Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PzuOndvnuovlV4fVsa_nlXJZlNc.roa
File: PzuOndvnuovlV4fVsa_nlXJZlNc.roa (raw, json)
Hash identifier: sOtPBV+GVu/L62vBfZUocBpaEefRDikqpKB5D0INxc4=
Subject key identifier: 3F:3B:8E:9D:DB:E7:BA:8B:E5:57:87:D5:B1:AF:E7:95:72:59:94:D7
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 019A017F6BCB463B323DCC190CC0C5B01538
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PzuOndvnuovlV4fVsa_nlXJZlNc.roa
Signing time: Mon 20 Oct 2025 12:01:59 +0000
ROA not before: Mon 20 Oct 2025 12:01:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34665
IP address blocks: 5.8.0.0/21 maxlen: 22
5.8.8.0/22 maxlen: 22
5.8.8.0/23 maxlen: 23
5.8.8.0/24 maxlen: 24
5.8.9.0/24 maxlen: 24
5.8.10.0/23 maxlen: 23
5.8.10.0/24 maxlen: 24
5.8.11.0/24 maxlen: 24
5.8.12.0/22 maxlen: 22
5.8.16.0/24 maxlen: 24
5.8.48.0/22 maxlen: 22
5.8.48.0/23 maxlen: 23
5.8.48.0/24 maxlen: 24
5.8.49.0/24 maxlen: 24
5.8.50.0/23 maxlen: 23
5.8.50.0/24 maxlen: 24
5.8.51.0/24 maxlen: 24
5.8.52.0/22 maxlen: 22
5.8.52.0/23 maxlen: 23
5.8.52.0/24 maxlen: 24
5.8.53.0/24 maxlen: 24
5.8.54.0/23 maxlen: 23
5.8.54.0/24 maxlen: 24
5.8.55.0/24 maxlen: 24
5.8.60.0/23 maxlen: 23
5.8.65.0/24 maxlen: 24
5.8.66.0/23 maxlen: 23
5.101.0.0/22 maxlen: 22
5.101.0.0/23 maxlen: 23
5.101.0.0/24 maxlen: 24
5.101.1.0/24 maxlen: 24
5.101.2.0/23 maxlen: 23
5.101.2.0/24 maxlen: 24
5.101.3.0/24 maxlen: 24
5.101.4.0/22 maxlen: 22
5.101.4.0/23 maxlen: 23
5.101.4.0/24 maxlen: 24
5.101.5.0/24 maxlen: 24
5.101.6.0/23 maxlen: 23
5.101.6.0/24 maxlen: 24
5.101.7.0/24 maxlen: 24
5.101.32.0/22 maxlen: 24
5.101.64.0/22 maxlen: 22
5.101.64.0/23 maxlen: 23
5.101.64.0/24 maxlen: 24
5.101.65.0/24 maxlen: 24
5.101.66.0/23 maxlen: 23
5.101.66.0/24 maxlen: 24
5.101.67.0/24 maxlen: 24
5.101.90.0/23 maxlen: 23
5.188.10.0/23 maxlen: 23
5.188.44.0/22 maxlen: 22
5.188.44.0/23 maxlen: 23
5.188.44.0/24 maxlen: 24
5.188.45.0/24 maxlen: 24
5.188.46.0/23 maxlen: 23
5.188.46.0/24 maxlen: 24
5.188.47.0/24 maxlen: 24
5.188.48.0/23 maxlen: 23
5.188.49.0/24 maxlen: 24
5.188.204.0/23 maxlen: 23
5.188.208.0/23 maxlen: 23
5.188.210.0/24 maxlen: 24
5.188.211.0/24 maxlen: 24
5.188.223.0/24 maxlen: 24
5.188.233.0/24 maxlen: 24
5.188.234.0/23 maxlen: 23
5.189.248.0/22 maxlen: 24
31.44.188.0/22 maxlen: 32
31.184.192.0/22 maxlen: 22
31.184.192.0/23 maxlen: 23
31.184.192.0/24 maxlen: 24
31.184.193.0/24 maxlen: 24
31.184.194.0/23 maxlen: 23
31.184.194.0/24 maxlen: 24
31.184.195.0/24 maxlen: 24
31.184.196.0/22 maxlen: 22
31.184.196.0/23 maxlen: 23
31.184.196.0/24 maxlen: 24
31.184.197.0/24 maxlen: 24
31.184.198.0/23 maxlen: 23
31.184.198.0/24 maxlen: 24
31.184.199.0/24 maxlen: 24
31.184.238.0/23 maxlen: 23
31.184.240.0/23 maxlen: 23
31.184.243.0/24 maxlen: 24
37.9.48.0/24 maxlen: 24
37.139.53.0/24 maxlen: 24
37.139.56.0/22 maxlen: 22
37.139.56.0/23 maxlen: 23
37.139.56.0/24 maxlen: 24
37.139.57.0/24 maxlen: 24
37.139.58.0/23 maxlen: 23
37.139.58.0/24 maxlen: 24
37.139.59.0/24 maxlen: 24
46.161.2.0/23 maxlen: 23
46.161.8.0/24 maxlen: 24
46.161.10.0/24 maxlen: 24
46.161.14.0/23 maxlen: 23
46.161.20.0/22 maxlen: 22
46.161.28.0/22 maxlen: 22
46.161.32.0/22 maxlen: 22
46.161.44.0/22 maxlen: 22
46.161.48.0/22 maxlen: 22
46.161.48.0/23 maxlen: 23
46.161.48.0/24 maxlen: 24
46.161.49.0/24 maxlen: 24
46.161.50.0/23 maxlen: 23
46.161.50.0/24 maxlen: 24
46.161.51.0/24 maxlen: 24
91.243.32.0/22 maxlen: 22
91.243.48.0/22 maxlen: 22
91.243.48.0/23 maxlen: 23
91.243.48.0/24 maxlen: 24
91.243.49.0/24 maxlen: 24
91.243.50.0/23 maxlen: 23
91.243.50.0/24 maxlen: 24
91.243.51.0/24 maxlen: 24
91.243.52.0/22 maxlen: 22
91.243.56.0/22 maxlen: 22
91.243.60.0/24 maxlen: 24
91.243.61.0/24 maxlen: 24
95.215.0.0/22 maxlen: 24
95.215.0.0/23 maxlen: 23
95.215.0.0/24 maxlen: 24
95.215.1.0/24 maxlen: 24
95.215.2.0/23 maxlen: 23
95.215.2.0/24 maxlen: 24
95.215.3.0/24 maxlen: 24
146.185.223.0/24 maxlen: 24
146.185.224.0/21 maxlen: 21
188.143.232.0/22 maxlen: 22
188.143.232.0/23 maxlen: 23
188.143.232.0/24 maxlen: 24
188.143.233.0/24 maxlen: 24
188.143.235.0/24 maxlen: 24
195.2.240.0/23 maxlen: 24
2a00:1d78:100:1c0::/58 maxlen: 58
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 23:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:01:7f:6b:cb:46:3b:32:3d:cc:19:0c:c0:c5:b0:15:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Oct 20 12:01:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f3b8e9ddbe7ba8be55787d5b1afe795725994d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:fb:35:23:f7:5f:2b:0a:fe:ab:49:a2:4d:7e:
af:28:8c:1a:b9:7b:e8:c7:b7:f9:a3:a7:1f:b7:d1:
f0:5b:b3:98:17:30:fd:42:d4:75:d5:96:ee:cc:a8:
54:75:4c:67:17:30:d2:b7:f4:b1:a0:4d:d0:82:ed:
8f:61:20:0a:5b:65:ea:44:8b:c9:6f:f0:a3:ed:6b:
51:f5:f4:43:9a:52:e0:e8:74:99:26:c7:d6:be:81:
d9:09:6f:10:38:c6:df:a4:fc:39:98:87:09:11:67:
2a:b8:41:f2:3a:6f:d1:36:46:de:07:75:71:dc:30:
32:a0:4e:b8:da:1f:91:5b:a5:99:bc:fa:04:29:a4:
5a:2c:20:68:86:d3:b1:ad:45:9e:b9:5b:7f:93:28:
f0:43:2a:0d:c5:fe:4d:0b:f1:94:16:05:e4:00:e0:
70:0b:fd:c5:29:61:f3:f0:5d:68:7d:40:99:c6:18:
1e:8f:ff:de:b9:26:63:93:53:f5:fc:b6:14:7e:b8:
82:96:fb:33:3b:ff:9a:b4:f7:d5:af:7c:d2:22:5f:
e6:7f:d4:31:1f:20:c7:db:c8:4e:85:9c:49:88:b2:
b4:42:e4:02:5a:d8:38:ad:ca:47:0c:1f:86:47:ac:
d8:94:f4:dc:81:30:2c:90:32:74:f8:50:fb:f2:b8:
46:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:3B:8E:9D:DB:E7:BA:8B:E5:57:87:D5:B1:AF:E7:95:72:59:94:D7
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PzuOndvnuovlV4fVsa_nlXJZlNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.0.0-5.8.16.255
5.8.48.0/21
5.8.60.0/23
5.8.65.0-5.8.67.255
5.101.0.0/21
5.101.32.0/22
5.101.64.0/22
5.101.90.0/23
5.188.10.0/23
5.188.44.0-5.188.49.255
5.188.204.0/23
5.188.208.0/22
5.188.223.0/24
5.188.233.0-5.188.235.255
5.189.248.0/22
31.44.188.0/22
31.184.192.0/21
31.184.238.0-31.184.241.255
31.184.243.0/24
37.9.48.0/24
37.139.53.0/24
37.139.56.0/22
46.161.2.0/23
46.161.8.0/24
46.161.10.0/24
46.161.14.0/23
46.161.20.0/22
46.161.28.0-46.161.35.255
46.161.44.0-46.161.51.255
91.243.32.0/22
91.243.48.0-91.243.61.255
95.215.0.0/22
146.185.223.0-146.185.231.255
188.143.232.0/22
195.2.240.0/23
IPv6:
2a00:1d78:100:1c0::/58
Signature Algorithm: sha256WithRSAEncryption
cc:6a:51:7c:0d:9e:0a:7f:40:06:d1:f3:05:ad:46:0b:9d:1d:
55:c6:2b:44:eb:fb:4d:75:20:b9:a3:fc:ab:04:b0:6a:e6:ab:
f6:3a:06:5c:e1:84:34:4f:58:6b:cc:f6:94:0d:53:0d:bb:bb:
68:0c:fe:0e:be:2f:57:ff:2b:c1:aa:1c:ae:ee:5f:b0:2f:de:
0c:36:26:b1:62:8a:90:64:96:6a:3b:d2:4e:f7:9b:b3:cf:a2:
77:08:01:27:06:ca:c8:56:0e:04:15:6e:82:53:67:71:a8:eb:
f0:ce:12:eb:db:c6:76:29:55:dc:61:50:8b:72:f9:ad:a3:56:
6a:dc:84:c0:0d:26:04:5d:8c:bb:6f:03:0a:41:d9:8b:58:6e:
0b:39:31:91:17:ae:4c:1e:8d:ea:ee:c5:5e:6c:cf:d4:98:90:
13:af:89:e0:97:99:0c:45:97:ee:90:0c:1b:18:fd:89:b0:06:
bb:90:ef:ae:64:40:8f:b3:29:01:3f:41:dd:b7:99:8b:23:c9:
e6:88:b7:d4:71:b8:98:ca:01:4d:1b:0a:40:a9:52:9e:eb:26:
70:af:1f:08:5c:1c:3a:3a:c0:4a:04:98:de:c0:b3:6f:9c:ad:
f4:07:11:d2:e4:d0:60:3f:83:53:bb:d2:fd:32:84:a0:5d:e4:
d0:b9:d9:44
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAZoBf2vLRjsyPcwZDMDFsBU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUxMDIwMTIwMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNiOGU5ZGRiZTdiYThiZTU1Nzg3ZDViMWFmZTc5NTcyNTk5NGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPs1I/dfKwr+q0miTX6vKIwauXvo
x7f5o6cft9HwW7OYFzD9QtR11ZbuzKhUdUxnFzDSt/SxoE3Qgu2PYSAKW2XqRIvJ
b/Cj7WtR9fRDmlLg6HSZJsfWvoHZCW8QOMbfpPw5mIcJEWcquEHyOm/RNkbeB3Vx
3DAyoE642h+RW6WZvPoEKaRaLCBohtOxrUWeuVt/kyjwQyoNxf5NC/GUFgXkAOBw
C/3FKWHz8F1ofUCZxhgej//euSZjk1P1/LYUfriClvszO/+atPfVr3zSIl/mf9Qx
HyDH28hOhZxJiLK0QuQCWtg4rcpHDB+GR6zYlPTcgTAskDJ0+FD78rhGUwIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFD87jp3b57qL5VeH1bGv55VyWZTXMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUHp1T25kdm51b3ZsVjRmVnNhX25sWEpabE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCCASEEAgABMIIB
GTALAwMDBQgDBAAFCBADBAMFCDADBAEFCDwwDAMEAAUIQQMEAgUIQAMEAwVlAAME
AgVlIAMEAgVlQAMEAQVlWgMEAQW8CjAMAwQCBbwsAwQBBbwwAwQBBbzMAwQCBbzQ
AwQABbzfMAwDBAAFvOkDBAIFvOgDBAIFvfgDBAIfLLwDBAMfuMAwDAMEAR+47gME
AR+48AMEAB+48wMEACUJMAMEACWLNQMEAiWLOAMEAS6hAgMEAC6hCAMEAC6hCgME
AS6hDgMEAi6hFDAMAwQCLqEcAwQCLqEgMAwDBAIuoSwDBAIuoTADBAJb8yAwDAME
BFvzMAMEAVvzPAMEAl/XADAMAwQAkrnfAwQDkrngAwQCvI/oAwQBwwLwMBEEAgAC
MAsDCQYqAB14AQABwDANBgkqhkiG9w0BAQsFAAOCAQEAzGpRfA2eCn9ABtHzBa1G
C50dVcYrROv7TXUguaP8qwSwauar9joGXOGENE9Ya8z2lA1TDbu7aAz+Dr4vV/8r
waocru5fsC/eDDYmsWKKkGSWajvSTvebs8+idwgBJwbKyFYOBBVuglNncajr8M4S
69vGdilV3GFQi3L5raNWatyEwA0mBF2Mu28DCkHZi1huCzkxkReuTB6N6u7FXmzP
1JiQE6+J4JeZDEWX7pAMGxj9ibAGu5DvrmRAj7MpAT9B3beZiyPJ5oi31HG4mMoB
TRsKQKlSnusmcK8fCFwcOjrASgSY3sCzb5yt9AcR0uTQYD+DU7vS/TKEoF3k0LnZ
RA==
-----END CERTIFICATE-----
Generated at Wed Oct 22 07:17:41 2025 by rpki-client