Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/xsF-Dd6o-l_a87roQtNh3lGC3vI.roa
File: xsF-Dd6o-l_a87roQtNh3lGC3vI.roa (raw, json)
Hash identifier: ZsJnAVgXupQhihFkS/Z0iHmXyj+ORB01GBNhDS2qOK4=
Subject key identifier: C6:C1:7E:0D:DE:A8:FA:5F:DA:F3:BA:E8:42:D3:61:DE:51:82:DE:F2
Certificate issuer: /CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
Certificate serial: 0199C956928EB28ADE6EA95D367E24899213
Authority key identifier: 80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/xsF-Dd6o-l_a87roQtNh3lGC3vI.roa
Signing time: Thu 09 Oct 2025 14:18:37 +0000
ROA not before: Thu 09 Oct 2025 14:18:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 5.39.0.0/17 maxlen: 17
5.135.0.0/16 maxlen: 16
5.135.22.0/24 maxlen: 24
5.196.0.0/16 maxlen: 16
37.59.0.0/16 maxlen: 16
37.187.0.0/16 maxlen: 16
46.105.0.0/16 maxlen: 16
46.105.198.0/24 maxlen: 24
46.105.199.0/24 maxlen: 24
46.105.200.0/24 maxlen: 24
46.105.201.0/24 maxlen: 24
46.105.202.0/24 maxlen: 24
46.105.203.0/24 maxlen: 24
46.105.204.0/24 maxlen: 24
46.105.206.0/24 maxlen: 24
46.105.207.0/24 maxlen: 24
51.38.0.0/16 maxlen: 16
51.68.0.0/16 maxlen: 16
51.75.0.0/16 maxlen: 16
51.77.0.0/16 maxlen: 16
51.83.0.0/16 maxlen: 16
51.89.0.0/16 maxlen: 16
51.89.44.0/24 maxlen: 24
51.91.0.0/16 maxlen: 16
51.178.0.0/16 maxlen: 16
51.195.0.0/16 maxlen: 16
51.210.0.0/16 maxlen: 16
51.254.0.0/15 maxlen: 15
54.36.0.0/16 maxlen: 16
54.37.0.0/16 maxlen: 16
54.38.0.0/16 maxlen: 16
57.128.0.0/17 maxlen: 17
57.128.128.0/18 maxlen: 18
57.128.192.0/18 maxlen: 18
57.129.0.0/17 maxlen: 17
57.129.128.0/17 maxlen: 17
57.130.0.0/16 maxlen: 16
57.131.0.0/17 maxlen: 17
79.137.0.0/17 maxlen: 17
87.98.128.0/17 maxlen: 17
91.121.0.0/16 maxlen: 16
91.134.0.0/16 maxlen: 16
92.222.0.0/16 maxlen: 16
94.23.0.0/16 maxlen: 16
135.125.0.0/17 maxlen: 17
135.125.128.0/17 maxlen: 17
137.74.0.0/16 maxlen: 16
141.94.0.0/16 maxlen: 16
141.95.0.0/17 maxlen: 17
141.95.128.0/17 maxlen: 17
141.227.128.0/20 maxlen: 24
141.227.160.0/19 maxlen: 24
145.239.0.0/16 maxlen: 16
146.59.0.0/16 maxlen: 16
146.59.0.0/17 maxlen: 17
147.135.128.0/17 maxlen: 17
149.202.0.0/16 maxlen: 16
151.80.0.0/16 maxlen: 16
152.228.128.0/17 maxlen: 17
162.19.0.0/17 maxlen: 17
162.19.128.0/17 maxlen: 17
164.132.0.0/16 maxlen: 16
176.31.0.0/16 maxlen: 16
178.32.0.0/15 maxlen: 15
188.165.0.0/16 maxlen: 16
193.70.0.0/17 maxlen: 17
198.244.128.0/17 maxlen: 17
213.32.0.0/17 maxlen: 17
213.186.32.0/19 maxlen: 19
213.251.128.0/18 maxlen: 18
217.182.0.0/16 maxlen: 16
2001:41d0::/32 maxlen: 32
2001:41d0:ab00::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.mft
rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c9:56:92:8e:b2:8a:de:6e:a9:5d:36:7e:24:89:92:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
Validity
Not Before: Oct 9 14:18:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c6c17e0ddea8fa5fdaf3bae842d361de5182def2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4d:0b:72:6e:9a:d7:f2:a9:d9:5b:38:59:4a:
ce:b8:16:91:d0:86:46:4a:28:47:94:9c:db:6a:80:
5c:5d:44:01:6a:3b:39:df:97:af:64:cf:9a:f0:35:
95:45:42:8b:a7:38:63:cd:a2:bd:8b:0c:ca:3b:9c:
87:3b:f5:7c:e0:97:bd:f7:62:72:24:28:35:98:eb:
6f:85:d3:b7:55:6c:68:12:0d:cb:81:e3:b8:e1:6f:
69:12:99:7d:c5:db:25:cb:81:2c:e4:5c:c9:51:68:
46:b8:20:63:8a:bc:d7:b1:7a:23:ea:ea:46:ce:a0:
2c:61:60:43:de:32:12:bb:94:90:a3:d8:36:3a:b2:
e3:0a:0f:6e:7c:61:41:53:31:93:57:98:fe:e7:7c:
86:21:85:35:fc:d1:45:63:de:df:b1:a7:cc:4c:5d:
f2:4d:67:4f:fd:f5:62:cf:02:12:66:52:9c:b5:b2:
4e:78:bb:d9:5f:8a:15:5d:1a:6c:e4:ac:ab:e2:aa:
56:c5:13:52:6e:c9:d8:cd:e0:7f:5e:6e:4f:6b:dd:
f3:d4:7b:95:33:f0:aa:18:2c:5b:68:b2:12:34:00:
b4:4e:82:32:06:f4:6a:c8:76:c5:3a:21:e3:5e:09:
df:bd:56:8b:ff:31:f9:43:b7:91:ae:38:53:42:f4:
f6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:C1:7E:0D:DE:A8:FA:5F:DA:F3:BA:E8:42:D3:61:DE:51:82:DE:F2
X509v3 Authority Key Identifier:
keyid:80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/xsF-Dd6o-l_a87roQtNh3lGC3vI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.0.0/17
5.135.0.0/16
5.196.0.0/16
37.59.0.0/16
37.187.0.0/16
46.105.0.0/16
51.38.0.0/16
51.68.0.0/16
51.75.0.0/16
51.77.0.0/16
51.83.0.0/16
51.89.0.0/16
51.91.0.0/16
51.178.0.0/16
51.195.0.0/16
51.210.0.0/16
51.254.0.0/15
54.36.0.0-54.38.255.255
57.128.0.0-57.131.127.255
79.137.0.0/17
87.98.128.0/17
91.121.0.0/16
91.134.0.0/16
92.222.0.0/16
94.23.0.0/16
135.125.0.0/16
137.74.0.0/16
141.94.0.0/15
141.227.128.0/20
141.227.160.0/19
145.239.0.0/16
146.59.0.0/16
147.135.128.0/17
149.202.0.0/16
151.80.0.0/16
152.228.128.0/17
162.19.0.0/16
164.132.0.0/16
176.31.0.0/16
178.32.0.0/15
188.165.0.0/16
193.70.0.0/17
198.244.128.0/17
213.32.0.0/17
213.186.32.0/19
213.251.128.0/18
217.182.0.0/16
IPv6:
2001:41d0::/32
Signature Algorithm: sha256WithRSAEncryption
2b:be:2e:60:e3:14:3b:94:f1:b0:d7:0f:e1:b2:4b:56:4a:33:
cb:c4:65:fa:5b:44:00:0c:c9:74:05:9f:2c:4b:ad:5d:2e:b6:
af:a2:51:3b:e1:11:32:1b:48:88:16:24:5f:1f:e6:49:d1:82:
23:34:91:2e:b5:be:5e:db:08:81:07:31:e7:02:78:b7:8d:25:
19:c1:1e:1a:2a:cf:a7:7f:73:d1:65:0d:3d:5a:cd:1b:d7:2c:
23:95:eb:44:db:83:b7:f0:42:ec:e9:47:4a:64:a2:c8:0c:6f:
fa:f7:8a:26:9d:68:fe:d0:e8:d7:6f:c1:6a:bf:f1:dc:44:e0:
1d:3a:f6:b8:3e:53:63:2e:55:4c:06:a2:35:b0:54:3e:2e:1a:
d7:8b:09:d2:76:f0:1e:6f:bc:17:90:c2:ad:54:43:a4:3d:d7:
ab:ce:71:93:45:8d:0a:a9:dd:4b:c9:07:75:ef:7c:77:d8:88:
fc:0d:8e:67:66:18:79:bf:02:8d:d3:c5:76:f2:76:7c:68:7f:
40:83:41:7a:0c:54:0e:4b:0d:8d:9d:c8:06:b9:d9:50:42:57:
33:aa:e6:98:0b:1b:b8:0a:0b:e2:05:2a:87:cf:84:83:16:4d:
2f:eb:70:c2:89:da:6f:c3:c5:2a:a9:3e:33:46:6a:d5:cc:cf:
26:36:fa:67
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgISAZnJVpKOsorebqldNn4kiZITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYTlmZmY2M2EzNDc3OTU3ZmY3NWNjZGMwMDNkYWI2OGNm
OWQxNTUwHhcNMjUxMDA5MTQxODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmMxN2UwZGRlYThmYTVmZGFmM2JhZTg0MmQzNjFkZTUxODJkZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv00Lcm6a1/Kp2Vs4WUrOuBaR0IZG
SihHlJzbaoBcXUQBajs535evZM+a8DWVRUKLpzhjzaK9iwzKO5yHO/V84Je992Jy
JCg1mOtvhdO3VWxoEg3LgeO44W9pEpl9xdsly4Es5FzJUWhGuCBjirzXsXoj6upG
zqAsYWBD3jISu5SQo9g2OrLjCg9ufGFBUzGTV5j+53yGIYU1/NFFY97fsafMTF3y
TWdP/fVizwISZlKctbJOeLvZX4oVXRps5Kyr4qpWxRNSbsnYzeB/Xm5Pa93z1HuV
M/CqGCxbaLISNAC0ToIyBvRqyHbFOiHjXgnfvVaL/zH5Q7eRrjhTQvT2PwIDAQAB
o4IDIjCCAx4wHQYDVR0OBBYEFMbBfg3eqPpf2vO66ELTYd5Rgt7yMB8GA1UdIwQY
MBaAFICp//Y6NHeVf/dczcAD2raM+dFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTIt
NDdkOThlNTg1NDVhLzEveHNGLURkNm8tbF9hODdyb1F0TmgzbEdDM3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTItNDdkOThlNTg1NDVh
LzEvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNgYIKwYBBQUHAQcBAf8EggElMIIBITCCAQ4EAgABMIIB
BgMEBwUnAAMDAAWHAwMABcQDAwAlOwMDACW7AwMALmkDAwAzJgMDADNEAwMAM0sD
AwAzTQMDADNTAwMAM1kDAwAzWwMDADOyAwMAM8MDAwAz0gMDATP+MAoDAwI2JAMD
ADYmMAsDAwc5gAMEBzmDAAMEB0+JAAMEB1digAMDAFt5AwMAW4YDAwBc3gMDAF4X
AwMAh30DAwCJSgMDAY1eAwQEjeOAAwQFjeOgAwMAke8DAwCSOwMEB5OHgAMDAJXK
AwMAl1ADBAeY5IADAwCiEwMDAKSEAwMAsB8DAwGyIAMDALylAwQHwUYAAwQHxvSA
AwQH1SAAAwQF1bogAwQG1fuAAwMA2bYwDQQCAAIwBwMFACABQdAwDQYJKoZIhvcN
AQELBQADggEBACu+LmDjFDuU8bDXD+GyS1ZKM8vEZfpbRAAMyXQFnyxLrV0utq+i
UTvhETIbSIgWJF8f5knRgiM0kS61vl7bCIEHMecCeLeNJRnBHhoqz6d/c9FlDT1a
zRvXLCOV60Tbg7fwQuzpR0pkosgMb/r3iiadaP7Q6NdvwWq/8dxE4B069rg+U2Mu
VUwGojWwVD4uGteLCdJ28B5vvBeQwq1UQ6Q916vOcZNFjQqp3UvJB3XvfHfYiPwN
jmdmGHm/Ao3TxXbydnxof0CDQXoMVA5LDY2dyAa52VBCVzOq5pgLG7gKC+IFKofP
hIMWTS/rcMKJ2m/DxSqpPjNGatXMzyY2+mc=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:55:41 2025 by rpki-client