
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/nKRXtDLzxm0SiA0GSOpjjPCe9Vk.roa
File: nKRXtDLzxm0SiA0GSOpjjPCe9Vk.roa (raw, json)
Hash identifier: nAHg5wrPI314dS0nLMvS00/W+kfO0I2p6dM+UslBOFg=
Subject key identifier: 9C:A4:57:B4:32:F3:C6:6D:12:88:0D:06:48:EA:63:8C:F0:9E:F5:59
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0199B8BD09F3363C9BD583EBE1F74EEC9041
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/nKRXtDLzxm0SiA0GSOpjjPCe9Vk.roa
Signing time: Mon 06 Oct 2025 08:57:00 +0000
ROA not before: Mon 06 Oct 2025 08:57:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 931
IP address blocks: 5.226.52.0/22 maxlen: 24
43.225.88.0/23 maxlen: 24
45.139.6.0/23 maxlen: 24
46.249.97.0/24 maxlen: 24
178.173.232.0/22 maxlen: 24
178.173.236.0/22 maxlen: 24
178.173.242.0/23 maxlen: 24
178.173.244.0/22 maxlen: 24
185.215.246.0/24 maxlen: 24
188.209.156.0/22 maxlen: 24
188.253.8.0/22 maxlen: 24
188.253.28.0/22 maxlen: 24
188.253.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:b8:bd:09:f3:36:3c:9b:d5:83:eb:e1:f7:4e:ec:90:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 6 08:57:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ca457b432f3c66d12880d0648ea638cf09ef559
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:01:c0:a0:85:eb:a6:8a:a1:86:cc:3c:71:fd:
d6:33:45:78:8a:6c:c5:a5:a9:71:d1:45:55:a7:88:
8d:31:6e:2a:60:c7:23:28:0c:3c:e5:ac:89:b2:97:
f9:e4:2c:96:2c:90:2c:d1:7c:42:f9:f6:bd:08:b4:
5b:87:52:0c:97:f3:52:cb:70:ca:e9:4b:b5:77:c3:
94:77:41:ae:20:35:96:2b:6d:22:4c:6a:93:5e:55:
d8:f8:2c:05:43:3f:3a:17:b5:2d:f5:6e:18:de:dc:
0e:1d:a7:44:85:23:5d:7a:5e:94:9f:b4:93:c3:07:
b0:e9:0e:58:84:91:2e:13:a2:ad:5a:5f:0c:3e:2f:
e9:9f:5f:54:bf:0c:7b:90:fb:5a:9d:ce:97:c4:21:
f2:00:6e:54:d8:ec:f2:0f:bb:bd:a5:4e:87:de:79:
9d:a4:ea:af:e7:fa:db:62:e9:97:f0:41:59:0c:af:
cb:3d:74:79:13:9c:71:19:7d:b2:dc:fd:15:7f:83:
26:c4:bb:b8:37:7d:68:8e:16:67:27:b6:ed:72:70:
d0:cd:13:34:fa:42:f8:35:db:24:fe:df:2f:36:07:
24:87:fc:8d:48:20:a5:90:2a:5a:87:c0:68:7e:6b:
3e:a0:4d:18:f8:10:0a:8c:29:db:b5:c2:ed:99:65:
8b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:A4:57:B4:32:F3:C6:6D:12:88:0D:06:48:EA:63:8C:F0:9E:F5:59
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/nKRXtDLzxm0SiA0GSOpjjPCe9Vk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.52.0/22
43.225.88.0/23
45.139.6.0/23
46.249.97.0/24
178.173.232.0/21
178.173.242.0-178.173.247.255
185.215.246.0/24
188.209.156.0/22
188.253.8.0/22
188.253.28.0/22
188.253.104.0/21
Signature Algorithm: sha256WithRSAEncryption
9f:45:c5:c4:42:fb:61:69:52:dd:17:78:21:36:0e:b9:59:04:
f1:1c:12:f4:2d:64:52:19:12:56:3a:ea:81:9a:24:c9:2a:1f:
1b:e2:be:b6:1b:35:55:5f:ff:5b:5e:d1:79:57:0b:97:86:00:
32:80:52:30:d9:5a:54:c1:2b:2e:84:cd:61:67:cf:3f:bb:48:
44:b0:f2:04:4c:0f:65:06:12:d5:9e:34:70:11:ea:ce:20:f6:
39:57:20:36:93:ec:52:b8:2f:16:df:8c:3d:82:2a:00:c8:e9:
e2:ed:43:94:01:4f:9a:04:59:8e:bc:4d:b0:3b:64:bf:1c:e2:
72:b7:6b:bc:0b:d7:c6:ba:75:82:f6:8f:42:04:6c:6e:13:48:
91:96:08:11:09:27:6c:65:87:54:b9:1d:55:93:d4:02:ad:c5:
d9:b8:41:ed:04:96:09:6c:58:77:75:d3:6a:85:51:84:e2:cd:
8f:45:f8:b9:04:b8:dd:0e:99:e1:f7:41:9d:74:14:6d:79:ba:
0d:f7:c3:bb:e5:d6:7e:ee:0d:7b:6e:e0:09:1e:13:a7:2d:84:
14:df:9b:f0:68:1c:29:66:48:05:4f:e6:d0:bb:46:2c:4d:84:
12:94:14:6b:55:b3:65:ab:bf:bc:e8:0a:41:7d:b9:b3:fe:89:
c9:41:f7:4f
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZm4vQnzNjyb1YPr4fdO7JBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDA2MDg1NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E0NTdiNDMyZjNjNjZkMTI4ODBkMDY0OGVhNjM4Y2YwOWVmNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQHAoIXrpoqhhsw8cf3WM0V4imzF
palx0UVVp4iNMW4qYMcjKAw85ayJspf55CyWLJAs0XxC+fa9CLRbh1IMl/NSy3DK
6Uu1d8OUd0GuIDWWK20iTGqTXlXY+CwFQz86F7Ut9W4Y3twOHadEhSNdel6Un7ST
wwew6Q5YhJEuE6KtWl8MPi/pn19Uvwx7kPtanc6XxCHyAG5U2OzyD7u9pU6H3nmd
pOqv5/rbYumX8EFZDK/LPXR5E5xxGX2y3P0Vf4MmxLu4N31ojhZnJ7btcnDQzRM0
+kL4Ndsk/t8vNgckh/yNSCClkCpah8Bofms+oE0Y+BAKjCnbtcLtmWWL2QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJykV7Qy88ZtEogNBkjqY4zwnvVZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvbktSWHRETHp4bTBTaUEwR1NPcGpqUENlOVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQCBeI0AwQB
K+FYAwQBLYsGAwQALvlhAwQDsq3oMAwDBAGyrfIDBAOyrfADBAC51/YDBAK80ZwD
BAK8/QgDBAK8/RwDBAO8/WgwDQYJKoZIhvcNAQELBQADggEBAJ9FxcRC+2FpUt0X
eCE2DrlZBPEcEvQtZFIZElY66oGaJMkqHxvivrYbNVVf/1te0XlXC5eGADKAUjDZ
WlTBKy6EzWFnzz+7SESw8gRMD2UGEtWeNHAR6s4g9jlXIDaT7FK4LxbfjD2CKgDI
6eLtQ5QBT5oEWY68TbA7ZL8c4nK3a7wL18a6dYL2j0IEbG4TSJGWCBEJJ2xlh1S5
HVWT1AKtxdm4Qe0ElglsWHd102qFUYTizY9F+LkEuN0OmeH3QZ10FG15ug33w7vl
1n7uDXtu4AkeE6cthBTfm/BoHClmSAVP5tC7RixNhBKUFGtVs2Wrv7zoCkF9ubP+
iclB908=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:14 2025 by rpki-client