Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/k15OGPpmMVbIuP0gfPST3dJ3L18.roa
File: k15OGPpmMVbIuP0gfPST3dJ3L18.roa (raw, json)
Hash identifier: dY5BFisTi3sxAetFBrTuCEZuxnjpcIQhT0KOaqne55g=
Subject key identifier: 93:5E:4E:18:FA:66:31:56:C8:B8:FD:20:7C:F4:93:DD:D2:77:2F:5F
Certificate issuer: /CN=bbffd123cb93e24e025f952842108402958d4a4c
Certificate serial: 0197AEBE642A98F04A0C9BDFA74F8871DD6F
Authority key identifier: BB:FF:D1:23:CB:93:E2:4E:02:5F:95:28:42:10:84:02:95:8D:4A:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u__RI8uT4k4CX5UoQhCEApWNSkw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/k15OGPpmMVbIuP0gfPST3dJ3L18.roa
Signing time: Fri 27 Jun 2025 00:16:42 +0000
ROA not before: Fri 27 Jun 2025 00:16:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15830
IP address blocks: 86.109.0.0/24 maxlen: 24
86.109.2.0/23 maxlen: 23
86.109.7.0/24 maxlen: 24
86.109.9.0/24 maxlen: 24
93.187.218.0/23 maxlen: 23
136.144.50.0/23 maxlen: 23
136.144.56.0/23 maxlen: 23
136.144.58.0/23 maxlen: 23
136.144.62.0/23 maxlen: 23
139.178.64.0/22 maxlen: 22
139.178.76.0/23 maxlen: 23
139.178.80.0/21 maxlen: 21
145.40.64.0/23 maxlen: 23
145.40.69.0/24 maxlen: 24
145.40.74.0/23 maxlen: 23
145.40.76.0/23 maxlen: 23
145.40.78.0/24 maxlen: 24
145.40.79.0/24 maxlen: 24
145.40.80.0/23 maxlen: 23
145.40.88.0/24 maxlen: 24
145.40.89.0/24 maxlen: 24
145.40.98.0/23 maxlen: 23
145.40.101.0/24 maxlen: 24
145.40.102.0/23 maxlen: 23
145.40.108.0/22 maxlen: 22
145.40.120.0/22 maxlen: 22
147.28.128.0/23 maxlen: 23
147.28.131.0/24 maxlen: 24
147.28.136.0/23 maxlen: 23
147.28.138.0/23 maxlen: 23
147.28.140.0/22 maxlen: 22
147.28.141.0/24 maxlen: 24
147.28.142.0/23 maxlen: 23
147.28.144.0/23 maxlen: 23
147.28.146.0/23 maxlen: 23
147.28.148.0/23 maxlen: 23
147.28.150.0/23 maxlen: 23
147.28.152.0/24 maxlen: 24
147.28.154.0/23 maxlen: 23
147.28.162.0/23 maxlen: 23
147.28.164.0/23 maxlen: 23
147.28.166.0/23 maxlen: 23
147.28.176.0/23 maxlen: 23
147.28.182.0/23 maxlen: 23
147.28.186.0/23 maxlen: 23
147.28.189.0/24 maxlen: 24
147.28.192.0/24 maxlen: 24
147.28.193.0/24 maxlen: 24
147.28.194.0/24 maxlen: 24
147.28.196.0/23 maxlen: 23
147.28.200.0/24 maxlen: 24
147.28.201.0/24 maxlen: 24
147.28.202.0/24 maxlen: 24
147.28.204.0/23 maxlen: 23
147.28.210.0/23 maxlen: 23
147.28.214.0/23 maxlen: 23
147.28.219.0/24 maxlen: 24
147.28.222.0/23 maxlen: 23
147.28.228.0/24 maxlen: 24
147.28.229.0/24 maxlen: 24
147.28.232.0/24 maxlen: 24
147.28.241.0/24 maxlen: 24
147.75.35.0/24 maxlen: 24
147.75.36.0/22 maxlen: 22
147.75.40.0/23 maxlen: 23
147.75.44.0/24 maxlen: 24
147.75.45.0/24 maxlen: 24
147.75.47.0/24 maxlen: 24
147.75.48.0/24 maxlen: 24
147.75.50.0/23 maxlen: 23
147.75.53.0/24 maxlen: 24
147.75.54.0/23 maxlen: 23
147.75.54.0/24 maxlen: 24
147.75.55.0/24 maxlen: 24
147.75.59.0/24 maxlen: 24
147.75.61.0/24 maxlen: 24
147.75.62.0/23 maxlen: 23
147.75.62.0/24 maxlen: 24
147.75.63.0/24 maxlen: 24
147.75.64.0/22 maxlen: 22
147.75.72.0/21 maxlen: 21
147.75.96.0/22 maxlen: 22
147.75.104.0/22 maxlen: 22
147.75.192.0/21 maxlen: 21
147.75.206.0/24 maxlen: 24
147.75.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/u__RI8uT4k4CX5UoQhCEApWNSkw.crl
rsync://rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/u__RI8uT4k4CX5UoQhCEApWNSkw.mft
rsync://rpki.ripe.net/repository/DEFAULT/u__RI8uT4k4CX5UoQhCEApWNSkw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 09:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ae:be:64:2a:98:f0:4a:0c:9b:df:a7:4f:88:71:dd:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bbffd123cb93e24e025f952842108402958d4a4c
Validity
Not Before: Jun 27 00:16:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=935e4e18fa663156c8b8fd207cf493ddd2772f5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b2:7a:27:10:82:e1:32:41:fe:d6:32:7c:63:
c2:77:f3:02:9e:8b:7c:f0:fd:a9:41:38:fb:57:3f:
27:e2:ff:74:e2:d0:76:55:67:eb:72:33:de:e8:10:
4b:33:eb:7e:4c:66:0e:df:14:d1:ae:02:19:01:24:
27:12:7c:83:37:ba:82:28:d8:c3:37:65:ba:1e:03:
bf:fe:49:62:eb:7b:4a:eb:69:ea:30:f5:1e:56:68:
3b:b1:85:cb:a0:cf:8c:31:4a:76:19:48:32:71:9b:
e6:09:8b:6c:17:39:9d:be:7d:b2:5f:ac:5f:27:9b:
78:0f:1f:4a:cf:a4:af:4c:40:71:c8:8c:4f:39:a9:
42:9c:53:df:16:41:29:bb:30:b8:1b:91:93:6c:b3:
83:f0:30:97:d3:94:e6:38:db:20:3b:55:bf:e7:dd:
56:ec:f7:e1:b4:bd:0c:94:6b:27:4f:8e:9a:df:9e:
7d:c2:44:e0:8a:a8:d7:9f:04:5e:59:c0:e7:0f:43:
e3:d2:bb:5a:95:31:9e:fe:87:e8:f4:d3:ee:95:f6:
5f:54:ab:e3:58:d5:66:f8:df:b1:d9:6a:98:e9:94:
89:2d:17:36:04:97:5c:fe:d4:81:84:8d:b1:81:86:
48:e9:79:88:10:4a:37:e0:06:1b:c1:9c:bb:6a:95:
d9:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:5E:4E:18:FA:66:31:56:C8:B8:FD:20:7C:F4:93:DD:D2:77:2F:5F
X509v3 Authority Key Identifier:
keyid:BB:FF:D1:23:CB:93:E2:4E:02:5F:95:28:42:10:84:02:95:8D:4A:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u__RI8uT4k4CX5UoQhCEApWNSkw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/k15OGPpmMVbIuP0gfPST3dJ3L18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5dcfc9-57da-407f-a6b2-ac4a4061746d/1/u__RI8uT4k4CX5UoQhCEApWNSkw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.109.0.0/24
86.109.2.0/23
86.109.7.0/24
86.109.9.0/24
93.187.218.0/23
136.144.50.0/23
136.144.56.0/22
136.144.62.0/23
139.178.64.0/22
139.178.76.0/23
139.178.80.0/21
145.40.64.0/23
145.40.69.0/24
145.40.74.0-145.40.81.255
145.40.88.0/23
145.40.98.0/23
145.40.101.0-145.40.103.255
145.40.108.0/22
145.40.120.0/22
147.28.128.0/23
147.28.131.0/24
147.28.136.0-147.28.152.255
147.28.154.0/23
147.28.162.0-147.28.167.255
147.28.176.0/23
147.28.182.0/23
147.28.186.0/23
147.28.189.0/24
147.28.192.0-147.28.194.255
147.28.196.0/23
147.28.200.0-147.28.202.255
147.28.204.0/23
147.28.210.0/23
147.28.214.0/23
147.28.219.0/24
147.28.222.0/23
147.28.228.0/23
147.28.232.0/24
147.28.241.0/24
147.75.35.0-147.75.41.255
147.75.44.0/23
147.75.47.0-147.75.48.255
147.75.50.0/23
147.75.53.0-147.75.55.255
147.75.59.0/24
147.75.61.0-147.75.67.255
147.75.72.0/21
147.75.96.0/22
147.75.104.0/22
147.75.192.0/21
147.75.206.0/23
Signature Algorithm: sha256WithRSAEncryption
81:ce:e9:d4:a7:4c:2c:96:21:d6:2d:d8:62:6b:0d:e0:5f:1c:
3f:0c:20:5c:30:e3:6a:b3:da:81:3a:39:8c:84:17:e1:e9:13:
96:28:8f:d9:39:85:59:18:17:98:d0:13:5a:50:ff:73:eb:35:
40:81:fb:b5:39:0b:ab:45:7e:60:85:91:a4:a7:49:24:c2:a2:
76:b8:64:85:74:f5:70:4f:68:15:5c:e1:e6:9c:52:62:e8:70:
45:8c:6e:3d:c7:d4:29:6c:e1:af:f5:9e:30:8a:b3:db:15:c1:
f4:34:db:4f:7c:35:7c:d2:b1:7a:f3:e1:68:05:cf:14:35:4d:
98:cd:6b:c3:a3:59:f0:b1:b0:ba:36:d8:91:52:d8:8f:bd:ab:
93:4d:7f:23:e7:bb:57:a5:64:db:89:ee:7a:f0:ac:f7:59:1b:
28:22:b7:14:37:a8:53:e5:3f:3c:9f:94:90:68:26:ff:37:b8:
2a:ad:a6:1d:e5:a5:e9:e9:07:e3:23:e1:f4:b0:d1:2e:fa:50:
59:d7:7b:d0:72:77:bc:20:ba:19:f4:dd:3b:99:a2:91:0e:7c:
4c:03:59:36:42:7a:8c:c7:92:74:75:0f:63:17:62:93:04:11:
c9:6a:95:fd:c7:b5:3a:80:55:b7:f7:da:34:cc:64:dc:79:29:
7e:39:3e:f7
-----BEGIN CERTIFICATE-----
MIIGgzCCBWugAwIBAgISAZeuvmQqmPBKDJvfp0+Icd1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZmZkMTIzY2I5M2UyNGUwMjVmOTUyODQyMTA4NDAyOTU4
ZDRhNGMwHhcNMjUwNjI3MDAxNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzVlNGUxOGZhNjYzMTU2YzhiOGZkMjA3Y2Y0OTNkZGQyNzcyZjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbJ6JxCC4TJB/tYyfGPCd/MCnot8
8P2pQTj7Vz8n4v904tB2VWfrcjPe6BBLM+t+TGYO3xTRrgIZASQnEnyDN7qCKNjD
N2W6HgO//kli63tK62nqMPUeVmg7sYXLoM+MMUp2GUgycZvmCYtsFzmdvn2yX6xf
J5t4Dx9Kz6SvTEBxyIxPOalCnFPfFkEpuzC4G5GTbLOD8DCX05TmONsgO1W/591W
7PfhtL0MlGsnT46a3559wkTgiqjXnwReWcDnD0Pj0rtalTGe/ofo9NPulfZfVKvj
WNVm+N+x2WqY6ZSJLRc2BJdc/tSBhI2xgYZI6XmIEEo34AYbwZy7apXZUQIDAQAB
o4IDjzCCA4swHQYDVR0OBBYEFJNeThj6ZjFWyLj9IHz0k93Sdy9fMB8GA1UdIwQY
MBaAFLv/0SPLk+JOAl+VKEIQhAKVjUpMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9fUkk4dVQ0azRDWDVVb1FoQ0VBcFdOU2t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81ZGNmYzktNTdkYS00MDdmLWE2YjIt
YWM0YTQwNjE3NDZkLzEvazE1T0dQcG1NVmJJdVAwZ2ZQU1QzZEozTDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81ZGNmYzktNTdkYS00MDdmLWE2YjItYWM0YTQwNjE3NDZk
LzEvdV9fUkk4dVQ0azRDWDVVb1FoQ0VBcFdOU2t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEAFZtAAMEAVZtAgMEAFZtBwMEAFZtCQMEAV272gMEAYiQMgMEAoiQOAMEAYiQ
PgMEAouyQAMEAYuyTAMEA4uyUAMEAZEoQAMEAJEoRTAMAwQBkShKAwQBkShQAwQB
kShYAwQBkShiMAwDBACRKGUDBAORKGADBAKRKGwDBAKRKHgDBAGTHIADBACTHIMw
DAMEA5MciAMEAJMcmAMEAZMcmjAMAwQBkxyiAwQDkxygAwQBkxywAwQBkxy2AwQB
kxy6AwQAkxy9MAwDBAaTHMADBACTHMIDBAGTHMQwDAMEA5McyAMEAJMcygMEAZMc
zAMEAZMc0gMEAZMc1gMEAJMc2wMEAZMc3gMEAZMc5AMEAJMc6AMEAJMc8TAMAwQA
k0sjAwQBk0soAwQBk0ssMAwDBACTSy8DBACTSzADBAGTSzIwDAMEAJNLNQMEA5NL
MAMEAJNLOzAMAwQAk0s9AwQCk0tAAwQDk0tIAwQCk0tgAwQCk0toAwQDk0vAAwQB
k0vOMA0GCSqGSIb3DQEBCwUAA4IBAQCBzunUp0wsliHWLdhiaw3gXxw/DCBcMONq
s9qBOjmMhBfh6ROWKI/ZOYVZGBeY0BNaUP9z6zVAgfu1OQurRX5ghZGkp0kkwqJ2
uGSFdPVwT2gVXOHmnFJi6HBFjG49x9QpbOGv9Z4wirPbFcH0NNtPfDV80rF68+Fo
Bc8UNU2YzWvDo1nwsbC6NtiRUtiPvauTTX8j57tXpWTbie568Kz3WRsoIrcUN6hT
5T88n5SQaCb/N7gqraYd5aXp6QfjI+H0sNEu+lBZ13vQcne8ILoZ9N07maKRDnxM
A1k2QnqMx5J0dQ9jF2KTBBHJapX9x7U6gFW399o0zGTceSl+OT73
-----END CERTIFICATE-----
Generated at Mon Jun 30 15:49:56 2025 by rpki-client