Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L4ihBqCRYiQ4NkPkTYPQdHw9UPE.roa
File: L4ihBqCRYiQ4NkPkTYPQdHw9UPE.roa (raw, json)
Hash identifier: 1xHVFyN5/c6BENA4c2pP+de1d3uLMD6ix9LJ7Lx4PhU=
Subject key identifier: 2F:88:A1:06:A0:91:62:24:38:36:43:E4:4D:83:D0:74:7C:3D:50:F1
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 0199E7CD5A4DAEE7C7AD018C2A928D86B708
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L4ihBqCRYiQ4NkPkTYPQdHw9UPE.roa
Signing time: Wed 15 Oct 2025 12:16:58 +0000
ROA not before: Wed 15 Oct 2025 12:16:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9125
IP address blocks: 5.172.33.0/24 maxlen: 24
5.172.34.0/23 maxlen: 23
5.172.34.0/24 maxlen: 24
5.172.36.0/22 maxlen: 22
5.172.36.0/23 maxlen: 23
5.172.37.0/24 maxlen: 24
89.23.65.0/24 maxlen: 24
89.23.67.0/24 maxlen: 24
89.23.68.0/23 maxlen: 23
89.23.70.0/24 maxlen: 24
89.23.74.0/24 maxlen: 24
89.23.75.0/24 maxlen: 24
89.23.77.0/24 maxlen: 24
89.23.78.0/24 maxlen: 24
89.23.79.0/24 maxlen: 24
89.23.83.0/24 maxlen: 24
89.23.84.0/24 maxlen: 24
89.23.86.0/24 maxlen: 24
89.23.88.0/24 maxlen: 24
89.23.90.0/24 maxlen: 24
92.42.248.0/22 maxlen: 22
92.42.252.0/24 maxlen: 24
92.42.253.0/24 maxlen: 24
92.42.254.0/24 maxlen: 24
92.42.255.0/24 maxlen: 24
93.93.192.0/21 maxlen: 21
95.140.112.0/22 maxlen: 22
95.140.115.0/24 maxlen: 24
95.140.116.0/22 maxlen: 22
95.140.120.0/23 maxlen: 23
95.140.124.0/22 maxlen: 22
95.140.125.0/24 maxlen: 24
109.111.224.0/24 maxlen: 24
109.111.225.0/24 maxlen: 24
109.111.226.0/24 maxlen: 24
109.111.227.0/24 maxlen: 24
109.111.228.0/24 maxlen: 24
109.111.229.0/24 maxlen: 24
109.111.230.0/23 maxlen: 23
109.111.232.0/22 maxlen: 22
109.111.236.0/22 maxlen: 22
109.111.240.0/24 maxlen: 24
109.111.243.0/24 maxlen: 24
109.111.244.0/24 maxlen: 24
109.111.245.0/24 maxlen: 24
109.111.246.0/24 maxlen: 24
109.111.247.0/24 maxlen: 24
109.111.248.0/24 maxlen: 24
109.111.249.0/24 maxlen: 24
109.111.250.0/24 maxlen: 24
109.111.252.0/23 maxlen: 23
109.111.254.0/24 maxlen: 24
178.254.128.0/21 maxlen: 21
178.254.133.0/24 maxlen: 24
178.254.136.0/22 maxlen: 22
178.254.140.0/22 maxlen: 22
178.254.144.0/24 maxlen: 24
178.254.145.0/24 maxlen: 24
178.254.146.0/24 maxlen: 24
178.254.148.0/24 maxlen: 24
178.254.149.0/24 maxlen: 24
178.254.151.0/24 maxlen: 24
178.254.152.0/24 maxlen: 24
178.254.153.0/24 maxlen: 24
178.254.154.0/24 maxlen: 24
178.254.155.0/24 maxlen: 24
178.254.156.0/24 maxlen: 24
178.254.157.0/24 maxlen: 24
178.254.158.0/24 maxlen: 24
178.254.159.0/24 maxlen: 24
178.254.163.0/24 maxlen: 24
178.254.165.0/24 maxlen: 24
178.254.169.0/24 maxlen: 24
178.254.172.0/24 maxlen: 24
178.254.175.0/24 maxlen: 24
178.254.177.0/24 maxlen: 24
178.254.183.0/24 maxlen: 24
178.254.184.0/24 maxlen: 24
178.254.187.0/24 maxlen: 24
178.254.188.0/22 maxlen: 24
185.157.44.0/24 maxlen: 24
193.104.68.0/24 maxlen: 24
217.169.208.0/20 maxlen: 20
217.169.208.0/22 maxlen: 22
217.169.212.0/22 maxlen: 22
217.169.216.0/22 maxlen: 22
217.169.219.0/24 maxlen: 24
217.169.220.0/22 maxlen: 22
2a02:b58::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e7:cd:5a:4d:ae:e7:c7:ad:01:8c:2a:92:8d:86:b7:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Oct 15 12:16:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f88a106a0916224383643e44d83d0747c3d50f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:c7:74:1b:e4:c6:8d:d6:1f:84:ab:25:da:66:
ec:2f:3a:4e:82:e4:72:5d:12:fa:1f:a0:73:4b:17:
b9:1f:ba:39:a9:e9:7b:2c:1b:c1:6d:37:47:b9:37:
40:64:fe:a3:4e:db:2e:b1:25:36:82:dd:c4:d5:ec:
d1:37:0f:5b:d1:1b:5a:b3:25:b0:eb:44:9f:f3:35:
93:10:ee:d1:fd:d2:b9:1e:49:02:97:1d:b2:4b:c6:
a1:63:af:9c:b6:26:24:9b:cf:30:81:04:0f:76:29:
fd:63:5f:5d:a0:d6:05:c5:35:04:3b:b0:fb:f0:88:
67:37:ac:81:41:78:5a:10:91:92:77:3d:21:45:d4:
e8:23:3f:94:91:7d:8a:f3:a9:54:57:09:47:a5:a1:
d2:08:f1:dc:db:4c:e4:0c:45:3b:27:96:44:90:6d:
ff:d2:ff:ae:2b:ac:62:ae:bd:c8:77:f0:cc:c9:5d:
a9:38:0a:b3:cc:99:73:6b:89:78:af:81:1a:9a:7b:
d7:1a:b4:51:2a:29:84:c9:60:2e:9b:4a:cc:28:94:
2a:d9:4b:e3:82:51:92:94:3e:69:f5:34:a3:3f:80:
75:c1:68:fb:08:51:aa:f5:5a:c9:29:09:39:50:4f:
65:6d:5b:9f:4d:d7:86:3e:d7:7e:84:95:e2:30:59:
c6:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:88:A1:06:A0:91:62:24:38:36:43:E4:4D:83:D0:74:7C:3D:50:F1
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L4ihBqCRYiQ4NkPkTYPQdHw9UPE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.33.0-5.172.39.255
89.23.65.0/24
89.23.67.0-89.23.70.255
89.23.74.0/23
89.23.77.0-89.23.79.255
89.23.83.0-89.23.84.255
89.23.86.0/24
89.23.88.0/24
89.23.90.0/24
92.42.248.0/21
93.93.192.0/21
95.140.112.0-95.140.121.255
95.140.124.0/22
109.111.224.0-109.111.240.255
109.111.243.0-109.111.250.255
109.111.252.0-109.111.254.255
178.254.128.0-178.254.146.255
178.254.148.0/23
178.254.151.0-178.254.159.255
178.254.163.0/24
178.254.165.0/24
178.254.169.0/24
178.254.172.0/24
178.254.175.0/24
178.254.177.0/24
178.254.183.0-178.254.184.255
178.254.187.0-178.254.191.255
185.157.44.0/24
193.104.68.0/24
217.169.208.0/20
IPv6:
2a02:b58::/32
Signature Algorithm: sha256WithRSAEncryption
7e:64:5b:e4:62:1b:8d:f0:a6:6d:33:b3:ee:36:2a:08:c5:6f:
2e:00:21:4b:a2:a6:18:ae:6e:d2:32:40:07:c8:d8:ee:82:db:
cf:f9:40:68:2d:b9:65:09:60:b4:7c:8c:4f:c1:f2:cc:00:b8:
46:54:23:9b:b2:8b:fd:68:7a:66:a9:f5:c5:98:f7:5d:d3:1c:
7b:aa:9c:1b:f3:e6:b6:55:11:6b:22:9f:d5:2c:39:bc:eb:ed:
fa:01:ea:88:95:f1:8c:b5:1b:5e:14:85:24:37:48:75:f2:32:
2b:ca:74:75:1f:c6:4a:7d:b0:51:26:28:e9:c6:ac:e3:be:fd:
c3:da:d3:a5:10:ea:9c:ff:09:ec:18:5b:b4:2f:b9:a6:43:d5:
14:6b:20:7d:3c:49:f2:d8:9f:92:e3:b6:43:a5:c8:04:1d:05:
2c:77:05:d7:f9:81:c3:56:ce:c0:85:cc:33:25:ae:3c:a2:2a:
a2:d2:3d:c3:13:fe:c9:c6:f7:3b:33:90:8a:25:d7:b5:ec:90:
2f:3d:f5:ca:68:b2:af:3e:64:9c:43:b2:6e:18:55:45:a4:8d:
12:b5:ff:e1:f2:90:59:18:dd:44:6c:e0:80:a1:60:b5:58:78:
b4:1e:44:4b:dd:c3:fd:a6:9e:5b:68:5d:fb:b6:56:06:91:0f:
eb:93:af:b8
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgISAZnnzVpNrufHrQGMKpKNhrcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUxMDE1MTIxNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg4YTEwNmEwOTE2MjI0MzgzNjQzZTQ0ZDgzZDA3NDdjM2Q1MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cd0G+TGjdYfhKsl2mbsLzpOguRy
XRL6H6BzSxe5H7o5qel7LBvBbTdHuTdAZP6jTtsusSU2gt3E1ezRNw9b0RtasyWw
60Sf8zWTEO7R/dK5HkkClx2yS8ahY6+ctiYkm88wgQQPdin9Y19doNYFxTUEO7D7
8IhnN6yBQXhaEJGSdz0hRdToIz+UkX2K86lUVwlHpaHSCPHc20zkDEU7J5ZEkG3/
0v+uK6xirr3Id/DMyV2pOAqzzJlza4l4r4EamnvXGrRRKimEyWAum0rMKJQq2Uvj
glGSlD5p9TSjP4B1wWj7CFGq9VrJKQk5UE9lbVufTdeGPtd+hJXiMFnGBwIDAQAB
o4IDMDCCAywwHQYDVR0OBBYEFC+IoQagkWIkODZD5E2D0HR8PVDxMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvTDRpaEJxQ1JZaVE0TmtQa1RZUFFkSHc5VVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRAYIKwYBBQUHAQcBAf8EggEzMIIBLzCCARwEAgABMIIB
FDAMAwQABawhAwQDBawgAwQAWRdBMAwDBABZF0MDBABZF0YDBAFZF0owDAMEAFkX
TQMEBFkXQDAMAwQAWRdTAwQAWRdUAwQAWRdWAwQAWRdYAwQAWRdaAwQDXCr4AwQD
XV3AMAwDBARfjHADBAFfjHgDBAJfjHwwDAMEBW1v4AMEAG1v8DAMAwQAbW/zAwQA
bW/6MAwDBAJtb/wDBABtb/4wDAMEB7L+gAMEALL+kgMEAbL+lDAMAwQAsv6XAwQF
sv6AAwQAsv6jAwQAsv6lAwQAsv6pAwQAsv6sAwQAsv6vAwQAsv6xMAwDBACy/rcD
BACy/rgwDAMEALL+uwMEBrL+gAMEALmdLAMEAMFoRAMEBNmp0DANBAIAAjAHAwUA
KgILWDANBgkqhkiG9w0BAQsFAAOCAQEAfmRb5GIbjfCmbTOz7jYqCMVvLgAhS6Km
GK5u0jJAB8jY7oLbz/lAaC25ZQlgtHyMT8HyzAC4RlQjm7KL/Wh6Zqn1xZj3XdMc
e6qcG/PmtlURayKf1Sw5vOvt+gHqiJXxjLUbXhSFJDdIdfIyK8p0dR/GSn2wUSYo
6cas4779w9rTpRDqnP8J7BhbtC+5pkPVFGsgfTxJ8tifkuO2Q6XIBB0FLHcF1/mB
w1bOwIXMMyWuPKIqotI9wxP+ycb3OzOQiiXXteyQLz31ymiyrz5knEOybhhVRaSN
ErX/4fKQWRjdRGzggKFgtVh4tB5ES93D/aaeW2hd+7ZWBpEP65OvuA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:35:58 2025 by rpki-client