Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/DSxMowOlSTC_MwVM7KlgQMPQNrE.roa
File: DSxMowOlSTC_MwVM7KlgQMPQNrE.roa (raw, json)
Hash identifier: nlhxWq37E/ratvBd5zCucB9L6gUR7nqV3LRV9tj9pbU=
Subject key identifier: 0D:2C:4C:A3:03:A5:49:30:BF:33:05:4C:EC:A9:60:40:C3:D0:36:B1
Certificate issuer: /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial: 0198A82355F63D761292D0CB23433ACF818D
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/DSxMowOlSTC_MwVM7KlgQMPQNrE.roa
Signing time: Thu 14 Aug 2025 10:32:24 +0000
ROA not before: Thu 14 Aug 2025 10:32:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20857
IP address blocks: 5.61.248.0/21 maxlen: 24
31.3.96.0/22 maxlen: 24
31.3.101.0/24 maxlen: 24
31.3.102.0/23 maxlen: 24
31.14.96.0/22 maxlen: 24
37.34.48.0/21 maxlen: 24
37.34.56.0/21 maxlen: 24
37.97.128.0/17 maxlen: 24
37.230.96.0/21 maxlen: 24
77.72.144.0/21 maxlen: 24
79.170.88.0/24 maxlen: 24
79.170.90.0/23 maxlen: 24
79.170.93.0/24 maxlen: 24
79.170.94.0/23 maxlen: 24
80.69.64.0/19 maxlen: 24
84.247.8.0/21 maxlen: 24
85.10.128.0/19 maxlen: 24
85.222.228.0/22 maxlen: 24
86.105.244.0/22 maxlen: 24
87.253.128.0/19 maxlen: 24
89.31.96.0/23 maxlen: 24
89.31.100.0/24 maxlen: 24
89.31.102.0/23 maxlen: 24
89.41.168.0/22 maxlen: 24
91.142.254.0/23 maxlen: 23
93.119.0.0/20 maxlen: 24
93.191.128.0/22 maxlen: 24
93.191.132.0/23 maxlen: 24
95.170.64.0/19 maxlen: 24
141.138.136.0/21 maxlen: 24
141.138.192.0/21 maxlen: 24
141.138.200.0/22 maxlen: 24
141.138.204.0/23 maxlen: 24
141.138.206.0/24 maxlen: 24
149.210.128.0/17 maxlen: 24
178.18.80.0/20 maxlen: 24
185.10.48.0/22 maxlen: 24
185.21.188.0/22 maxlen: 24
185.96.4.0/22 maxlen: 24
185.108.112.0/22 maxlen: 24
188.240.52.0/22 maxlen: 22
188.241.148.0/22 maxlen: 22
193.138.204.0/24 maxlen: 24
195.8.195.0/24 maxlen: 24
195.135.195.0/24 maxlen: 24
2a01:7c8::/32 maxlen: 32
2a01:7c8:7000::/36 maxlen: 36
2a01:7c8:d000::/36 maxlen: 36
2a01:7c8:e000::/36 maxlen: 36
2a01:7860::/32 maxlen: 32
2a02:348:3::/48 maxlen: 48
2a02:348:33::/48 maxlen: 48
2a02:348:35::/48 maxlen: 48
2a02:348:36::/48 maxlen: 48
2a02:348:39::/48 maxlen: 48
2a02:348:3a::/48 maxlen: 48
2a02:348:3b::/48 maxlen: 48
2a02:348:40::/42 maxlen: 48
2a02:348:80::/43 maxlen: 48
2a02:348:a0::/45 maxlen: 48
2a02:348:b0::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.mft
rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 04:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a8:23:55:f6:3d:76:12:92:d0:cb:23:43:3a:cf:81:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Validity
Not Before: Aug 14 10:32:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d2c4ca303a54930bf33054ceca96040c3d036b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:e0:e8:30:ea:eb:7b:03:98:64:f4:4b:40:cb:
85:87:2c:a8:51:45:2c:a4:91:a8:49:8f:2a:bd:9b:
42:10:d6:69:c2:6c:b6:50:3e:5e:65:c1:93:ce:75:
bc:21:f7:82:7d:cf:00:aa:7a:63:9f:04:e5:14:fb:
76:fe:e9:45:4d:c7:97:79:8f:8f:39:46:f8:e8:e4:
55:0f:a6:32:2e:7d:6e:37:a2:74:1a:c7:61:e1:ab:
7c:d3:4b:a0:a1:37:76:07:93:0e:d5:c2:7d:83:e6:
16:1b:c8:95:30:38:44:93:a7:8c:0a:3b:b8:76:11:
fc:8a:f0:12:2a:8f:0b:1f:6e:d2:39:5e:1e:0d:9a:
82:7a:32:55:cb:06:a1:e7:59:f4:ac:45:37:92:4b:
4b:6b:47:dc:8f:fe:ed:eb:d7:e9:93:19:e5:d8:21:
b7:ef:2e:7e:c0:7e:79:f2:c3:fc:c5:02:8e:55:aa:
a4:be:ed:be:7f:87:70:6d:0b:4d:62:85:9d:16:b9:
86:24:0d:72:2c:e1:8a:15:89:0e:b7:00:5b:16:7c:
f9:6a:ff:d2:f3:5d:cf:02:18:d6:0f:d4:ed:85:b8:
c9:d7:54:bd:a5:b3:19:86:ff:55:bc:8d:7f:92:34:
d5:08:28:c4:1a:15:4a:c3:17:b5:d5:24:d5:6a:ce:
bc:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:2C:4C:A3:03:A5:49:30:BF:33:05:4C:EC:A9:60:40:C3:D0:36:B1
X509v3 Authority Key Identifier:
keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/DSxMowOlSTC_MwVM7KlgQMPQNrE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.248.0/21
31.3.96.0/22
31.3.101.0-31.3.103.255
31.14.96.0/22
37.34.48.0/20
37.97.128.0/17
37.230.96.0/21
77.72.144.0/21
79.170.88.0/24
79.170.90.0/23
79.170.93.0-79.170.95.255
80.69.64.0/19
84.247.8.0/21
85.10.128.0/19
85.222.228.0/22
86.105.244.0/22
87.253.128.0/19
89.31.96.0/23
89.31.100.0/24
89.31.102.0/23
89.41.168.0/22
91.142.254.0/23
93.119.0.0/20
93.191.128.0-93.191.133.255
95.170.64.0/19
141.138.136.0/21
141.138.192.0-141.138.206.255
149.210.128.0/17
178.18.80.0/20
185.10.48.0/22
185.21.188.0/22
185.96.4.0/22
185.108.112.0/22
188.240.52.0/22
188.241.148.0/22
193.138.204.0/24
195.8.195.0/24
195.135.195.0/24
IPv6:
2a01:7c8::/32
2a01:7860::/32
2a02:348:3::/48
2a02:348:33::/48
2a02:348:35::-2a02:348:36:ffff:ffff:ffff:ffff:ffff
2a02:348:39::-2a02:348:3b:ffff:ffff:ffff:ffff:ffff
2a02:348:40::-2a02:348:a7:ffff:ffff:ffff:ffff:ffff
2a02:348:b0::/44
Signature Algorithm: sha256WithRSAEncryption
05:cf:0a:82:54:bb:f0:85:a5:fb:93:ac:d3:3b:56:44:b0:92:
e9:d3:5c:e6:48:6a:07:6d:ba:cc:1f:9d:87:24:c5:e9:53:ae:
24:86:4e:5a:45:cc:e6:ca:0b:0b:38:24:72:9c:c9:c7:8b:8b:
93:c8:5d:d6:9c:5b:0f:5b:9f:b3:40:d1:a2:4f:70:7e:c6:a2:
69:98:25:5f:25:63:d3:b0:1f:f6:e1:03:4e:5b:36:6b:e8:02:
3a:c0:4a:0f:b3:11:5b:3a:88:07:0a:5e:e2:f0:fd:0a:95:ec:
51:b6:3c:a1:19:55:bf:54:e8:ae:04:30:a7:9a:73:70:1d:77:
07:b5:56:a7:bf:3c:5a:77:c5:82:33:73:ab:49:2c:39:53:e7:
3d:63:25:c7:77:13:36:9b:d8:80:b4:76:51:bb:96:7f:e6:e9:
13:d4:ce:33:79:23:b7:e6:51:85:04:25:46:8c:06:74:b0:aa:
c9:7f:cb:02:3d:0d:26:06:2c:21:a8:6a:06:b4:af:e2:ce:9d:
a8:55:20:ec:14:e5:45:0f:3e:a8:65:92:16:b4:08:2e:be:d6:
a5:d3:f8:27:70:f4:4f:87:73:31:06:b6:db:7a:aa:79:cc:07:
28:f9:59:17:36:ef:ee:0a:0e:52:3b:00:f7:79:1e:18:66:c6:
92:56:cd:88
-----BEGIN CERTIFICATE-----
MIIGcjCCBVqgAwIBAgISAZioI1X2PXYSktDLI0M6z4GNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjUwODE0MTAzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDJjNGNhMzAzYTU0OTMwYmYzMzA1NGNlY2E5NjA0MGMzZDAzNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluDoMOrrewOYZPRLQMuFhyyoUUUs
pJGoSY8qvZtCENZpwmy2UD5eZcGTznW8IfeCfc8AqnpjnwTlFPt2/ulFTceXeY+P
OUb46ORVD6YyLn1uN6J0Gsdh4at800ugoTd2B5MO1cJ9g+YWG8iVMDhEk6eMCju4
dhH8ivASKo8LH27SOV4eDZqCejJVywah51n0rEU3kktLa0fcj/7t69fpkxnl2CG3
7y5+wH558sP8xQKOVaqkvu2+f4dwbQtNYoWdFrmGJA1yLOGKFYkOtwBbFnz5av/S
813PAhjWD9TthbjJ11S9pbMZhv9VvI1/kjTVCCjEGhVKwxe11STVas68hQIDAQAB
o4IDfjCCA3owHQYDVR0OBBYEFA0sTKMDpUkwvzMFTOypYEDD0DaxMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvRFN4TW93T2xTVENfTXdWTTdLbGdRTVBRTnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBkgYIKwYBBQUHAQcBAf8EggGBMIIBfTCCAQwEAgABMIIB
BAMEAwU9+AMEAh8DYDAMAwQAHwNlAwQDHwNgAwQCHw5gAwQEJSIwAwQHJWGAAwQD
JeZgAwQDTUiQAwQAT6pYAwQBT6paMAwDBABPql0DBAVPqkADBAVQRUADBANU9wgD
BAVVCoADBAJV3uQDBAJWafQDBAVX/YADBAFZH2ADBABZH2QDBAFZH2YDBAJZKagD
BAFbjv4DBARddwAwDAMEB12/gAMEAV2/hAMEBV+qQAMEA42KiDAMAwQGjYrAAwQA
jYrOAwQHldKAAwQEshJQAwQCuQowAwQCuRW8AwQCuWAEAwQCuWxwAwQCvPA0AwQC
vPGUAwQAwYrMAwQAwwjDAwQAw4fDMGsEAgACMGUDBQAqAQfIAwUAKgF4YAMHACoC
A0gAAwMHACoCA0gAMzASAwcAKgIDSAA1AwcAKgIDSAA2MBIDBwAqAgNIADkDBwIq
AgNIADgwEgMHBioCA0gAQAMHAyoCA0gAoAMHBCoCA0gAsDANBgkqhkiG9w0BAQsF
AAOCAQEABc8KglS78IWl+5Os0ztWRLCS6dNc5khqB226zB+dhyTF6VOuJIZOWkXM
5soLCzgkcpzJx4uLk8hd1pxbD1ufs0DRok9wfsaiaZglXyVj07Af9uEDTls2a+gC
OsBKD7MRWzqIBwpe4vD9CpXsUbY8oRlVv1TorgQwp5pzcB13B7VWp788WnfFgjNz
q0ksOVPnPWMlx3cTNpvYgLR2UbuWf+bpE9TOM3kjt+ZRhQQlRowGdLCqyX/LAj0N
JgYsIahqBrSv4s6dqFUg7BTlRQ8+qGWSFrQILr7WpdP4J3D0T4dzMQa223qqecwH
KPlZFzbv7goOUjsA93keGGbGklbNiA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:03:54 2025 by rpki-client