Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/uRY4YsG-mkWn6EhADkF8cpPULqs.roa
File: uRY4YsG-mkWn6EhADkF8cpPULqs.roa (raw, json)
Hash identifier: Qt9rBAQIaFmfpIvgH469AcKJBVMoTOjxLXll5uI8QwY=
Subject key identifier: B9:16:38:62:C1:BE:9A:45:A7:E8:48:40:0E:41:7C:72:93:D4:2E:AB
Certificate issuer: /CN=3be2f0164b66a76795860b4ea3586fad563bac47
Certificate serial: 01995BEE6A4894C0C6057A32A540C11A3A45
Authority key identifier: 3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/uRY4YsG-mkWn6EhADkF8cpPULqs.roa
Signing time: Thu 18 Sep 2025 08:26:15 +0000
ROA not before: Thu 18 Sep 2025 08:26:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206264
IP address blocks: 2.57.214.0/24 maxlen: 24
2.57.215.0/24 maxlen: 24
5.61.208.0/24 maxlen: 24
5.61.209.0/24 maxlen: 24
5.183.209.0/24 maxlen: 24
5.187.35.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.139.122.0/24 maxlen: 24
80.251.152.0/23 maxlen: 24
89.42.231.0/24 maxlen: 24
89.249.49.0/24 maxlen: 24
93.123.72.0/24 maxlen: 24
94.156.33.0/24 maxlen: 24
185.177.74.0/24 maxlen: 24
185.177.75.0/24 maxlen: 24
185.191.124.0/24 maxlen: 24
185.191.125.0/24 maxlen: 24
185.191.126.0/24 maxlen: 24
185.191.127.0/24 maxlen: 24
2a0d:1000::/29 maxlen: 29
2a0d:1000::/30 maxlen: 30
2a0d:1004::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.mft
rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:5b:ee:6a:48:94:c0:c6:05:7a:32:a5:40:c1:1a:3a:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3be2f0164b66a76795860b4ea3586fad563bac47
Validity
Not Before: Sep 18 08:26:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b9163862c1be9a45a7e848400e417c7293d42eab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:82:b7:ad:a4:6d:da:ce:d2:b2:cf:60:7b:97:
3a:13:d3:71:dc:a6:a7:3a:8a:82:b5:87:95:74:8f:
f0:35:15:d3:ef:02:95:22:08:95:7a:f1:d9:a6:10:
8d:e6:af:2c:ac:27:62:f0:69:a5:ca:c6:90:f9:64:
24:75:cf:e5:e8:b1:5e:7d:45:1b:1d:9b:88:54:0f:
7b:c2:e9:52:16:5d:dc:16:75:0d:c8:11:a9:8c:9c:
c7:8d:ed:e5:8a:52:51:7d:e5:75:3f:a1:b8:80:1e:
39:9d:d0:93:13:aa:ff:a3:b5:53:56:e0:36:11:fb:
27:a3:57:9d:7f:75:c3:b4:20:61:24:78:66:76:57:
b7:e4:c2:b8:aa:bb:6f:65:e1:ee:67:3d:e7:0c:c8:
1d:e6:15:0f:9a:0f:bf:0b:f8:51:ae:79:d3:b9:12:
b7:e0:f9:f8:79:08:0c:6f:48:01:65:79:6c:21:1a:
67:75:9e:0f:ba:f8:33:d5:b7:65:86:bb:62:f0:fc:
10:83:47:5c:ae:89:47:cc:34:5f:17:e6:b9:66:a9:
fd:87:b3:04:c0:86:3a:81:42:d4:23:91:b2:f4:f2:
f1:64:24:0d:56:79:c0:88:6e:e9:a3:14:ba:0b:ce:
9e:6a:57:31:7f:5d:b6:03:cd:34:ee:00:8c:78:38:
42:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:16:38:62:C1:BE:9A:45:A7:E8:48:40:0E:41:7C:72:93:D4:2E:AB
X509v3 Authority Key Identifier:
keyid:3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/uRY4YsG-mkWn6EhADkF8cpPULqs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.214.0/23
5.61.208.0/23
5.183.209.0/24
5.187.35.0/24
45.129.84.0/24
45.139.122.0/24
80.251.152.0/23
89.42.231.0/24
89.249.49.0/24
93.123.72.0/24
94.156.33.0/24
185.177.74.0/23
185.191.124.0/22
IPv6:
2a0d:1000::/29
Signature Algorithm: sha256WithRSAEncryption
39:46:3b:f5:48:a8:db:cc:9a:07:ab:31:fc:a0:5d:0b:f3:7f:
bb:45:80:cd:40:bd:65:c6:9d:38:a7:c4:53:17:1d:42:27:2f:
d8:f5:be:68:82:a1:93:e5:22:85:1a:af:d3:00:e8:c0:b0:fe:
3f:fe:6a:17:5e:09:c1:64:ea:14:4e:c1:c1:18:a6:c0:f7:f0:
5f:5e:6b:2e:3b:1e:81:20:e3:fc:0a:01:14:c6:e4:a8:61:fc:
50:57:89:f7:72:94:bf:1d:33:2f:90:8f:d9:d0:79:6f:b4:44:
06:0e:10:00:b2:dc:09:1f:8b:34:7e:b7:95:17:8a:78:bd:77:
83:8a:d8:c1:1c:62:3b:a7:31:ab:be:9b:4c:11:b9:14:88:62:
c1:58:e8:ea:81:a8:fb:74:8f:29:9b:8c:06:5f:b2:8f:1f:6e:
b8:ea:90:83:7d:d7:42:69:89:93:27:9e:31:a3:f1:75:12:0b:
d9:f8:a8:f4:4a:3d:81:2b:66:da:d6:d2:c3:44:7a:e5:79:76:
bb:f2:c7:8a:fb:18:6e:37:37:34:bd:97:1f:d5:93:82:a3:05:
e3:31:86:1f:b1:80:b1:fd:5f:1a:4e:7a:69:ff:50:1a:a0:de:
98:a8:50:be:89:2f:25:1a:a7:22:45:b5:6c:6a:93:f1:e3:72:
e0:bf:8b:2d
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAZlb7mpIlMDGBXoypUDBGjpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTJmMDE2NGI2NmE3Njc5NTg2MGI0ZWEzNTg2ZmFkNTYz
YmFjNDcwHhcNMjUwOTE4MDgyNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTE2Mzg2MmMxYmU5YTQ1YTdlODQ4NDAwZTQxN2M3MjkzZDQyZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYK3raRt2s7Sss9ge5c6E9Nx3Kan
OoqCtYeVdI/wNRXT7wKVIgiVevHZphCN5q8srCdi8GmlysaQ+WQkdc/l6LFefUUb
HZuIVA97wulSFl3cFnUNyBGpjJzHje3lilJRfeV1P6G4gB45ndCTE6r/o7VTVuA2
Efsno1edf3XDtCBhJHhmdle35MK4qrtvZeHuZz3nDMgd5hUPmg+/C/hRrnnTuRK3
4Pn4eQgMb0gBZXlsIRpndZ4Puvgz1bdlhrti8PwQg0dcrolHzDRfF+a5Zqn9h7ME
wIY6gULUI5Gy9PLxZCQNVnnAiG7poxS6C86ealcxf122A8007gCMeDhCEwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFLkWOGLBvppFp+hIQA5BfHKT1C6rMB8GA1UdIwQY
MBaAFDvi8BZLZqdnlYYLTqNYb61WO6xHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYt
ZjlhZDM4MDUxMjIwLzEvdVJZNFlzRy1ta1duNkVoQURrRjhjcFBVTHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNzJiNjctNzZlYy00YWZhLWIzNzYtZjlhZDM4MDUxMjIw
LzEvTy1Md0ZrdG1wMmVWaGd0T28xaHZyVlk3ckVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQBAjnWAwQB
BT3QAwQABbfRAwQABbsjAwQALYFUAwQALYt6AwQBUPuYAwQAWSrnAwQAWfkxAwQA
XXtIAwQAXpwhAwQBubFKAwQCub98MA0EAgACMAcDBQMqDRAAMA0GCSqGSIb3DQEB
CwUAA4IBAQA5Rjv1SKjbzJoHqzH8oF0L83+7RYDNQL1lxp04p8RTFx1CJy/Y9b5o
gqGT5SKFGq/TAOjAsP4//moXXgnBZOoUTsHBGKbA9/BfXmsuOx6BIOP8CgEUxuSo
YfxQV4n3cpS/HTMvkI/Z0HlvtEQGDhAAstwJH4s0freVF4p4vXeDitjBHGI7pzGr
vptMEbkUiGLBWOjqgaj7dI8pm4wGX7KPH2646pCDfddCaYmTJ54xo/F1EgvZ+Kj0
Sj2BK2ba1tLDRHrleXa78seK+xhuNzc0vZcf1ZOCowXjMYYfsYCx/V8aTnpp/1Aa
oN6YqFC+iS8lGqciRbVsapPx43Lgv4st
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:18 2025 by rpki-client