Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/oxSoOIMK53fmu7RBWDKyiKF2PEo.roa
File: oxSoOIMK53fmu7RBWDKyiKF2PEo.roa (raw, json)
Hash identifier: /81T+ZqS5HJupR3cPp+RlktszPUUPQMif+fr6tgru3Y=
Subject key identifier: A3:14:A8:38:83:0A:E7:77:E6:BB:B4:41:58:32:B2:88:A1:76:3C:4A
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 0198A5AA043B2CB72FA94E14835C31273712
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/oxSoOIMK53fmu7RBWDKyiKF2PEo.roa
Signing time: Wed 13 Aug 2025 23:00:39 +0000
ROA not before: Wed 13 Aug 2025 23:00:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44559
IP address blocks: 170.168.35.0/24 maxlen: 24
170.168.36.0/24 maxlen: 24
170.168.37.0/24 maxlen: 24
170.168.38.0/24 maxlen: 24
170.168.39.0/24 maxlen: 24
170.168.52.0/24 maxlen: 24
170.168.53.0/24 maxlen: 24
170.168.54.0/24 maxlen: 24
170.168.55.0/24 maxlen: 24
170.168.56.0/24 maxlen: 24
170.168.57.0/24 maxlen: 24
170.168.58.0/24 maxlen: 24
170.168.59.0/24 maxlen: 24
170.168.68.0/24 maxlen: 24
170.168.69.0/24 maxlen: 24
170.168.70.0/24 maxlen: 24
170.168.71.0/24 maxlen: 24
170.168.80.0/24 maxlen: 24
170.168.81.0/24 maxlen: 24
170.168.82.0/24 maxlen: 24
170.168.83.0/24 maxlen: 24
170.168.84.0/24 maxlen: 24
170.168.85.0/24 maxlen: 24
170.168.86.0/24 maxlen: 24
170.168.87.0/24 maxlen: 24
170.168.92.0/24 maxlen: 24
170.168.93.0/24 maxlen: 24
170.168.94.0/24 maxlen: 24
170.168.95.0/24 maxlen: 24
170.168.104.0/24 maxlen: 24
170.168.105.0/24 maxlen: 24
170.168.106.0/24 maxlen: 24
170.168.107.0/24 maxlen: 24
170.168.108.0/24 maxlen: 24
170.168.109.0/24 maxlen: 24
170.168.110.0/24 maxlen: 24
170.168.111.0/24 maxlen: 24
170.168.120.0/24 maxlen: 24
170.168.121.0/24 maxlen: 24
170.168.122.0/24 maxlen: 24
170.168.123.0/24 maxlen: 24
170.168.124.0/24 maxlen: 24
170.168.125.0/24 maxlen: 24
170.168.126.0/24 maxlen: 24
170.168.127.0/24 maxlen: 24
170.168.132.0/24 maxlen: 24
170.168.133.0/24 maxlen: 24
170.168.134.0/24 maxlen: 24
170.168.135.0/24 maxlen: 24
170.168.140.0/24 maxlen: 24
170.168.141.0/24 maxlen: 24
170.168.142.0/24 maxlen: 24
170.168.143.0/24 maxlen: 24
170.168.148.0/24 maxlen: 24
170.168.149.0/24 maxlen: 24
170.168.150.0/24 maxlen: 24
170.168.151.0/24 maxlen: 24
170.168.156.0/24 maxlen: 24
170.168.157.0/24 maxlen: 24
170.168.158.0/24 maxlen: 24
170.168.159.0/24 maxlen: 24
170.168.160.0/24 maxlen: 24
170.168.161.0/24 maxlen: 24
170.168.162.0/24 maxlen: 24
170.168.163.0/24 maxlen: 24
170.168.176.0/24 maxlen: 24
170.168.177.0/24 maxlen: 24
170.168.178.0/24 maxlen: 24
170.168.179.0/24 maxlen: 24
170.168.184.0/24 maxlen: 24
170.168.185.0/24 maxlen: 24
170.168.186.0/24 maxlen: 24
170.168.187.0/24 maxlen: 24
170.168.192.0/24 maxlen: 24
170.168.193.0/24 maxlen: 24
170.168.194.0/24 maxlen: 24
170.168.195.0/24 maxlen: 24
170.168.200.0/24 maxlen: 24
170.168.201.0/24 maxlen: 24
170.168.202.0/24 maxlen: 24
170.168.203.0/24 maxlen: 24
170.168.208.0/24 maxlen: 24
170.168.209.0/24 maxlen: 24
170.168.210.0/24 maxlen: 24
170.168.211.0/24 maxlen: 24
170.168.216.0/24 maxlen: 24
170.168.217.0/24 maxlen: 24
170.168.218.0/24 maxlen: 24
170.168.219.0/24 maxlen: 24
170.168.224.0/24 maxlen: 24
170.168.225.0/24 maxlen: 24
170.168.226.0/24 maxlen: 24
170.168.227.0/24 maxlen: 24
170.168.232.0/24 maxlen: 24
170.168.233.0/24 maxlen: 24
170.168.234.0/24 maxlen: 24
170.168.235.0/24 maxlen: 24
170.168.244.0/24 maxlen: 24
170.168.245.0/24 maxlen: 24
170.168.246.0/24 maxlen: 24
170.168.247.0/24 maxlen: 24
170.168.252.0/24 maxlen: 24
170.168.253.0/24 maxlen: 24
170.168.254.0/24 maxlen: 24
170.168.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a5:aa:04:3b:2c:b7:2f:a9:4e:14:83:5c:31:27:37:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Aug 13 23:00:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a314a838830ae777e6bbb4415832b288a1763c4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:86:3c:c8:df:1b:cc:bf:c3:b8:b1:f7:98:2d:
43:61:f4:b3:76:69:4f:a1:7f:42:f7:e1:c6:c2:4b:
56:0c:c2:cf:a0:ec:ad:f5:d0:67:bd:54:f8:17:14:
0f:cd:06:81:87:43:14:0c:bb:44:a0:86:d2:4a:98:
56:c9:39:bc:a1:75:a5:94:f7:f4:b6:f3:a3:a1:bc:
60:3e:b4:c2:ed:59:4d:87:2e:55:99:97:10:e0:0e:
84:b4:a3:11:24:12:12:7a:22:d9:1c:61:ef:e3:a7:
35:8d:c9:0c:48:a7:73:64:a4:d3:06:ed:5a:da:80:
cc:9a:cc:e0:e2:70:76:c6:8b:b8:2d:d6:04:a7:42:
a7:06:30:70:c2:ec:2b:1f:cf:cd:28:8b:6a:f1:be:
c9:a6:56:8a:cf:51:51:fd:9b:6f:9b:95:4c:0c:aa:
df:7d:55:c9:5e:05:7f:29:8d:ed:d2:4d:f6:ec:53:
d6:69:ae:61:66:f2:bf:86:72:ca:6b:0f:ca:ba:51:
38:f3:89:39:90:a4:50:af:f2:c0:18:4d:82:22:46:
bd:66:45:ed:0d:23:d9:d3:d2:b0:f3:b6:74:da:33:
f4:e0:7f:13:e8:3f:ae:06:3e:27:a0:3f:6f:f7:d7:
84:34:c9:bd:77:87:6c:0a:c5:be:94:51:ad:c7:2b:
9e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:14:A8:38:83:0A:E7:77:E6:BB:B4:41:58:32:B2:88:A1:76:3C:4A
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/oxSoOIMK53fmu7RBWDKyiKF2PEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.35.0-170.168.39.255
170.168.52.0-170.168.59.255
170.168.68.0/22
170.168.80.0/21
170.168.92.0/22
170.168.104.0/21
170.168.120.0/21
170.168.132.0/22
170.168.140.0/22
170.168.148.0/22
170.168.156.0-170.168.163.255
170.168.176.0/22
170.168.184.0/22
170.168.192.0/22
170.168.200.0/22
170.168.208.0/22
170.168.216.0/22
170.168.224.0/22
170.168.232.0/22
170.168.244.0/22
170.168.252.0/22
Signature Algorithm: sha256WithRSAEncryption
84:c1:d0:a8:68:dc:d9:e2:3d:a0:3e:05:b0:10:9b:0c:52:53:
1b:43:29:6c:b3:15:63:c7:5c:c3:e5:47:5d:68:66:f5:d4:2b:
8c:e6:1f:e4:e0:b2:e3:0e:a3:1b:25:6f:37:67:23:ad:32:a8:
43:6b:0b:cf:3d:e2:b1:43:e3:77:d3:3d:c2:cc:d2:8a:02:98:
37:61:ce:b2:42:99:cd:23:a6:22:a9:12:77:8f:06:be:4b:f6:
56:58:0c:2e:68:71:ba:9c:b6:73:1a:d9:a2:56:fe:d1:a1:72:
3e:8c:ff:01:26:5a:1b:e4:a0:09:1f:f2:d7:a7:db:9b:cd:30:
e0:4f:d1:4b:e2:2f:05:dd:b6:70:1f:70:93:42:6e:96:54:52:
0a:2f:ec:9c:2d:80:fa:55:e2:50:6e:d6:4a:66:f5:75:88:10:
df:92:de:77:e4:45:a3:48:f1:24:78:40:f8:04:ec:a9:0a:16:
00:be:79:8d:0d:83:48:3b:0a:e8:43:7d:3a:0b:c6:10:de:91:
bf:b3:85:8b:4a:19:6a:e3:a6:20:74:5e:2a:87:b2:ba:ed:87:
5c:83:16:6e:6d:97:33:15:73:57:d9:58:3f:ea:70:b4:f3:d8:
43:0b:cb:e4:74:68:99:ca:e5:a1:4a:8f:37:5f:c7:6d:46:9d:
27:79:25:c6
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZilqgQ7LLcvqU4Ug1wxJzcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODEzMjMwMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE0YTgzODgzMGFlNzc3ZTZiYmI0NDE1ODMyYjI4OGExNzYzYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYY8yN8bzL/DuLH3mC1DYfSzdmlP
oX9C9+HGwktWDMLPoOyt9dBnvVT4FxQPzQaBh0MUDLtEoIbSSphWyTm8oXWllPf0
tvOjobxgPrTC7VlNhy5VmZcQ4A6EtKMRJBISeiLZHGHv46c1jckMSKdzZKTTBu1a
2oDMmszg4nB2xou4LdYEp0KnBjBwwuwrH8/NKItq8b7JplaKz1FR/Ztvm5VMDKrf
fVXJXgV/KY3t0k327FPWaa5hZvK/hnLKaw/KulE484k5kKRQr/LAGE2CIka9ZkXt
DSPZ09Kw87Z02jP04H8T6D+uBj4noD9v99eENMm9d4dsCsW+lFGtxyueMQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFKMUqDiDCud35ru0QVgysoihdjxKMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvb3hTb09JTUs1M2ZtdTdSQldES3lpS0YyUEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYwDAME
AKqoIwMEA6qoIDAMAwQCqqg0AwQCqqg4AwQCqqhEAwQDqqhQAwQCqqhcAwQDqqho
AwQDqqh4AwQCqqiEAwQCqqiMAwQCqqiUMAwDBAKqqJwDBAKqqKADBAKqqLADBAKq
qLgDBAKqqMADBAKqqMgDBAKqqNADBAKqqNgDBAKqqOADBAKqqOgDBAKqqPQDBAKq
qPwwDQYJKoZIhvcNAQELBQADggEBAITB0Kho3NniPaA+BbAQmwxSUxtDKWyzFWPH
XMPlR11oZvXUK4zmH+TgsuMOoxslbzdnI60yqENrC8894rFD43fTPcLM0ooCmDdh
zrJCmc0jpiKpEnePBr5L9lZYDC5ocbqctnMa2aJW/tGhcj6M/wEmWhvkoAkf8ten
25vNMOBP0UviLwXdtnAfcJNCbpZUUgov7JwtgPpV4lBu1kpm9XWIEN+S3nfkRaNI
8SR4QPgE7KkKFgC+eY0Ng0g7CuhDfToLxhDekb+zhYtKGWrjpiB0XiqHsrrth1yD
Fm5tlzMVc1fZWD/qcLTz2EMLy+R0aJnK5aFKjzdfx21GnSd5JcY=
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:04:40 2025 by rpki-client