Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CYZe3zNG2utl5upsjKYGMDKXD0.roa
File: 8CYZe3zNG2utl5upsjKYGMDKXD0.roa (raw, json)
Hash identifier: DcrG/tV4DqtNfHjSLU6dsYcsDLjrKBBtDvGMfZyYRo4=
Subject key identifier: F0:26:19:7B:7C:CD:1B:6B:AD:97:9B:A9:B2:32:98:18:C0:CA:5C:3D
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 0199A5C8C719760B406967E208F17CAF40AD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CYZe3zNG2utl5upsjKYGMDKXD0.roa
Signing time: Thu 02 Oct 2025 16:37:02 +0000
ROA not before: Thu 02 Oct 2025 16:37:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205463
IP address blocks: 2.56.108.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
45.81.113.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
45.88.136.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
45.94.170.0/24 maxlen: 24
45.132.181.0/24 maxlen: 24
45.151.3.0/24 maxlen: 24
85.209.120.0/24 maxlen: 24
193.57.41.0/24 maxlen: 24
194.15.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 04:02:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a5:c8:c7:19:76:0b:40:69:67:e2:08:f1:7c:af:40:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Oct 2 16:37:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f026197b7ccd1b6bad979ba9b2329818c0ca5c3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:09:59:31:da:ff:74:d7:13:c8:a8:b6:df:1c:
e2:87:98:87:4a:4a:3b:1e:17:53:03:20:e1:40:58:
62:1e:02:6a:2f:0f:1c:fe:e6:06:4b:81:a8:1c:53:
d5:01:7e:79:38:26:25:8b:80:3f:7f:e4:26:c7:39:
75:2f:ea:44:25:d8:c8:56:ad:b2:a8:79:f3:7d:6c:
bb:c7:cd:84:a4:44:f2:0d:ed:18:d4:03:66:20:29:
48:f1:c9:83:4d:75:fb:45:5f:17:a4:3c:c8:a2:91:
f6:dd:53:6a:6a:f8:6a:53:2f:3c:40:37:46:10:7d:
a2:a3:83:b4:91:e7:c7:be:0a:10:c3:5d:d6:9a:fb:
a2:96:f2:2b:40:ce:3f:88:3e:04:2e:cb:91:37:d0:
85:97:97:1d:92:72:1b:cd:47:4c:8d:56:9c:73:94:
91:cc:e3:b7:e1:eb:82:7e:20:e9:59:63:50:57:a9:
af:97:59:7a:19:0a:b1:17:0f:98:41:6b:e9:f3:30:
43:6f:d6:c7:84:19:69:ef:91:cb:4a:01:e6:b9:75:
af:56:88:e2:84:ea:81:74:81:b4:58:58:d9:f1:34:
3c:cb:2f:4a:bb:de:09:60:f2:67:2c:2a:0b:6e:ce:
bc:f7:60:cd:2f:75:79:30:e9:e8:a0:f5:48:ec:d5:
b8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:26:19:7B:7C:CD:1B:6B:AD:97:9B:A9:B2:32:98:18:C0:CA:5C:3D
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8CYZe3zNG2utl5upsjKYGMDKXD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.108.0/23
45.81.113.0/24
45.81.115.0/24
45.88.136.0/24
45.88.139.0/24
45.94.170.0/24
45.132.181.0/24
45.151.3.0/24
85.209.120.0/24
193.57.41.0/24
194.15.52.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:a3:6c:27:a8:b9:9c:01:be:64:ca:86:a0:23:f0:a0:68:41:
ca:48:50:ef:be:f0:cd:a4:fe:cb:87:80:4d:9f:6a:6a:fe:7f:
97:08:9b:c2:46:f2:15:d3:8f:c1:d2:d0:7d:56:3c:55:b4:ae:
99:fc:71:7f:90:67:9c:4f:17:28:74:bc:0b:4c:02:ef:e9:45:
fe:21:09:86:d5:96:f6:25:26:2a:ce:04:00:09:28:bb:fc:1b:
b4:68:c0:7b:ac:6c:54:cc:4b:07:30:d1:ca:b7:5b:6d:97:2c:
f6:fb:7d:a3:f0:58:a5:15:da:de:a4:7e:39:55:37:fe:d1:2c:
b5:04:dd:c3:d0:7b:9b:7d:f1:28:63:c2:df:44:31:ab:ff:56:
80:1d:ec:14:3f:d2:f3:b8:7d:2c:ed:5d:dd:89:0b:4a:6f:67:
1b:0d:fa:7c:f1:8f:6b:d7:b9:f0:90:9c:3e:2a:ec:18:e7:0e:
e5:bb:cd:16:cd:0b:2a:17:ae:84:47:52:6f:14:a1:91:a7:dd:
3f:86:08:98:79:16:dc:e2:b8:02:42:ca:7e:16:92:8b:21:cb:
12:e8:45:2c:a1:08:7c:2b:89:3f:4e:db:1a:1a:c2:dc:77:cc:
fc:9b:af:b9:2d:60:df:77:2c:a8:2c:0d:cf:cd:2b:e8:4f:51:
47:a1:ec:56
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZmlyMcZdgtAaWfiCPF8r0CtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMDAyMTYzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI2MTk3YjdjY2QxYjZiYWQ5NzliYTliMjMyOTgxOGMwY2E1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQlZMdr/dNcTyKi23xzih5iHSko7
HhdTAyDhQFhiHgJqLw8c/uYGS4GoHFPVAX55OCYli4A/f+Qmxzl1L+pEJdjIVq2y
qHnzfWy7x82EpETyDe0Y1ANmIClI8cmDTXX7RV8XpDzIopH23VNqavhqUy88QDdG
EH2io4O0kefHvgoQw13WmvuilvIrQM4/iD4ELsuRN9CFl5cdknIbzUdMjVacc5SR
zOO34euCfiDpWWNQV6mvl1l6GQqxFw+YQWvp8zBDb9bHhBlp75HLSgHmuXWvVoji
hOqBdIG0WFjZ8TQ8yy9Ku94JYPJnLCoLbs6892DNL3V5MOnooPVI7NW4RQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPAmGXt8zRtrrZebqbIymBjAylw9MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOENZWmUzek5HMnV0bDV1cHNqS1lHTURLWEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBAjhsAwQA
LVFxAwQALVFzAwQALViIAwQALViLAwQALV6qAwQALYS1AwQALZcDAwQAVdF4AwQA
wTkpAwQAwg80MA0GCSqGSIb3DQEBCwUAA4IBAQA6o2wnqLmcAb5kyoagI/CgaEHK
SFDvvvDNpP7Lh4BNn2pq/n+XCJvCRvIV04/B0tB9VjxVtK6Z/HF/kGecTxcodLwL
TALv6UX+IQmG1Zb2JSYqzgQACSi7/Bu0aMB7rGxUzEsHMNHKt1ttlyz2+32j8Fil
FdrepH45VTf+0Sy1BN3D0HubffEoY8LfRDGr/1aAHewUP9LzuH0s7V3diQtKb2cb
Dfp88Y9r17nwkJw+KuwY5w7lu80WzQsqF66ER1JvFKGRp90/hgiYeRbc4rgCQsp+
FpKLIcsS6EUsoQh8K4k/TtsaGsLcd8z8m6+5LWDfdyyoLA3PzSvoT1FHoexW
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:20:38 2025 by rpki-client