Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/v8rOWOc0p2GChxfqKFkmuLIdT3E.roa
File: v8rOWOc0p2GChxfqKFkmuLIdT3E.roa (raw, json)
Hash identifier: +xzj+0LiqVTk0R99ZJrfx7A7Nmd2wLsoo1QNj6wIDCM=
Subject key identifier: BF:CA:CE:58:E7:34:A7:61:82:87:17:EA:28:59:26:B8:B2:1D:4F:71
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 01995318270D4CD4B9070D20D1F0B723065F
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/v8rOWOc0p2GChxfqKFkmuLIdT3E.roa
Signing time: Tue 16 Sep 2025 15:15:15 +0000
ROA not before: Tue 16 Sep 2025 15:15:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8359
IP address blocks: 5.144.96.0/19 maxlen: 19
5.144.125.0/24 maxlen: 24
5.189.208.0/21 maxlen: 21
31.40.112.0/20 maxlen: 20
37.208.120.0/21 maxlen: 21
62.118.0.0/16 maxlen: 24
62.168.224.0/19 maxlen: 19
79.171.115.0/24 maxlen: 24
80.80.96.0/19 maxlen: 19
80.83.236.0/24 maxlen: 24
80.83.237.0/24 maxlen: 24
81.91.32.0/19 maxlen: 19
81.91.41.0/24 maxlen: 24
81.195.0.0/16 maxlen: 24
82.96.192.0/18 maxlen: 18
83.237.0.0/16 maxlen: 16
85.140.0.0/15 maxlen: 24
85.235.32.0/19 maxlen: 19
89.175.0.0/16 maxlen: 16
89.175.248.0/21 maxlen: 21
91.76.0.0/14 maxlen: 14
91.195.210.0/23 maxlen: 23
92.43.184.0/21 maxlen: 21
93.90.224.0/20 maxlen: 20
93.90.224.0/22 maxlen: 22
94.77.128.0/18 maxlen: 18
94.77.144.0/22 maxlen: 22
94.140.128.0/19 maxlen: 19
94.243.5.0/24 maxlen: 24
94.243.32.0/24 maxlen: 24
95.153.136.0/22 maxlen: 22
95.169.128.0/19 maxlen: 19
109.198.224.0/19 maxlen: 19
141.105.24.0/21 maxlen: 21
176.222.17.0/24 maxlen: 24
178.141.0.0/16 maxlen: 16
178.155.0.0/17 maxlen: 17
178.155.48.0/22 maxlen: 22
178.159.16.0/20 maxlen: 20
185.168.236.0/22 maxlen: 22
193.104.128.0/24 maxlen: 24
193.169.118.0/23 maxlen: 23
193.189.68.0/23 maxlen: 23
194.126.203.0/24 maxlen: 24
195.34.0.0/19 maxlen: 19
195.34.15.0/24 maxlen: 24
195.34.32.0/19 maxlen: 19
195.34.36.0/24 maxlen: 24
195.34.38.0/24 maxlen: 24
195.34.42.0/24 maxlen: 24
212.188.0.0/17 maxlen: 17
212.188.1.0/24 maxlen: 24
212.188.16.0/24 maxlen: 24
212.188.29.0/24 maxlen: 24
213.27.0.0/17 maxlen: 17
213.87.0.0/16 maxlen: 16
213.87.64.0/22 maxlen: 22
213.87.70.0/23 maxlen: 23
213.87.76.0/23 maxlen: 23
213.87.80.0/20 maxlen: 20
213.87.98.0/23 maxlen: 23
213.87.100.0/24 maxlen: 24
213.87.104.0/24 maxlen: 24
213.87.105.0/24 maxlen: 24
213.87.106.0/23 maxlen: 23
213.87.128.0/19 maxlen: 19
213.87.160.0/22 maxlen: 22
213.87.200.0/22 maxlen: 22
213.87.204.0/22 maxlen: 22
213.87.208.0/23 maxlen: 23
213.87.210.0/23 maxlen: 23
213.87.240.0/22 maxlen: 22
213.87.244.0/23 maxlen: 23
213.87.246.0/24 maxlen: 24
213.87.248.0/22 maxlen: 22
213.147.32.0/19 maxlen: 19
213.176.228.0/22 maxlen: 22
217.74.244.0/22 maxlen: 22
217.74.248.0/21 maxlen: 21
2a00:1fa0::/29 maxlen: 29
2a00:1fa0::/33 maxlen: 33
2a00:1fa0:8000::/33 maxlen: 33
2a00:1fa1::/33 maxlen: 33
2a00:1fa2::/33 maxlen: 33
2a00:1fa3::/33 maxlen: 33
2a00:1fa3:8000::/40 maxlen: 40
2a02:28::/29 maxlen: 29
2a02:28::/32 maxlen: 32
2a02:28:1::/48 maxlen: 48
2a02:28:a::/48 maxlen: 48
2a02:29::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:53:18:27:0d:4c:d4:b9:07:0d:20:d1:f0:b7:23:06:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Sep 16 15:15:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bfcace58e734a761828717ea285926b8b21d4f71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:15:e2:8b:b9:a3:e7:2d:61:15:e5:eb:0a:e3:
fe:f4:4e:6b:de:b7:18:64:20:37:e3:25:33:49:4d:
a0:2d:f5:f7:b7:7c:ac:45:9b:4a:00:fc:3e:89:4f:
0a:0a:03:28:41:04:97:94:28:97:aa:fe:40:45:5f:
9e:03:eb:b1:7a:fa:bf:52:44:09:3e:11:16:bc:5e:
83:1e:bf:67:e3:59:02:a3:fd:c4:19:a3:c9:87:24:
4b:81:ed:75:12:d1:9b:0e:a6:18:07:6c:fd:16:eb:
87:10:3a:01:d0:8f:b9:f4:ee:ef:03:81:29:8d:e7:
13:14:7f:cb:2e:5b:4a:0f:1c:68:7d:04:6d:fd:a0:
3b:7c:8f:c6:4b:4d:03:71:de:65:38:69:16:0e:f7:
6e:1e:4b:3e:70:bb:e4:1d:dc:b8:d8:4b:70:6e:32:
ad:03:26:b8:4f:20:e6:54:20:9f:0b:91:57:db:bb:
90:66:7b:03:7f:08:b1:ed:92:54:43:da:fe:ec:c8:
58:47:51:97:5d:3e:37:be:28:43:fb:26:01:84:f5:
60:d0:d7:4b:4a:d7:e1:79:21:4f:f2:c8:52:be:5a:
16:fd:5c:1a:7c:b9:e0:d7:cd:a0:91:d3:63:8a:5d:
a6:07:9a:d9:ee:66:74:a3:9f:29:c3:67:17:f5:d0:
58:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:CA:CE:58:E7:34:A7:61:82:87:17:EA:28:59:26:B8:B2:1D:4F:71
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/v8rOWOc0p2GChxfqKFkmuLIdT3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.144.96.0/19
5.189.208.0/21
31.40.112.0/20
37.208.120.0/21
62.118.0.0/16
62.168.224.0/19
79.171.115.0/24
80.80.96.0/19
80.83.236.0/23
81.91.32.0/19
81.195.0.0/16
82.96.192.0/18
83.237.0.0/16
85.140.0.0/15
85.235.32.0/19
89.175.0.0/16
91.76.0.0/14
91.195.210.0/23
92.43.184.0/21
93.90.224.0/20
94.77.128.0/18
94.140.128.0/19
94.243.5.0/24
94.243.32.0/24
95.153.136.0/22
95.169.128.0/19
109.198.224.0/19
141.105.24.0/21
176.222.17.0/24
178.141.0.0/16
178.155.0.0/17
178.159.16.0/20
185.168.236.0/22
193.104.128.0/24
193.169.118.0/23
193.189.68.0/23
194.126.203.0/24
195.34.0.0/18
212.188.0.0/17
213.27.0.0/17
213.87.0.0/16
213.147.32.0/19
213.176.228.0/22
217.74.244.0-217.74.255.255
IPv6:
2a00:1fa0::/29
2a02:28::/29
Signature Algorithm: sha256WithRSAEncryption
32:c2:da:07:41:46:bd:5d:d9:0b:78:1c:2b:77:20:5f:d0:02:
e4:ce:96:37:1f:41:5a:35:0a:2a:67:78:ed:86:e6:52:d1:7b:
48:91:cb:60:44:80:91:2a:d0:db:28:8e:a8:c6:e3:d3:8a:f9:
10:5f:cb:91:aa:9c:14:2e:82:f6:e5:a7:f5:9a:eb:fa:9e:00:
9e:08:6d:ac:9b:68:60:47:6d:55:14:25:fb:ef:a9:d9:f1:ec:
93:9c:08:41:75:a4:82:77:3c:e0:ec:67:43:1a:44:58:31:21:
71:18:e7:f7:37:a3:ac:90:e0:dd:be:72:5a:74:ff:3a:9a:c1:
be:75:88:ec:f9:5c:dd:84:cf:f9:0e:fc:bf:be:85:c3:71:c1:
3c:da:89:f4:96:3d:50:84:f9:21:51:c3:d8:a1:a9:e2:37:b7:
9a:f8:78:40:f9:63:f2:6c:99:4c:b6:e6:79:09:60:7c:43:2a:
2f:2c:11:bf:0a:64:2d:68:a5:1b:f2:f7:54:90:b3:62:b3:f6:
2b:18:a3:3c:79:75:13:4a:1f:5f:0b:d1:ed:ec:cc:54:44:c1:
ad:2b:78:55:99:ea:86:6f:ec:5f:4c:fd:05:d3:fd:e5:ef:24:
12:01:b7:e6:ba:9a:93:12:b5:d7:65:d0:ab:40:5f:5f:46:eb:
a0:ac:ed:b7
-----BEGIN CERTIFICATE-----
MIIGHjCCBQagAwIBAgISAZlTGCcNTNS5Bw0g0fC3IwZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwOTE2MTUxNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmNhY2U1OGU3MzRhNzYxODI4NzE3ZWEyODU5MjZiOGIyMWQ0ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBXii7mj5y1hFeXrCuP+9E5r3rcY
ZCA34yUzSU2gLfX3t3ysRZtKAPw+iU8KCgMoQQSXlCiXqv5ARV+eA+uxevq/UkQJ
PhEWvF6DHr9n41kCo/3EGaPJhyRLge11EtGbDqYYB2z9FuuHEDoB0I+59O7vA4Ep
jecTFH/LLltKDxxofQRt/aA7fI/GS00Dcd5lOGkWDvduHks+cLvkHdy42EtwbjKt
Aya4TyDmVCCfC5FX27uQZnsDfwix7ZJUQ9r+7MhYR1GXXT43vihD+yYBhPVg0NdL
StfheSFP8shSvloW/VwafLng182gkdNjil2mB5rZ7mZ0o58pw2cX9dBYmwIDAQAB
o4IDKjCCAyYwHQYDVR0OBBYEFL/KzljnNKdhgocX6ihZJriyHU9xMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvdjhyT1dPYzBwMkdDaHhmcUtGa211TElkVDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPgYIKwYBBQUHAQcBAf8EggEtMIIBKTCCAQ8EAgABMIIB
BwMEBQWQYAMEAwW90AMEBB8ocAMEAyXQeAMDAD52AwQFPqjgAwQAT6tzAwQFUFBg
AwQBUFPsAwQFUVsgAwMAUcMDBAZSYMADAwBT7QMDAVWMAwQFVesgAwMAWa8DAwJb
TAMEAVvD0gMEA1wruAMEBF1a4AMEBl5NgAMEBV6MgAMEAF7zBQMEAF7zIAMEAl+Z
iAMEBV+pgAMEBW3G4AMEA41pGAMEALDeEQMDALKNAwQHspsAAwQEsp8QAwQCuajs
AwQAwWiAAwQBwal2AwQBwb1EAwQAwn7LAwQGwyIAAwQH1LwAAwQH1RsAAwMA1VcD
BAXVkyADBALVsOQwCwMEAtlK9AMDANlKMBQEAgACMA4DBQMqAB+gAwUDKgIAKDAN
BgkqhkiG9w0BAQsFAAOCAQEAMsLaB0FGvV3ZC3gcK3cgX9AC5M6WNx9BWjUKKmd4
7YbmUtF7SJHLYESAkSrQ2yiOqMbj04r5EF/LkaqcFC6C9uWn9Zrr+p4AnghtrJto
YEdtVRQl+++p2fHsk5wIQXWkgnc84OxnQxpEWDEhcRjn9zejrJDg3b5yWnT/OprB
vnWI7Plc3YTP+Q78v76Fw3HBPNqJ9JY9UIT5IVHD2KGp4je3mvh4QPlj8myZTLbm
eQlgfEMqLywRvwpkLWilG/L3VJCzYrP2KxijPHl1E0ofXwvR7ezMVETBrSt4VZnq
hm/sX0z9BdP95e8kEgG35rqakxK112XQq0BfX0broKzttw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:05:26 2025 by rpki-client