Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FTvZtn0vwtC7ezuKmqSnZu9IS4U.roa
File: FTvZtn0vwtC7ezuKmqSnZu9IS4U.roa (raw, json)
Hash identifier: eT/QSf0iKurIH9UQWCHtJVF5il5qz8YZ6cyfDAZJjug=
Subject key identifier: 15:3B:D9:B6:7D:2F:C2:D0:BB:7B:3B:8A:9A:A4:A7:66:EF:48:4B:85
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0198C1A669289739838E7D58A9AE84649DC7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FTvZtn0vwtC7ezuKmqSnZu9IS4U.roa
Signing time: Tue 19 Aug 2025 09:26:05 +0000
ROA not before: Tue 19 Aug 2025 09:26:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.132.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.88.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/22 maxlen: 24
94.156.177.0/24 maxlen: 24
94.156.227.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.28.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.219.127.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.59.28.0/23 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 14:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c1:a6:69:28:97:39:83:8e:7d:58:a9:ae:84:64:9d:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 19 09:26:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=153bd9b67d2fc2d0bb7b3b8a9aa4a766ef484b85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:ff:c1:2a:e4:af:1b:ea:41:f3:23:c4:6e:a6:
89:31:83:36:90:fb:21:ab:67:1e:2b:0d:e2:f5:a1:
9c:09:19:e2:6d:fe:41:88:fa:b0:3f:50:d7:09:6f:
96:be:52:6a:90:62:2f:df:69:55:34:18:7a:33:98:
28:0f:65:dc:fd:9b:05:c4:71:30:65:e8:1f:34:ed:
93:7d:3b:68:7f:73:11:a7:6d:86:a0:69:f9:b3:27:
52:c6:78:f0:4b:1f:d7:77:81:9c:a1:3c:8d:6f:bf:
32:57:d8:f5:29:f7:e7:f4:b1:5a:30:10:02:37:23:
01:dc:31:3e:f8:93:c4:aa:3a:73:4e:b9:31:b1:64:
9e:b0:dc:78:81:04:e5:55:11:84:7f:cb:1a:fe:7e:
56:a7:9d:8f:54:13:36:5b:88:9b:59:ff:7f:07:3b:
e7:0d:0b:c3:97:12:dc:0a:35:a3:89:1d:78:3a:05:
6f:5f:a8:24:d9:eb:c3:7b:92:9c:5f:4b:61:f0:65:
12:10:c5:3f:57:a3:eb:1a:49:4f:01:ba:27:41:cb:
b3:af:98:bc:be:86:72:22:e1:69:9b:ae:37:86:ab:
bc:d0:d9:e6:df:96:cd:d8:e1:68:c0:7e:df:e3:85:
3c:13:93:cf:35:39:ab:59:a4:54:95:be:d7:15:b6:
50:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:3B:D9:B6:7D:2F:C2:D0:BB:7B:3B:8A:9A:A4:A7:66:EF:48:4B:85
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FTvZtn0vwtC7ezuKmqSnZu9IS4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
81.161.238.0/24
82.115.211.0/24
83.219.97.0/24
84.54.48.0/24
85.217.128.0/24
87.120.87.0/24
87.120.126.0/24
87.120.132.0/24
87.120.166.0/24
87.121.20.0/23
87.121.45.0/24
87.121.87.0-87.121.88.255
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.47.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.162.0/23
94.156.64.0/22
94.156.177.0/24
94.156.227.0/24
94.156.239.0/24
141.98.6.0/24
171.22.28.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
185.219.127.0/24
193.25.216.0/24
193.35.18.0/24
193.222.98.0/24
194.55.186.0/24
194.59.28.0/23
194.169.175.0/24
195.178.111.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:77:c6:16:9e:f3:18:14:7a:21:76:3a:8b:cf:d1:80:49:b8:
3b:d0:6d:69:e5:11:fe:87:98:cb:09:4f:1e:69:06:11:43:77:
d0:27:0a:cc:0c:0c:3d:af:e5:da:72:c3:1e:3d:7c:69:3b:4e:
be:e6:c4:3c:5d:ce:38:dc:74:94:03:ce:aa:29:da:35:bc:e2:
d2:bd:2d:e1:7e:dd:ed:ff:79:fb:eb:f7:36:cf:de:d6:71:67:
97:f7:21:ae:54:9e:ee:10:b8:bb:26:18:42:00:3c:4d:01:26:
58:42:e2:57:4a:b1:2b:76:c3:ee:85:dc:e2:19:c3:cf:34:dd:
70:d5:56:d4:1a:20:c1:cc:cb:ab:1d:3b:7c:76:36:95:18:db:
4c:f3:8d:a1:6d:ea:ce:78:d9:3f:35:53:45:65:43:93:cd:78:
40:fb:09:40:3f:fe:0a:aa:24:78:12:76:e3:67:00:7a:c8:bb:
a6:c3:c9:4b:1d:a1:a6:be:fb:4a:ab:57:f6:34:f9:de:17:ff:
ba:a9:7a:00:c0:a0:ad:53:4a:2f:6c:73:e8:d9:fe:3b:32:1c:
c4:2c:c4:0b:11:70:d1:45:8d:3e:8e:3c:42:71:3c:1f:cd:41:
79:f9:fb:ee:8e:ca:07:42:c3:7d:7a:08:17:21:b1:c3:d5:73:
77:a7:11:f1
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgISAZjBpmkolzmDjn1Yqa6EZJ3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODE5MDkyNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNiZDliNjdkMmZjMmQwYmI3YjNiOGE5YWE0YTc2NmVmNDg0Yjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov/BKuSvG+pB8yPEbqaJMYM2kPsh
q2ceKw3i9aGcCRnibf5BiPqwP1DXCW+WvlJqkGIv32lVNBh6M5goD2Xc/ZsFxHEw
ZegfNO2TfTtof3MRp22GoGn5sydSxnjwSx/Xd4GcoTyNb78yV9j1Kffn9LFaMBAC
NyMB3DE++JPEqjpzTrkxsWSesNx4gQTlVRGEf8sa/n5Wp52PVBM2W4ibWf9/Bzvn
DQvDlxLcCjWjiR14OgVvX6gk2evDe5KcX0th8GUSEMU/V6PrGklPAbonQcuzr5i8
voZyIuFpm643hqu80Nnm35bN2OFowH7f44U8E5PPNTmrWaRUlb7XFbZQ7QIDAQAB
o4IDSTCCA0UwHQYDVR0OBBYEFBU72bZ9L8LQu3s7ipqkp2bvSEuFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRlR2WnRuMHZ3dEM3ZXp1S21xU25adTlJUzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXQYIKwYBBQUHAQcBAf8EggFMMIIBSDCCAUQEAgABMIIB
PAMEAgX8hAMEAB8N0wMEAC0JnQMEAC1C5AMEAC1C5wMEAC1RJwMEAC1YQAMEAC1Z
9wMEAC1aWQMEAC2LagMEAS2NngMEAFGh7gMEAFJz0wMEAFPbYQMEAFQ2MAMEAFXZ
gAMEAFd4VwMEAFd4fgMEAFd4hAMEAFd4pgMEAVd5FAMEAFd5LTAMAwQAV3lXAwQA
V3lYAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkyAwQAXXsvAwQAXXttAwQAXXt1AwQA
XXt3AwQAXmd9AwQBXpqiAwQCXpxAAwQAXpyxAwQAXpzjAwQAXpzvAwQAjWIGAwQA
qxYcMAwDBACrFkkDBAKrFkgDBACy1+MDBAK52FQDBAC5238DBADBGdgDBADBIxID
BADB3mIDBADCN7oDBAHCOxwDBADCqa8DBADDsm8wDQYJKoZIhvcNAQELBQADggEB
AD13xhae8xgUeiF2OovP0YBJuDvQbWnlEf6HmMsJTx5pBhFDd9AnCswMDD2v5dpy
wx49fGk7Tr7mxDxdzjjcdJQDzqop2jW84tK9LeF+3e3/efvr9zbP3tZxZ5f3Ia5U
nu4QuLsmGEIAPE0BJlhC4ldKsSt2w+6F3OIZw8803XDVVtQaIMHMy6sdO3x2NpUY
20zzjaFt6s542T81U0VlQ5PNeED7CUA//gqqJHgSduNnAHrIu6bDyUsdoaa++0qr
V/Y0+d4X/7qpegDAoK1TSi9sc+jZ/jsyHMQsxAsRcNFFjT6OPEJxPB/NQXn5++6O
ygdCw316CBchscPVc3enEfE=
-----END CERTIFICATE-----
Generated at Wed Aug 20 21:21:09 2025 by rpki-client