Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmlYv0v2HfadN6iUJPgj2MV7hF8.roa
File: gmlYv0v2HfadN6iUJPgj2MV7hF8.roa (raw, json)
Hash identifier: kpLGRjRfo6IEc/0XC24Y5mGu2u2MGvyIBc1tJ+QXGsg=
Subject key identifier: 82:69:58:BF:4B:F6:1D:F6:9D:37:A8:94:24:F8:23:D8:C5:7B:84:5F
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 0198AC1EEBCD8A5D3CA9F54A7FFAD2F63B38
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmlYv0v2HfadN6iUJPgj2MV7hF8.roa
Signing time: Fri 15 Aug 2025 05:06:04 +0000
ROA not before: Fri 15 Aug 2025 05:06:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7018
IP address blocks: 62.164.224.0/20 maxlen: 20
62.164.240.0/20 maxlen: 24
66.9.96.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
77.223.192.0/21 maxlen: 24
77.223.200.0/23 maxlen: 24
79.139.64.0/23 maxlen: 24
83.142.200.0/21 maxlen: 24
84.247.59.0/24 maxlen: 24
86.104.8.0/24 maxlen: 24
88.135.96.0/20 maxlen: 24
89.34.171.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
93.119.184.0/21 maxlen: 24
94.26.110.0/23 maxlen: 24
94.101.103.0/24 maxlen: 24
95.178.8.0/21 maxlen: 24
116.50.16.0/21 maxlen: 24
121.127.48.0/20 maxlen: 24
121.127.56.0/21 maxlen: 24
168.75.224.0/20 maxlen: 24
176.222.48.0/22 maxlen: 24
192.200.192.0/19 maxlen: 23
194.149.76.0/22 maxlen: 24
195.133.202.0/23 maxlen: 24
198.14.16.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
212.32.96.0/20 maxlen: 24
212.32.112.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 10:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ac:1e:eb:cd:8a:5d:3c:a9:f5:4a:7f:fa:d2:f6:3b:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Aug 15 05:06:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=826958bf4bf61df69d37a89424f823d8c57b845f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:48:a9:38:2e:a5:43:2c:4e:4b:ae:62:c0:68:
f2:32:31:78:ff:aa:88:04:8a:eb:5f:8a:0d:e0:7c:
71:28:8d:e7:50:7d:ed:6e:bf:48:10:d4:89:94:8c:
f4:02:31:95:03:20:b3:ee:7e:ad:1c:d1:4d:2d:07:
f6:49:8d:6c:ce:fe:e4:88:4d:a8:d2:3b:58:e9:58:
b5:83:cb:72:48:96:68:41:40:35:3d:68:ea:62:a3:
1e:a4:c5:74:53:81:3d:16:d2:79:ec:14:fc:bc:94:
4b:81:64:13:50:e9:05:c5:bd:04:d0:1e:c4:a9:1f:
54:52:89:ba:df:48:74:51:ae:7a:40:92:5c:4d:62:
42:a2:e9:60:33:8f:b4:e9:d6:09:0a:22:95:bc:08:
5a:0a:ac:8d:69:ff:61:aa:ad:85:0e:8f:f5:a5:0c:
86:57:51:2d:d5:49:d9:27:a6:6a:a8:bb:53:f7:23:
97:06:e4:f0:63:93:04:82:45:42:77:0a:99:6e:27:
53:d6:b3:ed:8e:bd:07:6b:39:21:b0:05:49:f1:9a:
ab:28:c4:ed:81:fd:d5:b0:44:9b:c2:d9:a5:5d:d9:
bf:76:e1:5f:c5:ad:7a:46:49:09:9b:8e:4a:c5:e0:
91:54:fe:25:ca:3f:60:94:3c:1b:b1:30:3b:85:18:
23:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:69:58:BF:4B:F6:1D:F6:9D:37:A8:94:24:F8:23:D8:C5:7B:84:5F
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/gmlYv0v2HfadN6iUJPgj2MV7hF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.164.224.0/19
66.9.96.0/20
66.117.8.0/22
77.223.192.0-77.223.201.255
79.139.64.0/23
83.142.200.0/21
84.247.59.0/24
86.104.8.0/24
88.135.96.0/20
89.34.171.0/24
89.42.40.0/24
93.119.184.0/21
94.26.110.0/23
94.101.103.0/24
95.178.8.0/21
116.50.16.0/21
121.127.48.0/20
168.75.224.0/20
176.222.48.0/22
192.200.192.0/19
194.149.76.0/22
195.133.202.0/23
198.14.16.0/20
198.145.112.0/22
205.134.244.0/22
212.32.96.0/19
Signature Algorithm: sha256WithRSAEncryption
14:4d:67:01:d8:ee:9b:d9:13:22:f2:7c:93:cf:96:ca:a9:ff:
52:76:8c:26:24:8f:99:e9:98:a7:51:7e:11:f5:b5:e6:4b:3d:
89:4d:a6:d5:5f:41:de:90:16:b5:c4:8f:06:b3:25:5f:53:cc:
17:83:c1:ed:db:17:1c:44:69:4a:d2:8f:d7:73:64:30:b0:c7:
3e:f2:4d:6f:de:a1:53:e0:8a:d3:c9:47:eb:5b:9f:b9:60:e6:
92:d3:4f:49:9b:a0:ff:1a:c0:71:d9:4f:d9:87:cc:6f:27:cb:
6f:7a:d5:04:60:99:ee:74:d2:b5:d4:4f:0c:a2:6a:d3:ff:bb:
da:82:80:4c:9e:bb:3a:b9:fd:af:c1:09:b4:7f:1c:fe:6c:3f:
19:1e:cf:fd:e5:82:d2:be:13:b3:1f:f9:4b:50:18:dd:39:c2:
47:8d:ad:d4:34:cf:a8:af:dc:45:9e:10:3e:6f:7d:a6:e2:a6:
c7:be:82:d0:b2:ae:f9:b0:27:e1:e7:18:e9:5a:7f:55:16:13:
2e:7c:0f:63:e9:f6:0a:ec:9c:b9:9e:85:ff:27:ad:41:ba:db:
7a:c8:33:c7:1a:26:1c:1d:f7:dc:bb:da:98:5b:ba:8f:b3:43:
88:f5:5a:d2:34:5b:71:bd:bc:fa:cc:b3:52:ba:f5:92:96:ae:
8d:cb:66:c3
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZisHuvNil08qfVKf/rS9js4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwODE1MDUwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY5NThiZjRiZjYxZGY2OWQzN2E4OTQyNGY4MjNkOGM1N2I4NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUipOC6lQyxOS65iwGjyMjF4/6qI
BIrrX4oN4HxxKI3nUH3tbr9IENSJlIz0AjGVAyCz7n6tHNFNLQf2SY1szv7kiE2o
0jtY6Vi1g8tySJZoQUA1PWjqYqMepMV0U4E9FtJ57BT8vJRLgWQTUOkFxb0E0B7E
qR9UUom630h0Ua56QJJcTWJCoulgM4+06dYJCiKVvAhaCqyNaf9hqq2FDo/1pQyG
V1Et1UnZJ6ZqqLtT9yOXBuTwY5MEgkVCdwqZbidT1rPtjr0HazkhsAVJ8ZqrKMTt
gf3VsESbwtmlXdm/duFfxa16RkkJm45KxeCRVP4lyj9glDwbsTA7hRgjCQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFIJpWL9L9h32nTeolCT4I9jFe4RfMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvZ21sWXYwdjJIZmFkTjZpVUpQZ2oyTVY3aEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAU+
pOADBARCCWADBAJCdQgwDAMEBk3fwAMEAU3fyAMEAU+LQAMEA1OOyAMEAFT3OwME
AFZoCAMEBFiHYAMEAFkiqwMEAFkqKAMEA113uAMEAV4abgMEAF5lZwMEA1+yCAME
A3QyEAMEBHl/MAMEBKhL4AMEArDeMAMEBcDIwAMEAsKVTAMEAcOFygMEBMYOEAME
AsaRcAMEAs2G9AMEBdQgYDANBgkqhkiG9w0BAQsFAAOCAQEAFE1nAdjum9kTIvJ8
k8+Wyqn/UnaMJiSPmemYp1F+EfW15ks9iU2m1V9B3pAWtcSPBrMlX1PMF4PB7dsX
HERpStKP13NkMLDHPvJNb96hU+CK08lH61ufuWDmktNPSZug/xrAcdlP2YfMbyfL
b3rVBGCZ7nTStdRPDKJq0/+72oKATJ67Orn9r8EJtH8c/mw/GR7P/eWC0r4Tsx/5
S1AY3TnCR42t1DTPqK/cRZ4QPm99puKmx76C0LKu+bAn4ecY6Vp/VRYTLnwPY+n2
CuycuZ6F/yetQbrbesgzxxomHB333LvamFu6j7NDiPVa0jRbcb28+syzUrr1kpau
jctmww==
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:47:45 2025 by rpki-client