Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/7V5fsdWWO5ABihTMEZ7pWqmVEAg.roa
File: 7V5fsdWWO5ABihTMEZ7pWqmVEAg.roa (raw, json)
Hash identifier: sjf02gaMH9qnVq1MImDdr+8L+PTPlTd41f1Dyl1MZ4o=
Subject key identifier: ED:5E:5F:B1:D5:96:3B:90:01:8A:14:CC:11:9E:E9:5A:A9:95:10:08
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 01994C77AD265F5430B7EA16309F0F8F963F
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/7V5fsdWWO5ABihTMEZ7pWqmVEAg.roa
Signing time: Mon 15 Sep 2025 08:22:15 +0000
ROA not before: Mon 15 Sep 2025 08:22:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25717
IP address blocks: 171.25.128.0/21 maxlen: 21
171.25.138.0/24 maxlen: 24
171.25.139.0/24 maxlen: 24
171.25.140.0/24 maxlen: 24
171.25.141.0/24 maxlen: 24
171.25.142.0/24 maxlen: 24
171.25.143.0/24 maxlen: 24
193.221.16.0/24 maxlen: 24
193.221.17.0/24 maxlen: 24
193.221.18.0/24 maxlen: 24
193.221.19.0/24 maxlen: 24
193.221.20.0/24 maxlen: 24
193.221.21.0/24 maxlen: 24
193.221.22.0/24 maxlen: 24
193.221.23.0/24 maxlen: 24
193.221.28.0/24 maxlen: 24
193.221.32.0/24 maxlen: 24
193.221.33.0/24 maxlen: 24
193.221.34.0/24 maxlen: 24
193.221.35.0/24 maxlen: 24
193.221.36.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.38.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.54.0/23 maxlen: 23
193.221.56.0/24 maxlen: 24
193.221.57.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
193.221.68.0/24 maxlen: 24
193.221.69.0/24 maxlen: 24
193.221.70.0/23 maxlen: 23
193.221.72.0/24 maxlen: 24
193.221.74.0/24 maxlen: 24
193.221.75.0/24 maxlen: 24
193.221.76.0/24 maxlen: 24
193.221.77.0/24 maxlen: 24
193.221.78.0/24 maxlen: 24
193.221.79.0/24 maxlen: 24
193.221.80.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.mft
rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4c:77:ad:26:5f:54:30:b7:ea:16:30:9f:0f:8f:96:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: Sep 15 08:22:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ed5e5fb1d5963b90018a14cc119ee95aa9951008
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:48:69:21:2f:2a:8f:91:7c:c2:d9:a3:0e:05:
9c:01:9f:e8:03:94:3d:4b:c6:bf:4e:7a:61:1a:60:
79:6d:ca:50:b7:8a:59:14:8a:8d:bd:58:46:6b:dd:
5c:f5:50:c0:d6:58:fc:45:83:91:d6:c1:5b:31:9d:
0c:38:c4:4d:be:d0:02:4b:f0:5c:93:a2:45:3b:44:
55:77:f5:d8:ad:36:45:38:cd:8f:ea:63:50:53:c8:
bc:02:b1:8f:36:b7:bd:14:34:ab:2d:ed:7c:1c:13:
53:73:18:28:02:f2:5b:c6:d5:bc:ab:92:8a:a1:3b:
4f:34:f2:eb:2f:93:91:48:cf:87:eb:b3:be:61:05:
82:ff:06:1a:40:e3:60:0b:5d:8d:1f:2b:95:8a:13:
e1:55:a8:65:e1:e5:fc:61:c8:a3:a6:15:b9:77:79:
5d:a8:43:f9:50:14:28:ac:37:6c:fd:02:45:10:ef:
77:57:2e:5a:61:0c:e7:26:e6:45:c0:98:1b:39:aa:
b0:3d:fe:6b:b5:42:f3:bc:1b:a7:31:91:d4:77:23:
5d:54:ad:d7:51:57:0e:6a:c5:a7:9d:8b:78:04:34:
8a:7a:ca:a2:c7:5d:89:18:22:94:14:d7:d8:10:b0:
01:10:42:9d:76:98:38:13:70:17:f0:d1:02:07:46:
4d:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:5E:5F:B1:D5:96:3B:90:01:8A:14:CC:11:9E:E9:5A:A9:95:10:08
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/7V5fsdWWO5ABihTMEZ7pWqmVEAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
171.25.138.0-171.25.143.255
193.221.16.0/21
193.221.28.0/24
193.221.32.0-193.221.38.255
193.221.52.0/24
193.221.54.0-193.221.57.255
193.221.59.0/24
193.221.68.0-193.221.72.255
193.221.74.0-193.221.80.255
Signature Algorithm: sha256WithRSAEncryption
02:e5:39:51:64:47:eb:f5:3e:04:ad:6a:a7:9f:64:01:ab:2d:
c1:a0:34:52:5f:47:3c:93:c5:71:ed:fc:e4:0c:b6:5f:b6:b3:
25:8b:2c:3c:2d:3b:84:c2:5e:af:9e:2b:3e:75:11:27:af:e9:
4e:fe:33:6b:c1:45:4c:4c:37:28:ad:b0:a9:01:f3:85:aa:fa:
12:a5:9d:2a:12:26:45:5d:16:42:49:a2:1b:51:27:1c:bd:c1:
73:0f:cf:ea:2b:16:00:1a:6d:00:4a:b4:4e:3c:1b:2e:13:5a:
4d:be:af:71:35:7b:30:4a:a9:e0:a5:42:49:aa:62:94:45:06:
70:9c:c5:4c:7c:a6:f2:2f:60:17:44:2a:a9:c3:ab:f2:fb:79:
2b:d0:d1:70:b1:63:d7:05:2e:ae:e2:c5:d0:8f:8e:aa:4a:ea:
79:a8:3f:bd:cb:97:03:ab:a5:ef:28:1b:21:6a:4b:dd:e1:95:
8c:13:5b:95:09:bc:10:1b:72:4f:28:bb:87:dc:16:20:29:65:
59:b2:02:84:42:b6:f2:53:1a:19:ea:a7:48:56:ad:1f:5d:6b:
fc:aa:52:63:af:34:a0:fe:c0:c7:cd:54:a6:97:cb:04:50:23:
ab:fe:38:45:77:c2:5c:66:9a:aa:7a:6b:e4:7d:1d:c2:4d:b9:
59:c1:37:ea
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZlMd60mX1Qwt+oWMJ8Pj5Y/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjUwOTE1MDgyMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDVlNWZiMWQ1OTYzYjkwMDE4YTE0Y2MxMTllZTk1YWE5OTUxMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUhpIS8qj5F8wtmjDgWcAZ/oA5Q9
S8a/TnphGmB5bcpQt4pZFIqNvVhGa91c9VDA1lj8RYOR1sFbMZ0MOMRNvtACS/Bc
k6JFO0RVd/XYrTZFOM2P6mNQU8i8ArGPNre9FDSrLe18HBNTcxgoAvJbxtW8q5KK
oTtPNPLrL5ORSM+H67O+YQWC/wYaQONgC12NHyuVihPhVahl4eX8YcijphW5d3ld
qEP5UBQorDds/QJFEO93Vy5aYQznJuZFwJgbOaqwPf5rtULzvBunMZHUdyNdVK3X
UVcOasWnnYt4BDSKesqix12JGCKUFNfYELABEEKddpg4E3AX8NECB0ZNSQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFO1eX7HVljuQAYoUzBGe6VqplRAIMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvN1Y1ZnNkV1dPNUFCaWhUTUVaN3BXcW1WRUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQDqxmAMAwD
BAGrGYoDBASrGYADBAPB3RADBADB3RwwDAMEBcHdIAMEAMHdJgMEAMHdNDAMAwQB
wd02AwQBwd04AwQAwd07MAwDBALB3UQDBADB3UgwDAMEAcHdSgMEAMHdUDANBgkq
hkiG9w0BAQsFAAOCAQEAAuU5UWRH6/U+BK1qp59kAastwaA0Ul9HPJPFce385Ay2
X7azJYssPC07hMJer54rPnURJ6/pTv4za8FFTEw3KK2wqQHzhar6EqWdKhImRV0W
QkmiG1EnHL3Bcw/P6isWABptAEq0TjwbLhNaTb6vcTV7MEqp4KVCSapilEUGcJzF
THym8i9gF0QqqcOr8vt5K9DRcLFj1wUuruLF0I+Oqkrqeag/vcuXA6ul7ygbIWpL
3eGVjBNblQm8EBtyTyi7h9wWICllWbIChEK28lMaGeqnSFatH11r/KpSY680oP7A
x81UppfLBFAjq/44RXfCXGaaqnpr5H0dwk25WcE36g==
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:07:18 2025 by rpki-client