Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/DIIPkhIK2GpSY7ZT1zdEaY1N8S4.roa
File: DIIPkhIK2GpSY7ZT1zdEaY1N8S4.roa (raw, json)
Hash identifier: GZZtKk3KUtgI6t+m4e2aEMnaIKRSut5aw/uHqLEVs54=
Subject key identifier: 0C:82:0F:92:12:0A:D8:6A:52:63:B6:53:D7:37:44:69:8D:4D:F1:2E
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 0199951A4710B6AB3973D7D3802123EB3865
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/DIIPkhIK2GpSY7ZT1zdEaY1N8S4.roa
Signing time: Mon 29 Sep 2025 10:52:31 +0000
ROA not before: Mon 29 Sep 2025 10:52:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6739
IP address blocks: 2.154.0.0/15 maxlen: 16
2.154.0.0/16 maxlen: 16
2.154.192.0/18 maxlen: 18
2.155.0.0/16 maxlen: 16
5.40.0.0/16 maxlen: 16
62.42.0.0/15 maxlen: 16
62.57.0.0/16 maxlen: 16
62.81.0.0/16 maxlen: 24
62.82.0.0/15 maxlen: 16
62.100.96.0/19 maxlen: 19
62.174.0.0/15 maxlen: 19
80.224.0.0/16 maxlen: 16
81.60.0.0/15 maxlen: 18
81.184.0.0/16 maxlen: 16
81.202.0.0/16 maxlen: 16
82.159.0.0/16 maxlen: 16
82.213.128.0/18 maxlen: 18
83.173.128.0/18 maxlen: 18
84.120.0.0/13 maxlen: 19
84.127.229.0/24 maxlen: 24
85.219.0.0/17 maxlen: 17
85.251.0.0/16 maxlen: 17
89.140.0.0/16 maxlen: 17
95.39.0.0/16 maxlen: 19
185.128.128.0/22 maxlen: 24
194.106.0.0/19 maxlen: 19
194.140.128.0/18 maxlen: 18
194.149.192.0/19 maxlen: 19
212.21.224.0/19 maxlen: 19
212.40.224.0/19 maxlen: 19
212.40.224.0/24 maxlen: 24
212.78.128.0/19 maxlen: 19
212.79.128.0/19 maxlen: 19
212.95.192.0/19 maxlen: 19
212.97.160.0/19 maxlen: 19
212.183.192.0/18 maxlen: 18
213.37.0.0/16 maxlen: 16
213.201.0.0/17 maxlen: 17
213.227.0.0/18 maxlen: 18
213.231.64.0/18 maxlen: 18
2a02:a800::/26 maxlen: 26
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 23:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:95:1a:47:10:b6:ab:39:73:d7:d3:80:21:23:eb:38:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Sep 29 10:52:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0c820f92120ad86a5263b653d73744698d4df12e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:0b:c9:ef:a9:8c:6f:93:e4:7b:77:52:18:00:
68:87:d7:eb:ce:a9:48:a7:d5:77:c6:99:2b:b9:9f:
42:ac:b1:9d:1d:7b:38:96:a5:62:89:72:21:a9:43:
b6:f5:2a:15:30:65:c6:cf:72:88:31:cd:f3:1d:a2:
09:73:bd:5d:2e:62:5d:42:04:2a:d4:4c:b4:17:8d:
63:01:be:10:ed:39:53:d6:c9:42:b3:d9:71:c4:c2:
11:d3:cd:89:e8:77:c3:90:05:a2:db:74:25:98:7d:
a8:17:3a:59:8a:dd:74:df:bd:7c:ee:ce:ed:46:b0:
b3:af:f3:bf:17:09:6d:9e:b8:ec:03:b9:03:5a:ae:
aa:d8:eb:ce:01:b4:e7:ed:23:6c:40:e8:23:67:a9:
c8:1f:ad:17:c9:9c:33:29:0b:fc:6f:b3:5e:cc:34:
a8:df:e2:8e:da:38:90:8a:63:4a:c8:c5:28:21:94:
70:38:0a:7d:59:cd:5b:22:dd:bb:ff:d6:bf:af:f9:
b9:0c:85:0e:3b:20:53:15:d4:ae:a4:85:c1:b2:17:
a6:a0:82:e1:a7:d0:72:34:6d:61:c3:2c:07:df:06:
01:c3:35:a9:ed:4a:40:a9:cb:db:19:7b:f8:67:c9:
e1:ae:58:cb:fc:7f:cf:71:28:b2:20:3c:0a:c4:13:
f6:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:82:0F:92:12:0A:D8:6A:52:63:B6:53:D7:37:44:69:8D:4D:F1:2E
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/DIIPkhIK2GpSY7ZT1zdEaY1N8S4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.154.0.0/15
5.40.0.0/16
62.42.0.0/15
62.57.0.0/16
62.81.0.0-62.83.255.255
62.100.96.0/19
62.174.0.0/15
80.224.0.0/16
81.60.0.0/15
81.184.0.0/16
81.202.0.0/16
82.159.0.0/16
82.213.128.0/18
83.173.128.0/18
84.120.0.0/13
85.219.0.0/17
85.251.0.0/16
89.140.0.0/16
95.39.0.0/16
185.128.128.0/22
194.106.0.0/19
194.140.128.0/18
194.149.192.0/19
212.21.224.0/19
212.40.224.0/19
212.78.128.0/19
212.79.128.0/19
212.95.192.0/19
212.97.160.0/19
212.183.192.0/18
213.37.0.0/16
213.201.0.0/17
213.227.0.0/18
213.231.64.0/18
IPv6:
2a02:a800::/26
Signature Algorithm: sha256WithRSAEncryption
01:6b:cb:88:04:58:06:23:3f:b0:90:f4:13:97:2f:45:a1:c5:
b1:19:44:53:27:29:5d:b0:1a:b3:60:85:37:47:53:81:cb:63:
4b:26:cb:22:3d:63:0b:2c:f5:67:f1:e0:12:34:04:97:3a:96:
44:7b:27:7b:97:49:32:dc:ce:4c:13:bd:f2:a4:ee:80:3b:73:
62:62:12:5e:89:08:c3:6c:b1:98:0c:21:3f:ff:b8:f2:d2:6e:
d5:c4:03:3a:55:f3:f9:25:e9:86:f9:14:fc:88:bc:ea:12:bd:
df:66:c8:12:b3:ae:8c:0a:44:01:3e:44:3c:96:db:53:ca:f1:
1c:1e:6f:b0:d5:6f:68:51:06:d4:ae:cc:a9:36:1b:39:95:73:
db:ba:1a:4b:78:8b:04:7e:2a:73:10:0f:c0:b9:6c:90:92:e2:
03:63:1b:eb:ce:59:88:5b:2a:5a:af:c5:9f:fc:f1:4b:2e:29:
4b:d5:ff:95:7b:9f:cb:bd:1c:ee:f1:79:ec:aa:49:91:cd:7d:
13:d8:0e:be:f5:ec:d8:bb:a0:d7:a2:fe:bc:13:2a:18:bb:c8:
65:4b:63:78:e1:c6:d0:89:2f:b4:28:05:ae:4e:fc:58:c8:35:
59:85:d4:d4:e2:33:05:bc:15:a6:35:9e:7c:bf:40:a3:24:0d:
ed:c3:f9:66
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgISAZmVGkcQtqs5c9fTgCEj6zhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwOTI5MTA1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzgyMGY5MjEyMGFkODZhNTI2M2I2NTNkNzM3NDQ2OThkNGRmMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAvJ76mMb5Pke3dSGABoh9frzqlI
p9V3xpkruZ9CrLGdHXs4lqViiXIhqUO29SoVMGXGz3KIMc3zHaIJc71dLmJdQgQq
1Ey0F41jAb4Q7TlT1slCs9lxxMIR082J6HfDkAWi23QlmH2oFzpZit1037187s7t
RrCzr/O/FwltnrjsA7kDWq6q2OvOAbTn7SNsQOgjZ6nIH60XyZwzKQv8b7NezDSo
3+KO2jiQimNKyMUoIZRwOAp9Wc1bIt27/9a/r/m5DIUOOyBTFdSupIXBshemoILh
p9ByNG1hwywH3wYBwzWp7UpAqcvbGXv4Z8nhrljL/H/PcSiyIDwKxBP2SwIDAQAB
o4IC2jCCAtYwHQYDVR0OBBYEFAyCD5ISCthqUmO2U9c3RGmNTfEuMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvRElJUGtoSUsyR3BTWTdaVDF6ZEVhWTFOOFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHvBggrBgEFBQcBBwEB/wSB3zCB3DCBygQCAAEwgcMDAwEC
mgMDAAUoAwMBPioDAwA+OTAKAwMAPlEDAwI+UAMEBT5kYAMDAT6uAwMAUOADAwFR
PAMDAFG4AwMAUcoDAwBSnwMEBlLVgAMEBlOtgAMDA1R4AwQHVdsAAwMAVfsDAwBZ
jAMDAF8nAwQCuYCAAwQFwmoAAwQGwoyAAwQFwpXAAwQF1BXgAwQF1CjgAwQF1E6A
AwQF1E+AAwQF1F/AAwQF1GGgAwQG1LfAAwMA1SUDBAfVyQADBAbV4wADBAbV50Aw
DQQCAAIwBwMFBioCqAAwDQYJKoZIhvcNAQELBQADggEBAAFry4gEWAYjP7CQ9BOX
L0WhxbEZRFMnKV2wGrNghTdHU4HLY0smyyI9Ywss9Wfx4BI0BJc6lkR7J3uXSTLc
zkwTvfKk7oA7c2JiEl6JCMNssZgMIT//uPLSbtXEAzpV8/kl6Yb5FPyIvOoSvd9m
yBKzrowKRAE+RDyW21PK8Rweb7DVb2hRBtSuzKk2GzmVc9u6Gkt4iwR+KnMQD8C5
bJCS4gNjG+vOWYhbKlqvxZ/88UsuKUvV/5V7n8u9HO7xeeyqSZHNfRPYDr717Ni7
oNei/rwTKhi7yGVLY3jhxtCJL7QoBa5O/FjINVmF1NTiMwW8FaY1nny/QKMkDe3D
+WY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:37:21 2025 by rpki-client