Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BtYymVysztiqPvFalU2qw0BxdUI.roa
File: BtYymVysztiqPvFalU2qw0BxdUI.roa (raw, json)
Hash identifier: fnna/fe+7wvOm7SoakeRGOUh4jW8Mh/j9bKBLG7yuY8=
Subject key identifier: 06:D6:32:99:5C:AC:CE:D8:AA:3E:F1:5A:95:4D:AA:C3:40:71:75:42
Certificate issuer: /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial: 01980E01B1F6BC6754CD450E2FE3318A82B3
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BtYymVysztiqPvFalU2qw0BxdUI.roa
Signing time: Tue 15 Jul 2025 12:14:08 +0000
ROA not before: Tue 15 Jul 2025 12:14:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8220
IP address blocks: 46.248.128.0/19 maxlen: 19
57.133.0.0/16 maxlen: 16
58.0.0.0/16 maxlen: 16
58.1.128.0/17 maxlen: 17
62.23.0.0/16 maxlen: 16
62.23.14.0/24 maxlen: 24
62.23.23.0/24 maxlen: 24
62.23.43.0/24 maxlen: 24
62.23.61.0/24 maxlen: 24
62.23.70.0/24 maxlen: 24
62.23.254.0/24 maxlen: 24
62.23.255.0/24 maxlen: 24
62.72.96.0/19 maxlen: 19
62.84.192.0/19 maxlen: 19
62.96.0.0/16 maxlen: 16
62.97.64.0/18 maxlen: 18
62.152.96.0/19 maxlen: 19
62.192.0.0/19 maxlen: 19
78.143.0.0/18 maxlen: 18
78.156.64.0/19 maxlen: 19
78.156.64.0/20 maxlen: 20
78.156.80.0/21 maxlen: 21
80.80.0.0/19 maxlen: 19
80.169.0.0/16 maxlen: 16
80.251.160.0/19 maxlen: 19
82.112.192.0/19 maxlen: 19
84.14.0.0/16 maxlen: 16
84.14.63.0/24 maxlen: 24
84.14.217.0/24 maxlen: 24
84.16.160.0/19 maxlen: 19
85.88.128.0/19 maxlen: 19
87.241.0.0/18 maxlen: 18
116.83.0.0/17 maxlen: 17
118.67.224.0/19 maxlen: 19
134.128.128.0/18 maxlen: 18
136.225.0.0/16 maxlen: 16
157.120.224.0/21 maxlen: 21
157.120.236.0/22 maxlen: 22
157.120.240.0/20 maxlen: 20
178.159.176.0/20 maxlen: 20
193.82.32.0/19 maxlen: 19
193.93.80.0/22 maxlen: 22
193.114.160.0/19 maxlen: 19
193.118.160.0/19 maxlen: 19
193.118.224.0/19 maxlen: 19
193.188.132.0/23 maxlen: 23
194.223.128.0/21 maxlen: 21
194.223.136.0/22 maxlen: 22
195.68.0.0/17 maxlen: 17
195.68.74.0/24 maxlen: 24
195.110.64.0/19 maxlen: 19
212.0.96.0/19 maxlen: 19
212.23.224.0/19 maxlen: 19
212.31.224.0/19 maxlen: 19
212.35.96.0/19 maxlen: 19
212.36.128.0/18 maxlen: 18
212.36.144.0/20 maxlen: 20
212.36.160.0/20 maxlen: 20
212.36.184.0/21 maxlen: 21
212.74.64.0/19 maxlen: 19
212.74.77.0/24 maxlen: 24
212.74.78.0/24 maxlen: 24
212.74.79.0/24 maxlen: 24
212.78.160.0/19 maxlen: 19
212.121.128.0/19 maxlen: 19
212.123.192.0/18 maxlen: 18
212.161.0.0/17 maxlen: 17
212.203.64.0/18 maxlen: 18
213.27.128.0/17 maxlen: 17
213.41.0.0/17 maxlen: 17
213.61.0.0/16 maxlen: 16
213.86.0.0/16 maxlen: 16
213.164.0.0/19 maxlen: 19
213.173.160.0/19 maxlen: 19
213.185.160.0/19 maxlen: 19
213.208.192.0/18 maxlen: 18
213.215.128.0/17 maxlen: 17
213.229.128.0/18 maxlen: 18
213.246.192.0/18 maxlen: 18
217.110.0.0/15 maxlen: 15
217.173.96.0/20 maxlen: 20
2001:920::/29 maxlen: 29
2001:920::/32 maxlen: 32
2001:921::/32 maxlen: 32
2001:924::/32 maxlen: 32
2001:925::/32 maxlen: 32
2001:926::/32 maxlen: 32
2001:926:40::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 09:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0e:01:b1:f6:bc:67:54:cd:45:0e:2f:e3:31:8a:82:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Validity
Not Before: Jul 15 12:14:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06d632995cacced8aa3ef15a954daac340717542
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c6:7b:7a:d7:58:bb:7d:3c:75:57:9d:a1:4a:
ea:c9:ab:8a:4b:b1:29:a5:c9:f2:8f:ed:39:12:98:
d1:f5:bc:98:60:cb:b5:3c:77:23:5c:4a:8e:71:fe:
a3:11:5d:1a:18:cc:fd:63:66:69:54:a6:b0:85:5e:
83:46:12:17:da:94:b4:7e:ae:3f:64:a6:56:78:e1:
c2:d3:d8:4a:2f:e8:5a:55:8f:d5:22:0d:78:52:95:
7b:2e:a0:20:96:bb:c4:29:45:19:76:0a:de:dc:95:
d7:b1:c2:4a:b3:72:ad:f6:38:ec:4c:dd:27:c4:52:
30:04:5e:3b:6a:e8:7d:d9:f7:58:3e:a5:a1:16:b8:
18:a2:69:9a:23:ed:33:38:64:06:2c:bb:7c:6a:d1:
d7:1a:ea:26:38:e4:73:d9:d3:30:be:f3:2c:1c:f9:
09:ea:5a:57:90:24:1f:c3:24:7c:99:a4:f0:87:e5:
3f:76:3c:76:00:33:8a:fc:d1:79:d1:74:1d:5f:d4:
60:3c:0a:e5:b2:b9:ef:2d:a5:42:a9:6d:19:55:d3:
36:d7:c8:ad:16:29:ef:d4:c4:77:fa:47:e5:f2:a9:
9f:98:f2:8c:ee:4e:9d:28:c6:02:13:cc:41:a6:42:
3c:39:74:cb:78:98:af:57:3c:eb:62:9f:69:22:e6:
e7:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:D6:32:99:5C:AC:CE:D8:AA:3E:F1:5A:95:4D:AA:C3:40:71:75:42
X509v3 Authority Key Identifier:
keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BtYymVysztiqPvFalU2qw0BxdUI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.248.128.0/19
57.133.0.0/16
58.0.0.0/16
58.1.128.0/17
62.23.0.0/16
62.72.96.0/19
62.84.192.0/19
62.96.0.0/16
62.97.64.0/18
62.152.96.0/19
62.192.0.0/19
78.143.0.0/18
78.156.64.0/19
80.80.0.0/19
80.169.0.0/16
80.251.160.0/19
82.112.192.0/19
84.14.0.0/16
84.16.160.0/19
85.88.128.0/19
87.241.0.0/18
116.83.0.0/17
118.67.224.0/19
134.128.128.0/18
136.225.0.0/16
157.120.224.0/21
157.120.236.0-157.120.255.255
178.159.176.0/20
193.82.32.0/19
193.93.80.0/22
193.114.160.0/19
193.118.160.0/19
193.118.224.0/19
193.188.132.0/23
194.223.128.0-194.223.139.255
195.68.0.0/17
195.110.64.0/19
212.0.96.0/19
212.23.224.0/19
212.31.224.0/19
212.35.96.0/19
212.36.128.0/18
212.74.64.0/19
212.78.160.0/19
212.121.128.0/19
212.123.192.0/18
212.161.0.0/17
212.203.64.0/18
213.27.128.0/17
213.41.0.0/17
213.61.0.0/16
213.86.0.0/16
213.164.0.0/19
213.173.160.0/19
213.185.160.0/19
213.208.192.0/18
213.215.128.0/17
213.229.128.0/18
213.246.192.0/18
217.110.0.0/15
217.173.96.0/20
IPv6:
2001:920::/29
Signature Algorithm: sha256WithRSAEncryption
99:84:f4:9c:0b:f2:d6:df:0e:ee:9f:c0:ac:a9:cd:23:5c:b6:
4e:0d:2c:12:22:11:2b:89:09:96:f4:2c:af:aa:54:f2:9c:3b:
13:58:95:7b:d8:13:93:13:1e:a7:61:3c:45:3e:99:01:63:f0:
f8:10:ee:ce:b6:11:a2:35:12:4e:3f:7e:57:5d:7e:5c:42:85:
e9:8d:02:44:29:1b:d1:66:9c:1e:73:30:3b:06:29:b1:01:c4:
79:94:5e:b7:ec:f7:09:13:97:2b:3e:4a:b7:10:ff:69:98:da:
8a:92:fd:b8:00:e5:21:a9:2b:8f:7c:80:1d:02:8b:e7:a2:f1:
47:f9:f3:29:ab:d1:e4:4b:57:12:41:0c:bf:9d:99:54:af:1c:
2f:68:50:24:ed:64:7d:7d:67:9e:7b:19:6a:01:40:dd:6f:f0:
08:59:48:91:88:31:32:5e:d2:11:f0:2b:39:56:fa:5f:d6:49:
6e:d2:84:7e:9b:b2:be:46:ca:49:31:41:45:f8:26:62:06:e0:
72:84:76:be:ba:b3:97:ea:d9:84:1c:e1:a6:ec:05:9e:68:c6:
7f:f0:1d:44:c6:1d:7a:1c:77:e7:18:ef:7e:b1:45:43:85:fa:
58:97:b3:f6:0c:a2:fb:b7:06:9a:93:64:55:29:95:73:22:d2:
05:17:4a:2f
-----BEGIN CERTIFICATE-----
MIIGgzCCBWugAwIBAgISAZgOAbH2vGdUzUUOL+MxioKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjUwNzE1MTIxNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ2MzI5OTVjYWNjZWQ4YWEzZWYxNWE5NTRkYWFjMzQwNzE3NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsZ7etdYu308dVedoUrqyauKS7Ep
pcnyj+05EpjR9byYYMu1PHcjXEqOcf6jEV0aGMz9Y2ZpVKawhV6DRhIX2pS0fq4/
ZKZWeOHC09hKL+haVY/VIg14UpV7LqAglrvEKUUZdgre3JXXscJKs3Kt9jjsTN0n
xFIwBF47auh92fdYPqWhFrgYommaI+0zOGQGLLt8atHXGuomOORz2dMwvvMsHPkJ
6lpXkCQfwyR8maTwh+U/djx2ADOK/NF50XQdX9RgPArlsrnvLaVCqW0ZVdM218it
Finv1MR3+kfl8qmfmPKM7k6dKMYCE8xBpkI8OXTLeJivVzzrYp9pIubncwIDAQAB
o4IDjzCCA4swHQYDVR0OBBYEFAbWMplcrM7Yqj7xWpVNqsNAcXVCMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvQnRZeW1WeXN6dGlxUHZGYWxVMnF3MEJ4ZFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAXsEAgABMIIB
cwMEBS74gAMDADmFAwMAOgADBAc6AYADAwA+FwMEBT5IYAMEBT5UwAMDAD5gAwQG
PmFAAwQFPphgAwQFPsAAAwQGTo8AAwQFTpxAAwQFUFAAAwMAUKkDBAVQ+6ADBAVS
cMADAwBUDgMEBVQQoAMEBVVYgAMEBlfxAAMEB3RTAAMEBXZD4AMEBoaAgAMDAIjh
AwQDnXjgMAsDBAKdeOwDAwCdeAMEBLKfsAMEBcFSIAMEAsFdUAMEBcFyoAMEBcF2
oAMEBcF24AMEAcG8hDAMAwQHwt+AAwQCwt+IAwQHw0QAAwQFw25AAwQF1ABgAwQF
1BfgAwQF1B/gAwQF1CNgAwQG1CSAAwQF1EpAAwQF1E6gAwQF1HmAAwQG1HvAAwQH
1KEAAwQG1MtAAwQH1RuAAwQH1SkAAwMA1T0DAwDVVgMEBdWkAAMEBdWtoAMEBdW5
oAMEBtXQwAMEB9XXgAMEBtXlgAMEBtX2wAMDAdluAwQE2a1gMA0EAgACMAcDBQMg
AQkgMA0GCSqGSIb3DQEBCwUAA4IBAQCZhPScC/LW3w7un8Csqc0jXLZODSwSIhEr
iQmW9CyvqlTynDsTWJV72BOTEx6nYTxFPpkBY/D4EO7OthGiNRJOP35XXX5cQoXp
jQJEKRvRZpweczA7BimxAcR5lF637PcJE5crPkq3EP9pmNqKkv24AOUhqSuPfIAd
AovnovFH+fMpq9HkS1cSQQy/nZlUrxwvaFAk7WR9fWeeexlqAUDdb/AIWUiRiDEy
XtIR8Cs5Vvpf1klu0oR+m7K+RspJMUFF+CZiBuByhHa+urOX6tmEHOGm7AWeaMZ/
8B1Exh16HHfnGO9+sUVDhfpYl7P2DKL7twaak2RVKZVzItIFF0ov
-----END CERTIFICATE-----
Generated at Sun Jul 20 17:26:44 2025 by rpki-client