Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/CoNCbdPpJL-6fbcnJD3B3DbY734.roa
File: CoNCbdPpJL-6fbcnJD3B3DbY734.roa (raw, json)
Hash identifier: ouhTfA8/5+dNL+YmL8KPLbr0RKoGCNyfOXLbumLXJJ4=
Subject key identifier: 0A:83:42:6D:D3:E9:24:BF:BA:7D:B7:27:24:3D:C1:DC:36:D8:EF:7E
Certificate issuer: /CN=d07267bf23b2971a4795a83ef8478a821bafb1db
Certificate serial: 01997AA082C6770721281C9CFCFA28D03CD7
Authority key identifier: D0:72:67:BF:23:B2:97:1A:47:95:A8:3E:F8:47:8A:82:1B:AF:B1:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0HJnvyOylxpHlag--EeKghuvsds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/CoNCbdPpJL-6fbcnJD3B3DbY734.roa
Signing time: Wed 24 Sep 2025 07:29:23 +0000
ROA not before: Wed 24 Sep 2025 07:29:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8445
IP address blocks: 46.247.192.0/19 maxlen: 19
82.194.128.0/19 maxlen: 19
83.215.0.0/16 maxlen: 16
89.26.0.0/17 maxlen: 17
89.26.23.0/24 maxlen: 24
91.133.64.0/18 maxlen: 18
95.81.32.0/19 maxlen: 19
158.220.0.0/19 maxlen: 19
158.220.32.0/19 maxlen: 19
159.48.0.0/22 maxlen: 22
185.10.108.0/22 maxlen: 22
185.22.244.0/22 maxlen: 22
185.57.184.0/22 maxlen: 22
185.72.68.0/22 maxlen: 22
185.164.36.0/22 maxlen: 22
185.165.60.0/22 maxlen: 22
185.191.108.0/22 maxlen: 22
185.195.216.0/22 maxlen: 22
185.213.140.0/22 maxlen: 22
185.219.252.0/22 maxlen: 22
193.228.4.0/22 maxlen: 22
193.228.8.0/23 maxlen: 23
194.37.0.0/24 maxlen: 24
194.93.160.0/19 maxlen: 19
194.107.130.0/23 maxlen: 23
194.107.192.0/21 maxlen: 21
195.70.96.0/19 maxlen: 19
195.123.16.0/20 maxlen: 20
195.123.32.0/19 maxlen: 19
195.192.0.0/17 maxlen: 17
213.153.32.0/19 maxlen: 19
213.153.32.0/24 maxlen: 24
213.153.62.0/24 maxlen: 24
2a03:c400::/29 maxlen: 32
2a03:c400::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/0HJnvyOylxpHlag--EeKghuvsds.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/0HJnvyOylxpHlag--EeKghuvsds.mft
rsync://rpki.ripe.net/repository/DEFAULT/0HJnvyOylxpHlag--EeKghuvsds.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7a:a0:82:c6:77:07:21:28:1c:9c:fc:fa:28:d0:3c:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d07267bf23b2971a4795a83ef8478a821bafb1db
Validity
Not Before: Sep 24 07:29:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a83426dd3e924bfba7db727243dc1dc36d8ef7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:fd:df:27:e0:dc:ac:d8:3a:d8:7b:08:63:f1:
dc:c9:8c:1d:f2:e6:84:01:82:a9:e8:a5:c1:d8:65:
06:9c:a6:22:f1:fb:53:9e:f8:23:c7:ce:fe:1f:d4:
52:77:7f:23:36:53:2e:3d:ea:47:a6:99:84:f2:63:
3f:c6:c1:21:46:6e:8c:d8:dc:d8:f2:2a:74:e5:87:
b5:18:34:9a:c7:d7:56:75:fb:78:53:d5:ec:b0:64:
75:a4:35:15:17:41:03:c3:22:ac:35:9b:a2:0d:86:
ef:49:cb:9d:17:48:cf:39:ea:5d:13:17:31:78:e6:
d5:4b:e3:2e:cf:bd:2a:09:cd:90:90:cd:9d:43:e6:
26:d9:58:8a:9f:bd:c2:52:5d:c0:f2:56:f2:80:b5:
dc:e1:6c:4e:49:d4:38:89:59:3d:0d:b6:31:69:2a:
5e:7d:b6:a3:c1:66:a8:7c:df:95:66:42:93:eb:4a:
6c:1b:bf:26:8e:d9:0c:51:ec:57:cd:2d:bd:f5:d6:
b0:7e:b2:9e:cf:ab:0b:d6:61:8c:49:b1:7d:33:60:
ad:28:03:42:ba:f8:91:d7:be:58:35:7e:11:5f:42:
f3:2a:ea:b6:27:66:ce:dd:b4:a7:45:9c:00:80:25:
31:2b:8e:c6:8b:a9:10:42:0b:f9:7a:35:32:7b:01:
57:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:83:42:6D:D3:E9:24:BF:BA:7D:B7:27:24:3D:C1:DC:36:D8:EF:7E
X509v3 Authority Key Identifier:
keyid:D0:72:67:BF:23:B2:97:1A:47:95:A8:3E:F8:47:8A:82:1B:AF:B1:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0HJnvyOylxpHlag--EeKghuvsds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/CoNCbdPpJL-6fbcnJD3B3DbY734.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/8db579-c1fc-4215-90f4-f4673ba52c00/1/0HJnvyOylxpHlag--EeKghuvsds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.192.0/19
82.194.128.0/19
83.215.0.0/16
89.26.0.0/17
91.133.64.0/18
95.81.32.0/19
158.220.0.0/18
159.48.0.0/22
185.10.108.0/22
185.22.244.0/22
185.57.184.0/22
185.72.68.0/22
185.164.36.0/22
185.165.60.0/22
185.191.108.0/22
185.195.216.0/22
185.213.140.0/22
185.219.252.0/22
193.228.4.0-193.228.9.255
194.37.0.0/24
194.93.160.0/19
194.107.130.0/23
194.107.192.0/21
195.70.96.0/19
195.123.16.0-195.123.63.255
195.192.0.0/17
213.153.32.0/19
IPv6:
2a03:c400::/29
Signature Algorithm: sha256WithRSAEncryption
45:c8:9f:48:a1:8d:aa:52:d2:3e:0e:28:94:ba:b4:0a:36:09:
63:72:b8:f6:90:95:f6:ac:4d:9c:88:d4:3d:52:35:9f:6a:6a:
a4:5a:d2:24:ba:88:46:b3:c0:38:e6:e3:52:3a:63:14:f9:ec:
84:b2:8f:ca:b9:8e:06:26:18:79:4c:6c:c1:0e:73:b8:03:79:
35:a7:29:d2:9a:72:64:d1:a0:b0:9e:62:2d:e4:4d:90:e5:09:
4d:0d:61:79:c5:8d:19:7b:9a:59:f6:c8:5e:7f:d3:5f:72:7b:
a4:44:00:47:29:85:76:4b:67:87:cd:74:b6:38:8b:cb:81:c5:
ad:01:09:ee:ac:b7:fe:83:4a:e9:56:02:da:c3:07:ed:d3:a1:
d6:85:58:e4:5f:9b:7a:86:34:75:5e:bf:c3:41:89:ef:91:41:
cf:c5:b1:7c:33:60:93:51:96:71:31:69:0a:bf:30:ba:f6:43:
de:b2:01:6e:c7:c8:ea:65:b9:fa:9b:bc:ab:7b:cf:12:17:dc:
e7:34:aa:50:9a:45:ce:65:0b:5d:f6:20:3c:7b:10:37:f2:d7:
16:5d:c2:6f:b4:bd:7b:42:96:d0:7c:a8:6b:e6:a0:3e:0c:7f:
a4:88:df:5c:db:65:27:bd:d2:ff:20:50:78:66:32:f4:45:15:
87:d3:7f:b6
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAZl6oILGdwchKByc/Poo0DzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNzI2N2JmMjNiMjk3MWE0Nzk1YTgzZWY4NDc4YTgyMWJh
ZmIxZGIwHhcNMjUwOTI0MDcyOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgzNDI2ZGQzZTkyNGJmYmE3ZGI3MjcyNDNkYzFkYzM2ZDhlZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3fJ+DcrNg62HsIY/HcyYwd8uaE
AYKp6KXB2GUGnKYi8ftTnvgjx87+H9RSd38jNlMuPepHppmE8mM/xsEhRm6M2NzY
8ip05Ye1GDSax9dWdft4U9XssGR1pDUVF0EDwyKsNZuiDYbvScudF0jPOepdExcx
eObVS+Muz70qCc2QkM2dQ+Ym2ViKn73CUl3A8lbygLXc4WxOSdQ4iVk9DbYxaSpe
fbajwWaofN+VZkKT60psG78mjtkMUexXzS299dawfrKez6sL1mGMSbF9M2CtKANC
uviR175YNX4RX0LzKuq2J2bO3bSnRZwAgCUxK47Gi6kQQgv5ejUyewFXUQIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFAqDQm3T6SS/un23JyQ9wdw22O9+MB8GA1UdIwQY
MBaAFNByZ78jspcaR5WoPvhHioIbr7HbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEhKbnZ5T3lseHBIbGFnLS1FZUtnaHV2c2RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS84ZGI1NzktYzFmYy00MjE1LTkwZjQt
ZjQ2NzNiYTUyYzAwLzEvQ29OQ2JkUHBKTC02ZmJjbkpEM0IzRGJZNzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS84ZGI1NzktYzFmYy00MjE1LTkwZjQtZjQ2NzNiYTUyYzAw
LzEvMEhKbnZ5T3lseHBIbGFnLS1FZUtnaHV2c2RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBuAQCAAEwgbEDBAUu
98ADBAVSwoADAwBT1wMEB1kaAAMEBluFQAMEBV9RIAMEBp7cAAMEAp8wAAMEArkK
bAMEArkW9AMEArk5uAMEArlIRAMEArmkJAMEArmlPAMEArm/bAMEArnD2AMEArnV
jAMEArnb/DAMAwQCweQEAwQBweQIAwQAwiUAAwQFwl2gAwQBwmuCAwQDwmvAAwQF
w0ZgMAwDBATDexADBAbDewADBAfDwAADBAXVmSAwDQQCAAIwBwMFAyoDxAAwDQYJ
KoZIhvcNAQELBQADggEBAEXIn0ihjapS0j4OKJS6tAo2CWNyuPaQlfasTZyI1D1S
NZ9qaqRa0iS6iEazwDjm41I6YxT57ISyj8q5jgYmGHlMbMEOc7gDeTWnKdKacmTR
oLCeYi3kTZDlCU0NYXnFjRl7mln2yF5/019ye6REAEcphXZLZ4fNdLY4i8uBxa0B
Ce6st/6DSulWAtrDB+3TodaFWORfm3qGNHVev8NBie+RQc/FsXwzYJNRlnExaQq/
MLr2Q96yAW7HyOplufqbvKt7zxIX3Oc0qlCaRc5lC132IDx7EDfy1xZdwm+0vXtC
ltB8qGvmoD4Mf6SI31zbZSe90v8gUHhmMvRFFYfTf7Y=
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:55:20 2025 by rpki-client