Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9D65qFvqxjuPD_5r9XPzBgseSI8.roa
File: 9D65qFvqxjuPD_5r9XPzBgseSI8.roa (raw, json)
Hash identifier: PjEgF54xaK6KBJop1roJ8eeJAo0zQiacJOx7sYx9DVQ=
Subject key identifier: F4:3E:B9:A8:5B:EA:C6:3B:8F:0F:FE:6B:F5:73:F3:06:0B:1E:48:8F
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 0198997F2BB597BE4972591171B31E9A330D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9D65qFvqxjuPD_5r9XPzBgseSI8.roa
Signing time: Mon 11 Aug 2025 14:18:25 +0000
ROA not before: Mon 11 Aug 2025 14:18:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398465
IP address blocks: 195.143.0.0/21 maxlen: 24
195.143.15.0/24 maxlen: 24
195.143.17.0/24 maxlen: 24
195.143.18.0/24 maxlen: 24
195.143.22.0/23 maxlen: 24
195.143.28.0/22 maxlen: 24
195.143.34.0/24 maxlen: 24
195.143.36.0/22 maxlen: 24
195.143.82.0/24 maxlen: 24
195.143.84.0/24 maxlen: 24
195.143.86.0/23 maxlen: 24
195.143.88.0/23 maxlen: 24
195.143.98.0/23 maxlen: 24
195.143.107.0/24 maxlen: 24
195.143.108.0/22 maxlen: 24
195.143.113.0/24 maxlen: 24
195.143.114.0/23 maxlen: 24
195.143.116.0/24 maxlen: 24
195.143.118.0/23 maxlen: 24
195.143.121.0/24 maxlen: 24
195.143.123.0/24 maxlen: 24
195.143.132.0/24 maxlen: 24
195.143.134.0/24 maxlen: 24
195.143.144.0/22 maxlen: 24
195.143.148.0/24 maxlen: 24
195.143.152.0/22 maxlen: 24
195.143.160.0/23 maxlen: 24
195.143.163.0/24 maxlen: 24
195.143.164.0/22 maxlen: 24
195.143.176.0/24 maxlen: 24
195.143.178.0/24 maxlen: 24
195.143.187.0/24 maxlen: 24
195.143.190.0/23 maxlen: 24
195.143.192.0/20 maxlen: 24
195.143.208.0/21 maxlen: 24
195.143.216.0/24 maxlen: 24
195.143.224.0/22 maxlen: 24
195.143.230.0/23 maxlen: 24
195.143.232.0/21 maxlen: 24
195.143.240.0/22 maxlen: 24
195.143.246.0/23 maxlen: 24
195.143.248.0/22 maxlen: 24
195.143.252.0/24 maxlen: 24
195.143.254.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:99:7f:2b:b5:97:be:49:72:59:11:71:b3:1e:9a:33:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Aug 11 14:18:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f43eb9a85beac63b8f0ffe6bf573f3060b1e488f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f5:f8:29:d6:7d:7e:2b:8d:49:f6:29:69:b4:
69:64:f6:29:17:e1:54:b9:12:a1:ab:6d:69:05:01:
2c:45:8e:ae:1f:7a:b6:e5:f0:2a:86:a1:33:06:d6:
98:c6:a3:a1:0d:a9:72:58:cb:3e:1f:b8:60:69:39:
20:09:1c:ea:90:8e:70:c2:76:17:21:5c:88:4b:62:
e6:10:be:26:a4:00:f6:21:2e:e3:67:61:79:15:10:
08:26:5e:0c:b7:68:cf:b2:c0:a5:42:5f:53:eb:fd:
e4:14:a7:09:ce:ff:ea:47:db:a6:0c:ce:89:ec:20:
0a:a3:93:8a:58:c3:23:7d:99:f7:67:02:cd:32:b5:
1b:e2:4e:46:3f:d6:5c:c5:be:5e:96:aa:e4:56:10:
3a:3e:da:7b:9b:e0:52:7b:46:cd:8c:17:d5:3a:92:
0f:e4:3e:9a:75:97:5b:5f:69:c7:e5:fc:be:2d:8d:
68:e4:6b:77:3d:e4:e6:a0:6a:02:54:23:d0:c3:9a:
77:a0:15:30:96:d6:14:b6:78:b4:d9:f9:08:75:f1:
55:84:36:db:21:e7:60:9e:38:61:7d:ee:69:b7:e8:
df:aa:2b:45:91:90:63:bb:78:5b:e5:e0:9f:01:06:
22:2e:3f:0d:1c:31:8d:9d:db:02:e3:6a:fd:fc:58:
79:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:3E:B9:A8:5B:EA:C6:3B:8F:0F:FE:6B:F5:73:F3:06:0B:1E:48:8F
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/9D65qFvqxjuPD_5r9XPzBgseSI8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.143.0.0/21
195.143.15.0/24
195.143.17.0-195.143.18.255
195.143.22.0/23
195.143.28.0/22
195.143.34.0/24
195.143.36.0/22
195.143.82.0/24
195.143.84.0/24
195.143.86.0-195.143.89.255
195.143.98.0/23
195.143.107.0-195.143.111.255
195.143.113.0-195.143.116.255
195.143.118.0/23
195.143.121.0/24
195.143.123.0/24
195.143.132.0/24
195.143.134.0/24
195.143.144.0-195.143.148.255
195.143.152.0/22
195.143.160.0/23
195.143.163.0-195.143.167.255
195.143.176.0/24
195.143.178.0/24
195.143.187.0/24
195.143.190.0-195.143.216.255
195.143.224.0/22
195.143.230.0-195.143.243.255
195.143.246.0-195.143.252.255
195.143.254.0/23
Signature Algorithm: sha256WithRSAEncryption
6c:86:35:cb:f5:a5:31:d9:a1:35:ed:be:cd:6e:8e:66:ff:ed:
d4:7e:27:5c:90:f9:56:8d:98:e7:89:87:9c:ea:5f:8b:74:af:
26:fd:8b:0c:a2:92:ab:78:a4:55:81:24:ba:17:68:59:35:48:
75:26:61:b5:8f:e1:0c:ab:9a:74:5a:11:ad:0a:0c:f7:e9:6a:
00:1a:42:f4:d4:be:4f:f3:f3:c5:1e:ad:9a:88:82:94:8a:f2:
87:e4:eb:05:59:a8:58:39:a8:4e:53:8e:9a:b1:b0:a8:f1:1e:
e0:d8:53:de:e3:98:22:66:24:a0:0f:7c:25:c0:81:2f:b0:df:
3e:1a:c1:55:61:be:ff:89:4b:c2:fc:cf:e2:f3:48:98:b7:49:
5a:8a:e0:c2:e8:1a:28:00:3e:ce:32:d2:2f:81:a8:b7:f1:69:
c8:af:5f:06:71:f8:04:fb:94:55:00:4a:0a:fd:87:ad:3a:f4:
d2:c4:09:1a:78:d3:99:6b:f9:5c:a1:b1:5b:ad:45:fb:7f:2b:
b9:39:53:85:a1:41:bc:d9:99:8f:a0:3a:f5:59:fc:11:b8:c2:
07:ef:32:23:33:73:b3:47:d9:2e:58:c5:60:a0:58:1b:51:61:
a4:f4:9d:47:cf:42:19:cd:48:1a:f4:f3:b6:b0:e6:f1:43:f7:
51:06:39:ec
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZiZfyu1l75JclkRcbMemjMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwODExMTQxODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDNlYjlhODViZWFjNjNiOGYwZmZlNmJmNTczZjMwNjBiMWU0ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/X4KdZ9fiuNSfYpabRpZPYpF+FU
uRKhq21pBQEsRY6uH3q25fAqhqEzBtaYxqOhDalyWMs+H7hgaTkgCRzqkI5wwnYX
IVyIS2LmEL4mpAD2IS7jZ2F5FRAIJl4Mt2jPssClQl9T6/3kFKcJzv/qR9umDM6J
7CAKo5OKWMMjfZn3ZwLNMrUb4k5GP9Zcxb5elqrkVhA6Ptp7m+BSe0bNjBfVOpIP
5D6adZdbX2nH5fy+LY1o5Gt3PeTmoGoCVCPQw5p3oBUwltYUtni02fkIdfFVhDbb
Iedgnjhhfe5pt+jfqitFkZBju3hb5eCfAQYiLj8NHDGNndsC42r9/Fh5tQIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFPQ+uahb6sY7jw/+a/Vz8wYLHkiPMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvOUQ2NXFGdnF4anVQRF81cjlYUHpCZ3NlU0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
AwQDw48AAwQAw48PMAwDBADDjxEDBADDjxIDBAHDjxYDBALDjxwDBADDjyIDBALD
jyQDBADDj1IDBADDj1QwDAMEAcOPVgMEAcOPWAMEAcOPYjAMAwQAw49rAwQEw49g
MAwDBADDj3EDBADDj3QDBAHDj3YDBADDj3kDBADDj3sDBADDj4QDBADDj4YwDAME
BMOPkAMEAMOPlAMEAsOPmAMEAcOPoDAMAwQAw4+jAwQDw4+gAwQAw4+wAwQAw4+y
AwQAw4+7MAwDBAHDj74DBADDj9gDBALDj+AwDAMEAcOP5gMEAsOP8DAMAwQBw4/2
AwQAw4/8AwQBw4/+MA0GCSqGSIb3DQEBCwUAA4IBAQBshjXL9aUx2aE17b7Nbo5m
/+3UfidckPlWjZjniYec6l+LdK8m/YsMopKreKRVgSS6F2hZNUh1JmG1j+EMq5p0
WhGtCgz36WoAGkL01L5P8/PFHq2aiIKUivKH5OsFWahYOahOU46asbCo8R7g2FPe
45giZiSgD3wlwIEvsN8+GsFVYb7/iUvC/M/i80iYt0laiuDC6BooAD7OMtIvgai3
8WnIr18GcfgE+5RVAEoK/YetOvTSxAkaeNOZa/lcobFbrUX7fyu5OVOFoUG82ZmP
oDr1WfwRuMIH7zIjM3OzR9kuWMVgoFgbUWGk9J1Hz0IZzUga9PO2sObxQ/dRBjns
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:28:39 2025 by rpki-client