Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/U2oo4EeXi07FDJs5d6gm5B9lm3I.roa
File: U2oo4EeXi07FDJs5d6gm5B9lm3I.roa (raw, json)
Hash identifier: uJCLp60QZG1qA4nEQCFjuH0IiotbNwKkHdC47s8z3I8=
Subject key identifier: 53:6A:28:E0:47:97:8B:4E:C5:0C:9B:39:77:A8:26:E4:1F:65:9B:72
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 0198CEBE2452ED8E079A92E993292C834C00
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/U2oo4EeXi07FDJs5d6gm5B9lm3I.roa
Signing time: Thu 21 Aug 2025 22:27:04 +0000
ROA not before: Thu 21 Aug 2025 22:27:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200598
IP address blocks: 24.235.22.0/23 maxlen: 24
66.9.96.0/20 maxlen: 24
69.72.72.0/22 maxlen: 24
77.223.192.0/21 maxlen: 24
77.223.200.0/23 maxlen: 24
79.110.184.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
83.142.200.0/21 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
89.20.50.0/23 maxlen: 24
89.37.60.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
89.40.236.0/23 maxlen: 24
89.42.215.0/24 maxlen: 24
91.217.106.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
121.127.48.0/20 maxlen: 24
128.0.60.0/22 maxlen: 24
141.193.108.0/22 maxlen: 24
141.193.214.0/23 maxlen: 24
162.216.138.0/23 maxlen: 24
162.250.216.0/22 maxlen: 24
168.149.248.0/23 maxlen: 24
173.214.200.0/22 maxlen: 24
176.111.54.0/23 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
193.91.8.0/23 maxlen: 24
195.78.90.0/23 maxlen: 24
195.128.136.0/24 maxlen: 24
198.14.16.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
199.48.230.0/23 maxlen: 24
204.15.4.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
217.144.108.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ce:be:24:52:ed:8e:07:9a:92:e9:93:29:2c:83:4c:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Aug 21 22:27:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=536a28e047978b4ec50c9b3977a826e41f659b72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:e0:6d:ca:96:ba:26:82:24:db:82:90:e8:6d:
d7:17:a0:16:87:32:73:e1:69:7f:d1:01:99:f1:6a:
86:e6:1f:63:9e:f1:28:ef:46:5e:db:fb:83:f2:76:
85:3f:b1:fb:2a:f7:54:52:57:bc:69:26:a3:bf:cf:
64:62:97:de:93:0f:65:a1:e9:d8:0f:9c:d3:49:a8:
11:61:b8:c2:8a:3f:43:62:6e:6e:19:14:13:51:83:
94:a8:27:9d:ae:01:30:d3:95:bc:89:c5:dd:eb:f9:
1c:31:43:00:14:a7:69:fd:70:3e:66:32:9f:d7:ab:
38:23:e2:9c:a2:2e:9e:c6:79:90:64:fc:20:9c:7f:
2b:ea:0c:19:c0:af:82:96:64:cd:6a:d6:cb:1a:d7:
4d:e9:c5:0c:5b:50:53:4e:ee:47:b8:24:8c:89:f7:
45:55:67:1e:20:1d:3d:04:7c:78:ed:62:39:83:65:
f4:67:8e:91:e6:cf:cc:6d:d8:10:e3:f6:98:39:45:
39:2e:49:9b:a7:ef:cc:86:bd:83:0d:de:b8:6a:13:
a9:f7:a3:cf:e4:89:9a:b0:a4:f0:ac:34:71:34:0c:
b1:fb:f3:1d:78:4a:91:e7:26:df:93:17:6e:53:9c:
ba:a9:e1:eb:61:e7:dd:5e:1b:fe:f8:97:03:c8:df:
3e:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:6A:28:E0:47:97:8B:4E:C5:0C:9B:39:77:A8:26:E4:1F:65:9B:72
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/U2oo4EeXi07FDJs5d6gm5B9lm3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
66.9.96.0/20
69.72.72.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
89.42.215.0/24
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
141.193.108.0/22
141.193.214.0/23
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
193.91.8.0/23
195.78.90.0/23
195.128.136.0/24
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
82:96:74:3c:83:c0:a8:4f:ce:6b:90:5f:2c:81:00:eb:40:7f:
98:a8:bf:4c:d9:cd:e1:6a:c5:fe:49:75:17:9a:8a:84:12:98:
f9:fd:ed:e1:fb:8c:c9:40:8e:5d:d1:e2:a3:a2:ed:cb:c1:ee:
6c:cf:5c:d2:02:ec:75:53:7f:30:68:2e:45:6a:a8:a8:39:43:
a1:4d:a8:b2:fe:b9:36:e0:db:9d:94:11:a8:1b:35:25:06:c5:
28:c2:9c:22:92:6a:16:41:ce:1e:8a:fa:9a:c3:4e:41:70:f2:
af:19:97:f3:15:27:b9:27:86:23:75:c3:7d:31:8b:ac:1c:c4:
d1:75:d8:df:d4:c2:89:b7:b3:7a:fd:fc:6e:20:b6:96:75:48:
0b:d3:a8:f1:3b:e8:12:ef:87:b0:a9:55:66:a2:c8:10:4f:1b:
f4:f9:30:33:5a:0f:2e:95:fc:65:92:1c:c6:4d:c0:34:e6:81:
e8:13:55:43:d1:56:79:a7:69:5e:3e:0b:b3:83:d4:54:4a:b5:
fd:ce:a3:79:96:c1:d6:bd:db:53:03:3c:f3:9c:7a:63:1a:76:
a8:0f:e7:13:04:49:7c:79:d3:7a:06:d0:f1:b9:6e:f2:88:97:
ef:fb:c6:ee:8e:69:88:b9:13:05:e9:ac:12:85:30:00:a9:83:
8e:1d:42:34
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISAZjOviRS7Y4HmpLpkyksg0wAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwODIxMjIyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzZhMjhlMDQ3OTc4YjRlYzUwYzliMzk3N2E4MjZlNDFmNjU5YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Btypa6JoIk24KQ6G3XF6AWhzJz
4Wl/0QGZ8WqG5h9jnvEo70Ze2/uD8naFP7H7KvdUUle8aSajv89kYpfekw9loenY
D5zTSagRYbjCij9DYm5uGRQTUYOUqCedrgEw05W8icXd6/kcMUMAFKdp/XA+ZjKf
16s4I+Kcoi6exnmQZPwgnH8r6gwZwK+ClmTNatbLGtdN6cUMW1BTTu5HuCSMifdF
VWceIB09BHx47WI5g2X0Z46R5s/MbdgQ4/aYOUU5Lkmbp+/Mhr2DDd64ahOp96PP
5ImasKTwrDRxNAyx+/MdeEqR5ybfkxduU5y6qeHrYefdXhv++JcDyN8+QwIDAQAB
o4IC7zCCAuswHQYDVR0OBBYEFFNqKOBHl4tOxQybOXeoJuQfZZtyMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvVTJvbzRFZVhpMDdGREpzNWQ2Z201QjlsbTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAwYIKwYBBQUHAQcBAf8EgfMwgfAwge0EAgABMIHmAwQB
GOsWAwQEQglgAwQCRUhIMAwDBAZN38ADBAFN38gDBAJPbrgDBAFPi0ADBANTjsgD
BAFVzBwDBAFWahwDBAFZFDIDBAFZJTwDBAFZJ7gDBAFZKOwDBABZKtcDBAFb2WoD
BAJf15ADBAR5fzADBAKAADwDBAKNwWwDBAGNwdYDBAGi2IoDBAKi+tgDBAGolfgD
BAKt1sgDBAGwbzYDBAKw3jADBAOy2LgDBAK81wwDBAHBWwgDBAHDTloDBADDgIgD
BATGDhADBALGkXADBAHHMOYDBALMDwQDBAHN3NgDBALZkGwwDQYJKoZIhvcNAQEL
BQADggEBAIKWdDyDwKhPzmuQXyyBAOtAf5iov0zZzeFqxf5JdReaioQSmPn97eH7
jMlAjl3R4qOi7cvB7mzPXNIC7HVTfzBoLkVqqKg5Q6FNqLL+uTbg252UEagbNSUG
xSjCnCKSahZBzh6K+prDTkFw8q8Zl/MVJ7knhiN1w30xi6wcxNF12N/Uwom3s3r9
/G4gtpZ1SAvTqPE76BLvh7CpVWaiyBBPG/T5MDNaDy6V/GWSHMZNwDTmgegTVUPR
VnmnaV4+C7OD1FRKtf3Oo3mWwda921MDPPOcemMadqgP5xMESXx503oG0PG5bvKI
l+/7xu6OaYi5EwXprBKFMACpg44dQjQ=
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:04:42 2025 by rpki-client