Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/sswid0d0Uw_PWJ1frEM6ZAUSdPo.roa
File: sswid0d0Uw_PWJ1frEM6ZAUSdPo.roa (raw, json)
Hash identifier: XrnoHPnVV/5gfAThm6yZOO1oCNAu2B9VGffB8MJpkQ0=
Subject key identifier: B2:CC:22:77:47:74:53:0F:CF:58:9D:5F:AC:43:3A:64:05:12:74:FA
Certificate issuer: /CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Certificate serial: 019897E41781A22C32E1C8F96267D25E6783
Authority key identifier: BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/sswid0d0Uw_PWJ1frEM6ZAUSdPo.roa
Signing time: Mon 11 Aug 2025 06:49:24 +0000
ROA not before: Mon 11 Aug 2025 06:49:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30815
IP address blocks: 88.209.128.0/22 maxlen: 22
88.209.128.0/24 maxlen: 24
88.209.129.0/24 maxlen: 24
88.209.130.0/24 maxlen: 24
88.209.132.0/22 maxlen: 22
88.209.132.0/24 maxlen: 24
88.209.133.0/24 maxlen: 24
88.209.135.0/24 maxlen: 24
88.209.136.0/24 maxlen: 24
88.209.137.0/24 maxlen: 24
88.209.138.0/24 maxlen: 24
88.209.139.0/24 maxlen: 24
88.209.160.0/21 maxlen: 21
88.209.160.0/22 maxlen: 22
88.209.160.0/24 maxlen: 24
88.209.161.0/24 maxlen: 24
88.209.162.0/24 maxlen: 24
88.209.163.0/24 maxlen: 24
88.209.164.0/22 maxlen: 22
88.209.164.0/23 maxlen: 23
88.209.164.0/24 maxlen: 24
88.209.165.0/24 maxlen: 24
88.209.166.0/24 maxlen: 24
88.209.167.0/24 maxlen: 24
88.209.190.0/24 maxlen: 24
88.209.191.0/24 maxlen: 24
93.189.96.0/21 maxlen: 21
93.189.96.0/23 maxlen: 23
93.189.96.0/24 maxlen: 24
93.189.97.0/24 maxlen: 24
93.189.98.0/23 maxlen: 23
93.189.98.0/24 maxlen: 24
93.189.99.0/24 maxlen: 24
93.189.100.0/23 maxlen: 23
93.189.100.0/24 maxlen: 24
93.189.101.0/24 maxlen: 24
93.189.102.0/23 maxlen: 23
93.189.102.0/24 maxlen: 24
93.189.103.0/24 maxlen: 24
185.63.232.0/22 maxlen: 22
185.63.232.0/23 maxlen: 23
185.63.232.0/24 maxlen: 24
185.63.233.0/24 maxlen: 24
185.63.234.0/24 maxlen: 24
185.63.235.0/24 maxlen: 24
2a03:11e0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.mft
rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:97:e4:17:81:a2:2c:32:e1:c8:f9:62:67:d2:5e:67:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=baaa64cd29c94ccde14448f61a172c763b1e4050
Validity
Not Before: Aug 11 06:49:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b2cc22774774530fcf589d5fac433a64051274fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:52:29:dc:d4:1e:7d:1e:ab:7c:21:1b:b5:21:
09:8a:5f:79:73:91:39:73:bd:19:71:d8:2f:a2:7d:
7d:88:20:27:04:22:fc:0a:19:32:48:56:1e:ab:f3:
a6:8d:0a:a4:50:fc:d1:41:81:df:4c:63:fe:ce:21:
d7:04:c7:a3:9c:c9:40:13:8f:d2:4f:3e:25:f0:85:
49:1c:6d:06:61:41:5d:f4:a7:be:79:95:d5:23:ce:
51:04:b3:e2:42:68:cb:f2:ea:f8:6b:67:9d:07:ac:
d7:68:40:4c:63:62:e0:a7:8d:72:97:25:a3:94:cb:
08:88:a5:00:8d:32:14:de:f5:3b:37:50:1e:22:f9:
37:82:00:43:c0:98:e3:fd:58:ca:de:c7:6c:39:48:
60:bd:84:e0:2a:49:d7:a0:27:8c:73:49:1b:6c:ef:
49:c5:1e:57:95:1f:ea:db:14:09:65:80:46:93:03:
31:c1:f2:6e:6c:55:7d:c2:b9:c5:7f:7f:6d:ec:01:
c8:7e:68:b1:3e:06:b7:68:ee:2d:32:f7:54:4b:f4:
71:6a:f2:7c:35:1b:ad:c9:aa:d4:c8:93:f3:de:1a:
59:2a:c2:de:04:42:7c:7f:61:4c:a3:79:d6:a7:95:
ae:8f:5f:3d:1e:3f:e8:15:1e:f0:9b:83:a2:ce:ff:
7f:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:CC:22:77:47:74:53:0F:CF:58:9D:5F:AC:43:3A:64:05:12:74:FA
X509v3 Authority Key Identifier:
keyid:BA:AA:64:CD:29:C9:4C:CD:E1:44:48:F6:1A:17:2C:76:3B:1E:40:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqpkzSnJTM3hREj2GhcsdjseQFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/sswid0d0Uw_PWJ1frEM6ZAUSdPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/71f439-2b1b-4ef0-b6a5-8fcaa6936c6c/1/uqpkzSnJTM3hREj2GhcsdjseQFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.128.0-88.209.139.255
88.209.160.0/21
88.209.190.0/23
93.189.96.0/21
185.63.232.0/22
IPv6:
2a03:11e0::/32
Signature Algorithm: sha256WithRSAEncryption
66:19:62:b7:e5:7d:2c:f1:85:79:1b:a1:8b:4b:45:7d:1a:9f:
40:64:b0:38:37:7b:d2:4b:e5:4a:24:ef:3e:c6:84:f1:3f:19:
ed:b4:3f:92:f0:ef:1a:de:40:b4:30:04:f5:7d:0f:b3:fd:a0:
6b:5b:4b:30:bf:7a:23:cc:0c:4e:1b:81:69:f5:ae:4a:37:04:
2a:4e:45:7c:df:d2:32:f4:08:4c:6d:71:f9:79:36:0e:40:32:
24:d1:3a:d8:57:e3:d4:54:54:c4:52:5a:32:c6:ae:37:44:03:
6a:27:c4:ea:91:d3:5f:88:49:92:44:88:b1:2a:99:06:74:02:
80:e8:95:a0:c1:12:01:05:ae:1a:6c:54:13:63:cb:0e:4f:fc:
ed:3b:92:d9:d0:cf:f9:a4:22:52:76:8b:8c:80:f1:e2:d4:23:
bf:4a:5e:54:77:ab:44:97:d6:1f:b1:e9:bf:73:b0:83:5e:ec:
95:4c:71:cb:54:e4:ca:1c:80:36:93:7a:f9:c7:0b:c1:ea:46:
92:40:0d:70:33:8e:2d:00:c3:76:47:71:ec:58:46:28:13:4a:
da:6c:db:7f:dc:19:ff:96:b1:f0:26:2f:f7:34:60:47:8e:6f:
08:c4:99:0c:21:ab:35:fb:2d:de:5f:73:c4:ae:cf:54:1f:fc:
1c:1e:2d:41
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZiX5BeBoiwy4cj5YmfSXmeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE2NGNkMjljOTRjY2RlMTQ0NDhmNjFhMTcyYzc2M2Ix
ZTQwNTAwHhcNMjUwODExMDY0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNjMjI3NzQ3NzQ1MzBmY2Y1ODlkNWZhYzQzM2E2NDA1MTI3NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VIp3NQefR6rfCEbtSEJil95c5E5
c70Zcdgvon19iCAnBCL8ChkySFYeq/OmjQqkUPzRQYHfTGP+ziHXBMejnMlAE4/S
Tz4l8IVJHG0GYUFd9Ke+eZXVI85RBLPiQmjL8ur4a2edB6zXaEBMY2Lgp41ylyWj
lMsIiKUAjTIU3vU7N1AeIvk3ggBDwJjj/VjK3sdsOUhgvYTgKknXoCeMc0kbbO9J
xR5XlR/q2xQJZYBGkwMxwfJubFV9wrnFf39t7AHIfmixPga3aO4tMvdUS/RxavJ8
NRutyarUyJPz3hpZKsLeBEJ8f2FMo3nWp5Wuj189Hj/oFR7wm4Oizv9/OwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFLLMIndHdFMPz1idX6xDOmQFEnT6MB8GA1UdIwQY
MBaAFLqqZM0pyUzN4URI9hoXLHY7HkBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUt
OGZjYWE2OTM2YzZjLzEvc3N3aWQwZDBVd19QV0oxZnJFTTZaQVVTZFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MWY0MzktMmIxYi00ZWYwLWI2YTUtOGZjYWE2OTM2YzZj
LzEvdXFwa3pTbkpUTTNoUkVqMkdoY3NkanNlUUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmMAwDBAdY0YAD
BAJY0YgDBANY0aADBAFY0b4DBANdvWADBAK5P+gwDQQCAAIwBwMFACoDEeAwDQYJ
KoZIhvcNAQELBQADggEBAGYZYrflfSzxhXkboYtLRX0an0BksDg3e9JL5Uok7z7G
hPE/Ge20P5Lw7xreQLQwBPV9D7P9oGtbSzC/eiPMDE4bgWn1rko3BCpORXzf0jL0
CExtcfl5Ng5AMiTROthX49RUVMRSWjLGrjdEA2onxOqR01+ISZJEiLEqmQZ0AoDo
laDBEgEFrhpsVBNjyw5P/O07ktnQz/mkIlJ2i4yA8eLUI79KXlR3q0SX1h+x6b9z
sINe7JVMcctU5MocgDaTevnHC8HqRpJADXAzji0Aw3ZHcexYRigTStps23/cGf+W
sfAmL/c0YEeObwjEmQwhqzX7Ld5fc8Suz1Qf/BweLUE=
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:44:56 2025 by rpki-client