Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lSjmi10vNm9WlFsV2Juk_Qr9hQE.roa
File: lSjmi10vNm9WlFsV2Juk_Qr9hQE.roa (raw, json)
Hash identifier: 7h/vxIzTwD9fn28Xb/n9eLkib0MRGLWaGJoTnvys6i8=
Subject key identifier: 95:28:E6:8B:5D:2F:36:6F:56:94:5B:15:D8:9B:A4:FD:0A:FD:85:01
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019952C043361FD1B82667A874188997FE8A
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lSjmi10vNm9WlFsV2Juk_Qr9hQE.roa
Signing time: Tue 16 Sep 2025 13:39:15 +0000
ROA not before: Tue 16 Sep 2025 13:39:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40676
IP address blocks: 45.43.147.0/24 maxlen: 24
45.43.152.0/24 maxlen: 24
104.222.160.0/24 maxlen: 24
104.222.163.0/24 maxlen: 24
104.222.164.0/24 maxlen: 24
104.222.165.0/24 maxlen: 24
104.222.166.0/24 maxlen: 24
104.233.56.0/24 maxlen: 24
104.233.58.0/24 maxlen: 24
104.239.66.0/24 maxlen: 24
104.239.74.0/24 maxlen: 24
104.239.79.0/24 maxlen: 24
104.239.83.0/24 maxlen: 24
104.239.89.0/24 maxlen: 24
104.239.100.0/24 maxlen: 24
104.239.102.0/24 maxlen: 24
104.239.109.0/24 maxlen: 24
104.239.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 15:33:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:52:c0:43:36:1f:d1:b8:26:67:a8:74:18:89:97:fe:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Sep 16 13:39:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9528e68b5d2f366f56945b15d89ba4fd0afd8501
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:cb:0c:27:7e:4e:d9:cd:c8:27:13:59:c6:14:
48:1b:00:09:76:a9:5a:03:ef:74:4b:98:ad:5f:65:
9f:cd:00:14:87:82:54:a9:9d:3c:87:9a:f8:86:20:
c4:fe:9b:e1:28:9f:90:a3:9a:65:ed:75:a8:df:37:
5a:7d:cb:1c:6e:aa:2a:43:95:f9:a3:43:1f:13:6e:
60:3d:ee:70:11:ec:b4:bd:07:e1:d3:48:54:fc:82:
34:7a:70:5c:17:4a:60:ab:eb:3c:a7:b0:73:17:e9:
71:12:b7:db:48:cd:2c:2e:f9:91:f8:73:40:99:94:
a3:63:31:3d:cf:4b:24:52:60:5e:fc:92:65:b8:9d:
03:04:43:be:c9:80:75:ee:43:33:86:cb:63:f1:21:
2b:61:78:37:f2:60:02:e1:97:98:b6:ed:77:8b:b7:
fa:52:6f:79:a9:5a:9f:79:16:5c:0f:4c:b8:95:8e:
50:17:e1:dd:91:3e:28:0e:b3:c3:e5:c3:70:4d:33:
bc:34:3e:00:a0:ad:bc:63:b5:40:3b:4b:04:34:3c:
31:ef:af:93:b3:4c:d3:33:75:ab:0b:1f:68:1a:ff:
8f:d0:31:6c:9b:96:e4:d3:8b:eb:e6:e8:7b:ad:59:
01:5d:b1:da:d6:83:ad:ec:ff:93:54:6d:65:09:82:
a1:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:28:E6:8B:5D:2F:36:6F:56:94:5B:15:D8:9B:A4:FD:0A:FD:85:01
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lSjmi10vNm9WlFsV2Juk_Qr9hQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.147.0/24
45.43.152.0/24
104.222.160.0/24
104.222.163.0-104.222.166.255
104.233.56.0/24
104.233.58.0/24
104.239.66.0/24
104.239.74.0/24
104.239.79.0/24
104.239.83.0/24
104.239.89.0/24
104.239.100.0/24
104.239.102.0/24
104.239.109.0/24
104.239.127.0/24
Signature Algorithm: sha256WithRSAEncryption
34:8c:3c:1a:aa:95:74:f1:81:bd:bf:1e:d0:7a:2b:70:27:f3:
4f:f1:07:db:ed:15:45:31:df:b2:1a:c2:23:4e:f0:13:26:a1:
c6:8e:0f:2f:ab:0f:76:74:2f:eb:bb:8f:e1:87:45:2c:b0:78:
12:bd:7c:2a:01:fc:c7:04:b1:f0:2e:54:f9:26:f8:9b:37:00:
c8:d4:ab:e7:49:f5:8e:5b:46:96:05:df:f4:f6:32:a8:02:50:
a5:cd:06:1e:55:9e:7d:3a:b4:b7:c1:41:b4:27:1b:c6:62:5d:
33:3c:41:79:37:25:b4:36:f6:e9:b3:08:1c:12:f8:6e:57:c1:
ff:e0:e3:c7:18:13:1c:80:c9:68:f0:87:d9:a5:98:fe:d8:48:
88:7b:33:ac:2a:6a:8c:cb:e4:8f:5c:7d:5a:47:f6:a7:86:35:
58:e6:48:31:48:0b:5a:1e:08:9c:87:8b:c2:c8:76:5e:ef:95:
fd:b3:44:ea:a3:74:b7:cc:1c:53:b6:9b:17:a6:8b:cd:82:76:
a7:a1:14:32:be:db:d4:87:fb:90:61:6d:3b:95:b1:d2:27:94:
59:00:91:15:2a:55:9a:b2:08:b5:08:13:79:01:73:25:3f:88:
36:7e:42:70:52:c7:11:9b:f3:05:15:6e:66:30:49:b1:8b:be:
b7:79:14:d3
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAZlSwEM2H9G4JmeodBiJl/6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwOTE2MTMzOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI4ZTY4YjVkMmYzNjZmNTY5NDViMTVkODliYTRmZDBhZmQ4NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MsMJ35O2c3IJxNZxhRIGwAJdqla
A+90S5itX2WfzQAUh4JUqZ08h5r4hiDE/pvhKJ+Qo5pl7XWo3zdafcscbqoqQ5X5
o0MfE25gPe5wEey0vQfh00hU/II0enBcF0pgq+s8p7BzF+lxErfbSM0sLvmR+HNA
mZSjYzE9z0skUmBe/JJluJ0DBEO+yYB17kMzhstj8SErYXg38mAC4ZeYtu13i7f6
Um95qVqfeRZcD0y4lY5QF+HdkT4oDrPD5cNwTTO8ND4AoK28Y7VAO0sENDwx76+T
s0zTM3WrCx9oGv+P0DFsm5bk04vr5uh7rVkBXbHa1oOt7P+TVG1lCYKhCQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFJUo5otdLzZvVpRbFdibpP0K/YUBMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbFNqbWkxMHZObTlXbEZzVjJKdWtfUXI5aFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQALSuTAwQA
LSuYAwQAaN6gMAwDBABo3qMDBABo3qYDBABo6TgDBABo6ToDBABo70IDBABo70oD
BABo708DBABo71MDBABo71kDBABo72QDBABo72YDBABo720DBABo738wDQYJKoZI
hvcNAQELBQADggEBADSMPBqqlXTxgb2/HtB6K3An80/xB9vtFUUx37IawiNO8BMm
ocaODy+rD3Z0L+u7j+GHRSyweBK9fCoB/McEsfAuVPkm+Js3AMjUq+dJ9Y5bRpYF
3/T2MqgCUKXNBh5Vnn06tLfBQbQnG8ZiXTM8QXk3JbQ29umzCBwS+G5Xwf/g48cY
ExyAyWjwh9mlmP7YSIh7M6wqaozL5I9cfVpH9qeGNVjmSDFIC1oeCJyHi8LIdl7v
lf2zROqjdLfMHFO2mxemi82CdqehFDK+29SH+5BhbTuVsdInlFkAkRUqVZqyCLUI
E3kBcyU/iDZ+QnBSxxGb8wUVbmYwSbGLvrd5FNM=
-----END CERTIFICATE-----
Generated at Wed Sep 17 17:40:19 2025 by rpki-client