Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/thBlz8VmOwFy7VP6rRGU4IAeOPM.roa
File: thBlz8VmOwFy7VP6rRGU4IAeOPM.roa (raw, json)
Hash identifier: j47jyGdIQHFDmGyLmCcj/vCJ4acjKFHJg9XXhEJ2n2M=
Subject key identifier: B6:10:65:CF:C5:66:3B:01:72:ED:53:FA:AD:11:94:E0:80:1E:38:F3
Certificate issuer: /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial: 0197FD86F1E1A0C68020E4A05A1DF2D88D19
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/thBlz8VmOwFy7VP6rRGU4IAeOPM.roa
Signing time: Sat 12 Jul 2025 07:26:08 +0000
ROA not before: Sat 12 Jul 2025 07:26:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9119
IP address blocks: 2.58.48.0/22 maxlen: 22
45.8.0.0/22 maxlen: 22
45.15.44.0/22 maxlen: 22
45.156.140.0/23 maxlen: 23
45.156.140.0/24 maxlen: 24
46.163.0.0/19 maxlen: 19
46.163.32.0/20 maxlen: 20
46.163.48.0/21 maxlen: 21
46.163.56.0/23 maxlen: 23
46.163.56.0/24 maxlen: 24
46.163.58.0/23 maxlen: 23
46.163.58.0/24 maxlen: 24
46.163.59.0/24 maxlen: 24
46.163.60.0/22 maxlen: 22
80.65.160.0/20 maxlen: 20
80.65.160.0/24 maxlen: 24
80.65.161.0/24 maxlen: 24
80.65.162.0/24 maxlen: 24
80.65.163.0/24 maxlen: 24
80.65.164.0/24 maxlen: 24
80.65.165.0/24 maxlen: 24
80.65.166.0/24 maxlen: 24
80.65.167.0/24 maxlen: 24
80.65.168.0/24 maxlen: 24
80.65.169.0/24 maxlen: 24
80.65.170.0/24 maxlen: 24
80.65.171.0/24 maxlen: 24
80.65.172.0/22 maxlen: 22
80.65.172.0/24 maxlen: 24
80.65.173.0/24 maxlen: 24
80.65.174.0/24 maxlen: 24
80.65.175.0/24 maxlen: 24
84.41.0.0/18 maxlen: 18
84.41.0.0/19 maxlen: 19
84.41.0.0/21 maxlen: 21
84.41.32.0/19 maxlen: 19
84.41.64.0/19 maxlen: 19
84.41.96.0/21 maxlen: 21
84.41.104.0/22 maxlen: 22
84.41.108.0/23 maxlen: 23
84.41.110.0/24 maxlen: 24
84.41.111.0/24 maxlen: 24
84.41.112.0/23 maxlen: 23
84.41.114.0/24 maxlen: 24
84.41.115.0/24 maxlen: 24
84.41.116.0/22 maxlen: 22
84.41.120.0/23 maxlen: 23
84.41.122.0/23 maxlen: 23
84.41.124.0/22 maxlen: 22
85.208.172.0/24 maxlen: 24
85.208.173.0/24 maxlen: 24
85.208.175.0/24 maxlen: 24
91.132.74.0/23 maxlen: 23
147.78.216.0/22 maxlen: 22
147.78.216.0/24 maxlen: 24
147.78.217.0/24 maxlen: 24
147.78.218.0/24 maxlen: 24
185.54.128.0/23 maxlen: 23
185.54.128.0/24 maxlen: 24
185.54.130.0/24 maxlen: 24
185.54.131.0/24 maxlen: 24
185.175.0.0/22 maxlen: 22
212.13.224.0/19 maxlen: 19
212.103.128.0/19 maxlen: 19
213.253.64.0/19 maxlen: 19
213.253.96.0/20 maxlen: 20
213.253.96.0/21 maxlen: 21
213.253.104.0/22 maxlen: 22
213.253.108.0/22 maxlen: 22
213.253.108.0/24 maxlen: 24
213.253.109.0/24 maxlen: 24
213.253.110.0/24 maxlen: 24
213.253.111.0/24 maxlen: 24
213.253.112.0/22 maxlen: 22
213.253.116.0/22 maxlen: 22
213.253.120.0/22 maxlen: 22
213.253.124.0/22 maxlen: 22
217.199.128.0/20 maxlen: 24
217.199.128.0/24 maxlen: 24
217.199.129.0/24 maxlen: 24
217.199.130.0/24 maxlen: 24
217.199.131.0/24 maxlen: 24
217.199.132.0/24 maxlen: 24
217.199.133.0/24 maxlen: 24
217.199.134.0/24 maxlen: 24
217.199.135.0/24 maxlen: 24
217.199.136.0/24 maxlen: 24
217.199.137.0/24 maxlen: 24
217.199.138.0/24 maxlen: 24
217.199.139.0/24 maxlen: 24
217.199.140.0/24 maxlen: 24
217.199.141.0/24 maxlen: 24
217.199.142.0/24 maxlen: 24
217.199.143.0/24 maxlen: 24
2a02:800::/32 maxlen: 32
2a02:801::/32 maxlen: 32
2a02:801::/33 maxlen: 33
2a02:805::/33 maxlen: 33
2a09:e140::/29 maxlen: 29
2a0b:c300::/29 maxlen: 29
2a0b:c306::/32 maxlen: 32
2a0b:c307::/32 maxlen: 32
2a0e:1e80::/29 maxlen: 29
2a0e:2e00::/29 maxlen: 29
2a0f:2180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 07:00:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:fd:86:f1:e1:a0:c6:80:20:e4:a0:5a:1d:f2:d8:8d:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Validity
Not Before: Jul 12 07:26:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b61065cfc5663b0172ed53faad1194e0801e38f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:bc:da:49:50:c2:23:ec:d3:32:22:c2:a5:de:
23:e2:93:0e:d9:c3:86:2f:c2:af:6e:5d:1e:42:05:
a4:1b:e1:6c:2a:52:bb:14:64:a9:a2:e4:9f:7e:7d:
b7:74:1b:20:db:54:52:f4:e0:37:41:ae:f8:1e:be:
d1:65:53:af:0e:52:d0:42:3f:69:9e:e3:de:a2:82:
22:46:0f:96:ce:49:f3:8f:56:a9:40:f7:54:7a:51:
90:d8:a9:4c:ac:1f:38:26:5d:19:7c:29:1a:a0:4d:
69:ff:c3:4f:7a:87:67:2b:77:5d:ee:bd:3c:4c:fd:
c1:0e:6c:87:18:42:4b:a7:11:d8:a2:b2:18:78:d0:
c5:a1:54:27:0b:fc:8c:74:07:eb:c5:24:57:57:00:
a7:e8:9c:56:1b:5e:cd:89:a0:c1:56:30:1b:75:00:
e8:0a:5e:0e:60:b6:8b:b7:77:0b:19:27:aa:1f:e9:
0e:45:58:cc:8f:4b:24:82:d0:f7:f4:50:aa:f9:24:
cf:3f:72:4b:13:6c:45:20:7a:14:49:88:6d:d3:fe:
a7:0b:fb:8e:5b:7f:7b:15:a2:d7:62:32:17:74:f7:
83:43:6c:6c:31:63:81:44:53:10:ca:1d:1f:d9:b8:
10:bf:85:9e:5d:ee:c4:c8:56:fa:73:d2:2b:11:a9:
c4:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:10:65:CF:C5:66:3B:01:72:ED:53:FA:AD:11:94:E0:80:1E:38:F3
X509v3 Authority Key Identifier:
keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/thBlz8VmOwFy7VP6rRGU4IAeOPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.48.0/22
45.8.0.0/22
45.15.44.0/22
45.156.140.0/23
46.163.0.0/18
80.65.160.0/20
84.41.0.0/17
85.208.172.0/23
85.208.175.0/24
91.132.74.0/23
147.78.216.0/22
185.54.128.0/22
185.175.0.0/22
212.13.224.0/19
212.103.128.0/19
213.253.64.0/18
217.199.128.0/20
IPv6:
2a02:800::/31
2a02:805::/33
2a09:e140::/29
2a0b:c300::/29
2a0e:1e80::/29
2a0e:2e00::/29
2a0f:2180::/29
Signature Algorithm: sha256WithRSAEncryption
1f:e3:99:aa:bf:4d:8b:04:bd:df:40:3d:0f:79:c9:10:c4:74:
eb:be:aa:a4:b7:fe:eb:df:c4:c4:85:64:b8:9a:7a:b6:ca:46:
8d:b8:3a:d5:83:1d:d0:5b:b7:30:53:20:3f:be:3c:64:43:ba:
1f:37:12:ba:f7:fa:28:3e:6c:90:83:ab:79:b9:ea:88:50:0f:
3e:22:86:15:53:b0:fc:c9:78:91:88:0b:ff:75:ed:30:a9:80:
27:40:8a:a9:6b:00:7a:22:56:5e:6b:18:07:e6:ec:13:46:dc:
4d:1d:22:7b:6b:79:90:a5:93:e9:c2:d9:26:1b:23:08:19:0f:
8f:4b:71:ae:c7:14:d6:99:7e:b8:2c:ed:d3:a2:67:15:8f:7f:
46:66:2b:29:90:7b:91:6c:ae:0c:19:55:f3:dd:72:72:90:29:
97:1a:36:ba:fb:88:17:b3:c1:7f:cb:4e:3e:05:6c:dd:b6:df:
3d:df:84:8c:db:1f:a0:1b:8b:5f:e0:93:73:b4:a7:ea:43:e1:
00:c5:98:88:e4:7d:92:74:75:06:50:29:21:51:a9:21:86:1e:
d3:5d:50:5c:e0:44:6c:0d:86:8d:47:d9:06:71:52:d8:fb:3c:
2b:9e:c6:83:31:da:b2:1e:4a:9d:c6:3d:12:17:0a:80:cb:36:
9c:e4:4c:0e
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZf9hvHhoMaAIOSgWh3y2I0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwNzEyMDcyNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjEwNjVjZmM1NjYzYjAxNzJlZDUzZmFhZDExOTRlMDgwMWUzOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7zaSVDCI+zTMiLCpd4j4pMO2cOG
L8Kvbl0eQgWkG+FsKlK7FGSpouSffn23dBsg21RS9OA3Qa74Hr7RZVOvDlLQQj9p
nuPeooIiRg+Wzknzj1apQPdUelGQ2KlMrB84Jl0ZfCkaoE1p/8NPeodnK3dd7r08
TP3BDmyHGEJLpxHYorIYeNDFoVQnC/yMdAfrxSRXVwCn6JxWG17NiaDBVjAbdQDo
Cl4OYLaLt3cLGSeqH+kORVjMj0skgtD39FCq+STPP3JLE2xFIHoUSYht0/6nC/uO
W397FaLXYjIXdPeDQ2xsMWOBRFMQyh0f2bgQv4WeXe7EyFb6c9IrEanEOQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFLYQZc/FZjsBcu1T+q0RlOCAHjjzMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvdGhCbHo4Vm1Pd0Z5N1ZQNnJSR1U0SUFlT1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDBsBAIAATBmAwQCAjow
AwQCLQgAAwQCLQ8sAwQBLZyMAwQGLqMAAwQEUEGgAwQHVCkAAwQBVdCsAwQAVdCv
AwQBW4RKAwQCk07YAwQCuTaAAwQCua8AAwQF1A3gAwQF1GeAAwQG1f1AAwQE2ceA
MDgEAgACMDIDBQEqAggAAwYHKgIIBQADBQMqCeFAAwUDKgvDAAMFAyoOHoADBQMq
Di4AAwUDKg8hgDANBgkqhkiG9w0BAQsFAAOCAQEAH+OZqr9NiwS930A9D3nJEMR0
676qpLf+69/ExIVkuJp6tspGjbg61YMd0Fu3MFMgP748ZEO6HzcSuvf6KD5skIOr
ebnqiFAPPiKGFVOw/Ml4kYgL/3XtMKmAJ0CKqWsAeiJWXmsYB+bsE0bcTR0ie2t5
kKWT6cLZJhsjCBkPj0txrscU1pl+uCzt06JnFY9/RmYrKZB7kWyuDBlV891ycpAp
lxo2uvuIF7PBf8tOPgVs3bbfPd+EjNsfoBuLX+CTc7Sn6kPhAMWYiOR9knR1BlAp
IVGpIYYe011QXOBEbA2GjUfZBnFS2Ps8K57GgzHash5KncY9EhcKgMs2nORMDg==
-----END CERTIFICATE-----
Generated at Sun Jul 27 15:41:32 2025 by rpki-client