Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/Td-MjJ9z3BFMN-CR2k1YuGa_k_c.roa
File: Td-MjJ9z3BFMN-CR2k1YuGa_k_c.roa (raw, json)
Hash identifier: 0YQPkgNx9PD50yI1FD2kcNedXzzoW6sYrN+X7fEAhd4=
Subject key identifier: 4D:DF:8C:8C:9F:73:DC:11:4C:37:E0:91:DA:4D:58:B8:66:BF:93:F7
Certificate issuer: /CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
Certificate serial: 01994734EF58B125CFEA7656EE7B76C034E1
Authority key identifier: 5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/Td-MjJ9z3BFMN-CR2k1YuGa_k_c.roa
Signing time: Sun 14 Sep 2025 07:51:15 +0000
ROA not before: Sun 14 Sep 2025 07:51:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34397
IP address blocks: 79.172.128.0/18 maxlen: 18
85.129.128.0/17 maxlen: 17
85.129.164.0/22 maxlen: 22
88.213.0.0/18 maxlen: 18
88.213.6.0/24 maxlen: 24
88.213.64.0/18 maxlen: 18
88.213.64.0/21 maxlen: 21
88.213.64.0/22 maxlen: 22
88.213.72.0/21 maxlen: 21
88.213.78.0/24 maxlen: 24
88.213.80.0/20 maxlen: 20
88.213.80.0/22 maxlen: 22
88.213.92.0/22 maxlen: 22
88.213.92.0/23 maxlen: 23
88.213.126.0/23 maxlen: 23
89.4.0.0/15 maxlen: 15
89.5.220.0/23 maxlen: 23
89.5.220.0/24 maxlen: 24
93.98.0.0/16 maxlen: 16
93.98.127.0/24 maxlen: 24
212.71.32.0/19 maxlen: 19
212.71.32.0/24 maxlen: 24
212.71.33.0/24 maxlen: 24
212.71.35.0/24 maxlen: 24
212.71.37.0/24 maxlen: 24
212.71.41.0/24 maxlen: 24
212.71.42.0/24 maxlen: 24
212.71.51.0/24 maxlen: 24
212.71.53.0/24 maxlen: 24
212.107.96.0/19 maxlen: 19
212.107.97.0/24 maxlen: 24
212.107.99.0/24 maxlen: 24
212.107.103.0/24 maxlen: 24
212.107.105.0/24 maxlen: 24
212.107.106.0/24 maxlen: 24
212.118.96.0/19 maxlen: 19
212.118.100.0/24 maxlen: 24
212.118.102.0/24 maxlen: 24
212.118.106.0/24 maxlen: 24
212.118.107.0/24 maxlen: 24
212.118.108.0/22 maxlen: 22
212.118.115.0/24 maxlen: 24
212.118.117.0/24 maxlen: 24
212.118.119.0/24 maxlen: 24
212.118.122.0/24 maxlen: 24
212.118.124.0/24 maxlen: 24
212.119.64.0/20 maxlen: 20
212.119.64.0/24 maxlen: 24
212.119.69.0/24 maxlen: 24
212.119.74.0/24 maxlen: 24
212.119.80.0/21 maxlen: 21
212.119.81.0/24 maxlen: 24
212.119.82.0/24 maxlen: 24
212.119.88.0/22 maxlen: 22
212.119.92.0/23 maxlen: 23
212.119.92.0/24 maxlen: 24
212.119.93.0/24 maxlen: 24
213.181.160.0/19 maxlen: 19
213.181.160.0/23 maxlen: 23
213.181.160.0/24 maxlen: 24
213.181.161.0/24 maxlen: 24
213.181.163.0/24 maxlen: 24
213.181.166.0/24 maxlen: 24
213.181.190.0/24 maxlen: 24
213.210.192.0/18 maxlen: 18
213.210.195.0/24 maxlen: 24
213.210.196.0/24 maxlen: 24
213.210.216.0/24 maxlen: 24
213.210.227.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.mft
rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 07:01:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:47:34:ef:58:b1:25:cf:ea:76:56:ee:7b:76:c0:34:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
Validity
Not Before: Sep 14 07:51:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ddf8c8c9f73dc114c37e091da4d58b866bf93f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:fe:9e:b9:c7:68:04:79:78:17:cb:70:cb:ba:
55:70:12:63:13:05:56:16:fb:de:28:2f:77:66:b0:
b8:eb:00:46:69:96:16:ac:f3:00:37:10:ef:f9:bb:
cc:08:8a:49:bc:0a:6c:94:69:34:5e:f7:51:6d:a3:
40:70:d1:8e:e2:11:7d:80:8d:20:65:d0:ef:12:64:
d6:e7:d7:a4:f3:b4:23:e3:f5:26:e4:de:27:6a:7b:
c4:27:98:0b:58:a5:1e:01:f2:03:fe:5f:b1:df:61:
62:91:5a:a1:96:fb:75:56:73:4c:79:67:bf:c9:00:
6d:a8:69:df:11:f4:d1:48:2e:5a:a1:c8:82:e1:5d:
05:22:d2:6b:1f:c9:b4:e5:bc:a4:7f:c0:8f:b0:08:
69:59:83:d5:c0:46:42:54:54:8b:90:96:7e:0b:28:
e8:91:b3:52:f5:52:62:99:8e:2d:ca:08:4f:7e:2d:
0c:e0:3c:c4:a3:e7:6c:9b:ee:2e:4c:0b:f3:2d:01:
10:78:d8:96:7a:3b:38:05:00:19:cb:47:b9:e6:8d:
e2:a7:af:e1:fa:c2:c0:3c:84:17:02:b6:7f:7e:9a:
86:64:e5:26:d6:eb:57:3b:80:95:c9:8e:bd:0f:2f:
d4:a3:cb:a4:3c:ff:53:bd:7f:b3:5a:ee:d4:b8:65:
40:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:DF:8C:8C:9F:73:DC:11:4C:37:E0:91:DA:4D:58:B8:66:BF:93:F7
X509v3 Authority Key Identifier:
keyid:5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/Td-MjJ9z3BFMN-CR2k1YuGa_k_c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.172.128.0/18
85.129.128.0/17
88.213.0.0/17
89.4.0.0/15
93.98.0.0/16
212.71.32.0/19
212.107.96.0/19
212.118.96.0/19
212.119.64.0-212.119.93.255
213.181.160.0/19
213.210.192.0/18
Signature Algorithm: sha256WithRSAEncryption
52:2b:17:40:dc:7f:49:31:6f:fb:6e:82:06:fc:54:b0:c3:24:
0f:18:20:ab:66:d9:f9:c6:20:42:06:49:c0:8b:5e:4c:f8:d7:
9b:0c:ee:dd:e8:dd:c7:42:f0:8c:73:04:57:b1:78:31:cf:a4:
5b:51:ec:4b:b0:ad:b8:d6:bc:af:64:52:28:fc:06:05:5c:64:
ab:7d:b9:ec:58:de:dd:e9:47:8b:d3:c9:81:f0:b9:64:8b:c4:
2c:a4:a4:ce:a7:00:e6:80:9a:42:f4:ec:6f:ba:d6:09:4b:65:
ee:91:6b:e5:c6:14:d2:4c:33:ed:0a:64:e2:d5:1a:0b:9c:ce:
73:a1:db:93:5e:b8:c1:48:aa:76:a5:fb:bd:f2:ff:77:41:f7:
26:63:f6:6f:b0:65:4a:d4:48:e2:7e:fd:39:a8:6a:4d:c4:29:
4b:6b:5f:bb:fc:37:86:d4:b6:b0:f2:66:72:bb:ec:82:8f:fb:
b9:3c:e2:01:7d:1d:2f:c6:84:0c:c9:7a:70:cc:3a:16:73:37:
8d:65:c2:02:e9:0e:32:f1:aa:f1:cd:27:62:cd:77:49:fc:33:
c1:7a:f0:0d:5f:e5:40:2b:e0:61:70:82:46:79:55:69:d8:25:
63:c3:20:a0:af:df:88:7f:99:9b:26:ab:fa:bf:51:ad:d9:42:
1d:b0:da:12
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZlHNO9YsSXP6nZW7nt2wDThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjY2RlY2ExNzFlNDIyYzc5YzkzOGMyNzMyYTkwZDQ4YThj
NTNjMDYwHhcNMjUwOTE0MDc1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGRmOGM4YzlmNzNkYzExNGMzN2UwOTFkYTRkNThiODY2YmY5M2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/6eucdoBHl4F8twy7pVcBJjEwVW
FvveKC93ZrC46wBGaZYWrPMANxDv+bvMCIpJvApslGk0XvdRbaNAcNGO4hF9gI0g
ZdDvEmTW59ek87Qj4/Um5N4nanvEJ5gLWKUeAfID/l+x32FikVqhlvt1VnNMeWe/
yQBtqGnfEfTRSC5aociC4V0FItJrH8m05bykf8CPsAhpWYPVwEZCVFSLkJZ+Cyjo
kbNS9VJimY4tyghPfi0M4DzEo+dsm+4uTAvzLQEQeNiWejs4BQAZy0e55o3ip6/h
+sLAPIQXArZ/fpqGZOUm1utXO4CVyY69Dy/Uo8ukPP9TvX+zWu7UuGVANQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFE3fjIyfc9wRTDfgkdpNWLhmv5P3MB8GA1UdIwQY
MBaAFFzN7KFx5CLHnJOMJzKpDUioxTwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUt
YTg4MWVjODIyOGI1LzEvVGQtTWpKOXozQkZNTi1DUjJrMVl1R2Ffa19jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUtYTg4MWVjODIyOGI1
LzEvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQGT6yAAwQH
VYGAAwQHWNUAAwMBWQQDAwBdYgMEBdRHIAMEBdRrYAMEBdR2YDAMAwQG1HdAAwQB
1HdcAwQF1bWgAwQG1dLAMA0GCSqGSIb3DQEBCwUAA4IBAQBSKxdA3H9JMW/7boIG
/FSwwyQPGCCrZtn5xiBCBknAi15M+NebDO7d6N3HQvCMcwRXsXgxz6RbUexLsK24
1ryvZFIo/AYFXGSrfbnsWN7d6UeL08mB8Llki8QspKTOpwDmgJpC9OxvutYJS2Xu
kWvlxhTSTDPtCmTi1RoLnM5zoduTXrjBSKp2pfu98v93QfcmY/ZvsGVK1Ejifv05
qGpNxClLa1+7/DeG1Law8mZyu+yCj/u5POIBfR0vxoQMyXpwzDoWczeNZcIC6Q4y
8arxzSdizXdJ/DPBevANX+VAK+BhcIJGeVVp2CVjwyCgr9+If5mbJqv6v1Gt2UId
sNoS
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:11:30 2025 by rpki-client