Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/T0aOPCX5XYSn6JrgCpyyjqzOUBs.roa
File: T0aOPCX5XYSn6JrgCpyyjqzOUBs.roa (raw, json)
Hash identifier: Srj8f3rTN/EncvR1RaIO7Y8ZljiDCWASxMYbAln2gsk=
Subject key identifier: 4F:46:8E:3C:25:F9:5D:84:A7:E8:9A:E0:0A:9C:B2:8E:AC:CE:50:1B
Certificate issuer: /CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Certificate serial: 0199E829D2DFA30915B1192B604236B711E6
Authority key identifier: 87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/T0aOPCX5XYSn6JrgCpyyjqzOUBs.roa
Signing time: Wed 15 Oct 2025 13:57:58 +0000
ROA not before: Wed 15 Oct 2025 13:57:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 132839
IP address blocks: 2.59.100.0/22 maxlen: 24
2.59.100.0/24 maxlen: 24
2.59.101.0/24 maxlen: 24
2.59.102.0/24 maxlen: 24
2.59.103.0/24 maxlen: 24
45.8.29.0/24 maxlen: 24
45.8.30.0/24 maxlen: 24
45.9.108.0/22 maxlen: 24
45.9.108.0/24 maxlen: 24
45.9.109.0/24 maxlen: 24
45.9.110.0/24 maxlen: 24
45.9.111.0/24 maxlen: 24
45.10.208.0/23 maxlen: 23
45.10.208.0/24 maxlen: 24
45.10.209.0/24 maxlen: 24
45.10.210.0/24 maxlen: 24
45.13.160.0/22 maxlen: 24
45.13.160.0/24 maxlen: 24
45.66.188.0/22 maxlen: 24
45.66.188.0/24 maxlen: 24
45.66.189.0/24 maxlen: 24
45.66.190.0/24 maxlen: 24
45.66.191.0/24 maxlen: 24
45.80.112.0/22 maxlen: 24
45.80.113.0/24 maxlen: 24
45.80.114.0/23 maxlen: 24
45.80.114.0/24 maxlen: 24
45.87.228.0/22 maxlen: 24
45.87.228.0/24 maxlen: 24
45.87.231.0/24 maxlen: 24
45.93.64.0/22 maxlen: 24
45.93.64.0/24 maxlen: 24
45.93.65.0/24 maxlen: 24
45.93.66.0/24 maxlen: 24
45.93.67.0/24 maxlen: 24
45.131.156.0/22 maxlen: 24
45.131.156.0/24 maxlen: 24
45.131.157.0/24 maxlen: 24
45.131.158.0/24 maxlen: 24
45.131.159.0/24 maxlen: 24
45.142.76.0/22 maxlen: 24
45.142.77.0/24 maxlen: 24
45.142.78.0/24 maxlen: 24
45.142.79.0/24 maxlen: 24
45.147.212.0/22 maxlen: 24
45.147.213.0/24 maxlen: 24
45.147.214.0/24 maxlen: 24
45.147.215.0/24 maxlen: 24
45.149.68.0/22 maxlen: 24
45.149.68.0/24 maxlen: 24
45.149.69.0/24 maxlen: 24
45.156.168.0/22 maxlen: 24
45.156.169.0/24 maxlen: 24
45.156.171.0/24 maxlen: 24
45.156.216.0/22 maxlen: 24
45.158.220.0/22 maxlen: 24
45.158.221.0/24 maxlen: 24
45.158.223.0/24 maxlen: 24
62.192.188.0/22 maxlen: 24
62.192.188.0/24 maxlen: 24
62.192.189.0/24 maxlen: 24
62.192.190.0/24 maxlen: 24
62.192.191.0/24 maxlen: 24
83.150.224.0/22 maxlen: 24
83.150.224.0/24 maxlen: 24
83.150.225.0/24 maxlen: 24
85.208.56.0/22 maxlen: 24
85.208.56.0/24 maxlen: 24
85.208.57.0/24 maxlen: 24
85.208.58.0/24 maxlen: 24
85.208.59.0/24 maxlen: 24
92.118.144.0/22 maxlen: 24
92.118.144.0/24 maxlen: 24
92.118.145.0/24 maxlen: 24
92.118.146.0/24 maxlen: 24
92.118.147.0/24 maxlen: 24
185.51.164.0/22 maxlen: 24
185.51.164.0/24 maxlen: 24
185.51.167.0/24 maxlen: 24
193.42.15.0/24 maxlen: 24
193.42.132.0/24 maxlen: 24
193.42.135.0/24 maxlen: 24
193.42.149.0/24 maxlen: 24
193.108.46.0/24 maxlen: 24
193.108.96.0/23 maxlen: 24
193.108.96.0/24 maxlen: 24
193.108.97.0/24 maxlen: 24
193.164.222.0/23 maxlen: 24
193.168.4.0/23 maxlen: 24
193.168.4.0/24 maxlen: 24
194.146.84.0/22 maxlen: 24
194.146.84.0/24 maxlen: 24
194.146.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.mft
rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e8:29:d2:df:a3:09:15:b1:19:2b:60:42:36:b7:11:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Validity
Not Before: Oct 15 13:57:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f468e3c25f95d84a7e89ae00a9cb28eacce501b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:93:c2:36:2d:cc:e1:42:6b:54:a3:a3:19:4d:
b8:67:0c:8e:8d:9c:9b:f6:e6:8a:66:7e:52:31:08:
29:6b:a3:d0:da:89:0f:ab:f1:b5:8c:5a:df:91:af:
1e:42:b2:25:23:fc:d4:e3:8d:c9:80:ab:98:26:9e:
1a:d5:75:a5:77:ab:99:6b:1e:a1:a1:02:c9:b3:b1:
23:38:c6:b0:45:13:e1:d3:3d:b7:36:02:f8:f2:d5:
d8:29:c7:1a:65:79:38:74:85:1a:b6:40:32:a8:b1:
2a:88:9a:68:75:24:22:da:c6:58:11:29:0e:0a:27:
3e:f4:9b:a4:ae:02:6f:a6:3a:e4:bc:b0:57:b2:1a:
e4:82:1d:9c:30:5c:4f:fe:8f:11:23:6a:12:6d:bb:
0a:ff:1c:1f:d4:01:18:61:e4:00:d7:e7:3e:4e:71:
25:65:a5:d1:e1:c5:6f:ff:6e:ff:52:0a:1d:35:7c:
b6:5d:74:e6:16:91:94:35:4c:b6:a0:a7:4c:5c:e1:
ce:10:67:3f:20:a3:76:84:8a:72:22:83:88:dc:61:
d9:d4:c9:24:9d:bb:80:46:cb:d5:fe:ca:8f:d3:53:
ba:d4:5c:fb:b2:ec:fc:68:36:32:ea:73:34:79:eb:
91:20:b1:cd:dc:56:f1:26:84:ff:e2:ab:31:f9:fd:
63:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:46:8E:3C:25:F9:5D:84:A7:E8:9A:E0:0A:9C:B2:8E:AC:CE:50:1B
X509v3 Authority Key Identifier:
keyid:87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/T0aOPCX5XYSn6JrgCpyyjqzOUBs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.100.0/22
45.8.29.0-45.8.30.255
45.9.108.0/22
45.10.208.0-45.10.210.255
45.13.160.0/22
45.66.188.0/22
45.80.112.0/22
45.87.228.0/22
45.93.64.0/22
45.131.156.0/22
45.142.76.0/22
45.147.212.0/22
45.149.68.0/22
45.156.168.0/22
45.156.216.0/22
45.158.220.0/22
62.192.188.0/22
83.150.224.0/22
85.208.56.0/22
92.118.144.0/22
185.51.164.0/22
193.42.15.0/24
193.42.132.0/24
193.42.135.0/24
193.42.149.0/24
193.108.46.0/24
193.108.96.0/23
193.164.222.0/23
193.168.4.0/23
194.146.84.0/22
Signature Algorithm: sha256WithRSAEncryption
59:de:8f:c7:62:b8:50:08:a7:8e:1a:bd:dd:5b:a9:db:09:90:
77:7c:a6:81:75:02:5d:c8:25:be:6a:ad:a3:41:b3:b1:a9:23:
2b:af:28:ea:9b:4d:9f:f7:4e:ce:6b:57:ac:a1:72:eb:9c:5a:
e7:7b:61:3a:16:1f:90:ae:6c:46:0b:e6:4c:69:e1:d1:8c:92:
30:d4:5d:ec:0f:97:d4:35:90:68:33:20:18:bd:5e:0a:8d:7f:
43:72:4a:12:0b:7f:f4:27:b5:9e:10:bc:d2:a2:8f:9f:43:9e:
30:85:63:a5:39:cb:fe:6e:b3:fb:e2:d5:7e:19:1a:70:a8:ac:
3e:5a:de:01:96:6c:22:ae:85:c9:cc:ca:76:10:51:a6:54:55:
5b:4c:58:34:b0:ab:11:cb:59:9e:fc:0e:63:63:07:17:20:92:
6c:a3:e4:22:41:2d:bf:88:20:9e:ca:ff:75:31:ed:1b:bf:58:
5a:cc:f0:ae:a2:44:98:d3:b9:5c:86:af:4c:20:ff:bb:65:89:
2f:03:be:11:14:16:32:37:d4:19:7e:23:c3:3b:d4:9c:69:f3:
34:24:78:cf:0b:1c:c7:e4:43:99:2e:e2:89:f0:ae:a3:34:b7:
9d:33:00:0d:a8:78:b7:10:c9:1c:c8:68:b9:6c:af:1e:1b:56:
f6:c8:54:77
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZnoKdLfowkVsRkrYEI2txHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGFiYjI5OTc3YTY1YjE0MGNhY2I2ZTcyYWIyNGNlZGRk
NGU4YzUwHhcNMjUxMDE1MTM1NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ2OGUzYzI1Zjk1ZDg0YTdlODlhZTAwYTljYjI4ZWFjY2U1MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpPCNi3M4UJrVKOjGU24ZwyOjZyb
9uaKZn5SMQgpa6PQ2okPq/G1jFrfka8eQrIlI/zU443JgKuYJp4a1XWld6uZax6h
oQLJs7EjOMawRRPh0z23NgL48tXYKccaZXk4dIUatkAyqLEqiJpodSQi2sZYESkO
Cic+9JukrgJvpjrkvLBXshrkgh2cMFxP/o8RI2oSbbsK/xwf1AEYYeQA1+c+TnEl
ZaXR4cVv/27/UgodNXy2XXTmFpGUNUy2oKdMXOHOEGc/IKN2hIpyIoOI3GHZ1Mkk
nbuARsvV/sqP01O61Fz7suz8aDYy6nM0eeuRILHN3FbxJoT/4qsx+f1j8QIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFE9Gjjwl+V2Ep+ia4Aqcso6szlAbMB8GA1UdIwQY
MBaAFIeKuymXemWxQMrLbnKrJM7d1OjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2Et
YWM4NjQ3ZDA1NThhLzEvVDBhT1BDWDVYWVNuNkpyZ0NweXlqcXpPVUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2EtYWM4NjQ3ZDA1NThh
LzEvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAEwgcQDBAIC
O2QwDAMEAC0IHQMEAC0IHgMEAi0JbDAMAwQELQrQAwQALQrSAwQCLQ2gAwQCLUK8
AwQCLVBwAwQCLVfkAwQCLV1AAwQCLYOcAwQCLY5MAwQCLZPUAwQCLZVEAwQCLZyo
AwQCLZzYAwQCLZ7cAwQCPsC8AwQCU5bgAwQCVdA4AwQCXHaQAwQCuTOkAwQAwSoP
AwQAwSqEAwQAwSqHAwQAwSqVAwQAwWwuAwQBwWxgAwQBwaTeAwQBwagEAwQCwpJU
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ3o/HYrhQCKeOGr3dW6nbCZB3fKaBdQJdyCW+
aq2jQbOxqSMrryjqm02f907Oa1esoXLrnFrne2E6Fh+QrmxGC+ZMaeHRjJIw1F3s
D5fUNZBoMyAYvV4KjX9DckoSC3/0J7WeELzSoo+fQ54whWOlOcv+brP74tV+GRpw
qKw+Wt4BlmwiroXJzMp2EFGmVFVbTFg0sKsRy1me/A5jYwcXIJJso+QiQS2/iCCe
yv91Me0bv1hazPCuokSY07lchq9MIP+7ZYkvA74RFBYyN9QZfiPDO9ScafM0JHjP
CxzH5EOZLuKJ8K6jNLedMwANqHi3EMkcyGi5bK8eG1b2yFR3
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:56:01 2025 by rpki-client