Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/0f9dETPwri123VDJt9dOfuGVKTM.roa
File: 0f9dETPwri123VDJt9dOfuGVKTM.roa (raw, json)
Hash identifier: 8xyCGMaaQiKJUJRjOY5GEWjGS9pjoAFfD6Zrsv7nWZs=
Subject key identifier: D1:FF:5D:11:33:F0:AE:2D:76:DD:50:C9:B7:D7:4E:7E:E1:95:29:33
Certificate issuer: /CN=af938503d72931626dcb8d1e946b2ae06a73d02e
Certificate serial: 0199F0FB8354D265BD58777EE3255009E781
Authority key identifier: AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/0f9dETPwri123VDJt9dOfuGVKTM.roa
Signing time: Fri 17 Oct 2025 07:03:58 +0000
ROA not before: Fri 17 Oct 2025 07:03:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12552
IP address blocks: 62.102.144.0/22 maxlen: 22
62.109.32.0/19 maxlen: 19
62.209.160.0/19 maxlen: 19
65.99.128.0/18 maxlen: 18
80.252.160.0/19 maxlen: 19
82.96.0.0/18 maxlen: 18
82.96.28.0/22 maxlen: 22
82.96.43.0/24 maxlen: 24
82.99.0.0/18 maxlen: 18
83.140.0.0/16 maxlen: 16
83.140.30.0/24 maxlen: 24
83.140.95.0/24 maxlen: 24
83.140.96.0/23 maxlen: 23
83.140.99.0/24 maxlen: 24
83.140.108.0/22 maxlen: 22
83.140.113.0/24 maxlen: 24
83.140.156.0/23 maxlen: 23
83.140.171.0/24 maxlen: 24
83.140.221.0/24 maxlen: 24
83.140.231.0/24 maxlen: 24
83.140.249.0/24 maxlen: 24
83.145.0.0/18 maxlen: 18
85.112.160.0/19 maxlen: 19
85.112.184.0/22 maxlen: 22
93.158.64.0/18 maxlen: 18
93.158.68.0/22 maxlen: 22
93.158.76.0/24 maxlen: 24
93.158.78.0/24 maxlen: 24
93.158.88.0/22 maxlen: 22
93.158.92.0/23 maxlen: 23
93.158.95.0/24 maxlen: 24
93.158.98.0/23 maxlen: 23
93.158.100.0/24 maxlen: 24
93.158.102.0/23 maxlen: 23
93.158.107.0/24 maxlen: 24
93.158.108.0/23 maxlen: 23
93.189.240.0/21 maxlen: 21
94.246.64.0/18 maxlen: 18
146.185.8.0/21 maxlen: 21
178.248.24.0/22 maxlen: 22
185.165.80.0/22 maxlen: 22
185.165.172.0/22 maxlen: 22
185.165.172.0/24 maxlen: 24
185.178.140.0/22 maxlen: 22
185.178.143.0/24 maxlen: 24
185.181.216.0/22 maxlen: 22
185.182.84.0/22 maxlen: 22
185.183.144.0/22 maxlen: 22
185.183.152.0/22 maxlen: 22
185.190.144.0/22 maxlen: 22
185.199.168.0/22 maxlen: 22
185.205.224.0/22 maxlen: 22
185.205.226.0/24 maxlen: 24
185.211.136.0/22 maxlen: 22
195.140.200.0/22 maxlen: 22
212.16.160.0/19 maxlen: 19
212.37.0.0/19 maxlen: 19
212.112.160.0/19 maxlen: 19
213.80.0.0/18 maxlen: 18
213.80.64.0/19 maxlen: 19
213.132.96.0/19 maxlen: 19
213.212.0.0/18 maxlen: 18
217.75.96.0/19 maxlen: 19
217.140.112.0/20 maxlen: 20
2001:16d8::/32 maxlen: 32
2a01:2b0::/29 maxlen: 29
2a01:6d0::/32 maxlen: 32
2a0a:6380::/29 maxlen: 29
2a0a:a040::/29 maxlen: 29
2a0a:a040::/32 maxlen: 32
2a0a:a041::/32 maxlen: 32
2a0a:d381::/32 maxlen: 32
2a0a:d381:100::/40 maxlen: 40
2a0a:d381:200::/40 maxlen: 40
2a0a:d381:400::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl
rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.mft
rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f0:fb:83:54:d2:65:bd:58:77:7e:e3:25:50:09:e7:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af938503d72931626dcb8d1e946b2ae06a73d02e
Validity
Not Before: Oct 17 07:03:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d1ff5d1133f0ae2d76dd50c9b7d74e7ee1952933
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:df:c4:ac:10:e8:f6:ff:f4:3f:b2:24:ef:7b:
2d:47:fd:9b:d1:a8:8c:03:f5:89:ac:c8:52:d6:f5:
1c:1a:1e:b1:0b:7f:23:d1:e9:23:7b:0f:ab:63:c7:
bd:d4:9a:12:37:67:eb:b8:bc:61:f6:dc:a2:19:10:
32:95:67:40:ee:74:76:d4:96:29:04:9d:da:7c:44:
86:81:db:47:37:c8:51:49:72:7b:57:66:c0:46:9a:
23:e6:09:8c:78:36:e1:33:16:00:08:98:99:dd:5e:
81:9b:de:b9:1b:af:6a:4e:de:64:65:82:45:93:74:
79:d1:c5:dd:c1:a2:dd:bb:a9:bf:2d:44:99:2b:b0:
03:fb:6c:21:dc:14:02:d2:81:47:c4:97:74:8a:27:
68:b6:b5:29:5d:c6:b3:95:4b:59:f8:44:6c:d8:e9:
4b:51:f9:09:bf:0f:bc:cd:91:6c:19:12:82:5a:16:
78:15:3c:c5:5e:a6:60:c5:68:46:25:02:d2:65:cc:
58:9a:a2:dd:47:da:9b:25:bd:6c:b5:f1:bd:30:a3:
15:45:85:b1:44:ab:68:f5:ae:67:9d:0b:5a:26:57:
4e:36:fc:08:ef:cb:f0:5e:06:23:4f:63:8d:5d:71:
12:60:de:7e:d1:7d:e3:93:60:a7:d4:14:d0:23:d5:
3f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:FF:5D:11:33:F0:AE:2D:76:DD:50:C9:B7:D7:4E:7E:E1:95:29:33
X509v3 Authority Key Identifier:
keyid:AF:93:85:03:D7:29:31:62:6D:CB:8D:1E:94:6B:2A:E0:6A:73:D0:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5OFA9cpMWJty40elGsq4Gpz0C4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/0f9dETPwri123VDJt9dOfuGVKTM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/7e6369-5adb-45cd-bd2f-3b8b0d1a59a9/1/r5OFA9cpMWJty40elGsq4Gpz0C4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.102.144.0/22
62.109.32.0/19
62.209.160.0/19
65.99.128.0/18
80.252.160.0/19
82.96.0.0/18
82.99.0.0/18
83.140.0.0/16
83.145.0.0/18
85.112.160.0/19
93.158.64.0/18
93.189.240.0/21
94.246.64.0/18
146.185.8.0/21
178.248.24.0/22
185.165.80.0/22
185.165.172.0/22
185.178.140.0/22
185.181.216.0/22
185.182.84.0/22
185.183.144.0/22
185.183.152.0/22
185.190.144.0/22
185.199.168.0/22
185.205.224.0/22
185.211.136.0/22
195.140.200.0/22
212.16.160.0/19
212.37.0.0/19
212.112.160.0/19
213.80.0.0-213.80.95.255
213.132.96.0/19
213.212.0.0/18
217.75.96.0/19
217.140.112.0/20
IPv6:
2001:16d8::/32
2a01:2b0::/29
2a01:6d0::/32
2a0a:6380::/29
2a0a:a040::/29
2a0a:d381::/32
Signature Algorithm: sha256WithRSAEncryption
42:9b:0b:ed:a2:e0:7f:43:54:81:8b:ba:ee:3a:c1:1a:97:ce:
0a:5b:2b:9a:c3:56:1a:6b:b3:4a:ba:3f:89:72:9f:85:6f:64:
f6:7a:1c:ce:4b:f5:bc:49:a1:91:90:77:86:80:77:fa:3a:eb:
c2:e4:f9:56:0c:36:62:db:df:88:4f:d5:97:dc:ee:88:3f:b5:
c0:2c:73:b7:73:ac:81:94:6c:3b:ff:47:ff:e4:c9:b1:50:94:
fd:1e:9d:b5:2d:aa:84:ad:42:ad:b0:fb:9e:15:b5:17:69:1f:
27:1d:05:b4:ad:45:a6:52:a2:e7:1b:3a:26:7d:d1:2b:46:28:
6a:dd:5e:8a:c7:51:36:48:88:91:cc:0f:ea:75:65:5a:8a:b6:
15:15:b8:36:c6:02:4a:68:ef:f7:42:8c:19:1a:8b:c6:0f:a8:
22:86:e9:5c:4a:e5:1f:94:04:51:c7:96:b2:95:90:f4:f3:99:
26:c4:d4:19:59:51:d5:af:71:b0:18:05:eb:39:fe:11:b1:73:
7d:35:a7:87:1e:17:01:76:12:16:2c:3d:f6:fc:14:4e:12:f9:
55:a3:7b:03:cc:fd:0b:ce:71:20:e3:4c:69:a0:b7:e1:62:97:
cf:c2:49:15:38:b3:5a:7a:84:2b:f7:e4:d2:c9:d2:dd:83:46:
e4:cf:58:57
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAZnw+4NU0mW9WHd+4yVQCeeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM4NTAzZDcyOTMxNjI2ZGNiOGQxZTk0NmIyYWUwNmE3
M2QwMmUwHhcNMjUxMDE3MDcwMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWZmNWQxMTMzZjBhZTJkNzZkZDUwYzliN2Q3NGU3ZWUxOTUyOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9/ErBDo9v/0P7Ik73stR/2b0aiM
A/WJrMhS1vUcGh6xC38j0ekjew+rY8e91JoSN2fruLxh9tyiGRAylWdA7nR21JYp
BJ3afESGgdtHN8hRSXJ7V2bARpoj5gmMeDbhMxYACJiZ3V6Bm965G69qTt5kZYJF
k3R50cXdwaLdu6m/LUSZK7AD+2wh3BQC0oFHxJd0iidotrUpXcazlUtZ+ERs2OlL
UfkJvw+8zZFsGRKCWhZ4FTzFXqZgxWhGJQLSZcxYmqLdR9qbJb1stfG9MKMVRYWx
RKto9a5nnQtaJldONvwI78vwXgYjT2ONXXESYN5+0X3jk2Cn1BTQI9U/QwIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFNH/XREz8K4tdt1QybfXTn7hlSkzMB8GA1UdIwQY
MBaAFK+ThQPXKTFibcuNHpRrKuBqc9AuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYt
M2I4YjBkMWE1OWE5LzEvMGY5ZEVUUHdyaTEyM1ZESnQ5ZE9mdUdWS1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi83ZTYzNjktNWFkYi00NWNkLWJkMmYtM2I4YjBkMWE1OWE5
LzEvcjVPRkE5Y3BNV0p0eTQwZWxHc3E0R3B6MEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCB3wQCAAEwgdgD
BAI+ZpADBAU+bSADBAU+0aADBAZBY4ADBAVQ/KADBAZSYAADBAZSYwADAwBTjAME
BlORAAMEBVVwoAMEBl2eQAMEA1298AMEBl72QAMEA5K5CAMEArL4GAMEArmlUAME
ArmlrAMEArmyjAMEArm12AMEArm2VAMEArm3kAMEArm3mAMEArm+kAMEArnHqAME
ArnN4AMEArnTiAMEAsOMyAMEBdQQoAMEBdQlAAMEBdRwoDALAwME1VADBAXVUEAD
BAXVhGADBAbV1AADBAXZS2ADBATZjHAwMAQCAAIwKgMFACABFtgDBQMqAQKwAwUA
KgEG0AMFAyoKY4ADBQMqCqBAAwUAKgrTgTANBgkqhkiG9w0BAQsFAAOCAQEAQpsL
7aLgf0NUgYu67jrBGpfOClsrmsNWGmuzSro/iXKfhW9k9noczkv1vEmhkZB3hoB3
+jrrwuT5Vgw2YtvfiE/Vl9zuiD+1wCxzt3OsgZRsO/9H/+TJsVCU/R6dtS2qhK1C
rbD7nhW1F2kfJx0FtK1FplKi5xs6Jn3RK0Yoat1eisdRNkiIkcwP6nVlWoq2FRW4
NsYCSmjv90KMGRqLxg+oIobpXErlH5QEUceWspWQ9POZJsTUGVlR1a9xsBgF6zn+
EbFzfTWnhx4XAXYSFiw99vwUThL5VaN7A8z9C85xIONMaaC34WKXz8JJFTizWnqE
K/fk0snS3YNG5M9YVw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:09:09 2025 by rpki-client