Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/0NgIFKzE9U8mH1i_SzHm7txoLcU.roa
File: 0NgIFKzE9U8mH1i_SzHm7txoLcU.roa (raw, json)
Hash identifier: hWQWohZ9IroKasDxxI/Z9V0O1L7U0SMQLl5Y82yIR3M=
Subject key identifier: D0:D8:08:14:AC:C4:F5:4F:26:1F:58:BF:4B:31:E6:EE:DC:68:2D:C5
Certificate issuer: /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial: 0199E6C29E90C5851EF881855A7DB7331171
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/0NgIFKzE9U8mH1i_SzHm7txoLcU.roa
Signing time: Wed 15 Oct 2025 07:25:38 +0000
ROA not before: Wed 15 Oct 2025 07:25:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5501
IP address blocks: 129.233.0.0/17 maxlen: 17
129.233.128.0/17 maxlen: 17
129.233.163.0/24 maxlen: 24
129.233.252.0/22 maxlen: 22
129.233.252.0/24 maxlen: 24
129.233.253.0/24 maxlen: 24
129.233.254.0/24 maxlen: 24
129.233.255.0/24 maxlen: 24
137.251.0.0/16 maxlen: 16
153.96.0.0/21 maxlen: 21
153.96.8.0/23 maxlen: 23
153.96.10.0/24 maxlen: 24
153.96.12.0/22 maxlen: 22
153.96.16.0/23 maxlen: 23
153.96.18.0/24 maxlen: 24
153.96.19.0/24 maxlen: 24
153.96.24.0/24 maxlen: 24
153.96.54.0/23 maxlen: 23
153.96.112.0/23 maxlen: 23
153.96.126.0/23 maxlen: 23
153.96.144.0/23 maxlen: 23
153.96.220.0/22 maxlen: 22
153.96.248.0/23 maxlen: 23
153.96.250.0/24 maxlen: 24
153.96.253.0/24 maxlen: 24
153.96.254.0/24 maxlen: 24
192.42.63.0/24 maxlen: 24
192.42.64.0/24 maxlen: 24
192.44.0.0/22 maxlen: 22
192.44.0.0/24 maxlen: 24
192.44.1.0/24 maxlen: 24
192.44.2.0/23 maxlen: 23
192.44.10.0/24 maxlen: 24
192.44.13.0/24 maxlen: 24
192.44.17.0/24 maxlen: 24
192.44.24.0/24 maxlen: 24
192.44.37.0/24 maxlen: 24
192.102.165.0/24 maxlen: 24
192.102.171.0/24 maxlen: 24
192.102.172.0/23 maxlen: 23
2a03:db80:1c14::/48 maxlen: 48
2a03:db80:4404::/48 maxlen: 48
2a03:db80:4410::/48 maxlen: 48
2a03:db80:4414::/48 maxlen: 48
2a03:db80:4415::/48 maxlen: 48
2a03:db80:4416::/48 maxlen: 48
2a03:db80:4420::/48 maxlen: 48
2a03:db80:4424::/48 maxlen: 48
2a03:db80:4434::/48 maxlen: 48
2a03:db80:4460::/48 maxlen: 48
2a03:db80:4470::/48 maxlen: 48
2a03:db80:4480::/48 maxlen: 48
2a03:db80:4484::/48 maxlen: 48
2a03:db80:4494::/48 maxlen: 48
2a03:db80:4c80::/48 maxlen: 48
2a03:db80:4c84::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 19:01:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e6:c2:9e:90:c5:85:1e:f8:81:85:5a:7d:b7:33:11:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
Validity
Not Before: Oct 15 07:25:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0d80814acc4f54f261f58bf4b31e6eedc682dc5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:10:a7:7f:d5:95:d0:30:0f:9c:fc:b5:87:10:
42:d4:48:4c:75:5b:76:a7:ed:e1:99:fe:d3:80:f9:
9a:ec:1a:4b:e4:a7:e2:0e:e6:88:90:1a:ce:b8:bd:
5f:16:c3:4e:77:cd:53:cf:27:a9:38:f2:94:e7:15:
dc:01:36:d6:74:c8:0f:45:19:10:85:91:9c:14:17:
4d:b5:d7:0b:85:4d:7f:89:c3:9c:e9:b6:a9:8b:8a:
b2:de:0f:a3:57:63:11:19:e6:e8:cf:1d:10:73:99:
b5:cd:af:72:b5:fc:c2:45:9a:ba:b4:13:c3:66:4a:
df:92:7b:86:e4:10:3a:f0:42:5c:2d:43:87:78:fb:
af:a0:95:ad:ae:a4:a2:17:7c:a4:7d:6c:07:aa:79:
c7:a1:f2:27:6c:32:32:cd:fd:f4:b6:b0:2a:c3:49:
1a:5a:72:9f:af:57:d3:e8:a6:29:bf:fc:57:ac:d9:
84:10:57:fc:eb:e0:5b:a4:d8:61:72:a7:be:83:ac:
19:d9:88:9d:7f:eb:88:d9:bd:6a:aa:3a:10:e2:4a:
44:a6:87:89:ca:f2:f1:ad:96:9d:96:0f:53:b3:c8:
e2:3e:fb:b0:32:80:12:75:e5:d3:b2:28:ef:b3:2d:
7b:ad:61:a5:2c:7f:8b:e6:f6:d7:0c:72:dd:d1:ae:
66:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:D8:08:14:AC:C4:F5:4F:26:1F:58:BF:4B:31:E6:EE:DC:68:2D:C5
X509v3 Authority Key Identifier:
keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/0NgIFKzE9U8mH1i_SzHm7txoLcU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
129.233.0.0/16
137.251.0.0/16
153.96.0.0-153.96.10.255
153.96.12.0-153.96.19.255
153.96.24.0/24
153.96.54.0/23
153.96.112.0/23
153.96.126.0/23
153.96.144.0/23
153.96.220.0/22
153.96.248.0-153.96.250.255
153.96.253.0-153.96.254.255
192.42.63.0-192.42.64.255
192.44.0.0/22
192.44.10.0/24
192.44.13.0/24
192.44.17.0/24
192.44.24.0/24
192.44.37.0/24
192.102.165.0/24
192.102.171.0-192.102.173.255
IPv6:
2a03:db80:1c14::/48
2a03:db80:4404::/48
2a03:db80:4410::/48
2a03:db80:4414::-2a03:db80:4416:ffff:ffff:ffff:ffff:ffff
2a03:db80:4420::/48
2a03:db80:4424::/48
2a03:db80:4434::/48
2a03:db80:4460::/48
2a03:db80:4470::/48
2a03:db80:4480::/48
2a03:db80:4484::/48
2a03:db80:4494::/48
2a03:db80:4c80::/48
2a03:db80:4c84::/48
Signature Algorithm: sha256WithRSAEncryption
12:1d:67:63:4e:43:f2:0b:31:c0:c3:e7:ce:3a:7e:be:c4:31:
7f:49:d9:64:75:94:30:a2:f0:9c:a3:ee:9e:97:f4:9c:aa:b5:
86:1c:df:0b:fb:92:fa:36:60:84:fc:e0:26:7a:9c:31:8a:73:
61:e4:03:0a:ae:24:49:40:31:02:bb:88:0d:4e:7c:f9:ef:01:
9a:7a:55:f3:20:5a:12:7d:52:f8:38:3c:07:f8:d3:5e:ea:9b:
10:0f:bc:48:54:05:f2:31:b0:4c:4c:b2:c6:6e:77:2c:84:4d:
e5:c4:34:2c:73:d0:4b:66:bd:80:ea:ba:34:b4:d0:d1:73:16:
2f:b0:e4:48:4e:46:53:24:2c:f6:05:8d:0b:c4:8c:a4:dd:f4:
a8:54:45:2f:5f:a4:0e:8f:2b:99:99:d8:f2:a2:f9:3d:f1:48:
8a:3b:14:57:a2:d4:c3:c0:c3:ab:ce:62:c0:cd:c0:c1:0a:33:
d6:28:20:6e:a5:8e:b2:b0:c1:30:0c:6f:cb:f7:1f:7d:cc:e1:
f5:e5:ef:67:90:35:aa:e4:0c:6b:03:be:d5:c8:d4:8e:a5:30:
56:80:db:fd:f5:80:e7:be:94:d4:98:cc:0b:21:1c:3e:01:18:
e3:d4:e3:28:4d:bd:c1:55:4b:b2:60:27:ac:0f:b3:b1:3e:2a:
32:d9:5f:c4
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgISAZnmwp6QxYUe+IGFWn23MxFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjUxMDE1MDcyNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQ4MDgxNGFjYzRmNTRmMjYxZjU4YmY0YjMxZTZlZWRjNjgyZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hCnf9WV0DAPnPy1hxBC1EhMdVt2
p+3hmf7TgPma7BpL5KfiDuaIkBrOuL1fFsNOd81TzyepOPKU5xXcATbWdMgPRRkQ
hZGcFBdNtdcLhU1/icOc6bapi4qy3g+jV2MRGebozx0Qc5m1za9ytfzCRZq6tBPD
ZkrfknuG5BA68EJcLUOHePuvoJWtrqSiF3ykfWwHqnnHofInbDIyzf30trAqw0ka
WnKfr1fT6KYpv/xXrNmEEFf86+BbpNhhcqe+g6wZ2Yidf+uI2b1qqjoQ4kpEpoeJ
yvLxrZadlg9Ts8jiPvuwMoASdeXTsijvsy17rWGlLH+L5vbXDHLd0a5m8QIDAQAB
o4IDSTCCA0UwHQYDVR0OBBYEFNDYCBSsxPVPJh9Yv0sx5u7caC3FMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvME5nSUZLekU5VThtSDFpX1N6SG03dHhvTGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXQYIKwYBBQUHAQcBAf8EggFMMIIBSDCBsgQCAAEwgasD
AwCB6QMDAIn7MAsDAwWZYAMEAJlgCjAMAwQCmWAMAwQCmWAQAwQAmWAYAwQBmWA2
AwQBmWBwAwQBmWB+AwQBmWCQAwQCmWDcMAwDBAOZYPgDBACZYPowDAMEAJlg/QME
AJlg/jAMAwQAwCo/AwQAwCpAAwQCwCwAAwQAwCwKAwQAwCwNAwQAwCwRAwQAwCwY
AwQAwCwlAwQAwGalMAwDBADAZqsDBAHAZqwwgZAEAgACMIGJAwcAKgPbgBwUAwcA
KgPbgEQEAwcAKgPbgEQQMBIDBwIqA9uARBQDBwAqA9uARBYDBwAqA9uARCADBwAq
A9uARCQDBwAqA9uARDQDBwAqA9uARGADBwAqA9uARHADBwAqA9uARIADBwAqA9uA
RIQDBwAqA9uARJQDBwAqA9uATIADBwAqA9uATIQwDQYJKoZIhvcNAQELBQADggEB
ABIdZ2NOQ/ILMcDD5846fr7EMX9J2WR1lDCi8Jyj7p6X9JyqtYYc3wv7kvo2YIT8
4CZ6nDGKc2HkAwquJElAMQK7iA1OfPnvAZp6VfMgWhJ9Uvg4PAf4017qmxAPvEhU
BfIxsExMssZudyyETeXENCxz0EtmvYDqujS00NFzFi+w5EhORlMkLPYFjQvEjKTd
9KhURS9fpA6PK5mZ2PKi+T3xSIo7FFei1MPAw6vOYsDNwMEKM9YoIG6ljrKwwTAM
b8v3H33M4fXl72eQNarkDGsDvtXI1I6lMFaA2/31gOe+lNSYzAshHD4BGOPU4yhN
vcFVS7JgJ6wPs7E+KjLZX8Q=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:05:22 2025 by rpki-client