Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/x9gEvmLiqp6QXnPTPsa-6i-pFyo.roa
File: x9gEvmLiqp6QXnPTPsa-6i-pFyo.roa (raw, json)
Hash identifier: keFMGhxuV8MLlgHVwMp/d+A+4wpJiYJvnC3NEijngr0=
Subject key identifier: C7:D8:04:BE:62:E2:AA:9E:90:5E:73:D3:3E:C6:BE:EA:2F:A9:17:2A
Certificate issuer: /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial: 0199C26BF1FF4D7633D0CF63F1604AE2DDCE
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/x9gEvmLiqp6QXnPTPsa-6i-pFyo.roa
Signing time: Wed 08 Oct 2025 06:04:38 +0000
ROA not before: Wed 08 Oct 2025 06:04:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200780
IP address blocks: 5.42.200.0/24 maxlen: 24
45.9.104.0/22 maxlen: 24
45.85.132.0/22 maxlen: 24
45.155.228.0/22 maxlen: 24
45.156.188.0/22 maxlen: 24
46.19.104.0/21 maxlen: 24
77.236.98.0/23 maxlen: 24
88.218.32.0/23 maxlen: 24
89.40.220.0/23 maxlen: 24
91.227.36.0/22 maxlen: 24
91.233.66.0/24 maxlen: 24
91.234.104.0/22 maxlen: 24
93.177.69.0/24 maxlen: 24
93.177.70.0/23 maxlen: 24
95.178.108.0/22 maxlen: 24
185.40.102.0/23 maxlen: 24
185.62.224.0/22 maxlen: 24
185.73.204.0/22 maxlen: 24
185.73.204.0/24 maxlen: 24
185.144.24.0/22 maxlen: 24
185.217.200.0/22 maxlen: 24
194.11.255.0/24 maxlen: 24
194.13.1.0/24 maxlen: 24
194.13.64.0/24 maxlen: 24
194.13.67.0/24 maxlen: 24
194.88.112.0/22 maxlen: 22
194.106.208.0/23 maxlen: 24
195.35.96.0/24 maxlen: 24
195.133.148.0/22 maxlen: 24
2a05:46c0::/29 maxlen: 29
2a10:780::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c2:6b:f1:ff:4d:76:33:d0:cf:63:f1:60:4a:e2:dd:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Validity
Not Before: Oct 8 06:04:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c7d804be62e2aa9e905e73d33ec6beea2fa9172a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:d4:91:5d:17:d6:43:c2:3a:d8:3b:57:f4:5a:
4b:d2:12:fd:67:3c:0a:ca:95:e4:74:79:d9:49:ff:
74:1e:9d:df:0b:95:13:28:70:a1:62:90:e3:d9:c9:
0e:f5:d9:08:c6:3a:76:44:47:1d:e1:9e:da:ff:6a:
cd:65:be:a4:bf:a3:8e:0a:16:4c:b8:e7:02:69:b4:
59:d8:b1:e7:c9:6f:dc:17:0c:22:3f:a7:e0:95:06:
ad:42:e1:fb:ba:cb:a4:b4:f1:f0:1a:7e:1f:ed:b3:
7c:51:8f:15:95:7a:7a:06:ca:8f:c4:47:02:ba:31:
f1:10:05:25:d5:ac:a6:cf:bd:ae:13:66:14:96:f8:
08:0d:11:7a:3c:9e:dd:1d:af:09:89:0a:c8:fc:99:
c5:c4:f3:76:4b:80:f7:f2:87:b2:92:15:e3:8b:33:
1c:20:ad:d9:6b:75:e1:10:88:cd:15:cc:05:73:cf:
56:4f:d8:de:86:0c:fd:bc:d1:fc:fc:b5:8f:a8:77:
19:8b:aa:cb:d8:e4:70:89:35:ab:22:ad:d7:27:e1:
c1:0d:1b:eb:73:c9:cf:92:ec:89:bb:5e:0a:54:7f:
3f:6b:04:c9:ca:37:c3:74:db:c1:da:c1:83:bf:7e:
d6:0c:c9:f8:93:63:05:de:cc:99:82:12:03:7d:d6:
dc:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:D8:04:BE:62:E2:AA:9E:90:5E:73:D3:3E:C6:BE:EA:2F:A9:17:2A
X509v3 Authority Key Identifier:
keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/x9gEvmLiqp6QXnPTPsa-6i-pFyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.200.0/24
45.9.104.0/22
45.85.132.0/22
45.155.228.0/22
45.156.188.0/22
46.19.104.0/21
77.236.98.0/23
88.218.32.0/23
89.40.220.0/23
91.227.36.0/22
91.233.66.0/24
91.234.104.0/22
93.177.69.0-93.177.71.255
95.178.108.0/22
185.40.102.0/23
185.62.224.0/22
185.73.204.0/22
185.144.24.0/22
185.217.200.0/22
194.11.255.0/24
194.13.1.0/24
194.13.64.0/24
194.13.67.0/24
194.88.112.0/22
194.106.208.0/23
195.35.96.0/24
195.133.148.0/22
IPv6:
2a05:46c0::/29
2a10:780::/32
Signature Algorithm: sha256WithRSAEncryption
41:06:19:1b:66:6f:6f:74:28:4e:25:27:1f:30:23:c6:25:91:
f9:41:b1:fd:56:27:63:f2:11:f3:4b:a5:e3:16:7f:b7:a6:14:
1b:32:56:e9:d7:0c:08:72:00:97:2f:b0:bc:45:1f:85:fd:4e:
31:ac:f0:75:b6:ec:c8:05:01:81:99:07:02:0a:20:07:c3:20:
12:b6:db:bd:50:a6:f2:56:3a:84:62:0b:54:24:74:d4:ce:f0:
10:7a:c1:e7:97:07:77:cd:44:b6:2f:5e:9c:b2:61:f7:38:a0:
30:a1:0a:e0:83:fb:a6:4c:a7:66:3c:ba:7b:3f:54:a3:b9:9b:
8b:89:51:f8:99:1c:02:ce:02:30:1b:93:3f:52:82:e3:7f:ca:
a7:48:21:6c:94:f7:46:56:76:20:2d:3f:f7:25:1c:5e:c7:a9:
8d:67:9b:b2:93:50:5b:f1:42:0e:67:b3:b4:0a:e6:df:d4:e0:
8a:ae:45:a9:51:dc:cb:f7:50:85:db:f9:60:c5:b8:d9:36:01:
d1:6f:13:32:91:df:87:45:53:c8:ab:da:5d:8e:dd:12:11:02:
bf:8b:a5:4d:24:39:55:23:b3:bd:4d:cc:33:0b:ab:43:1f:eb:
87:4b:5a:c6:32:4c:ba:d5:c5:fc:23:73:dc:63:be:d7:e0:cd:
36:54:a1:b6
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAZnCa/H/TXYz0M9j8WBK4t3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjUxMDA4MDYwNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q4MDRiZTYyZTJhYTllOTA1ZTczZDMzZWM2YmVlYTJmYTkxNzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptSRXRfWQ8I62DtX9FpL0hL9ZzwK
ypXkdHnZSf90Hp3fC5UTKHChYpDj2ckO9dkIxjp2REcd4Z7a/2rNZb6kv6OOChZM
uOcCabRZ2LHnyW/cFwwiP6fglQatQuH7usuktPHwGn4f7bN8UY8VlXp6BsqPxEcC
ujHxEAUl1aymz72uE2YUlvgIDRF6PJ7dHa8JiQrI/JnFxPN2S4D38oeykhXjizMc
IK3Za3XhEIjNFcwFc89WT9jehgz9vNH8/LWPqHcZi6rL2ORwiTWrIq3XJ+HBDRvr
c8nPkuyJu14KVH8/awTJyjfDdNvB2sGDv37WDMn4k2MF3syZghIDfdbcYwIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFMfYBL5i4qqekF5z0z7GvuovqRcqMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEveDlnRXZtTGlxcDZRWG5QVFBzYS02aS1wRnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBsQQCAAEwgaoDBAAF
KsgDBAItCWgDBAItVYQDBAItm+QDBAItnLwDBAMuE2gDBAFN7GIDBAFY2iADBAFZ
KNwDBAJb4yQDBABb6UIDBAJb6mgwDAMEAF2xRQMEA12xQAMEAl+ybAMEAbkoZgME
Ark+4AMEArlJzAMEArmQGAMEArnZyAMEAMIL/wMEAMINAQMEAMINQAMEAMINQwME
AsJYcAMEAcJq0AMEAMMjYAMEAsOFlDAUBAIAAjAOAwUDKgVGwAMFACoQB4AwDQYJ
KoZIhvcNAQELBQADggEBAEEGGRtmb290KE4lJx8wI8YlkflBsf1WJ2PyEfNLpeMW
f7emFBsyVunXDAhyAJcvsLxFH4X9TjGs8HW27MgFAYGZBwIKIAfDIBK2271QpvJW
OoRiC1QkdNTO8BB6weeXB3fNRLYvXpyyYfc4oDChCuCD+6ZMp2Y8uns/VKO5m4uJ
UfiZHALOAjAbkz9SguN/yqdIIWyU90ZWdiAtP/clHF7HqY1nm7KTUFvxQg5ns7QK
5t/U4IquRalR3Mv3UIXb+WDFuNk2AdFvEzKR34dFU8ir2l2O3RIRAr+LpU0kOVUj
s71NzDMLq0Mf64dLWsYyTLrVxfwjc9xjvtfgzTZUobY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:34 2025 by rpki-client