:8B:64:8F:9A:B4:AE
X509v3 Authority Key Identifier:
keyid:9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/ctIdcbAxzlgE61iaJYeLZI-atK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.8.128.0/17
62.145.0.0/19
62.206.0.0/16
83.236.0.0/16
84.245.128.0/18
85.8.132.0/22
87.193.0.0/16
87.234.0.0/16
92.193.0.0-92.199.255.255
185.144.188.0/22
194.9.127.0/24
194.140.96.0/20
195.32.128.0/17
195.80.192.0/19
195.90.0.0/19
195.158.160.0/19
212.4.160.0/19
212.5.0.0/19
212.60.192.0/18
212.63.32.0/19
212.84.208.0-212.84.255.255
212.105.192.0/19
212.110.192.0/19
212.202.0.0/16
213.148.128.0/19
213.160.0.0/19
213.217.64.0/18
217.146.128.0/19
IPv6:
2001:658::/29
2001:1a80::/29
2a09:7100::/29
Signature Algorithm: sha256WithRSAEncryption
0c:3e:e0:7e:60:88:24:3c:3a:7f:a4:a6:fb:22:ce:04:28:83:
6c:00:3d:ec:71:cf:ae:9a:61:c3:0b:2a:70:33:72:f5:62:9a:
6b:13:95:a1:22:0c:dd:6e:71:9a:7f:5a:05:12:42:b0:68:fb:
74:a6:87:a8:7c:8f:48:b3:e4:fd:c2:4e:09:27:84:72:db:83:
05:23:c7:65:e9:13:ee:53:7a:38:67:c3:24:01:f3:d1:50:96:
48:9d:4b:7c:a0:b8:97:f5:da:4b:f1:19:77:42:cf:d8:55:96:
cf:50:44:f8:ea:ef:62:e9:bb:a9:5e:a3:85:8a:10:74:ad:80:
01:c6:8d:b1:37:bb:59:e6:8c:09:9d:73:fd:88:5d:51:c2:bd:
0c:2a:b2:71:fe:76:1a:d5:c9:04:f5:a8:66:e3:4a:e1:9e:06:
51:71:6a:c5:87:0a:d0:77:71:00:04:73:53:1d:26:58:32:3f:
5d:a4:75:ff:4b:d3:40:0f:7a:2a:6a:5e:11:04:15:72:37:b1:
2a:0c:ba:f0:7a:d1:99:e1:8c:ff:4e:1e:ac:05:99:61:02:51:
a4:ed:1c:b1:f1:2d:52:3a:1c:75:f2:d8:7e:7f:0c:3b:a3:e1:
62:dc:31:31:82:6c:b0:4b:e4:7a:48:73:e0:ae:c6:de:5e:af:
66:ae:e4:d9
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAZmFh6QJzN/7iT/Ei2ofFa9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDY2Y2I4NDg4ZGFlN2U0MjM0YWE3Yzg5MjQzMGRhZDEx
ZmU1YjEwHhcNMjUwOTI2MTAxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQyMWQ3MWIwMzFjZTU4MDRlYjU4OWEyNTg3OGI2NDhmOWFiNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkyEc7ffWnG3LoOSEt7SLYoQLzs/
+EClPrZaiaUKx9N/v4i+Yi9S5eZf69C9tQM8sILuvTL2G4GasF6bn/NgUhxnkMnI
lcsWgqynv6uE2nZP4DGQEXEkHHwdsaQRdjcSLwIn5IwFQG9n48gvlaOxa79dGht6
mK6GtUcrik2fmQEYzfJrLSBfXkdq/i692sEbj99LctEMNYCfY8RtuqmE9gTGw9gP
TFbL1/Ae3Zr8GVKXq5ToXj6nwzQqUI8rO3Yeq60t2ZAYJON1J/ZM+y4EPN5zrqt6
8hBxGQCVQKiPTz9wDwh3U/8IfDa4Sdkp/ts3R2HdyK9Y3UDqo8IMOvmEiQIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFHLSHXGwMc5YBOtYmiWHi2SPmrSuMB8GA1UdIwQY
MBaAFJ0GbLhIja5+QjSqfIkkMNrRH+WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQt
M2VmMDJkNTE0MGI3LzEvY3RJZGNiQXh6bGdFNjFpYUpZZUxaSS1hdEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQtM2VmMDJkNTE0MGI3
LzEvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBtwQCAAEwgbADBAc+
CIADBAU+kQADAwA+zgMDAFPsAwQGVPWAAwQCVQiEAwMAV8EDAwBX6jAKAwMAXMED
AwNcwAMEArmQvAMEAMIJfwMEBMKMYAMEB8MggAMEBcNQwAMEBcNaAAMEBcOeoAME
BdQEoAMEBdQFAAMEBtQ8wAMEBdQ/IDALAwQE1FTQAwMA1FQDBAXUacADBAXUbsAD
AwDUygMEBdWUgAMEBdWgAAMEBtXZQAMEBdmSgDAbBAIAAjAVAwUDIAEGWAMFAyAB
GoADBQMqCXEAMA0GCSqGSIb3DQEBCwUAA4IBAQAMPuB+YIgkPDp/pKb7Is4EKINs
AD3scc+ummHDCypwM3L1YpprE5WhIgzdbnGaf1oFEkKwaPt0poeofI9Is+T9wk4J
J4Ry24MFI8dl6RPuU3o4Z8MkAfPRUJZInUt8oLiX9dpL8Rl3Qs/YVZbPUET46u9i
6bupXqOFihB0rYABxo2xN7tZ5owJnXP9iF1Rwr0MKrJx/nYa1ckE9ahm40rhngZR
cWrFhwrQd3EABHNTHSZYMj9dpHX/S9NAD3oqal4RBBVyN7EqDLrwetGZ4Yz/Th6s
BZlhAlGk7Ryx8S1SOhx18th+fww7o+Fi3DExgmywS+R6SHPgrsbeXq9mruTZ
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:08 2025 by rpki-client