Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/obCoVAm0hvxcip-w22N9REpmREE.roa
File: obCoVAm0hvxcip-w22N9REpmREE.roa (raw, json)
Hash identifier: vGwldn+RYwwVCdhqcXFmCabgvTD/eyh/8OG4WUPwxXM=
Subject key identifier: A1:B0:A8:54:09:B4:86:FC:5C:8A:9F:B0:DB:63:7D:44:4A:66:44:41
Certificate issuer: /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial: 0199DD1448F0995F5DD8C65F3C8A2439D5C5
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/obCoVAm0hvxcip-w22N9REpmREE.roa
Signing time: Mon 13 Oct 2025 10:18:38 +0000
ROA not before: Mon 13 Oct 2025 10:18:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207743
IP address blocks: 5.154.252.0/23 maxlen: 23
5.157.129.0/24 maxlen: 24
178.157.72.0/22 maxlen: 24
178.157.102.0/23 maxlen: 23
188.74.140.0/22 maxlen: 22
188.74.168.0/23 maxlen: 23
188.74.240.0/22 maxlen: 24
188.119.156.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:14:48:f0:99:5f:5d:d8:c6:5f:3c:8a:24:39:d5:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Validity
Not Before: Oct 13 10:18:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1b0a85409b486fc5c8a9fb0db637d444a664441
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:3a:57:8c:ae:88:0e:64:60:c6:f5:54:6e:b8:
a1:ea:fe:c8:01:95:8f:92:ba:30:f1:f5:99:90:de:
3c:1c:1a:1d:9e:4e:1c:ae:63:b4:3f:e8:0a:4f:fc:
b0:62:f5:82:7e:4b:70:01:a5:85:a0:59:8a:23:f3:
ac:46:1b:c9:c6:4a:81:f6:0b:4a:71:81:a4:e7:ce:
c0:e6:44:28:91:ea:f3:db:46:d5:24:92:8a:11:6b:
66:93:37:83:fd:89:50:a1:06:65:b5:bc:c2:b1:2f:
1a:22:50:7b:33:95:41:56:9a:1f:2d:51:d6:cf:65:
3b:8f:45:ec:dc:70:04:22:7c:bf:23:48:f7:9e:ee:
26:cb:4e:6a:68:59:e8:6d:fd:bf:7b:93:41:59:e2:
79:d2:c1:af:f2:22:b7:20:07:9c:bf:f4:44:11:9a:
97:25:20:0e:15:dd:eb:95:03:6d:dc:01:31:5f:fa:
64:6d:09:e7:a7:1d:81:d9:96:6a:ee:87:f2:8a:d3:
36:b5:98:21:63:cb:f8:0a:43:81:26:dc:32:27:fe:
16:83:07:68:41:d8:5b:db:06:27:eb:74:cf:17:1c:
85:51:4a:3a:7d:72:13:7c:dd:98:72:15:9e:66:69:
52:ec:0a:b3:e1:27:3a:f3:27:72:72:3e:0d:ef:2a:
f6:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:B0:A8:54:09:B4:86:FC:5C:8A:9F:B0:DB:63:7D:44:4A:66:44:41
X509v3 Authority Key Identifier:
keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/obCoVAm0hvxcip-w22N9REpmREE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.252.0/23
5.157.129.0/24
178.157.72.0/22
178.157.102.0/23
188.74.140.0/22
188.74.168.0/23
188.74.240.0/22
188.119.156.0/23
Signature Algorithm: sha256WithRSAEncryption
79:cd:29:c7:16:48:57:36:6a:8c:df:8c:a3:51:28:27:8e:73:
ba:49:0f:22:cc:e3:1d:12:0b:ee:b0:91:e9:9b:da:d2:d8:35:
b8:25:61:8a:29:7b:45:cc:84:f5:8f:da:3f:02:dd:96:a5:40:
58:ad:f7:6c:f9:c6:7e:e6:b6:3c:d5:12:42:63:ce:ab:2c:1d:
fa:f5:04:d6:91:d9:3e:aa:7c:5c:51:d9:51:3e:e6:ae:22:cf:
aa:f8:8a:fd:a7:bd:bf:53:53:56:15:9f:a3:d0:52:17:21:51:
ae:32:e5:d5:85:d6:8b:f2:f4:57:9f:2d:9b:e5:9a:11:c1:ce:
3b:59:0d:aa:3f:eb:59:23:2a:a2:6c:04:c0:5e:69:fc:9f:ff:
fc:96:aa:85:53:1f:5b:25:f4:f6:15:f2:91:74:3a:b2:8f:e7:
02:93:66:8b:60:5b:74:79:1b:1f:82:e8:39:df:16:0d:65:2b:
93:b4:b6:f9:ae:93:12:c6:ee:c7:23:c3:6b:fe:7f:7e:b1:2c:
8a:73:ad:30:5d:89:7e:f9:68:e3:22:8b:70:41:52:10:af:9d:
44:fe:96:4d:19:c6:26:6c:2a:b2:e3:98:fb:94:1c:35:a9:95:
5c:28:8b:68:b3:18:ea:be:f7:99:46:26:44:33:1f:5f:62:dd:
a3:e2:71:a3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZndFEjwmV9d2MZfPIokOdXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjUxMDEzMTAxODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWIwYTg1NDA5YjQ4NmZjNWM4YTlmYjBkYjYzN2Q0NDRhNjY0NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojpXjK6IDmRgxvVUbrih6v7IAZWP
krow8fWZkN48HBodnk4crmO0P+gKT/ywYvWCfktwAaWFoFmKI/OsRhvJxkqB9gtK
cYGk587A5kQokerz20bVJJKKEWtmkzeD/YlQoQZltbzCsS8aIlB7M5VBVpofLVHW
z2U7j0Xs3HAEIny/I0j3nu4my05qaFnobf2/e5NBWeJ50sGv8iK3IAecv/REEZqX
JSAOFd3rlQNt3AExX/pkbQnnpx2B2ZZq7ofyitM2tZghY8v4CkOBJtwyJ/4Wgwdo
Qdhb2wYn63TPFxyFUUo6fXITfN2YchWeZmlS7Aqz4Sc68ydycj4N7yr2DQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKGwqFQJtIb8XIqfsNtjfURKZkRBMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvb2JDb1ZBbTBodnhjaXAtdzIyTjlSRXBtUkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBBZr8AwQA
BZ2BAwQCsp1IAwQBsp1mAwQCvEqMAwQBvEqoAwQCvErwAwQBvHecMA0GCSqGSIb3
DQEBCwUAA4IBAQB5zSnHFkhXNmqM34yjUSgnjnO6SQ8izOMdEgvusJHpm9rS2DW4
JWGKKXtFzIT1j9o/At2WpUBYrfds+cZ+5rY81RJCY86rLB369QTWkdk+qnxcUdlR
PuauIs+q+Ir9p72/U1NWFZ+j0FIXIVGuMuXVhdaL8vRXny2b5ZoRwc47WQ2qP+tZ
IyqibATAXmn8n//8lqqFUx9bJfT2FfKRdDqyj+cCk2aLYFt0eRsfgug53xYNZSuT
tLb5rpMSxu7HI8Nr/n9+sSyKc60wXYl++WjjIotwQVIQr51E/pZNGcYmbCqy45j7
lBw1qZVcKItosxjqvveZRiZEMx9fYt2j4nGj
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:34:52 2025 by rpki-client