Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CNfOQtFy5bcmzrS_qJb0wM-XGTo.roa
File: CNfOQtFy5bcmzrS_qJb0wM-XGTo.roa (raw, json)
Hash identifier: qRxGHL7+7l2r2M2j/jxjm7d+zfmvT9xzQqUWIWezpeA=
Subject key identifier: 08:D7:CE:42:D1:72:E5:B7:26:CE:B4:BF:A8:96:F4:C0:CF:97:19:3A
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 0198B9C57CB9CF9F33DB32261B5AA7430ED0
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CNfOQtFy5bcmzrS_qJb0wM-XGTo.roa
Signing time: Sun 17 Aug 2025 20:43:04 +0000
ROA not before: Sun 17 Aug 2025 20:43:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9125
IP address blocks: 5.172.33.0/24 maxlen: 24
5.172.34.0/23 maxlen: 23
5.172.34.0/24 maxlen: 24
5.172.36.0/22 maxlen: 22
5.172.36.0/23 maxlen: 23
89.23.65.0/24 maxlen: 24
89.23.67.0/24 maxlen: 24
89.23.68.0/23 maxlen: 23
89.23.70.0/24 maxlen: 24
89.23.74.0/24 maxlen: 24
89.23.75.0/24 maxlen: 24
89.23.77.0/24 maxlen: 24
89.23.78.0/24 maxlen: 24
89.23.79.0/24 maxlen: 24
89.23.83.0/24 maxlen: 24
89.23.84.0/24 maxlen: 24
89.23.86.0/24 maxlen: 24
89.23.88.0/24 maxlen: 24
89.23.90.0/24 maxlen: 24
92.42.248.0/22 maxlen: 22
92.42.252.0/24 maxlen: 24
92.42.253.0/24 maxlen: 24
92.42.254.0/24 maxlen: 24
92.42.255.0/24 maxlen: 24
93.93.192.0/21 maxlen: 21
95.140.112.0/22 maxlen: 22
95.140.115.0/24 maxlen: 24
95.140.116.0/22 maxlen: 22
95.140.120.0/23 maxlen: 23
95.140.124.0/22 maxlen: 22
95.140.125.0/24 maxlen: 24
109.111.224.0/24 maxlen: 24
109.111.225.0/24 maxlen: 24
109.111.226.0/24 maxlen: 24
109.111.227.0/24 maxlen: 24
109.111.228.0/24 maxlen: 24
109.111.229.0/24 maxlen: 24
109.111.230.0/23 maxlen: 23
109.111.232.0/22 maxlen: 22
109.111.236.0/22 maxlen: 22
109.111.240.0/24 maxlen: 24
109.111.243.0/24 maxlen: 24
109.111.244.0/24 maxlen: 24
109.111.245.0/24 maxlen: 24
109.111.246.0/24 maxlen: 24
109.111.247.0/24 maxlen: 24
109.111.248.0/24 maxlen: 24
109.111.249.0/24 maxlen: 24
109.111.250.0/24 maxlen: 24
109.111.252.0/23 maxlen: 23
109.111.254.0/24 maxlen: 24
178.254.128.0/21 maxlen: 21
178.254.133.0/24 maxlen: 24
178.254.136.0/22 maxlen: 22
178.254.140.0/22 maxlen: 22
178.254.144.0/24 maxlen: 24
178.254.145.0/24 maxlen: 24
178.254.146.0/24 maxlen: 24
178.254.148.0/24 maxlen: 24
178.254.149.0/24 maxlen: 24
178.254.151.0/24 maxlen: 24
178.254.152.0/24 maxlen: 24
178.254.153.0/24 maxlen: 24
178.254.154.0/24 maxlen: 24
178.254.155.0/24 maxlen: 24
178.254.156.0/24 maxlen: 24
178.254.157.0/24 maxlen: 24
178.254.158.0/24 maxlen: 24
178.254.159.0/24 maxlen: 24
178.254.163.0/24 maxlen: 24
178.254.165.0/24 maxlen: 24
178.254.169.0/24 maxlen: 24
178.254.172.0/24 maxlen: 24
178.254.175.0/24 maxlen: 24
178.254.177.0/24 maxlen: 24
178.254.183.0/24 maxlen: 24
178.254.184.0/24 maxlen: 24
178.254.187.0/24 maxlen: 24
178.254.188.0/22 maxlen: 24
185.157.44.0/24 maxlen: 24
185.157.46.0/24 maxlen: 24
193.104.68.0/24 maxlen: 24
217.169.208.0/20 maxlen: 20
217.169.208.0/22 maxlen: 22
217.169.212.0/22 maxlen: 22
217.169.216.0/22 maxlen: 22
217.169.219.0/24 maxlen: 24
217.169.220.0/22 maxlen: 22
2a02:b58::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:b9:c5:7c:b9:cf:9f:33:db:32:26:1b:5a:a7:43:0e:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Aug 17 20:43:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08d7ce42d172e5b726ceb4bfa896f4c0cf97193a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:17:b5:0b:01:d4:b4:29:55:a8:e2:e4:77:11:
07:00:4c:a0:d3:08:2e:e6:97:e4:a8:7b:43:f4:87:
57:fe:dc:11:33:6f:cb:2a:9f:24:b7:c9:5f:07:86:
6a:5f:b4:ef:c1:33:1e:17:2e:09:55:70:c9:a9:d1:
57:45:58:08:42:d5:a3:7d:3b:13:a7:75:18:a7:66:
ce:2a:40:eb:20:61:95:9a:ac:c6:8d:3f:6a:77:f3:
d8:70:6f:ea:42:7a:cf:6f:96:6d:b2:f1:41:c2:be:
cb:25:c3:94:f5:7c:51:02:46:60:87:89:a8:0f:bb:
72:d2:12:ac:2d:3a:1f:c8:41:b0:4b:2a:96:d5:4c:
3b:5f:25:2a:a4:06:d2:e5:15:b5:2e:91:11:fe:bb:
1f:65:13:46:2e:28:f5:4c:14:47:5f:be:55:3b:b8:
e9:27:71:1b:8c:02:27:a5:02:cd:0b:a4:0b:c9:12:
3c:de:db:e1:b1:c6:9b:b8:c8:86:89:4b:3d:eb:f3:
13:67:7c:f3:c6:2b:c0:5d:c9:e1:e4:ab:a5:34:d6:
4e:5b:cb:87:98:56:8d:82:95:72:db:d6:44:12:a1:
95:17:29:90:93:e0:c6:ac:80:6f:08:5f:4e:f7:98:
3e:b7:5a:cc:a9:fb:8f:03:a4:31:19:81:c4:cb:ef:
df:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:D7:CE:42:D1:72:E5:B7:26:CE:B4:BF:A8:96:F4:C0:CF:97:19:3A
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CNfOQtFy5bcmzrS_qJb0wM-XGTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.33.0-5.172.39.255
89.23.65.0/24
89.23.67.0-89.23.70.255
89.23.74.0/23
89.23.77.0-89.23.79.255
89.23.83.0-89.23.84.255
89.23.86.0/24
89.23.88.0/24
89.23.90.0/24
92.42.248.0/21
93.93.192.0/21
95.140.112.0-95.140.121.255
95.140.124.0/22
109.111.224.0-109.111.240.255
109.111.243.0-109.111.250.255
109.111.252.0-109.111.254.255
178.254.128.0-178.254.146.255
178.254.148.0/23
178.254.151.0-178.254.159.255
178.254.163.0/24
178.254.165.0/24
178.254.169.0/24
178.254.172.0/24
178.254.175.0/24
178.254.177.0/24
178.254.183.0-178.254.184.255
178.254.187.0-178.254.191.255
185.157.44.0/24
185.157.46.0/24
193.104.68.0/24
217.169.208.0/20
IPv6:
2a02:b58::/32
Signature Algorithm: sha256WithRSAEncryption
4f:e1:e1:fc:4c:50:dd:40:6f:d5:1c:77:d0:ff:94:3d:c4:8f:
e7:dd:07:a4:d6:dc:71:bb:9a:29:cd:77:63:38:a1:8d:ef:a5:
cd:b6:6b:2b:a2:25:15:94:8c:68:24:a4:98:87:87:c5:92:b9:
9a:8c:e7:e3:71:11:d6:51:75:53:78:cc:4b:ae:6b:a7:17:ab:
3d:0f:1a:61:cd:cf:78:d5:22:89:1e:fd:eb:90:68:b1:b3:3b:
e9:f1:9c:d7:1c:1e:ac:86:e7:04:38:41:b8:f5:b6:f7:07:f7:
b4:c9:9f:dc:92:0c:c0:5f:95:63:4c:2a:67:b0:20:c6:b6:d1:
26:3b:41:e2:d7:5b:c6:ae:37:80:04:41:d8:80:aa:c1:96:be:
2a:c3:b8:02:fb:2f:cd:86:33:cf:92:86:63:8a:c9:4a:5c:ac:
9e:ae:9d:39:81:79:0e:3c:cd:69:c3:74:27:c4:47:5f:a7:e4:
e0:d1:94:ea:91:ac:42:6d:b2:1b:56:43:7c:d5:88:76:82:6e:
e1:e6:60:e6:6e:4c:dc:02:cb:a6:33:ef:a4:00:b3:32:81:6e:
fb:de:23:ce:61:0b:88:0a:ce:34:f2:d8:99:26:e0:00:83:78:
54:ef:e2:82:1c:25:66:e0:46:5c:17:ae:d0:93:28:c7:4f:c1:
13:65:91:62
-----BEGIN CERTIFICATE-----
MIIGKjCCBRKgAwIBAgISAZi5xXy5z58z2zImG1qnQw7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwODE3MjA0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ3Y2U0MmQxNzJlNWI3MjZjZWI0YmZhODk2ZjRjMGNmOTcxOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBe1CwHUtClVqOLkdxEHAEyg0wgu
5pfkqHtD9IdX/twRM2/LKp8kt8lfB4ZqX7TvwTMeFy4JVXDJqdFXRVgIQtWjfTsT
p3UYp2bOKkDrIGGVmqzGjT9qd/PYcG/qQnrPb5ZtsvFBwr7LJcOU9XxRAkZgh4mo
D7ty0hKsLTofyEGwSyqW1Uw7XyUqpAbS5RW1LpER/rsfZRNGLij1TBRHX75VO7jp
J3EbjAInpQLNC6QLyRI83tvhscabuMiGiUs96/MTZ3zzxivAXcnh5KulNNZOW8uH
mFaNgpVy29ZEEqGVFymQk+DGrIBvCF9O95g+t1rMqfuPA6QxGYHEy+/fAwIDAQAB
o4IDNjCCAzIwHQYDVR0OBBYEFAjXzkLRcuW3Js60v6iW9MDPlxk6MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQ05mT1F0Rnk1YmNtenJTX3FKYjB3TS1YR1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSgYIKwYBBQUHAQcBAf8EggE5MIIBNTCCASIEAgABMIIB
GjAMAwQABawhAwQDBawgAwQAWRdBMAwDBABZF0MDBABZF0YDBAFZF0owDAMEAFkX
TQMEBFkXQDAMAwQAWRdTAwQAWRdUAwQAWRdWAwQAWRdYAwQAWRdaAwQDXCr4AwQD
XV3AMAwDBARfjHADBAFfjHgDBAJfjHwwDAMEBW1v4AMEAG1v8DAMAwQAbW/zAwQA
bW/6MAwDBAJtb/wDBABtb/4wDAMEB7L+gAMEALL+kgMEAbL+lDAMAwQAsv6XAwQF
sv6AAwQAsv6jAwQAsv6lAwQAsv6pAwQAsv6sAwQAsv6vAwQAsv6xMAwDBACy/rcD
BACy/rgwDAMEALL+uwMEBrL+gAMEALmdLAMEALmdLgMEAMFoRAMEBNmp0DANBAIA
AjAHAwUAKgILWDANBgkqhkiG9w0BAQsFAAOCAQEAT+Hh/ExQ3UBv1Rx30P+UPcSP
590HpNbccbuaKc13Yzihje+lzbZrK6IlFZSMaCSkmIeHxZK5mozn43ER1lF1U3jM
S65rpxerPQ8aYc3PeNUiiR7965BosbM76fGc1xwerIbnBDhBuPW29wf3tMmf3JIM
wF+VY0wqZ7AgxrbRJjtB4tdbxq43gARB2ICqwZa+KsO4AvsvzYYzz5KGY4rJSlys
nq6dOYF5DjzNacN0J8RHX6fk4NGU6pGsQm2yG1ZDfNWIdoJu4eZg5m5M3ALLpjPv
pACzMoFu+94jzmELiArONPLYmSbgAIN4VO/ighwlZuBGXBeu0JMox0/BE2WRYg==
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:19:47 2025 by rpki-client