Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NUZ62speWa0hfYDy7wa7hz3yElg.roa
File: NUZ62speWa0hfYDy7wa7hz3yElg.roa (raw, json)
Hash identifier: kF9c9XUwfNAZlikdfObuH2Z3J2bnJMLn8HSb5Ko9hw8=
Subject key identifier: 35:46:7A:DA:CA:5E:59:AD:21:7D:80:F2:EF:06:BB:87:3D:F2:12:58
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 019961A2CF1E5E899DF3FEE6F036B70BEF78
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NUZ62speWa0hfYDy7wa7hz3yElg.roa
Signing time: Fri 19 Sep 2025 11:01:23 +0000
ROA not before: Fri 19 Sep 2025 11:01:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19905
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
79.77.0.0/16 maxlen: 24
79.78.0.0/15 maxlen: 24
80.40.0.0/13 maxlen: 24
81.1.64.0/18 maxlen: 24
81.6.192.0/18 maxlen: 24
81.86.0.0/16 maxlen: 24
81.170.0.0/17 maxlen: 24
81.178.0.0/15 maxlen: 24
82.133.0.0/17 maxlen: 24
83.67.0.0/16 maxlen: 24
84.43.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
89.168.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.10.0.0/15 maxlen: 24
92.12.0.0/14 maxlen: 24
92.16.0.0/12 maxlen: 24
145.255.240.0/21 maxlen: 24
185.24.12.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
194.106.32.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
195.112.0.0/18 maxlen: 24
195.137.0.0/17 maxlen: 24
195.149.0.0/18 maxlen: 24
212.1.128.0/19 maxlen: 24
212.67.96.0/19 maxlen: 24
212.74.96.0/19 maxlen: 24
212.139.0.0/16 maxlen: 24
212.159.128.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:61:a2:cf:1e:5e:89:9d:f3:fe:e6:f0:36:b7:0b:ef:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Sep 19 11:01:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35467adaca5e59ad217d80f2ef06bb873df21258
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:95:51:cf:0e:d2:6b:f1:d0:6a:03:f6:a8:a5:
91:76:1e:2a:df:b6:56:b4:d3:d9:39:48:74:ab:c6:
0f:62:36:cd:24:5c:69:e3:d3:d3:b3:67:04:c2:6e:
c8:03:86:b6:56:9e:72:85:58:69:39:e9:a9:0d:60:
3b:0a:7c:06:40:82:4d:36:b2:ac:aa:e7:84:9e:45:
70:54:18:98:d1:a5:b4:84:70:2a:af:7a:5f:f7:ee:
4e:ec:5a:ad:6a:d2:d9:53:a2:a8:8e:66:1b:a0:e8:
4e:5e:3f:71:1b:fe:3f:2c:09:8a:d3:8d:78:bf:a2:
96:52:7d:6c:bd:d5:3f:87:06:f1:fc:34:78:1b:f8:
b8:16:a3:05:67:45:09:10:2a:0a:dc:38:09:6d:ec:
7a:c5:28:94:d9:27:1c:d1:78:0d:fb:ab:69:c4:52:
c9:ea:e3:ef:e0:54:c6:83:93:65:18:ac:0b:60:66:
49:e9:45:1b:bf:2d:cc:9c:3b:8a:e6:e0:f4:41:20:
59:20:f1:09:d4:65:6a:d8:4a:ae:ff:31:83:07:43:
bb:37:79:a8:de:33:03:63:a1:90:42:43:03:c3:cf:
57:05:10:f1:db:83:2b:6e:08:ba:d1:01:06:1b:2b:
d1:36:08:e6:64:4a:9f:4a:7d:58:5a:09:b6:d3:47:
66:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:46:7A:DA:CA:5E:59:AD:21:7D:80:F2:EF:06:BB:87:3D:F2:12:58
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NUZ62speWa0hfYDy7wa7hz3yElg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.77.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.43.0.0/17
87.242.128.0/17
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.10.0.0-92.31.255.255
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
81:eb:62:78:af:4b:d4:1a:25:ea:30:f9:e8:38:da:17:c1:d6:
6b:87:09:7c:91:33:0b:e7:4d:05:44:eb:b2:25:08:4b:5c:e0:
99:b1:de:eb:43:04:00:ed:32:18:03:57:05:9f:0f:98:87:78:
98:da:4b:11:69:ca:4c:02:04:f4:4c:a9:8a:7f:93:7d:ef:e9:
d7:3d:56:d6:f2:5a:c5:b8:ff:1d:b3:76:51:72:70:30:f3:cc:
ef:7f:82:79:c2:c3:b5:c8:07:f2:94:89:95:b2:bf:94:63:ff:
ad:6d:11:d2:47:dd:7d:10:da:26:24:0e:08:c8:cb:47:4b:34:
03:ae:f9:80:a2:06:23:99:f1:96:85:dd:24:3c:18:a2:6d:78:
fe:50:27:e3:80:03:de:bf:19:41:68:60:6a:05:65:4f:ea:ce:
fd:5b:db:4a:77:f2:54:1c:52:34:60:dc:0b:c1:8e:25:83:06:
77:27:30:ff:06:6c:c7:6d:ee:35:18:f6:a6:94:f0:f6:31:93:
d7:d2:b0:35:45:a3:93:2b:32:48:ea:5b:de:6d:0e:77:70:fa:
85:80:5f:57:86:6b:3b:23:69:b5:e1:9e:b9:4f:e5:d3:dd:83:
19:f3:e3:fa:0f:a4:bc:60:bf:c2:b1:50:66:8c:42:2d:4b:0e:
2a:da:cb:d0
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZlhos8eXomd8/7m8Da3C+94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjUwOTE5MTEwMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ2N2FkYWNhNWU1OWFkMjE3ZDgwZjJlZjA2YmI4NzNkZjIxMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJVRzw7Sa/HQagP2qKWRdh4q37ZW
tNPZOUh0q8YPYjbNJFxp49PTs2cEwm7IA4a2Vp5yhVhpOempDWA7CnwGQIJNNrKs
queEnkVwVBiY0aW0hHAqr3pf9+5O7FqtatLZU6KojmYboOhOXj9xG/4/LAmK0414
v6KWUn1svdU/hwbx/DR4G/i4FqMFZ0UJECoK3DgJbex6xSiU2Scc0XgN+6tpxFLJ
6uPv4FTGg5NlGKwLYGZJ6UUbvy3MnDuK5uD0QSBZIPEJ1GVq2Equ/zGDB0O7N3mo
3jMDY6GQQkMDw89XBRDx24Mrbgi60QEGGyvRNgjmZEqfSn1YWgm200dm7QIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFDVGetrKXlmtIX2A8u8Gu4c98hJYMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvTlVaNjJzcGVXYTBoZllEeTd3YTdoejN5RWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCCAQkEAgABMIIB
AQMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpAwCgMDAE9NAwMET0ADAwNQKAME
BlEBQAMEBlEGwAMDAFFWAwQHUaoAAwMBUbIDBAdShQADAwBTQwMEB1QrAAMEB1fy
gAMEB1mogAMDAlnwAwQDW5JwMAoDAwFcCgMDBVwAAwQDkf/wAwQCuRgMAwQCuXDU
MAwDBAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbD
cAADBAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVO
AwQG1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQCB62J4r0vUGiXq
MPnoONoXwdZrhwl8kTML500FROuyJQhLXOCZsd7rQwQA7TIYA1cFnw+Yh3iY2ksR
acpMAgT0TKmKf5N97+nXPVbW8lrFuP8ds3ZRcnAw88zvf4J5wsO1yAfylImVsr+U
Y/+tbRHSR919ENomJA4IyMtHSzQDrvmAogYjmfGWhd0kPBiibXj+UCfjgAPevxlB
aGBqBWVP6s79W9tKd/JUHFI0YNwLwY4lgwZ3JzD/BmzHbe41GPamlPD2MZPX0rA1
RaOTKzJI6lvebQ53cPqFgF9Xhms7I2m14Z65T+XT3YMZ8+P6D6S8YL/CsVBmjEIt
Sw4q2svQ
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:41 2025 by rpki-client