Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/SFLP_O5gMZR0WsCuXHR4ZdOSZPk.roa
File: SFLP_O5gMZR0WsCuXHR4ZdOSZPk.roa (raw, json)
Hash identifier: UbOmDq06cZHsS8VjamPq3g5BfVIGBovzKg8WrS5EEIE=
Subject key identifier: 48:52:CF:FC:EE:60:31:94:74:5A:C0:AE:5C:74:78:65:D3:92:64:F9
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 019A0805CC26A96D1B29EA9333B2FAE32885
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/SFLP_O5gMZR0WsCuXHR4ZdOSZPk.roa
Signing time: Tue 21 Oct 2025 18:26:28 +0000
ROA not before: Tue 21 Oct 2025 18:26:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203020
IP address blocks: 45.142.24.0/24 maxlen: 24
91.217.72.0/23 maxlen: 32
103.111.0.0/22 maxlen: 32
103.204.120.0/24 maxlen: 32
103.204.122.0/24 maxlen: 32
103.204.123.0/24 maxlen: 32
185.153.124.0/22 maxlen: 32
185.233.124.0/22 maxlen: 32
194.113.94.0/23 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:08:05:cc:26:a9:6d:1b:29:ea:93:33:b2:fa:e3:28:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Oct 21 18:26:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4852cffcee603194745ac0ae5c747865d39264f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:41:4f:43:51:36:cc:40:20:60:df:26:b6:85:
42:80:cc:fd:07:fe:a1:d7:aa:bb:76:79:19:3a:23:
39:63:5f:c6:7e:49:c0:84:bd:d6:56:de:6d:52:03:
44:11:4e:fb:ee:45:09:80:33:f7:71:0b:9a:f6:16:
54:ec:bb:c0:42:20:9b:55:82:55:c0:df:29:cf:de:
82:d3:75:bc:b1:f9:2b:81:d8:f0:05:e8:fd:cc:b2:
80:b9:e5:9b:7c:1f:e9:50:9f:f2:94:4b:94:37:91:
bd:87:1e:6b:3c:89:fd:3e:a0:f7:3a:71:1d:87:08:
58:81:80:82:38:d4:6d:96:26:06:29:6c:bc:77:ad:
37:7f:28:db:e7:f7:b3:08:bb:4e:58:2b:fb:c3:0b:
22:ad:f1:e2:df:07:9b:74:47:12:9c:53:d1:35:81:
ca:81:ce:2f:17:4a:41:c5:d1:5f:4e:09:33:15:b3:
d6:2e:a7:53:d6:97:f2:95:cc:d7:f9:8b:8e:b7:43:
22:2b:d0:6b:0d:ce:a9:cf:2d:9f:4e:72:f2:6d:f7:
03:33:be:f8:2c:d4:2f:95:19:b5:56:d8:52:bb:08:
4f:2d:81:77:1c:9a:8d:0c:b2:bd:54:f1:b3:a4:69:
e5:9c:25:2c:68:00:ce:09:32:3c:9e:75:bb:74:83:
f7:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:52:CF:FC:EE:60:31:94:74:5A:C0:AE:5C:74:78:65:D3:92:64:F9
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/SFLP_O5gMZR0WsCuXHR4ZdOSZPk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.142.24.0/24
91.217.72.0/23
103.111.0.0/22
103.204.120.0/24
103.204.122.0/23
185.153.124.0/22
185.233.124.0/22
194.113.94.0/23
Signature Algorithm: sha256WithRSAEncryption
90:0a:90:85:2d:09:e8:a9:bd:85:ae:aa:b3:dd:64:0f:83:1a:
6f:52:42:f4:c6:6d:65:5e:fd:0c:92:57:77:84:77:1c:d8:86:
32:84:1e:c8:86:8f:e6:06:3c:32:e6:e1:f8:a2:fc:11:72:3b:
56:a0:a9:97:fa:ef:a3:58:1e:d9:cb:53:d2:ee:97:52:b5:45:
76:d4:7a:f3:3d:6f:20:42:03:4c:7d:da:a9:58:89:bf:9d:4a:
be:15:7f:38:ae:5c:98:ea:18:93:77:f2:63:76:ff:a0:51:c3:
ae:dc:5a:48:ec:e0:08:fe:e0:5e:4f:92:f7:f2:d9:3e:2b:cc:
57:fc:9e:a3:35:da:a0:cd:6b:22:97:c8:3a:11:96:3b:6c:f8:
bd:d1:82:29:a8:e7:9c:b6:c7:d9:6a:cb:55:ee:42:19:20:61:
98:3d:de:32:0b:fb:a4:6d:38:8b:5d:c4:19:ec:ca:e7:7d:98:
96:81:63:4f:0a:15:f8:a0:e7:5b:5b:e2:64:18:e1:1c:85:77:
fb:f7:62:ae:33:8f:a2:b2:13:51:74:f5:7d:02:a2:50:e0:16:
22:94:4f:01:15:5c:f3:2c:4b:a8:3e:24:a5:27:53:20:c3:95:
6d:93:fb:cd:86:0c:cf:6c:46:de:cc:bf:5f:19:8c:2a:4a:bb:
b3:96:69:52
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoIBcwmqW0bKeqTM7L64yiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUxMDIxMTgyNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUyY2ZmY2VlNjAzMTk0NzQ1YWMwYWU1Yzc0Nzg2NWQzOTI2NGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EFPQ1E2zEAgYN8mtoVCgMz9B/6h
16q7dnkZOiM5Y1/GfknAhL3WVt5tUgNEEU777kUJgDP3cQua9hZU7LvAQiCbVYJV
wN8pz96C03W8sfkrgdjwBej9zLKAueWbfB/pUJ/ylEuUN5G9hx5rPIn9PqD3OnEd
hwhYgYCCONRtliYGKWy8d603fyjb5/ezCLtOWCv7wwsirfHi3webdEcSnFPRNYHK
gc4vF0pBxdFfTgkzFbPWLqdT1pfylczX+YuOt0MiK9BrDc6pzy2fTnLybfcDM774
LNQvlRm1VthSuwhPLYF3HJqNDLK9VPGzpGnlnCUsaADOCTI8nnW7dIP3/wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEhSz/zuYDGUdFrArlx0eGXTkmT5MB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvU0ZMUF9PNWdNWlIwV3NDdVhIUjRaZE9TWlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALY4YAwQB
W9lIAwQCZ28AAwQAZ8x4AwQBZ8x6AwQCuZl8AwQCuel8AwQBwnFeMA0GCSqGSIb3
DQEBCwUAA4IBAQCQCpCFLQnoqb2Frqqz3WQPgxpvUkL0xm1lXv0Mkld3hHcc2IYy
hB7Iho/mBjwy5uH4ovwRcjtWoKmX+u+jWB7Zy1PS7pdStUV21HrzPW8gQgNMfdqp
WIm/nUq+FX84rlyY6hiTd/Jjdv+gUcOu3FpI7OAI/uBeT5L38tk+K8xX/J6jNdqg
zWsil8g6EZY7bPi90YIpqOectsfZastV7kIZIGGYPd4yC/ukbTiLXcQZ7MrnfZiW
gWNPChX4oOdbW+JkGOEchXf792KuM4+ishNRdPV9AqJQ4BYilE8BFVzzLEuoPiSl
J1Mgw5Vtk/vNhgzPbEbezL9fGYwqSruzlmlS
-----END CERTIFICATE-----
Generated at Tue Oct 28 07:45:41 2025 by rpki-client