Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/oE2z8AZredwdFkVfXK9Wt3V3xys.roa
File: oE2z8AZredwdFkVfXK9Wt3V3xys.roa (raw, json)
Hash identifier: 8zZpq9J2e2kAkwrgvNTMI3MC4XeEVGrRHanXbhu1BOo=
Subject key identifier: A0:4D:B3:F0:06:6B:79:DC:1D:16:45:5F:5C:AF:56:B7:75:77:C7:2B
Certificate issuer: /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial: 019A02110D4E8C4108CEC5A79B8A3900686E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/oE2z8AZredwdFkVfXK9Wt3V3xys.roa
Signing time: Mon 20 Oct 2025 14:41:03 +0000
ROA not before: Mon 20 Oct 2025 14:41:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 80.96.38.0/24 maxlen: 24
80.96.44.0/23 maxlen: 24
80.96.54.0/23 maxlen: 24
80.96.89.0/24 maxlen: 24
80.96.90.0/23 maxlen: 23
80.96.102.0/23 maxlen: 24
80.96.156.0/22 maxlen: 24
80.96.236.0/23 maxlen: 23
80.97.40.0/21 maxlen: 24
80.97.96.0/23 maxlen: 24
81.180.36.0/24 maxlen: 24
81.180.94.0/23 maxlen: 23
81.180.98.0/23 maxlen: 24
81.180.139.0/24 maxlen: 24
81.180.174.0/23 maxlen: 24
81.180.204.0/24 maxlen: 24
81.180.228.0/23 maxlen: 24
81.180.254.0/23 maxlen: 24
81.181.14.0/23 maxlen: 24
81.181.26.0/23 maxlen: 24
81.181.68.0/23 maxlen: 24
81.181.72.0/23 maxlen: 24
81.181.104.0/21 maxlen: 24
85.120.44.0/24 maxlen: 24
85.120.84.0/23 maxlen: 24
85.120.184.0/24 maxlen: 24
85.121.48.0/21 maxlen: 24
85.121.120.0/21 maxlen: 24
85.121.168.0/22 maxlen: 24
85.121.232.0/21 maxlen: 24
85.122.84.0/24 maxlen: 24
85.122.85.0/24 maxlen: 24
85.122.124.0/22 maxlen: 24
85.122.231.0/24 maxlen: 24
193.226.76.0/22 maxlen: 24
194.102.36.0/22 maxlen: 24
194.102.148.0/23 maxlen: 24
194.102.160.0/23 maxlen: 24
194.102.174.0/23 maxlen: 24
194.102.180.0/22 maxlen: 24
194.102.224.0/22 maxlen: 24
194.105.12.0/22 maxlen: 24
194.153.225.0/24 maxlen: 24
194.153.230.0/23 maxlen: 24
194.153.244.0/23 maxlen: 24
217.156.16.0/23 maxlen: 24
217.156.48.0/22 maxlen: 24
217.156.94.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 14:12:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:11:0d:4e:8c:41:08:ce:c5:a7:9b:8a:39:00:68:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
Validity
Not Before: Oct 20 14:41:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a04db3f0066b79dc1d16455f5caf56b77577c72b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:53:8a:f7:d4:92:5d:49:e4:8b:1b:48:05:04:
35:b8:34:23:18:52:2d:8e:ab:db:93:ff:63:b2:21:
33:af:d4:61:b6:73:f0:13:a2:dd:55:3d:20:4c:03:
da:78:56:fa:9f:d8:e9:c3:0e:3a:d4:9d:75:2c:34:
66:26:2b:e8:d5:66:fd:23:d8:f7:76:2b:7a:8a:f4:
25:e9:55:98:8a:c8:7c:e4:c6:31:bb:c8:bb:3c:a0:
1a:1a:88:85:ca:d1:93:0f:68:ed:d9:64:bb:9e:4f:
22:45:ec:13:9e:04:b7:2c:71:e5:d6:2d:59:67:bf:
1a:a0:22:de:b9:bd:0a:ff:69:16:a7:bf:7c:8f:69:
97:a2:20:d8:77:a1:74:a8:0a:0e:0e:1d:6b:18:62:
0a:81:c9:2b:c1:5c:e0:fb:dd:fd:f3:21:c9:7f:23:
be:ae:59:6e:7c:bc:d7:56:18:54:05:32:71:a5:b2:
91:18:c4:83:df:af:ad:75:97:fd:fa:ba:c1:46:43:
a0:0c:d6:4a:e8:80:6a:65:42:f3:59:99:23:37:fe:
c3:99:b9:70:26:09:30:fb:91:0b:e9:32:eb:12:63:
5e:b7:6e:a8:b7:01:a1:5f:e7:84:51:ea:ff:37:d4:
6f:97:6f:9c:41:4d:dd:86:6a:13:69:6f:f2:12:85:
0c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:4D:B3:F0:06:6B:79:DC:1D:16:45:5F:5C:AF:56:B7:75:77:C7:2B
X509v3 Authority Key Identifier:
keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/oE2z8AZredwdFkVfXK9Wt3V3xys.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.96.38.0/24
80.96.44.0/23
80.96.54.0/23
80.96.89.0-80.96.91.255
80.96.102.0/23
80.96.156.0/22
80.96.236.0/23
80.97.40.0/21
80.97.96.0/23
81.180.36.0/24
81.180.94.0/23
81.180.98.0/23
81.180.139.0/24
81.180.174.0/23
81.180.204.0/24
81.180.228.0/23
81.180.254.0/23
81.181.14.0/23
81.181.26.0/23
81.181.68.0/23
81.181.72.0/23
81.181.104.0/21
85.120.44.0/24
85.120.84.0/23
85.120.184.0/24
85.121.48.0/21
85.121.120.0/21
85.121.168.0/22
85.121.232.0/21
85.122.84.0/23
85.122.124.0/22
85.122.231.0/24
193.226.76.0/22
194.102.36.0/22
194.102.148.0/23
194.102.160.0/23
194.102.174.0/23
194.102.180.0/22
194.102.224.0/22
194.105.12.0/22
194.153.225.0/24
194.153.230.0/23
194.153.244.0/23
217.156.16.0/23
217.156.48.0/22
217.156.94.0/23
Signature Algorithm: sha256WithRSAEncryption
42:bb:0d:c6:a8:9d:e5:62:39:55:b2:ae:6d:07:91:fd:60:30:
6d:d6:db:01:56:14:3c:ae:80:fd:11:c1:d5:d8:35:1e:87:26:
59:b7:24:96:12:c7:c3:b6:b5:44:81:ff:c5:dc:50:eb:59:84:
34:c8:53:28:96:a4:cc:2d:81:25:70:f2:64:03:36:6f:5f:6a:
ae:6f:46:33:fe:8e:5d:dc:29:db:e7:af:3f:6b:d6:f8:21:83:
94:08:57:eb:7b:24:ff:c2:8e:79:06:04:2a:ca:58:f9:ee:c9:
6f:a8:af:c6:74:62:15:56:dd:51:52:e1:e1:50:83:b8:c6:5f:
98:97:94:5b:90:5e:ec:e1:e1:d8:e6:3b:97:db:90:9c:20:b7:
64:d4:b7:ae:cf:a3:51:15:41:ca:c6:2e:95:4f:45:d3:33:e1:
b7:07:85:ca:d9:9c:bd:73:33:f3:cc:be:cc:29:1d:2e:cc:cc:
34:33:1c:d5:9e:c8:3e:ec:1f:e9:e4:8d:a3:35:55:53:27:ac:
22:fd:63:a7:9b:04:be:0b:b9:2d:8c:14:2f:62:12:ef:9e:35:
28:59:7a:e8:6c:4f:06:fe:7d:bd:cd:a5:a4:2b:f3:98:67:8c:
83:e3:52:46:5c:f6:45:b3:8d:1a:de:44:28:84:88:f2:64:01:
7d:d7:f5:97
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgISAZoCEQ1OjEEIzsWnm4o5AGhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDIwMTQ0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRkYjNmMDA2NmI3OWRjMWQxNjQ1NWY1Y2FmNTZiNzc1NzdjNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVOK99SSXUnkixtIBQQ1uDQjGFIt
jqvbk/9jsiEzr9RhtnPwE6LdVT0gTAPaeFb6n9jpww461J11LDRmJivo1Wb9I9j3
dit6ivQl6VWYish85MYxu8i7PKAaGoiFytGTD2jt2WS7nk8iRewTngS3LHHl1i1Z
Z78aoCLeub0K/2kWp798j2mXoiDYd6F0qAoODh1rGGIKgckrwVzg+9398yHJfyO+
rllufLzXVhhUBTJxpbKRGMSD36+tdZf9+rrBRkOgDNZK6IBqZULzWZkjN/7Dmblw
Jgkw+5EL6TLrEmNet26otwGhX+eEUer/N9Rvl2+cQU3dhmoTaW/yEoUMYQIDAQAB
o4IDKTCCAyUwHQYDVR0OBBYEFKBNs/AGa3ncHRZFX1yvVrd1d8crMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvb0UyejhBWnJlZHdkRmtWZlhLOVd0M1YzeHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPQYIKwYBBQUHAQcBAf8EggEsMIIBKDCCASQEAgABMIIB
HAMEAFBgJgMEAVBgLAMEAVBgNjAMAwQAUGBZAwQCUGBYAwQBUGBmAwQCUGCcAwQB
UGDsAwQDUGEoAwQBUGFgAwQAUbQkAwQBUbReAwQBUbRiAwQAUbSLAwQBUbSuAwQA
UbTMAwQBUbTkAwQBUbT+AwQBUbUOAwQBUbUaAwQBUbVEAwQBUbVIAwQDUbVoAwQA
VXgsAwQBVXhUAwQAVXi4AwQDVXkwAwQDVXl4AwQCVXmoAwQDVXnoAwQBVXpUAwQC
VXp8AwQAVXrnAwQCweJMAwQCwmYkAwQBwmaUAwQBwmagAwQBwmauAwQCwma0AwQC
wmbgAwQCwmkMAwQAwpnhAwQBwpnmAwQBwpn0AwQB2ZwQAwQC2ZwwAwQB2ZxeMA0G
CSqGSIb3DQEBCwUAA4IBAQBCuw3GqJ3lYjlVsq5tB5H9YDBt1tsBVhQ8roD9EcHV
2DUehyZZtySWEsfDtrVEgf/F3FDrWYQ0yFMolqTMLYElcPJkAzZvX2qub0Yz/o5d
3Cnb568/a9b4IYOUCFfreyT/wo55BgQqylj57slvqK/GdGIVVt1RUuHhUIO4xl+Y
l5RbkF7s4eHY5juX25CcILdk1Leuz6NRFUHKxi6VT0XTM+G3B4XK2Zy9czPzzL7M
KR0uzMw0MxzVnsg+7B/p5I2jNVVTJ6wi/WOnmwS+C7ktjBQvYhLvnjUoWXrobE8G
/n29zaWkK/OYZ4yD41JGXPZFs40a3kQohIjyZAF91/WX
-----END CERTIFICATE-----
Generated at Tue Oct 21 22:13:27 2025 by rpki-client