Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/psmHOp3-aOww6iHm80VyyrFtkiQ.roa
File: psmHOp3-aOww6iHm80VyyrFtkiQ.roa (raw, json)
Hash identifier: Yla89xbigUWiTbgkyJUTV3H+yuHmB1DjNyN/GgbwUm4=
Subject key identifier: A6:C9:87:3A:9D:FE:68:EC:30:EA:21:E6:F3:45:72:CA:B1:6D:92:24
Certificate issuer: /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial: 019A261F6553F724D22569765550B927EB03
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/psmHOp3-aOww6iHm80VyyrFtkiQ.roa
Signing time: Mon 27 Oct 2025 14:43:03 +0000
ROA not before: Mon 27 Oct 2025 14:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9125
IP address blocks: 5.172.34.0/23 maxlen: 23
5.172.34.0/24 maxlen: 24
5.172.36.0/22 maxlen: 22
5.172.36.0/23 maxlen: 23
5.172.37.0/24 maxlen: 24
89.23.65.0/24 maxlen: 24
89.23.67.0/24 maxlen: 24
89.23.68.0/23 maxlen: 23
89.23.70.0/24 maxlen: 24
89.23.74.0/24 maxlen: 24
89.23.75.0/24 maxlen: 24
89.23.77.0/24 maxlen: 24
89.23.78.0/24 maxlen: 24
89.23.79.0/24 maxlen: 24
89.23.83.0/24 maxlen: 24
89.23.84.0/24 maxlen: 24
89.23.86.0/24 maxlen: 24
89.23.88.0/24 maxlen: 24
89.23.90.0/24 maxlen: 24
92.42.248.0/22 maxlen: 22
92.42.252.0/24 maxlen: 24
92.42.253.0/24 maxlen: 24
92.42.254.0/24 maxlen: 24
92.42.255.0/24 maxlen: 24
93.93.192.0/21 maxlen: 21
95.140.112.0/22 maxlen: 22
95.140.115.0/24 maxlen: 24
95.140.116.0/22 maxlen: 22
95.140.120.0/23 maxlen: 23
95.140.124.0/22 maxlen: 22
95.140.125.0/24 maxlen: 24
109.111.224.0/24 maxlen: 24
109.111.225.0/24 maxlen: 24
109.111.226.0/24 maxlen: 24
109.111.227.0/24 maxlen: 24
109.111.228.0/24 maxlen: 24
109.111.229.0/24 maxlen: 24
109.111.230.0/23 maxlen: 23
109.111.232.0/22 maxlen: 22
109.111.236.0/22 maxlen: 22
109.111.240.0/24 maxlen: 24
109.111.243.0/24 maxlen: 24
109.111.244.0/24 maxlen: 24
109.111.245.0/24 maxlen: 24
109.111.246.0/24 maxlen: 24
109.111.247.0/24 maxlen: 24
109.111.248.0/24 maxlen: 24
109.111.249.0/24 maxlen: 24
109.111.250.0/24 maxlen: 24
109.111.252.0/23 maxlen: 23
109.111.254.0/24 maxlen: 24
178.254.128.0/21 maxlen: 21
178.254.133.0/24 maxlen: 24
178.254.136.0/22 maxlen: 22
178.254.140.0/22 maxlen: 22
178.254.144.0/24 maxlen: 24
178.254.145.0/24 maxlen: 24
178.254.146.0/24 maxlen: 24
178.254.148.0/24 maxlen: 24
178.254.149.0/24 maxlen: 24
178.254.151.0/24 maxlen: 24
178.254.152.0/24 maxlen: 24
178.254.153.0/24 maxlen: 24
178.254.154.0/24 maxlen: 24
178.254.155.0/24 maxlen: 24
178.254.156.0/24 maxlen: 24
178.254.157.0/24 maxlen: 24
178.254.158.0/24 maxlen: 24
178.254.159.0/24 maxlen: 24
178.254.163.0/24 maxlen: 24
178.254.165.0/24 maxlen: 24
178.254.169.0/24 maxlen: 24
178.254.172.0/24 maxlen: 24
178.254.175.0/24 maxlen: 24
178.254.177.0/24 maxlen: 24
178.254.183.0/24 maxlen: 24
178.254.184.0/24 maxlen: 24
178.254.187.0/24 maxlen: 24
178.254.188.0/22 maxlen: 24
185.157.44.0/24 maxlen: 24
193.104.68.0/24 maxlen: 24
217.169.208.0/20 maxlen: 20
217.169.208.0/22 maxlen: 22
217.169.212.0/22 maxlen: 22
217.169.216.0/22 maxlen: 22
217.169.219.0/24 maxlen: 24
217.169.220.0/22 maxlen: 22
2a02:b58::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:26:1f:65:53:f7:24:d2:25:69:76:55:50:b9:27:eb:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Validity
Not Before: Oct 27 14:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6c9873a9dfe68ec30ea21e6f34572cab16d9224
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:65:35:01:33:a4:00:5b:cb:3f:4b:de:8c:77:
dc:bc:3a:13:09:80:52:57:95:54:b7:06:ba:58:eb:
b2:c7:fe:16:fb:56:c5:ee:88:f9:cd:1c:bf:c5:92:
78:fd:2a:ae:4f:ee:14:80:3d:e6:a5:41:5d:a4:37:
a9:e5:5f:5a:d4:73:09:03:a5:d4:be:0a:27:2a:b5:
b2:9e:79:ee:5c:96:fb:9d:6c:ac:1b:ab:8a:13:00:
44:34:a7:c4:56:f3:d3:9a:8d:12:70:b3:24:07:2b:
e0:c8:f5:78:02:c6:c0:19:b5:17:59:76:2d:83:0d:
4c:0d:44:92:b0:90:9f:51:23:5c:7c:1a:53:b2:56:
e8:8f:f4:ec:0d:f0:6d:8c:e4:fb:2b:65:5c:d4:6b:
d3:f4:9d:19:cd:04:7a:d7:f4:69:d8:0b:3b:85:8b:
9e:87:3f:06:d5:08:73:60:71:a5:39:20:60:a8:68:
39:97:13:e7:bf:23:22:6b:2b:df:cd:5c:99:86:4b:
c7:34:4b:1b:0f:a8:cf:bc:f1:92:80:49:02:3a:62:
07:fc:43:77:76:07:ea:5a:72:19:71:35:17:bc:b5:
a9:07:b3:1e:7a:57:ed:87:f2:19:a4:28:3d:39:2e:
51:bb:ff:8b:7e:60:23:bd:d6:d2:bb:a3:c9:b8:2d:
34:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:C9:87:3A:9D:FE:68:EC:30:EA:21:E6:F3:45:72:CA:B1:6D:92:24
X509v3 Authority Key Identifier:
keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/psmHOp3-aOww6iHm80VyyrFtkiQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.34.0-5.172.39.255
89.23.65.0/24
89.23.67.0-89.23.70.255
89.23.74.0/23
89.23.77.0-89.23.79.255
89.23.83.0-89.23.84.255
89.23.86.0/24
89.23.88.0/24
89.23.90.0/24
92.42.248.0/21
93.93.192.0/21
95.140.112.0-95.140.121.255
95.140.124.0/22
109.111.224.0-109.111.240.255
109.111.243.0-109.111.250.255
109.111.252.0-109.111.254.255
178.254.128.0-178.254.146.255
178.254.148.0/23
178.254.151.0-178.254.159.255
178.254.163.0/24
178.254.165.0/24
178.254.169.0/24
178.254.172.0/24
178.254.175.0/24
178.254.177.0/24
178.254.183.0-178.254.184.255
178.254.187.0-178.254.191.255
185.157.44.0/24
193.104.68.0/24
217.169.208.0/20
IPv6:
2a02:b58::/32
Signature Algorithm: sha256WithRSAEncryption
64:bf:f4:e3:d4:5b:36:33:39:83:ef:02:9d:a7:35:6e:82:dc:
2e:1a:35:f8:d4:b6:dc:ee:03:43:f9:40:e2:21:b7:43:ed:b7:
18:e3:4d:dc:1d:18:ee:16:17:18:79:cf:9b:5f:66:b2:4c:4c:
51:26:c9:af:d0:fb:a2:4a:3e:3f:2a:aa:2b:ae:5c:b4:f4:5d:
36:44:5a:e9:fd:99:ea:21:7b:23:cb:e5:d7:37:d0:17:f5:14:
f8:da:96:47:69:0a:14:9e:73:e1:a2:69:f4:78:e5:64:bc:c4:
61:a6:d4:ea:22:73:d3:de:e1:62:b9:52:2e:53:6a:ac:35:5e:
c9:48:ae:96:7d:28:d0:63:65:ec:3b:a5:7e:59:49:d6:22:4b:
19:78:2c:ae:7a:ca:76:69:24:0d:fb:b4:0c:4c:08:cd:2e:0c:
43:f1:15:fb:03:b5:ae:f8:b7:8c:23:9e:2f:06:d9:98:c8:14:
0d:b5:0b:76:0b:b1:d3:78:37:bd:96:8f:e5:6e:f0:a8:c0:7c:
f8:8f:86:6b:7b:4d:6c:5d:b3:14:c8:dc:c1:51:2e:b9:db:be:
6f:d6:fd:ab:af:d1:0c:84:a7:4e:ba:2a:a6:ab:9a:91:ce:5a:
1a:b7:4d:b7:53:26:2b:87:65:23:46:44:c8:06:40:19:d7:46:
a4:39:57:02
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgISAZomH2VT9yTSJWl2VVC5J+sDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUxMDI3MTQ0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM5ODczYTlkZmU2OGVjMzBlYTIxZTZmMzQ1NzJjYWIxNmQ5MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmU1ATOkAFvLP0vejHfcvDoTCYBS
V5VUtwa6WOuyx/4W+1bF7oj5zRy/xZJ4/SquT+4UgD3mpUFdpDep5V9a1HMJA6XU
vgonKrWynnnuXJb7nWysG6uKEwBENKfEVvPTmo0ScLMkByvgyPV4AsbAGbUXWXYt
gw1MDUSSsJCfUSNcfBpTslboj/TsDfBtjOT7K2Vc1GvT9J0ZzQR61/Rp2As7hYue
hz8G1QhzYHGlOSBgqGg5lxPnvyMiayvfzVyZhkvHNEsbD6jPvPGSgEkCOmIH/EN3
dgfqWnIZcTUXvLWpB7Meelfth/IZpCg9OS5Ru/+LfmAjvdbSu6PJuC00yQIDAQAB
o4IDMDCCAywwHQYDVR0OBBYEFKbJhzqd/mjsMOoh5vNFcsqxbZIkMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvcHNtSE9wMy1hT3d3NmlIbTgwVnl5ckZ0a2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRAYIKwYBBQUHAQcBAf8EggEzMIIBLzCCARwEAgABMIIB
FDAMAwQBBawiAwQDBawgAwQAWRdBMAwDBABZF0MDBABZF0YDBAFZF0owDAMEAFkX
TQMEBFkXQDAMAwQAWRdTAwQAWRdUAwQAWRdWAwQAWRdYAwQAWRdaAwQDXCr4AwQD
XV3AMAwDBARfjHADBAFfjHgDBAJfjHwwDAMEBW1v4AMEAG1v8DAMAwQAbW/zAwQA
bW/6MAwDBAJtb/wDBABtb/4wDAMEB7L+gAMEALL+kgMEAbL+lDAMAwQAsv6XAwQF
sv6AAwQAsv6jAwQAsv6lAwQAsv6pAwQAsv6sAwQAsv6vAwQAsv6xMAwDBACy/rcD
BACy/rgwDAMEALL+uwMEBrL+gAMEALmdLAMEAMFoRAMEBNmp0DANBAIAAjAHAwUA
KgILWDANBgkqhkiG9w0BAQsFAAOCAQEAZL/049RbNjM5g+8Cnac1boLcLho1+NS2
3O4DQ/lA4iG3Q+23GONN3B0Y7hYXGHnPm19mskxMUSbJr9D7oko+PyqqK65ctPRd
NkRa6f2Z6iF7I8vl1zfQF/UU+NqWR2kKFJ5z4aJp9HjlZLzEYabU6iJz097hYrlS
LlNqrDVeyUiuln0o0GNl7DulfllJ1iJLGXgsrnrKdmkkDfu0DEwIzS4MQ/EV+wO1
rvi3jCOeLwbZmMgUDbULdgux03g3vZaP5W7wqMB8+I+Ga3tNbF2zFMjcwVEuudu+
b9b9q6/RDISnTroqpquakc5aGrdNt1MmK4dlI0ZEyAZAGddGpDlXAg==
-----END CERTIFICATE-----
Generated at Sat Nov 1 12:46:00 2025 by rpki-client