Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/0KA7UlWcA7dQ-EcGfcWWOlx-BpU.roa
File: 0KA7UlWcA7dQ-EcGfcWWOlx-BpU.roa (raw, json)
Hash identifier: bkO5B1nteyEGZdFfFkbrhIlP/XMGpvPzgXFRnn0UfZE=
Subject key identifier: D0:A0:3B:52:55:9C:03:B7:50:F8:47:06:7D:C5:96:3A:5C:7E:06:95
Certificate issuer: /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial: 01990A401733713768FD1612D2955A20F23B
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/0KA7UlWcA7dQ-EcGfcWWOlx-BpU.roa
Signing time: Tue 02 Sep 2025 11:46:36 +0000
ROA not before: Tue 02 Sep 2025 11:46:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35228
IP address blocks: 82.132.138.0/23 maxlen: 24
82.132.160.0/23 maxlen: 24
82.132.162.0/23 maxlen: 24
82.132.164.0/23 maxlen: 24
82.132.166.0/23 maxlen: 24
82.132.168.0/23 maxlen: 24
82.132.170.0/23 maxlen: 24
82.132.172.0/23 maxlen: 24
82.132.174.0/23 maxlen: 24
82.132.176.0/23 maxlen: 24
82.132.180.0/23 maxlen: 24
82.132.182.0/23 maxlen: 24
82.132.184.0/22 maxlen: 24
82.132.198.0/23 maxlen: 24
82.132.199.0/24 maxlen: 24
82.132.210.0/23 maxlen: 24
82.132.212.0/22 maxlen: 24
82.132.216.0/22 maxlen: 24
82.132.220.0/22 maxlen: 24
82.132.224.0/22 maxlen: 24
82.132.228.0/22 maxlen: 24
82.132.232.0/22 maxlen: 24
82.132.236.0/22 maxlen: 24
82.132.240.0/22 maxlen: 24
82.132.244.0/22 maxlen: 24
82.132.248.0/23 maxlen: 24
2a03:dd00:3040::/48 maxlen: 48
2a03:dd00:3042::/48 maxlen: 48
2a03:dd00:3044::/48 maxlen: 48
2a03:dd00:3046::/48 maxlen: 48
2a03:dd00:3048::/48 maxlen: 48
2a03:dd00:304a::/48 maxlen: 48
2a03:dd00:304e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0a:40:17:33:71:37:68:fd:16:12:d2:95:5a:20:f2:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Validity
Not Before: Sep 2 11:46:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0a03b52559c03b750f847067dc5963a5c7e0695
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:83:7b:65:c6:28:b3:a7:97:d7:cc:12:91:49:
2b:88:69:c7:fc:66:d0:a8:08:18:6d:cc:08:2f:cc:
05:6d:12:42:46:4e:8f:28:6d:ba:8c:02:0a:fd:6f:
a8:1b:37:b6:87:58:59:de:b3:e9:d9:14:6d:b9:5d:
28:8b:b2:d2:17:f6:8b:06:c5:13:ee:97:d6:61:14:
56:1d:9e:33:fd:dc:f9:8d:a1:8a:a2:52:22:f2:60:
2d:84:60:4f:f6:88:e2:39:b2:e8:d0:39:25:a9:28:
d0:ce:40:a7:5b:95:79:06:87:43:63:1a:93:03:91:
43:42:83:d9:41:51:94:0e:a1:ac:91:26:56:7f:2f:
72:c0:eb:ff:5e:1a:64:7a:48:10:8d:f9:8e:cd:8a:
67:d3:82:5b:cf:ed:7e:2b:33:75:a4:c8:41:4b:2a:
42:44:0f:3f:78:7c:31:4d:29:23:32:ff:4b:a9:2e:
a3:d7:7a:91:62:a0:17:84:2a:8d:cd:82:36:dc:ae:
20:e5:5e:d3:dd:f0:f6:f6:9e:19:22:82:b7:13:97:
be:57:ee:37:b4:a0:84:a8:77:d3:01:9e:d2:0d:66:
9f:a6:39:5e:31:8f:f9:ad:9d:cc:6e:a3:80:96:a5:
f1:e2:77:f4:58:a6:c8:74:b2:b0:19:c3:60:b9:77:
9e:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:A0:3B:52:55:9C:03:B7:50:F8:47:06:7D:C5:96:3A:5C:7E:06:95
X509v3 Authority Key Identifier:
keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/0KA7UlWcA7dQ-EcGfcWWOlx-BpU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.132.138.0/23
82.132.160.0-82.132.177.255
82.132.180.0-82.132.187.255
82.132.198.0/23
82.132.210.0-82.132.249.255
IPv6:
2a03:dd00:3040::/48
2a03:dd00:3042::/48
2a03:dd00:3044::/48
2a03:dd00:3046::/48
2a03:dd00:3048::/48
2a03:dd00:304a::/48
2a03:dd00:304e::/48
Signature Algorithm: sha256WithRSAEncryption
87:fe:83:51:2c:03:93:fa:72:ff:e4:a0:2e:c5:e5:be:12:b0:
f0:e2:21:3b:b7:02:01:6b:8e:93:a4:90:21:ba:00:2c:a5:4d:
8a:cd:84:0f:93:6d:97:87:a8:37:fb:fc:93:4e:ef:dc:96:04:
7f:47:c3:9b:2d:14:78:c4:8f:a0:4c:80:a1:d9:af:e6:73:aa:
21:fc:2c:2e:4c:da:58:2e:51:95:a2:e0:d0:bc:08:1a:f0:65:
14:17:39:83:7d:fc:be:72:ad:d1:b0:92:a7:cd:f4:03:72:54:
df:b2:8d:35:2d:33:c7:9c:d0:a9:fb:b0:7b:32:17:a6:c8:32:
55:ce:51:82:58:ac:c5:f1:7d:db:09:2a:ea:d7:9d:01:91:99:
a1:5a:5d:9e:32:5f:5c:ea:d5:af:e4:f0:f6:61:17:9b:db:8f:
b8:9b:03:50:d1:0c:bf:1f:97:1a:ac:9f:3b:21:f0:b1:f6:c8:
df:6b:41:99:b7:4c:1c:93:9c:22:04:81:4f:5b:1b:98:21:9f:
b6:f0:cf:45:66:54:8f:97:47:dd:f4:08:0f:4f:0b:45:db:1f:
1a:b1:82:45:f0:3a:b4:40:76:52:90:04:78:be:5a:d2:cf:ee:
59:1c:eb:eb:6f:39:0e:07:90:9c:0f:de:39:8f:f8:5f:06:7f:
44:50:b0:f3
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZkKQBczcTdo/RYS0pVaIPI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjUwOTAyMTE0NjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGEwM2I1MjU1OWMwM2I3NTBmODQ3MDY3ZGM1OTYzYTVjN2UwNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroN7ZcYos6eX18wSkUkriGnH/GbQ
qAgYbcwIL8wFbRJCRk6PKG26jAIK/W+oGze2h1hZ3rPp2RRtuV0oi7LSF/aLBsUT
7pfWYRRWHZ4z/dz5jaGKolIi8mAthGBP9ojiObLo0DklqSjQzkCnW5V5BodDYxqT
A5FDQoPZQVGUDqGskSZWfy9ywOv/XhpkekgQjfmOzYpn04Jbz+1+KzN1pMhBSypC
RA8/eHwxTSkjMv9LqS6j13qRYqAXhCqNzYI23K4g5V7T3fD29p4ZIoK3E5e+V+43
tKCEqHfTAZ7SDWafpjleMY/5rZ3MbqOAlqXx4nf0WKbIdLKwGcNguXeewQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFNCgO1JVnAO3UPhHBn3FljpcfgaVMB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvMEtBN1VsV2NBN2RRLUVjR2ZjV1dPbHgtQnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTA8BAIAATA2AwQBUoSK
MAwDBAVShKADBAFShLAwDAMEAlKEtAMEAlKEuAMEAVKExjAMAwQBUoTSAwQBUoT4
MEUEAgACMD8DBwAqA90AMEADBwAqA90AMEIDBwAqA90AMEQDBwAqA90AMEYDBwAq
A90AMEgDBwAqA90AMEoDBwAqA90AME4wDQYJKoZIhvcNAQELBQADggEBAIf+g1Es
A5P6cv/koC7F5b4SsPDiITu3AgFrjpOkkCG6ACylTYrNhA+TbZeHqDf7/JNO79yW
BH9Hw5stFHjEj6BMgKHZr+ZzqiH8LC5M2lguUZWi4NC8CBrwZRQXOYN9/L5yrdGw
kqfN9ANyVN+yjTUtM8ec0Kn7sHsyF6bIMlXOUYJYrMXxfdsJKurXnQGRmaFaXZ4y
X1zq1a/k8PZhF5vbj7ibA1DRDL8flxqsnzsh8LH2yN9rQZm3TByTnCIEgU9bG5gh
n7bwz0VmVI+XR930CA9PC0XbHxqxgkXwOrRAdlKQBHi+WtLP7lkc6+tvOQ4HkJwP
3jmP+F8Gf0RQsPM=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:43 2025 by rpki-client