
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa
File: n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa (raw, json)
Hash identifier: CVGNrsSAJVnXCFxttiW1g0o49r+f3Le2U2M52m4z4p8=
Subject key identifier: 9F:BD:59:F7:33:B9:8B:A0:37:32:76:0D:C3:1E:D4:C5:BF:CE:50:60
Certificate issuer: /CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Certificate serial: 0199CE33B07D578A7C424B49FC573B4C7840
Authority key identifier: 43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa
Signing time: Fri 10 Oct 2025 12:58:37 +0000
ROA not before: Fri 10 Oct 2025 12:58:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42093
IP address blocks: 146.19.214.0/24 maxlen: 24
178.251.24.0/21 maxlen: 21
185.10.156.0/22 maxlen: 24
185.10.158.0/24 maxlen: 24
185.218.224.0/24 maxlen: 24
195.22.100.0/22 maxlen: 22
195.253.241.0/24 maxlen: 24
2a00:1938::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:33:b0:7d:57:8a:7c:42:4b:49:fc:57:3b:4c:78:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Validity
Not Before: Oct 10 12:58:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9fbd59f733b98ba03732760dc31ed4c5bfce5060
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:5c:63:4b:34:c4:4f:27:d8:d8:81:f1:4e:1b:
d3:dc:b4:57:42:c9:34:77:78:b2:64:a7:76:b4:ae:
12:4c:bf:b2:56:04:c7:20:84:fa:0c:e3:72:14:06:
db:b6:24:31:65:20:26:98:92:46:f3:92:25:ab:26:
a3:49:a0:e7:6d:e8:bb:83:a0:89:de:1c:44:24:e9:
6a:fe:6c:3a:2f:f3:1f:70:f8:11:fc:b8:a3:fb:19:
1c:d6:62:90:0f:a7:ba:20:b9:2d:39:a3:51:7d:f1:
ae:93:bb:99:ab:eb:a1:94:bc:8d:09:56:c9:57:e1:
44:32:38:1a:0d:fb:c2:78:8d:c9:66:f1:35:fc:18:
f0:61:df:b7:74:90:a4:64:69:21:79:e0:4b:c6:89:
3f:a7:68:dc:da:4d:5e:a8:30:c7:3e:d5:45:6a:67:
b8:0f:74:21:75:ef:c6:96:ad:b9:08:b7:b3:84:bf:
48:19:17:6c:3c:28:ea:39:db:5f:ff:36:65:57:92:
a3:ee:d9:5d:5c:f2:e3:5d:57:4f:43:3d:06:e5:ab:
82:41:22:90:7c:5d:2a:cc:a1:a6:6f:1c:62:20:f3:
e1:b8:e1:e8:e5:d2:02:dc:d8:2e:4a:d7:41:3d:16:
ff:44:a7:e8:55:f6:fb:a5:58:18:83:8c:30:4c:27:
b2:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:BD:59:F7:33:B9:8B:A0:37:32:76:0D:C3:1E:D4:C5:BF:CE:50:60
X509v3 Authority Key Identifier:
keyid:43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.19.214.0/24
178.251.24.0/21
185.10.156.0/22
185.218.224.0/24
195.22.100.0/22
195.253.241.0/24
IPv6:
2a00:1938::/32
Signature Algorithm: sha256WithRSAEncryption
59:14:f5:08:36:33:eb:6c:86:e6:bb:e4:84:65:d2:06:0c:38:
5d:69:6a:33:4a:ac:ec:da:d3:17:5d:00:8d:00:99:9b:f2:10:
8b:32:c1:ab:e7:ef:00:a8:a0:d6:ca:24:59:2b:42:13:7a:e7:
84:18:7f:12:67:30:79:04:6c:d4:59:4a:39:53:62:a1:4d:6e:
81:62:a3:a8:1d:d6:1f:38:3b:f6:20:6c:2e:f3:a7:24:7b:e1:
a4:df:40:89:9b:84:2c:c5:9b:e2:a6:33:0c:66:02:32:de:eb:
ec:92:d7:13:0a:52:9b:5d:43:f0:c5:f8:44:21:ea:e2:75:4a:
ed:f1:18:e9:04:7c:34:f5:22:73:45:15:88:c4:39:ae:89:e7:
e8:26:d3:8e:4e:76:c1:90:c8:c4:51:09:39:78:b7:f9:31:ce:
d8:2e:a9:bc:8d:bb:c2:76:62:b5:65:8c:56:36:6b:df:17:2a:
fc:c5:c9:f0:62:91:3f:b4:70:66:e7:12:7f:3e:f7:c4:19:6d:
ce:c6:22:0c:7e:06:f2:c7:05:a0:e5:b7:ec:d1:b4:bc:75:fc:
ca:49:95:c0:cb:9b:e3:9e:b3:4c:86:f6:86:5d:62:b0:68:df:
e1:5a:17:2d:2c:e5:51:e1:6e:87:5f:eb:94:69:bf:4d:6c:a3:
52:8a:8e:63
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZnOM7B9V4p8QktJ/Fc7THhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzY2E3ZjNmNjVkMjk0N2FmOTRmMzk4YmIzYzdjOWMzMjAw
MTkwODQwHhcNMjUxMDEwMTI1ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJkNTlmNzMzYjk4YmEwMzczMjc2MGRjMzFlZDRjNWJmY2U1MDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVxjSzTETyfY2IHxThvT3LRXQsk0
d3iyZKd2tK4STL+yVgTHIIT6DONyFAbbtiQxZSAmmJJG85IlqyajSaDnbei7g6CJ
3hxEJOlq/mw6L/MfcPgR/Lij+xkc1mKQD6e6ILktOaNRffGuk7uZq+uhlLyNCVbJ
V+FEMjgaDfvCeI3JZvE1/BjwYd+3dJCkZGkheeBLxok/p2jc2k1eqDDHPtVFame4
D3Qhde/Glq25CLezhL9IGRdsPCjqOdtf/zZlV5Kj7tldXPLjXVdPQz0G5auCQSKQ
fF0qzKGmbxxiIPPhuOHo5dIC3NguStdBPRb/RKfoVfb7pVgYg4wwTCeywwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJ+9WfczuYugNzJ2DcMe1MW/zlBgMB8GA1UdIwQY
MBaAFEPKfz9l0pR6+U85i7PHycMgAZCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzIt
ZDUzODExZmJkN2IwLzEvbjcxWjl6TzVpNkEzTW5ZTnd4N1V4Yl9PVUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzItZDUzODExZmJkN2Iw
LzEvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAkhPWAwQD
svsYAwQCuQqcAwQAudrgAwQCwxZkAwQAw/3xMA0EAgACMAcDBQAqABk4MA0GCSqG
SIb3DQEBCwUAA4IBAQBZFPUINjPrbIbmu+SEZdIGDDhdaWozSqzs2tMXXQCNAJmb
8hCLMsGr5+8AqKDWyiRZK0ITeueEGH8SZzB5BGzUWUo5U2KhTW6BYqOoHdYfODv2
IGwu86cke+Gk30CJm4QsxZvipjMMZgIy3uvsktcTClKbXUPwxfhEIeridUrt8Rjp
BHw09SJzRRWIxDmuiefoJtOOTnbBkMjEUQk5eLf5Mc7YLqm8jbvCdmK1ZYxWNmvf
Fyr8xcnwYpE/tHBm5xJ/PvfEGW3OxiIMfgbyxwWg5bfs0bS8dfzKSZXAy5vjnrNM
hvaGXWKwaN/hWhctLOVR4W6HX+uUab9NbKNSio5j
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:35 2025 by rpki-client