Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/cTUW6h8O7oJIMmgLFdy8XjEMwQM.roa
File: cTUW6h8O7oJIMmgLFdy8XjEMwQM.roa (raw, json)
Hash identifier: GWLeGo5Tx1NQYnIt9PV3FBH+YZ+jq0YpS9g5boQS2IE=
Subject key identifier: 71:35:16:EA:1F:0E:EE:82:48:32:68:0B:15:DC:BC:5E:31:0C:C1:03
Certificate issuer: /CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Certificate serial: 0199817045609CC99FA437160C2693DDD92E
Authority key identifier: A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/cTUW6h8O7oJIMmgLFdy8XjEMwQM.roa
Signing time: Thu 25 Sep 2025 15:14:02 +0000
ROA not before: Thu 25 Sep 2025 15:14:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39151
IP address blocks: 87.238.112.0/21 maxlen: 21
91.151.144.0/20 maxlen: 20
95.128.16.0/21 maxlen: 21
185.70.252.0/23 maxlen: 23
185.70.252.0/24 maxlen: 24
213.175.128.0/24 maxlen: 24
213.175.132.0/24 maxlen: 24
213.175.134.0/24 maxlen: 24
213.175.136.0/21 maxlen: 21
213.175.152.0/24 maxlen: 24
213.175.156.0/24 maxlen: 24
213.175.158.0/24 maxlen: 24
213.208.32.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:81:70:45:60:9c:c9:9f:a4:37:16:0c:26:93:dd:d9:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Validity
Not Before: Sep 25 15:14:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=713516ea1f0eee824832680b15dcbc5e310cc103
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:2a:4e:23:a6:cb:e2:81:2b:bd:05:85:aa:5f:
58:13:28:20:d9:6c:42:78:5a:06:91:ca:76:b0:f4:
ae:ad:94:06:14:28:b2:9d:1d:fa:4d:76:3e:6d:09:
bd:ff:17:02:f6:03:7b:3a:68:42:b5:60:72:b2:c0:
7b:bd:c8:8d:90:b3:ea:7b:a5:07:94:5f:ca:2a:d5:
d4:19:97:7e:f1:67:a7:9d:01:3d:ad:6a:c1:2d:b0:
29:bc:46:e1:16:28:40:47:41:c5:ad:85:a8:76:40:
20:e7:83:38:b9:79:40:d5:71:b8:2a:03:e3:a1:63:
04:14:cb:ac:53:63:28:ec:73:7e:a5:a8:b4:95:a5:
8b:a5:af:06:cc:b6:b2:3b:bf:b0:71:73:5d:70:c9:
66:5e:d6:f0:30:0f:0a:d2:8d:03:cd:48:09:f0:01:
70:b5:b3:0f:2c:9e:97:da:e7:c4:79:4e:e5:21:d3:
7a:dc:1d:16:69:0b:bb:d4:cf:26:c1:e7:cf:22:db:
e9:74:f2:26:e2:0f:f9:11:13:20:ad:18:bd:16:3e:
5c:07:1c:6b:46:77:f4:98:00:03:ce:a6:25:c4:97:
84:18:8c:db:21:da:7e:08:72:8e:04:4b:2f:22:19:
13:80:bd:30:2c:fc:9a:06:2d:a3:18:6d:4e:19:bf:
18:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:35:16:EA:1F:0E:EE:82:48:32:68:0B:15:DC:BC:5E:31:0C:C1:03
X509v3 Authority Key Identifier:
keyid:A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/cTUW6h8O7oJIMmgLFdy8XjEMwQM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.238.112.0/21
91.151.144.0/20
95.128.16.0/21
185.70.252.0/23
213.175.128.0/24
213.175.132.0/24
213.175.134.0/24
213.175.136.0/21
213.175.152.0/24
213.175.156.0/24
213.175.158.0/24
213.208.32.0/21
Signature Algorithm: sha256WithRSAEncryption
53:c1:22:d5:8f:16:dc:1e:eb:9e:c5:a0:cd:db:c7:67:c7:51:
87:8f:d2:fa:3b:57:93:84:6f:ef:14:22:80:31:b6:e7:30:4c:
9d:94:6e:9b:1a:65:8c:e4:0a:a6:a3:b2:cb:52:e7:23:96:ee:
53:b3:c6:77:2d:29:55:fb:c1:cf:01:3e:e6:19:5b:06:dd:03:
20:72:0a:5b:29:d2:4f:61:d9:d3:b7:38:47:98:59:50:83:fe:
3d:b9:2a:a2:95:85:06:8b:01:69:23:3b:60:ab:45:5c:a1:27:
3e:50:24:07:bb:c8:66:ca:01:b6:ad:46:e2:ab:aa:d3:f6:d8:
bb:a8:1f:6b:e2:2d:16:d0:25:62:37:15:58:86:c4:f7:c6:49:
7f:83:80:ac:b7:63:d8:9e:7f:a4:77:d5:b7:9d:84:ab:bc:43:
cc:da:1b:cb:07:4b:d1:2c:a0:8a:ee:e7:2e:e5:5e:18:79:0e:
1c:6e:99:51:8a:18:2f:99:ec:bb:63:d4:8c:04:d6:20:0c:ab:
fd:8b:b1:46:6e:b0:29:cb:94:97:b7:a8:15:23:cb:c6:86:29:
14:7c:b9:88:76:d3:4e:90:8c:83:b6:da:ac:a2:f0:79:0d:17:
fd:b1:1e:9b:31:46:ea:f9:4a:fc:57:a1:e3:33:03:07:2b:18:
51:7d:72:55
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZmBcEVgnMmfpDcWDCaT3dkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDEwY2ViMjBmMmUwNzZhM2YwMDAyNzFhNWMzNzU3NjFi
ZWMyZjUwHhcNMjUwOTI1MTUxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTM1MTZlYTFmMGVlZTgyNDgzMjY4MGIxNWRjYmM1ZTMxMGNjMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCpOI6bL4oErvQWFql9YEygg2WxC
eFoGkcp2sPSurZQGFCiynR36TXY+bQm9/xcC9gN7OmhCtWByssB7vciNkLPqe6UH
lF/KKtXUGZd+8WennQE9rWrBLbApvEbhFihAR0HFrYWodkAg54M4uXlA1XG4KgPj
oWMEFMusU2Mo7HN+pai0laWLpa8GzLayO7+wcXNdcMlmXtbwMA8K0o0DzUgJ8AFw
tbMPLJ6X2ufEeU7lIdN63B0WaQu71M8mwefPItvpdPIm4g/5ERMgrRi9Fj5cBxxr
Rnf0mAADzqYlxJeEGIzbIdp+CHKOBEsvIhkTgL0wLPyaBi2jGG1OGb8Y9QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHE1FuofDu6CSDJoCxXcvF4xDMEDMB8GA1UdIwQY
MBaAFKgBDOsg8uB2o/AAJxpcN1dhvsL1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMt
NDlmNjVjNmE0OGJmLzEvY1RVVzZoOE83b0pJTW1nTEZkeThYakVNd1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMtNDlmNjVjNmE0OGJm
LzEvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQDV+5wAwQE
W5eQAwQDX4AQAwQBuUb8AwQA1a+AAwQA1a+EAwQA1a+GAwQD1a+IAwQA1a+YAwQA
1a+cAwQA1a+eAwQD1dAgMA0GCSqGSIb3DQEBCwUAA4IBAQBTwSLVjxbcHuuexaDN
28dnx1GHj9L6O1eThG/vFCKAMbbnMEydlG6bGmWM5Aqmo7LLUucjlu5Ts8Z3LSlV
+8HPAT7mGVsG3QMgcgpbKdJPYdnTtzhHmFlQg/49uSqilYUGiwFpIztgq0VcoSc+
UCQHu8hmygG2rUbiq6rT9ti7qB9r4i0W0CViNxVYhsT3xkl/g4Cst2PYnn+kd9W3
nYSrvEPM2hvLB0vRLKCK7ucu5V4YeQ4cbplRihgvmey7Y9SMBNYgDKv9i7FGbrAp
y5SXt6gVI8vGhikUfLmIdtNOkIyDttqsovB5DRf9sR6bMUbq+Ur8V6HjMwMHKxhR
fXJV
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:58:57 2025 by rpki-client