Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Y5jMZ5wiB26-lsdLVbzn_G1HsrI.roa
File: Y5jMZ5wiB26-lsdLVbzn_G1HsrI.roa (raw, json)
Hash identifier: ocOdzyaJ6ffFKb9Tf8IUGV5W7XVWSq0CC0ZsXZkA3Mk=
Subject key identifier: 63:98:CC:67:9C:22:07:6E:BE:96:C7:4B:55:BC:E7:FC:6D:47:B2:B2
Certificate issuer: /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial: 01990F4834CF27EC236FB38F137A55040819
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Y5jMZ5wiB26-lsdLVbzn_G1HsrI.roa
Signing time: Wed 03 Sep 2025 11:13:34 +0000
ROA not before: Wed 03 Sep 2025 11:13:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48716
IP address blocks: 46.247.40.0/22 maxlen: 24
77.240.38.0/23 maxlen: 24
77.243.80.0/23 maxlen: 24
78.40.108.0/23 maxlen: 24
82.115.40.0/22 maxlen: 24
85.202.194.0/23 maxlen: 24
89.219.32.0/22 maxlen: 24
91.147.92.0/22 maxlen: 22
91.147.92.0/24 maxlen: 24
91.147.93.0/24 maxlen: 24
91.147.94.0/24 maxlen: 24
91.147.95.0/24 maxlen: 24
91.147.104.0/22 maxlen: 24
91.201.214.0/23 maxlen: 24
91.215.136.0/22 maxlen: 24
91.215.136.0/24 maxlen: 24
91.215.137.0/24 maxlen: 32
91.215.139.0/24 maxlen: 32
94.247.128.0/21 maxlen: 24
109.233.108.0/22 maxlen: 32
185.4.180.0/22 maxlen: 24
185.22.64.0/22 maxlen: 24
185.35.222.0/23 maxlen: 24
185.102.72.0/22 maxlen: 24
185.146.0.0/22 maxlen: 24
194.32.140.0/22 maxlen: 24
194.39.64.0/22 maxlen: 24
194.39.64.0/23 maxlen: 24
194.39.66.0/24 maxlen: 24
194.39.67.0/24 maxlen: 24
194.110.54.0/23 maxlen: 24
195.49.208.0/21 maxlen: 21
195.49.209.0/24 maxlen: 24
195.49.210.0/23 maxlen: 23
195.49.210.0/24 maxlen: 24
195.49.211.0/24 maxlen: 24
195.49.212.0/22 maxlen: 22
195.49.212.0/24 maxlen: 24
195.49.213.0/24 maxlen: 24
195.49.214.0/24 maxlen: 24
195.49.215.0/24 maxlen: 24
195.93.152.0/23 maxlen: 24
195.210.46.0/23 maxlen: 24
2a00:5da0::/36 maxlen: 48
2a00:5da0:1000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Sep 2025 22:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0f:48:34:cf:27:ec:23:6f:b3:8f:13:7a:55:04:08:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Validity
Not Before: Sep 3 11:13:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6398cc679c22076ebe96c74b55bce7fc6d47b2b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:7b:b7:96:4f:b0:9b:c3:ca:23:4a:74:25:eb:
ac:48:d4:92:ca:32:2f:f6:8c:ac:0a:76:ab:21:1d:
e9:d1:f2:8f:1f:57:8e:c3:31:b9:86:74:3e:9e:57:
3d:55:d7:2f:44:1d:ff:9a:ac:c9:3f:4a:b1:fc:88:
b6:3d:16:fe:73:96:22:73:c2:b8:a6:04:56:f2:90:
c3:f4:31:0e:49:4a:ad:34:e1:ad:bf:dd:1e:53:d3:
e8:15:63:a2:74:d1:1b:f0:c8:0f:c9:cf:35:9c:bd:
4b:80:4b:97:43:c6:50:2c:a9:f6:8c:4a:1c:de:50:
35:63:32:21:fe:01:98:60:1f:6e:ec:a0:0a:35:6e:
57:d4:18:32:f3:61:e9:4c:c5:c0:4b:ed:6b:c8:fd:
bf:a9:99:1a:83:32:9b:05:25:56:9a:34:9e:46:87:
3d:52:37:a8:be:96:eb:cd:04:9c:eb:b0:ff:cc:3c:
de:f5:12:8e:6e:90:99:ff:42:a1:ab:89:aa:88:d4:
d0:11:fc:a1:ac:06:77:5b:60:91:ac:78:1c:b5:ef:
cc:48:f2:c5:7a:15:34:c4:1b:ec:6c:40:71:a9:10:
c2:1d:40:75:15:5e:ba:de:48:36:df:04:2e:d0:f2:
fb:60:7d:76:48:2c:02:9b:cf:73:15:ad:ac:cd:14:
12:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:98:CC:67:9C:22:07:6E:BE:96:C7:4B:55:BC:E7:FC:6D:47:B2:B2
X509v3 Authority Key Identifier:
keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Y5jMZ5wiB26-lsdLVbzn_G1HsrI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.40.0/22
77.240.38.0/23
77.243.80.0/23
78.40.108.0/23
82.115.40.0/22
85.202.194.0/23
89.219.32.0/22
91.147.92.0/22
91.147.104.0/22
91.201.214.0/23
91.215.136.0/22
94.247.128.0/21
109.233.108.0/22
185.4.180.0/22
185.22.64.0/22
185.35.222.0/23
185.102.72.0/22
185.146.0.0/22
194.32.140.0/22
194.39.64.0/22
194.110.54.0/23
195.49.208.0/21
195.93.152.0/23
195.210.46.0/23
IPv6:
2a00:5da0::/35
Signature Algorithm: sha256WithRSAEncryption
7a:cf:35:78:24:a1:40:4b:dc:41:77:98:75:d0:c5:9e:4e:8e:
38:c2:2b:7b:3c:52:61:70:93:77:48:a2:7a:07:69:91:6c:4e:
5c:1b:f1:88:41:0b:1c:91:4f:51:29:e6:7e:fb:2f:c9:20:61:
dd:99:6f:45:88:ee:cc:bc:d2:19:99:80:f5:1b:a3:d6:bf:08:
8a:08:6e:97:3d:1f:25:b2:40:1b:b9:40:38:03:dd:e0:f3:cb:
56:77:aa:af:a4:1f:11:55:87:62:ef:8c:b4:d0:43:70:2d:5f:
22:5b:6e:ad:b2:94:00:07:97:7d:39:1c:57:75:58:fe:94:0d:
9c:34:3e:b8:ea:06:7c:13:1f:9d:52:a1:3b:5d:79:28:f5:5b:
c6:6a:db:34:55:64:27:cc:65:7a:d6:fa:28:14:f6:5c:97:1d:
03:01:42:9b:18:4c:80:e1:37:bf:e1:2b:49:df:48:88:f3:5a:
ec:53:ce:a9:ff:a0:9a:a7:91:a0:dc:81:93:09:a0:ef:50:b1:
50:55:ce:3c:ae:34:7a:6e:da:7e:cc:7a:a7:6d:99:42:f5:f7:
bf:31:b2:c0:de:b0:9b:a7:94:53:f2:cb:1d:27:d9:7f:c2:20:
9a:7e:38:c7:42:f6:fe:7e:3d:a4:55:c2:86:95:19:a2:e8:c9:
42:d9:36:23
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAZkPSDTPJ+wjb7OPE3pVBAgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjUwOTAzMTExMzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzk4Y2M2NzljMjIwNzZlYmU5NmM3NGI1NWJjZTdmYzZkNDdiMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnu3lk+wm8PKI0p0JeusSNSSyjIv
9oysCnarIR3p0fKPH1eOwzG5hnQ+nlc9VdcvRB3/mqzJP0qx/Ii2PRb+c5Yic8K4
pgRW8pDD9DEOSUqtNOGtv90eU9PoFWOidNEb8MgPyc81nL1LgEuXQ8ZQLKn2jEoc
3lA1YzIh/gGYYB9u7KAKNW5X1Bgy82HpTMXAS+1ryP2/qZkagzKbBSVWmjSeRoc9
UjeovpbrzQSc67D/zDze9RKObpCZ/0Khq4mqiNTQEfyhrAZ3W2CRrHgcte/MSPLF
ehU0xBvsbEBxqRDCHUB1FV663kg23wQu0PL7YH12SCwCm89zFa2szRQSoQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFGOYzGecIgduvpbHS1W85/xtR7KyMB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvWTVqTVo1d2lCMjYtbHNkTFZiem5fRzFIc3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBlwQCAAEwgZADBAIu
9ygDBAFN8CYDBAFN81ADBAFOKGwDBAJScygDBAFVysIDBAJZ2yADBAJbk1wDBAJb
k2gDBAFbydYDBAJb14gDBANe94ADBAJt6WwDBAK5BLQDBAK5FkADBAG5I94DBAK5
ZkgDBAK5kgADBALCIIwDBALCJ0ADBAHCbjYDBAPDMdADBAHDXZgDBAHD0i4wDgQC
AAIwCAMGBSoAXaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB6zzV4JKFAS9xBd5h10MWe
To44wit7PFJhcJN3SKJ6B2mRbE5cG/GIQQsckU9RKeZ++y/JIGHdmW9FiO7MvNIZ
mYD1G6PWvwiKCG6XPR8lskAbuUA4A93g88tWd6qvpB8RVYdi74y00ENwLV8iW26t
spQAB5d9ORxXdVj+lA2cND646gZ8Ex+dUqE7XXko9VvGats0VWQnzGV61vooFPZc
lx0DAUKbGEyA4Te/4StJ30iI81rsU86p/6Cap5Gg3IGTCaDvULFQVc48rjR6btp+
zHqnbZlC9fe/MbLA3rCbp5RT8ssdJ9l/wiCafjjHQvb+fj2kVcKGlRmi6MlC2TYj
-----END CERTIFICATE-----
Generated at Tue Sep 16 07:11:26 2025 by rpki-client