Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/nRc5J3U1ArDCY2LLpC71e5VOxQk.roa
File: nRc5J3U1ArDCY2LLpC71e5VOxQk.roa (raw, json)
Hash identifier: E8+EeEfD+RUrXtULDDufU5LOzCF+5+NypvieE+3At/0=
Subject key identifier: 9D:17:39:27:75:35:02:B0:C2:63:62:CB:A4:2E:F5:7B:95:4E:C5:09
Certificate issuer: /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial: 0199C3E102642A7C203493D6A0F41F192205
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/nRc5J3U1ArDCY2LLpC71e5VOxQk.roa
Signing time: Wed 08 Oct 2025 12:52:06 +0000
ROA not before: Wed 08 Oct 2025 12:52:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9002
IP address blocks: 2.58.98.0/24 maxlen: 24
31.128.32.0/22 maxlen: 24
37.233.82.0/23 maxlen: 24
37.233.84.0/23 maxlen: 24
37.233.86.0/24 maxlen: 24
45.92.174.0/24 maxlen: 24
45.130.212.0/22 maxlen: 24
45.137.188.0/24 maxlen: 24
45.145.5.0/24 maxlen: 24
45.145.163.0/24 maxlen: 24
45.145.168.0/24 maxlen: 24
45.152.87.0/24 maxlen: 24
45.156.20.0/24 maxlen: 24
46.173.20.0/24 maxlen: 24
77.73.233.0/24 maxlen: 24
77.73.235.0/24 maxlen: 24
77.73.238.0/24 maxlen: 24
83.222.20.0/23 maxlen: 24
89.40.204.0/24 maxlen: 24
90.156.254.0/23 maxlen: 24
91.218.142.0/23 maxlen: 24
185.77.231.0/24 maxlen: 24
193.22.244.0/24 maxlen: 24
193.23.3.0/24 maxlen: 24
193.242.106.0/24 maxlen: 24
193.242.109.0/24 maxlen: 24
194.36.208.0/24 maxlen: 24
194.113.209.0/24 maxlen: 24
212.74.231.0/24 maxlen: 24
213.139.229.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.mft
rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c3:e1:02:64:2a:7c:20:34:93:d6:a0:f4:1f:19:22:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Validity
Not Before: Oct 8 12:52:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d173927753502b0c26362cba42ef57b954ec509
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:5c:73:d5:54:33:b9:67:5d:5c:68:03:84:7f:
2b:68:0d:0c:d6:04:00:e4:88:d4:cf:20:e8:64:90:
a2:ea:8e:b8:db:01:07:58:35:ad:d4:ce:69:24:75:
0a:02:c3:6b:8b:51:d2:61:b8:be:81:50:2a:52:0a:
cc:42:cb:7a:a7:63:a1:66:c6:06:30:07:5e:9c:69:
6e:c0:f1:a6:f5:c1:dd:93:59:68:0f:d6:1a:f2:4a:
c9:54:ad:28:85:57:75:72:5c:20:9a:2a:9c:5f:85:
53:52:a7:57:2f:f7:18:83:c7:bd:5b:80:be:ac:8b:
de:6e:10:47:96:3d:ca:b5:82:1b:80:d3:64:3c:fc:
39:12:fc:58:58:ed:ea:1c:69:c6:72:dd:b2:a7:50:
df:57:5e:b3:77:85:74:69:ba:a7:44:c1:d6:30:2a:
a7:7f:c0:4d:cf:d8:29:97:fa:32:52:d8:9e:9e:6e:
c1:57:79:81:17:3f:04:6f:15:a1:b4:fd:5c:55:ae:
e2:c9:fb:5d:39:6d:54:ad:eb:e1:e9:07:c5:38:2b:
f1:ca:84:84:2b:7a:21:ca:43:39:81:4b:fb:91:30:
fd:e7:ab:45:67:41:e5:d6:d7:64:92:0c:54:55:67:
7a:a3:bc:39:e8:4f:23:cf:8f:9b:c9:64:75:45:05:
81:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:17:39:27:75:35:02:B0:C2:63:62:CB:A4:2E:F5:7B:95:4E:C5:09
X509v3 Authority Key Identifier:
keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/nRc5J3U1ArDCY2LLpC71e5VOxQk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.98.0/24
31.128.32.0/22
37.233.82.0-37.233.86.255
45.92.174.0/24
45.130.212.0/22
45.137.188.0/24
45.145.5.0/24
45.145.163.0/24
45.145.168.0/24
45.152.87.0/24
45.156.20.0/24
46.173.20.0/24
77.73.233.0/24
77.73.235.0/24
77.73.238.0/24
83.222.20.0/23
89.40.204.0/24
90.156.254.0/23
91.218.142.0/23
185.77.231.0/24
193.22.244.0/24
193.23.3.0/24
193.242.106.0/24
193.242.109.0/24
194.36.208.0/24
194.113.209.0/24
212.74.231.0/24
213.139.229.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:4e:89:9b:c9:c9:31:2a:0a:0a:91:b3:1b:f4:08:49:60:0d:
d9:ba:3e:5a:74:63:6b:37:a7:1f:5d:1e:e1:4e:7e:e1:74:71:
a9:07:06:8c:77:6a:e0:85:4c:bf:09:03:6a:36:37:b2:f9:26:
e0:60:be:34:e5:98:fa:6b:93:3d:2d:0f:19:f2:c8:39:98:9b:
bd:25:2b:d0:8a:3f:f7:ba:6a:35:22:35:8a:1c:07:20:c9:c5:
37:31:28:05:11:b5:81:73:bf:a9:ff:d0:a4:3d:54:e8:41:f5:
7c:76:89:74:85:0a:16:ee:08:f9:15:9a:28:a3:62:17:63:f5:
58:54:69:e5:e6:06:dd:8e:94:35:32:63:80:a9:f5:82:6b:39:
a8:20:22:62:2b:3a:f8:d8:d7:99:9d:06:86:2b:c8:1b:e0:eb:
2c:bf:5e:08:46:bf:8c:d0:d0:be:64:52:27:8b:e0:38:32:dd:
6b:dd:e0:9c:4c:2d:33:30:9a:a5:ff:67:27:55:1c:fe:ce:43:
98:b3:73:71:7b:de:04:f8:62:eb:2a:b3:43:cb:5a:fb:6a:db:
06:9a:5a:fb:ed:35:56:0e:bc:03:d0:1e:39:1a:63:57:59:d0:
4c:e3:e8:21:df:bb:cf:95:b4:27:58:8a:d0:b7:36:5d:53:0d:
16:ca:0b:1c
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZnD4QJkKnwgNJPWoPQfGSIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjUxMDA4MTI1MjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE3MzkyNzc1MzUwMmIwYzI2MzYyY2JhNDJlZjU3Yjk1NGVjNTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolxz1VQzuWddXGgDhH8raA0M1gQA
5IjUzyDoZJCi6o642wEHWDWt1M5pJHUKAsNri1HSYbi+gVAqUgrMQst6p2OhZsYG
MAdenGluwPGm9cHdk1loD9Ya8krJVK0ohVd1clwgmiqcX4VTUqdXL/cYg8e9W4C+
rIvebhBHlj3KtYIbgNNkPPw5EvxYWO3qHGnGct2yp1DfV16zd4V0abqnRMHWMCqn
f8BNz9gpl/oyUtienm7BV3mBFz8EbxWhtP1cVa7iyftdOW1Urevh6QfFOCvxyoSE
K3ohykM5gUv7kTD956tFZ0Hl1tdkkgxUVWd6o7w56E8jz4+byWR1RQWBIQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFJ0XOSd1NQKwwmNiy6Qu9XuVTsUJMB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvblJjNUozVTFBckRDWTJMTHBDNzFlNVZPeFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAC
OmIDBAIfgCAwDAMEASXpUgMEACXpVgMEAC1crgMEAi2C1AMEAC2JvAMEAC2RBQME
AC2RowMEAC2RqAMEAC2YVwMEAC2cFAMEAC6tFAMEAE1J6QMEAE1J6wMEAE1J7gME
AVPeFAMEAFkozAMEAVqc/gMEAVvajgMEALlN5wMEAMEW9AMEAMEXAwMEAMHyagME
AMHybQMEAMIk0AMEAMJx0QMEANRK5wMEANWL5TANBgkqhkiG9w0BAQsFAAOCAQEA
oE6Jm8nJMSoKCpGzG/QISWAN2bo+WnRjazenH10e4U5+4XRxqQcGjHdq4IVMvwkD
ajY3svkm4GC+NOWY+muTPS0PGfLIOZibvSUr0Io/97pqNSI1ihwHIMnFNzEoBRG1
gXO/qf/QpD1U6EH1fHaJdIUKFu4I+RWaKKNiF2P1WFRp5eYG3Y6UNTJjgKn1gms5
qCAiYis6+NjXmZ0GhivIG+DrLL9eCEa/jNDQvmRSJ4vgODLda93gnEwtMzCapf9n
J1Uc/s5DmLNzcXveBPhi6yqzQ8ta+2rbBppa++01Vg68A9AeORpjV1nQTOPoId+7
z5W0J1iK0Lc2XVMNFsoLHA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:22:58 2025 by rpki-client