Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/1-lFInPhnHtbdWXR24NywVD0KfqE.roa
File: 1-lFInPhnHtbdWXR24NywVD0KfqE.roa (raw, json)
Hash identifier: jSoHGnO3etM4/mKGKYynOIO1cFEz/TKW3T30X758YB8=
Subject key identifier: FA:51:48:9C:F8:67:1E:D6:DD:59:74:76:E0:DC:B0:54:3D:0A:7E:A1
Certificate issuer: /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial: 0199EC3F7DCB4D1C0D70D2DEE86C263FC79C
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/1-lFInPhnHtbdWXR24NywVD0KfqE.roa
Signing time: Thu 16 Oct 2025 09:00:07 +0000
ROA not before: Thu 16 Oct 2025 09:00:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54994
IP address blocks: 91.194.205.0/24 maxlen: 24
91.202.200.0/24 maxlen: 24
93.188.132.0/24 maxlen: 24
93.188.135.0/24 maxlen: 24
148.253.34.0/24 maxlen: 24
148.253.36.0/24 maxlen: 24
148.253.41.0/24 maxlen: 24
148.253.42.0/24 maxlen: 24
148.253.44.0/24 maxlen: 24
148.253.47.0/24 maxlen: 24
148.253.50.0/24 maxlen: 24
148.253.60.0/24 maxlen: 24
148.253.61.0/24 maxlen: 24
148.253.62.0/24 maxlen: 24
148.253.63.0/24 maxlen: 24
148.253.228.0/24 maxlen: 24
148.253.229.0/24 maxlen: 24
148.253.231.0/24 maxlen: 24
148.253.232.0/24 maxlen: 24
148.253.233.0/24 maxlen: 24
148.253.234.0/24 maxlen: 24
148.253.235.0/24 maxlen: 24
148.253.237.0/24 maxlen: 24
148.253.239.0/24 maxlen: 24
148.253.241.0/24 maxlen: 24
148.253.244.0/24 maxlen: 24
148.253.245.0/24 maxlen: 24
148.253.246.0/24 maxlen: 24
148.253.248.0/24 maxlen: 24
151.249.92.0/24 maxlen: 24
151.249.93.0/24 maxlen: 24
151.249.94.0/24 maxlen: 24
163.171.64.0/24 maxlen: 24
163.171.67.0/24 maxlen: 24
163.171.70.0/24 maxlen: 24
163.171.71.0/24 maxlen: 24
163.171.77.0/24 maxlen: 24
163.171.84.0/24 maxlen: 24
163.171.85.0/24 maxlen: 24
163.171.87.0/24 maxlen: 24
163.171.93.0/24 maxlen: 24
163.171.94.0/24 maxlen: 24
163.171.96.0/24 maxlen: 24
163.171.97.0/24 maxlen: 24
163.171.98.0/24 maxlen: 24
163.171.101.0/24 maxlen: 24
163.171.102.0/24 maxlen: 24
163.171.103.0/24 maxlen: 24
163.171.104.0/24 maxlen: 24
163.171.119.0/24 maxlen: 24
163.171.126.0/24 maxlen: 24
163.171.143.0/24 maxlen: 24
163.171.149.0/24 maxlen: 24
163.171.153.0/24 maxlen: 24
163.171.166.0/24 maxlen: 24
163.171.176.0/24 maxlen: 24
163.171.177.0/24 maxlen: 24
163.171.182.0/24 maxlen: 24
163.171.188.0/24 maxlen: 24
163.171.198.0/24 maxlen: 24
163.171.207.0/24 maxlen: 24
163.171.215.0/24 maxlen: 24
163.171.216.0/24 maxlen: 24
163.171.217.0/24 maxlen: 24
163.171.218.0/24 maxlen: 24
163.171.222.0/24 maxlen: 24
163.171.224.0/24 maxlen: 24
163.171.225.0/24 maxlen: 24
163.171.230.0/24 maxlen: 24
163.171.231.0/24 maxlen: 24
163.171.234.0/24 maxlen: 24
163.171.237.0/24 maxlen: 24
163.171.249.0/24 maxlen: 24
163.171.252.0/24 maxlen: 24
185.27.230.0/24 maxlen: 24
194.107.19.0/24 maxlen: 24
2a01:53c0:ffc6::/48 maxlen: 48
2a01:53c0:ffe7::/48 maxlen: 48
2a01:53c0:fff2::/48 maxlen: 48
2a01:53c0:fff4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 09:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ec:3f:7d:cb:4d:1c:0d:70:d2:de:e8:6c:26:3f:c7:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Validity
Not Before: Oct 16 09:00:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fa51489cf8671ed6dd597476e0dcb0543d0a7ea1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:fd:e7:ef:e6:27:57:40:fc:b6:bc:01:31:c6:
19:cf:e3:65:85:f5:ed:25:98:b0:59:7f:23:a3:95:
b7:dc:1c:db:96:fe:ce:59:61:50:80:dd:9d:99:00:
ca:98:90:95:d1:c1:aa:6d:e1:56:e4:b3:d7:7a:a3:
8c:64:c4:c9:1c:51:ba:03:a7:20:72:96:5a:f6:ed:
b3:a8:eb:64:02:f2:bf:4f:43:32:4e:3d:02:bc:d7:
dd:9d:8b:d0:e1:a0:59:f5:f6:4e:69:1d:66:ae:8f:
6a:3d:6c:aa:df:2d:0e:f9:f7:c5:11:c8:34:92:7c:
99:d0:8a:b1:5e:fa:21:71:5a:7a:64:4d:8b:92:08:
65:92:e0:64:c4:0a:27:40:2c:98:c3:22:ae:17:02:
ab:3f:44:1c:35:44:62:08:41:44:40:9f:e6:9f:f0:
5a:27:df:84:29:e8:04:b6:fb:d5:9e:07:b9:20:d8:
ee:b0:c0:b4:22:06:91:15:88:c2:ac:93:6c:12:3b:
8b:37:b4:99:c4:c6:ca:7e:0c:91:15:2e:5e:f3:76:
35:f6:0e:a0:16:7a:16:85:85:c5:9a:1c:ca:b8:1c:
d5:e6:04:7d:47:63:b7:17:cd:a2:52:59:d3:dd:f6:
66:bd:5c:f7:7c:0e:3f:ea:65:ce:d5:0c:4a:1a:ea:
2b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:51:48:9C:F8:67:1E:D6:DD:59:74:76:E0:DC:B0:54:3D:0A:7E:A1
X509v3 Authority Key Identifier:
keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/1-lFInPhnHtbdWXR24NywVD0KfqE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.205.0/24
91.202.200.0/24
93.188.132.0/24
93.188.135.0/24
148.253.34.0/24
148.253.36.0/24
148.253.41.0-148.253.42.255
148.253.44.0/24
148.253.47.0/24
148.253.50.0/24
148.253.60.0/22
148.253.228.0/23
148.253.231.0-148.253.235.255
148.253.237.0/24
148.253.239.0/24
148.253.241.0/24
148.253.244.0-148.253.246.255
148.253.248.0/24
151.249.92.0-151.249.94.255
163.171.64.0/24
163.171.67.0/24
163.171.70.0/23
163.171.77.0/24
163.171.84.0/23
163.171.87.0/24
163.171.93.0-163.171.94.255
163.171.96.0-163.171.98.255
163.171.101.0-163.171.104.255
163.171.119.0/24
163.171.126.0/24
163.171.143.0/24
163.171.149.0/24
163.171.153.0/24
163.171.166.0/24
163.171.176.0/23
163.171.182.0/24
163.171.188.0/24
163.171.198.0/24
163.171.207.0/24
163.171.215.0-163.171.218.255
163.171.222.0/24
163.171.224.0/23
163.171.230.0/23
163.171.234.0/24
163.171.237.0/24
163.171.249.0/24
163.171.252.0/24
185.27.230.0/24
194.107.19.0/24
IPv6:
2a01:53c0:ffc6::/48
2a01:53c0:ffe7::/48
2a01:53c0:fff2::/48
2a01:53c0:fff4::/48
Signature Algorithm: sha256WithRSAEncryption
9a:7f:c3:ab:ce:8e:a9:ef:72:d4:90:8b:30:50:2a:07:9d:1c:
5e:e9:83:ee:1d:f5:44:0c:70:a4:ba:48:e9:17:fc:b8:2c:9e:
62:c3:24:8e:9b:74:12:cf:06:ed:34:83:83:9e:6a:f7:c9:44:
0d:0e:e7:ba:ba:3b:7f:30:6d:e5:50:31:73:9b:34:ab:0e:be:
64:78:d8:35:9b:10:c8:b5:50:a0:58:4a:a3:86:cf:52:a1:da:
5b:a6:82:f4:c5:fc:59:6a:2b:e1:1f:c1:03:a8:f5:d0:0a:a4:
14:05:00:b9:e9:7b:1f:ac:1e:11:78:b0:a2:36:4e:bf:50:0b:
41:4c:ab:2f:a3:ae:0e:77:78:2b:be:90:0f:87:f3:c6:8e:a7:
77:77:51:2f:77:90:6c:47:74:0a:3c:8d:78:0d:81:92:45:0c:
79:e7:64:15:fc:4c:49:60:1c:62:16:0e:e3:da:4f:64:00:0e:
28:15:e8:b7:16:bf:3e:9e:cf:7c:9e:eb:bd:92:ea:89:56:55:
05:9d:99:a3:96:33:d4:a6:c9:df:db:b3:19:75:42:98:a7:de:
6d:fb:b8:14:aa:8d:36:df:28:97:84:30:bb:d4:c5:14:05:5e:
5a:50:9a:06:05:1e:64:e0:6f:8e:57:85:3b:80:51:9d:63:fe:
32:b2:0b:6a
-----BEGIN CERTIFICATE-----
MIIGlDCCBXygAwIBAgISAZnsP33LTRwNcNLe6GwmP8ecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUxMDE2MDkwMDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTUxNDg5Y2Y4NjcxZWQ2ZGQ1OTc0NzZlMGRjYjA1NDNkMGE3ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxf3n7+YnV0D8trwBMcYZz+NlhfXt
JZiwWX8jo5W33Bzblv7OWWFQgN2dmQDKmJCV0cGqbeFW5LPXeqOMZMTJHFG6A6cg
cpZa9u2zqOtkAvK/T0MyTj0CvNfdnYvQ4aBZ9fZOaR1mro9qPWyq3y0O+ffFEcg0
knyZ0IqxXvohcVp6ZE2LkghlkuBkxAonQCyYwyKuFwKrP0QcNURiCEFEQJ/mn/Ba
J9+EKegEtvvVnge5INjusMC0IgaRFYjCrJNsEjuLN7SZxMbKfgyRFS5e83Y19g6g
FnoWhYXFmhzKuBzV5gR9R2O3F82iUlnT3fZmvVz3fA4/6mXO1QxKGuormQIDAQAB
o4IDoDCCA5wwHQYDVR0OBBYEFPpRSJz4Zx7W3Vl0duDcsFQ9Cn6hMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvMS1sRkluUGhuSHRiZFdYUjI0Tnl3VkQwS2ZxRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvNjRhM2RlLTgxMmEtNGFjZS04MTRkLWI1ZDg4OGFkZmQz
Ny8xL1o3V3dMY1FCWm03Z1JhdVF6SWlCZi1DZGNHby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAbMGCCsGAQUFBwEHAQH/BIIBojCCAZ4wggFuBAIAATCC
AWYDBABbws0DBABbysgDBABdvIQDBABdvIcDBACU/SIDBACU/SQwDAMEAJT9KQME
AJT9KgMEAJT9LAMEAJT9LwMEAJT9MgMEApT9PAMEAZT95DAMAwQAlP3nAwQClP3o
AwQAlP3tAwQAlP3vAwQAlP3xMAwDBAKU/fQDBACU/fYDBACU/fgwDAMEApf5XAME
AJf5XgMEAKOrQAMEAKOrQwMEAaOrRgMEAKOrTQMEAaOrVAMEAKOrVzAMAwQAo6td
AwQAo6teMAwDBAWjq2ADBACjq2IwDAMEAKOrZQMEAKOraAMEAKOrdwMEAKOrfgME
AKOrjwMEAKOrlQMEAKOrmQMEAKOrpgMEAaOrsAMEAKOrtgMEAKOrvAMEAKOrxgME
AKOrzzAMAwQAo6vXAwQAo6vaAwQAo6veAwQBo6vgAwQBo6vmAwQAo6vqAwQAo6vt
AwQAo6v5AwQAo6v8AwQAuRvmAwQAwmsTMCoEAgACMCQDBwAqAVPA/8YDBwAqAVPA
/+cDBwAqAVPA//IDBwAqAVPA//QwDQYJKoZIhvcNAQELBQADggEBAJp/w6vOjqnv
ctSQizBQKgedHF7pg+4d9UQMcKS6SOkX/LgsnmLDJI6bdBLPBu00g4OeavfJRA0O
57q6O38wbeVQMXObNKsOvmR42DWbEMi1UKBYSqOGz1Kh2lumgvTF/FlqK+EfwQOo
9dAKpBQFALnpex+sHhF4sKI2Tr9QC0FMqy+jrg53eCu+kA+H88aOp3d3US93kGxH
dAo8jXgNgZJFDHnnZBX8TElgHGIWDuPaT2QADigV6LcWvz6ez3ye672S6olWVQWd
maOWM9Smyd/bsxl1Qpin3m37uBSqjTbfKJeEMLvUxRQFXlpQmgYFHmTgb45XhTuA
UZ1j/jKyC2o=
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:08:54 2025 by rpki-client