Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/87A59tFx6zF_AoyfTTInJAFnkcA.roa
File: 87A59tFx6zF_AoyfTTInJAFnkcA.roa (raw, json)
Hash identifier: unw4vIAiAfpS55i1OMoFYw1rzCbyU808aYVca3OlIMc=
Subject key identifier: F3:B0:39:F6:D1:71:EB:31:7F:02:8C:9F:4D:32:27:24:01:67:91:C0
Certificate issuer: /CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
Certificate serial: 0199F43ACFBC4116792E1CAD5C2965B27D14
Authority key identifier: A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/87A59tFx6zF_AoyfTTInJAFnkcA.roa
Signing time: Fri 17 Oct 2025 22:11:58 +0000
ROA not before: Fri 17 Oct 2025 22:11:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57128
IP address blocks: 46.191.224.0/22 maxlen: 22
46.191.224.0/23 maxlen: 23
46.191.224.0/24 maxlen: 24
46.191.225.0/24 maxlen: 24
46.191.226.0/23 maxlen: 23
46.191.226.0/24 maxlen: 24
46.191.227.0/24 maxlen: 24
77.79.156.0/22 maxlen: 22
77.79.156.0/23 maxlen: 23
77.79.156.0/24 maxlen: 24
77.79.157.0/24 maxlen: 24
77.79.158.0/23 maxlen: 23
77.79.158.0/24 maxlen: 24
77.79.159.0/24 maxlen: 24
84.39.244.0/22 maxlen: 22
84.39.244.0/23 maxlen: 23
84.39.244.0/24 maxlen: 24
84.39.245.0/24 maxlen: 24
84.39.246.0/23 maxlen: 23
84.39.246.0/24 maxlen: 24
84.39.247.0/24 maxlen: 24
93.157.248.0/22 maxlen: 22
93.157.248.0/23 maxlen: 23
93.157.248.0/24 maxlen: 24
93.157.249.0/24 maxlen: 24
93.157.250.0/23 maxlen: 23
93.157.250.0/24 maxlen: 24
93.157.251.0/24 maxlen: 24
95.105.0.0/20 maxlen: 20
95.105.0.0/22 maxlen: 22
95.105.0.0/23 maxlen: 23
95.105.0.0/24 maxlen: 24
95.105.1.0/24 maxlen: 24
95.105.2.0/23 maxlen: 23
95.105.2.0/24 maxlen: 24
95.105.3.0/24 maxlen: 24
95.105.4.0/22 maxlen: 22
95.105.4.0/23 maxlen: 23
95.105.4.0/24 maxlen: 24
95.105.5.0/24 maxlen: 24
95.105.6.0/23 maxlen: 23
95.105.6.0/24 maxlen: 24
95.105.7.0/24 maxlen: 24
95.105.8.0/22 maxlen: 22
95.105.8.0/23 maxlen: 23
95.105.8.0/24 maxlen: 24
95.105.9.0/24 maxlen: 24
95.105.10.0/23 maxlen: 23
95.105.10.0/24 maxlen: 24
95.105.11.0/24 maxlen: 24
95.105.12.0/22 maxlen: 22
95.105.12.0/23 maxlen: 23
95.105.12.0/24 maxlen: 24
95.105.13.0/24 maxlen: 24
95.105.14.0/23 maxlen: 23
95.105.14.0/24 maxlen: 24
95.105.15.0/24 maxlen: 24
95.105.64.0/20 maxlen: 20
95.105.64.0/22 maxlen: 22
95.105.64.0/23 maxlen: 23
95.105.64.0/24 maxlen: 24
95.105.65.0/24 maxlen: 24
95.105.66.0/23 maxlen: 23
95.105.66.0/24 maxlen: 24
95.105.67.0/24 maxlen: 24
95.105.68.0/22 maxlen: 22
95.105.68.0/23 maxlen: 23
95.105.68.0/24 maxlen: 24
95.105.69.0/24 maxlen: 24
95.105.70.0/23 maxlen: 23
95.105.70.0/24 maxlen: 24
95.105.71.0/24 maxlen: 24
95.105.72.0/22 maxlen: 22
95.105.72.0/23 maxlen: 23
95.105.72.0/24 maxlen: 24
95.105.73.0/24 maxlen: 24
95.105.74.0/23 maxlen: 23
95.105.74.0/24 maxlen: 24
95.105.75.0/24 maxlen: 24
95.105.76.0/22 maxlen: 22
95.105.76.0/23 maxlen: 23
95.105.76.0/24 maxlen: 24
95.105.77.0/24 maxlen: 24
95.105.78.0/23 maxlen: 23
95.105.78.0/24 maxlen: 24
95.105.79.0/24 maxlen: 24
2a02:1c8:9::/48 maxlen: 48
2a02:1c8:30::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl
rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.mft
rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f4:3a:cf:bc:41:16:79:2e:1c:ad:5c:29:65:b2:7d:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
Validity
Not Before: Oct 17 22:11:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f3b039f6d171eb317f028c9f4d322724016791c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:3e:18:35:6b:07:69:43:95:bd:0f:48:7b:f2:
61:9a:ea:03:f7:46:f6:6a:fe:08:ac:89:76:85:68:
d4:45:a8:82:5c:24:6b:91:19:c6:53:4d:18:55:93:
23:41:87:fe:fe:28:1c:0c:39:b0:9c:e7:39:4c:15:
ef:90:06:c7:30:00:f7:1f:41:d5:2a:2a:00:8d:50:
21:e0:06:c7:f7:a6:3a:c8:f1:f2:ec:d0:7d:50:54:
63:89:9f:7d:e8:81:ea:77:46:e6:00:ee:05:95:09:
86:b1:62:42:73:03:49:2d:dd:61:03:f2:64:e5:3c:
e4:54:f9:77:5f:ae:f1:76:ac:08:34:e7:5e:67:4e:
26:d7:e7:dc:61:17:c0:e1:86:85:f2:29:1c:84:21:
bf:66:21:97:13:2e:08:5e:64:10:52:c1:e3:7f:95:
2c:9f:68:2c:47:f4:1a:e4:ad:f6:41:4d:bf:5b:91:
c0:9f:b2:02:1b:e8:ac:3b:98:35:9b:fc:6f:36:29:
e2:7e:bd:e6:8b:83:b3:db:3d:7a:f5:09:07:60:10:
22:19:98:fc:88:dc:94:97:a3:ed:55:6f:02:52:99:
0b:dc:cd:b6:4b:0d:25:10:92:a7:1b:14:7c:b3:35:
72:f4:0a:d5:3e:0f:3f:3c:fb:f9:e2:d3:50:c3:b5:
53:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:B0:39:F6:D1:71:EB:31:7F:02:8C:9F:4D:32:27:24:01:67:91:C0
X509v3 Authority Key Identifier:
keyid:A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/87A59tFx6zF_AoyfTTInJAFnkcA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.191.224.0/22
77.79.156.0/22
84.39.244.0/22
93.157.248.0/22
95.105.0.0/20
95.105.64.0/20
IPv6:
2a02:1c8:9::/48
2a02:1c8:30::/44
Signature Algorithm: sha256WithRSAEncryption
84:f5:8f:14:bd:e6:48:31:ba:80:87:9b:f4:7b:99:a1:5d:9c:
fb:be:e2:78:5d:6b:7e:75:58:17:29:39:08:7e:72:24:8e:d6:
b3:ad:7b:da:96:ff:f6:fc:9b:05:9f:73:3a:26:32:15:26:2a:
1a:3e:f8:8a:22:50:e2:58:ce:31:b8:40:8a:cd:94:ea:04:1c:
3c:b8:a7:e8:62:88:a5:d3:81:1a:90:0c:ef:a9:34:ea:43:d6:
4b:5e:67:2c:b4:2f:f6:2c:a2:b4:8c:a0:27:54:f5:83:87:87:
9c:76:a0:fe:27:1f:05:a2:5a:8d:c9:f3:7d:1d:64:e2:8d:d4:
86:36:e8:69:01:38:99:68:bb:37:20:f3:25:b3:64:bc:d1:ba:
00:a2:75:b9:89:79:f4:be:29:3f:58:b4:9e:72:0f:72:e1:6c:
61:fa:fb:9c:65:c5:37:a8:8e:00:66:d0:60:07:a7:d3:24:58:
f3:ee:7a:d4:a1:24:b7:69:06:35:c8:ef:7e:75:ab:ac:ff:8b:
44:75:d4:d5:77:d7:3d:af:e4:df:9d:ff:e2:65:bc:64:c0:53:
b7:e4:83:e4:c3:07:ea:7b:8f:5d:12:f8:ac:5d:08:68:47:7c:
01:c0:e7:ad:c1:3c:27:38:2a:b0:36:d5:51:a0:74:2a:5f:d4:
cf:84:c3:87
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZn0Os+8QRZ5LhytXCllsn0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNmQwYWU1ZTJmYmZmY2NlMDg3NzBlYmMyMGMyMTZiOWZi
Zjk0ODUwHhcNMjUxMDE3MjIxMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2IwMzlmNmQxNzFlYjMxN2YwMjhjOWY0ZDMyMjcyNDAxNjc5MWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD4YNWsHaUOVvQ9Ie/JhmuoD90b2
av4IrIl2hWjURaiCXCRrkRnGU00YVZMjQYf+/igcDDmwnOc5TBXvkAbHMAD3H0HV
KioAjVAh4AbH96Y6yPHy7NB9UFRjiZ996IHqd0bmAO4FlQmGsWJCcwNJLd1hA/Jk
5TzkVPl3X67xdqwINOdeZ04m1+fcYRfA4YaF8ikchCG/ZiGXEy4IXmQQUsHjf5Us
n2gsR/Qa5K32QU2/W5HAn7ICG+isO5g1m/xvNinifr3mi4Oz2z169QkHYBAiGZj8
iNyUl6PtVW8CUpkL3M22Sw0lEJKnGxR8szVy9ArVPg8/PPv54tNQw7VTTQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPOwOfbRcesxfwKMn00yJyQBZ5HAMB8GA1UdIwQY
MBaAFKNtCuXi+//M4Idw68IMIWufv5SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAt
Y2JiOTUxODNiMjdhLzEvODdBNTl0Rng2ekZfQW95ZlRUSW5KQUZua2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAtY2JiOTUxODNiMjdh
LzEvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQCLr/gAwQC
TU+cAwQCVCf0AwQCXZ34AwQEX2kAAwQEX2lAMBgEAgACMBIDBwAqAgHIAAkDBwQq
AgHIADAwDQYJKoZIhvcNAQELBQADggEBAIT1jxS95kgxuoCHm/R7maFdnPu+4nhd
a351WBcpOQh+ciSO1rOte9qW//b8mwWfczomMhUmKho++IoiUOJYzjG4QIrNlOoE
HDy4p+hiiKXTgRqQDO+pNOpD1kteZyy0L/YsorSMoCdU9YOHh5x2oP4nHwWiWo3J
830dZOKN1IY26GkBOJlouzcg8yWzZLzRugCidbmJefS+KT9YtJ5yD3LhbGH6+5xl
xTeojgBm0GAHp9MkWPPuetShJLdpBjXI7351q6z/i0R11NV31z2v5N+d/+JlvGTA
U7fkg+TDB+p7j10S+KxdCGhHfAHA563BPCc4KrA21VGgdCpf1M+Ew4c=
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:05 2025 by rpki-client