Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/_BA7tm8EF_tbwBM_8Y5W_eHYfic.roa
File: _BA7tm8EF_tbwBM_8Y5W_eHYfic.roa (raw, json)
Hash identifier: db4l1hxQOgB+o48kmvSgTfCUsHPyWt6jnE1LZ4z2tb8=
Subject key identifier: FC:10:3B:B6:6F:04:17:FB:5B:C0:13:3F:F1:8E:56:FD:E1:D8:7E:27
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019A3C680CA78ED3F9B9162DB2D7699655F5
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/_BA7tm8EF_tbwBM_8Y5W_eHYfic.roa
Signing time: Fri 31 Oct 2025 22:34:03 +0000
ROA not before: Fri 31 Oct 2025 22:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 53813
IP address blocks: 147.161.192.0/23 maxlen: 24
147.161.194.0/23 maxlen: 24
147.161.196.0/23 maxlen: 24
147.161.198.0/23 maxlen: 24
147.161.200.0/23 maxlen: 24
147.161.204.0/23 maxlen: 24
147.161.208.0/23 maxlen: 24
147.161.210.0/23 maxlen: 24
147.161.212.0/23 maxlen: 24
147.161.214.0/23 maxlen: 24
147.161.216.0/23 maxlen: 24
147.161.218.0/23 maxlen: 24
147.161.220.0/23 maxlen: 24
159.254.98.0/24 maxlen: 24
164.137.56.0/24 maxlen: 24
164.137.57.0/24 maxlen: 24
164.137.58.0/24 maxlen: 24
164.137.59.0/24 maxlen: 24
164.137.60.0/24 maxlen: 24
164.137.69.0/24 maxlen: 24
164.137.109.0/24 maxlen: 24
164.137.159.0/24 maxlen: 24
164.137.160.0/24 maxlen: 24
164.137.161.0/24 maxlen: 24
164.137.162.0/24 maxlen: 24
164.137.163.0/24 maxlen: 24
164.137.164.0/24 maxlen: 24
164.137.165.0/24 maxlen: 24
164.137.166.0/24 maxlen: 24
164.137.167.0/24 maxlen: 24
164.137.168.0/24 maxlen: 24
164.137.169.0/24 maxlen: 24
164.137.170.0/24 maxlen: 24
164.137.171.0/24 maxlen: 24
164.137.172.0/24 maxlen: 24
164.137.173.0/24 maxlen: 24
164.137.174.0/24 maxlen: 24
164.137.175.0/24 maxlen: 24
164.137.176.0/24 maxlen: 24
164.137.177.0/24 maxlen: 24
164.137.178.0/24 maxlen: 24
164.137.179.0/24 maxlen: 24
164.137.180.0/24 maxlen: 24
164.137.181.0/24 maxlen: 24
164.137.182.0/24 maxlen: 24
164.137.183.0/24 maxlen: 24
164.137.184.0/24 maxlen: 24
164.137.185.0/24 maxlen: 24
164.137.186.0/24 maxlen: 24
164.137.187.0/24 maxlen: 24
164.137.188.0/24 maxlen: 24
164.137.189.0/24 maxlen: 24
164.137.190.0/24 maxlen: 24
164.137.191.0/24 maxlen: 24
164.137.192.0/24 maxlen: 24
2a03:eec0:3211::/48 maxlen: 48
2a03:eec0:3223::/48 maxlen: 48
2a03:eec0:3224::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3c:68:0c:a7:8e:d3:f9:b9:16:2d:b2:d7:69:96:55:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Oct 31 22:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fc103bb66f0417fb5bc0133ff18e56fde1d87e27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:30:75:4d:e3:0d:ff:9c:08:fa:b8:50:59:97:
04:dc:a8:9d:c6:00:cd:f2:31:b3:da:be:c7:c4:2a:
69:35:13:88:99:43:c9:96:a9:52:e4:5d:9b:2b:55:
6b:22:de:d8:a2:e8:fc:34:a9:5a:5d:bc:46:d6:d5:
b1:c4:e0:1e:8b:09:ed:74:20:b3:8c:6d:6d:dd:7a:
1b:76:7a:c9:de:1b:10:62:4e:6e:62:af:c8:ba:2d:
82:0e:c1:ad:14:6f:bf:0d:e9:dd:74:03:c9:f4:15:
1e:5b:9d:cc:18:40:62:8a:03:20:09:01:c9:66:45:
23:23:b7:4e:8a:87:c2:cb:81:7c:26:59:a0:e3:22:
54:68:e5:33:9b:bd:35:a3:fc:61:3d:00:b8:59:2d:
ff:f2:7f:ac:34:c1:f6:d7:4f:23:58:d7:93:5b:5b:
77:d3:ce:50:7a:3d:14:45:10:6a:7b:c8:66:9e:36:
91:8e:e0:9f:9c:87:e5:9a:c0:49:89:44:0b:58:18:
7e:3c:fa:e7:70:82:65:f4:42:8c:c9:29:db:dd:17:
72:92:21:fa:75:05:a5:07:06:57:f6:06:f4:31:6c:
05:3f:64:b1:27:50:c9:b9:52:dc:6d:c9:7c:56:fe:
16:0c:bd:01:29:a5:85:92:49:88:b6:3e:26:41:bc:
c2:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:10:3B:B6:6F:04:17:FB:5B:C0:13:3F:F1:8E:56:FD:E1:D8:7E:27
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/_BA7tm8EF_tbwBM_8Y5W_eHYfic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.192.0-147.161.201.255
147.161.204.0/23
147.161.208.0-147.161.221.255
159.254.98.0/24
164.137.56.0-164.137.60.255
164.137.69.0/24
164.137.109.0/24
164.137.159.0-164.137.192.255
IPv6:
2a03:eec0:3211::/48
2a03:eec0:3223::-2a03:eec0:3224:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
46:b6:2c:0c:9f:f4:81:83:16:c9:02:55:4c:35:f0:fa:dd:48:
0f:97:81:18:d5:9c:22:12:39:e6:e9:5e:44:4b:33:90:5c:e8:
c0:e7:ff:c0:f3:86:8e:b1:f3:00:97:f3:d5:26:4d:a8:4b:c7:
8d:fb:71:4a:bb:4b:87:65:3a:88:61:6e:d6:c5:3d:45:f6:00:
45:b2:a9:1a:d2:24:52:c3:96:92:49:5a:86:80:a7:2c:ed:91:
be:b0:f1:b8:b2:e2:f5:a5:c0:89:29:67:77:7c:97:f6:a9:29:
86:17:83:cf:17:c4:e6:f4:00:d7:e5:ac:12:c1:d4:43:0b:15:
36:5d:38:93:a0:c9:3b:41:ef:b3:0d:ab:e0:0f:c6:3e:0f:e9:
02:f7:3d:88:3e:d3:94:e6:da:7b:b8:1a:73:af:31:db:52:20:
7e:50:6c:5a:39:db:7c:16:a3:3d:b0:4b:0c:3e:dc:a1:29:fd:
42:70:e8:06:b6:e9:db:af:7b:48:89:c1:cb:24:e4:9c:77:9c:
b6:a2:a4:0b:34:19:06:5e:bc:ee:d9:59:9b:ed:38:76:b4:b9:
8d:7f:b2:ac:dd:d9:fe:1a:25:f6:eb:72:33:c0:b4:60:53:db:
e6:6f:e0:a2:e1:ea:d3:3d:b8:02:10:b7:be:87:d1:fd:f8:2c:
85:34:04:39
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAZo8aAynjtP5uRYtstdpllX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUxMDMxMjIzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEwM2JiNjZmMDQxN2ZiNWJjMDEzM2ZmMThlNTZmZGUxZDg3ZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDB1TeMN/5wI+rhQWZcE3KidxgDN
8jGz2r7HxCppNROImUPJlqlS5F2bK1VrIt7Youj8NKlaXbxG1tWxxOAeiwntdCCz
jG1t3XobdnrJ3hsQYk5uYq/Iui2CDsGtFG+/DenddAPJ9BUeW53MGEBiigMgCQHJ
ZkUjI7dOiofCy4F8Jlmg4yJUaOUzm701o/xhPQC4WS3/8n+sNMH2108jWNeTW1t3
085Qej0URRBqe8hmnjaRjuCfnIflmsBJiUQLWBh+PPrncIJl9EKMySnb3RdykiH6
dQWlBwZX9gb0MWwFP2SxJ1DJuVLcbcl8Vv4WDL0BKaWFkkmItj4mQbzCtQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFPwQO7ZvBBf7W8ATP/GOVv3h2H4nMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvX0JBN3RtOEVGX3Rid0JNXzhZNVdfZUhZZmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wVgQCAAEwUDAMAwQGk6HA
AwQBk6HIAwQBk6HMMAwDBASTodADBAGTodwDBACf/mIwDAMEA6SJOAMEAKSJPAME
AKSJRQMEAKSJbTAMAwQApImfAwQApInAMCMEAgACMB0DBwAqA+7AMhEwEgMHACoD
7sAyIwMHACoD7sAyJDANBgkqhkiG9w0BAQsFAAOCAQEARrYsDJ/0gYMWyQJVTDXw
+t1ID5eBGNWcIhI55uleREszkFzowOf/wPOGjrHzAJfz1SZNqEvHjftxSrtLh2U6
iGFu1sU9RfYARbKpGtIkUsOWkklahoCnLO2RvrDxuLLi9aXAiSlnd3yX9qkphheD
zxfE5vQA1+WsEsHUQwsVNl04k6DJO0Hvsw2r4A/GPg/pAvc9iD7TlObae7gac68x
21IgflBsWjnbfBajPbBLDD7coSn9QnDoBrbp2697SInByyTknHectqKkCzQZBl68
7tlZm+04drS5jX+yrN3Z/hol9utyM8C0YFPb5m/gouHq0z24AhC3vofR/fgshTQE
OQ==
-----END CERTIFICATE-----
Generated at Tue Nov 4 09:29:27 2025 by rpki-client