Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oWax_s3rEBvHabBS48m5jkL-sS8.roa
File: oWax_s3rEBvHabBS48m5jkL-sS8.roa (raw, json)
Hash identifier: xlEwLhmITk7/mkpqEIY5+075rzKtLyDjCvF9OixjCdY=
Subject key identifier: A1:66:B1:FE:CD:EB:10:1B:C7:69:B0:52:E3:C9:B9:8E:42:FE:B1:2F
Certificate issuer: /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial: 0198F0CC27AEF9F148BFBBD1EC80D703D1A4
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oWax_s3rEBvHabBS48m5jkL-sS8.roa
Signing time: Thu 28 Aug 2025 13:09:28 +0000
ROA not before: Thu 28 Aug 2025 13:09:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 375
IP address blocks: 131.207.0.0/17 maxlen: 17
192.49.0.0/21 maxlen: 21
192.49.9.0/24 maxlen: 24
192.49.10.0/24 maxlen: 24
192.49.19.0/24 maxlen: 24
192.49.20.0/24 maxlen: 24
192.49.22.0/24 maxlen: 24
192.49.36.0/22 maxlen: 22
192.49.40.0/23 maxlen: 23
192.49.50.0/24 maxlen: 24
192.49.52.0/23 maxlen: 23
192.49.55.0/24 maxlen: 24
192.49.56.0/21 maxlen: 21
192.49.64.0/22 maxlen: 22
192.49.68.0/24 maxlen: 24
192.49.70.0/23 maxlen: 23
192.49.72.0/23 maxlen: 23
192.49.78.0/24 maxlen: 24
192.49.86.0/23 maxlen: 23
192.49.90.0/24 maxlen: 24
192.49.91.0/24 maxlen: 24
192.49.92.0/22 maxlen: 22
192.49.96.0/24 maxlen: 24
192.49.98.0/23 maxlen: 23
192.49.100.0/23 maxlen: 23
192.49.102.0/24 maxlen: 24
192.49.103.0/24 maxlen: 24
192.49.104.0/24 maxlen: 24
192.49.106.0/23 maxlen: 23
192.49.108.0/22 maxlen: 22
192.49.112.0/23 maxlen: 23
192.49.114.0/23 maxlen: 23
192.49.119.0/24 maxlen: 24
192.49.120.0/22 maxlen: 22
192.49.124.0/23 maxlen: 23
192.49.126.0/24 maxlen: 24
192.49.131.0/24 maxlen: 24
192.49.134.0/24 maxlen: 24
192.49.136.0/23 maxlen: 23
192.49.139.0/24 maxlen: 24
192.49.140.0/23 maxlen: 23
192.49.144.0/24 maxlen: 24
192.49.146.0/24 maxlen: 24
192.49.148.0/22 maxlen: 22
192.49.152.0/21 maxlen: 21
192.49.160.0/23 maxlen: 23
192.49.163.0/24 maxlen: 24
192.49.164.0/22 maxlen: 22
192.49.168.0/23 maxlen: 23
192.49.170.0/24 maxlen: 24
192.49.173.0/24 maxlen: 24
192.49.174.0/23 maxlen: 23
192.49.176.0/20 maxlen: 20
192.49.192.0/18 maxlen: 18
2a03:9b80::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f0:cc:27:ae:f9:f1:48:bf:bb:d1:ec:80:d7:03:d1:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
Validity
Not Before: Aug 28 13:09:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a166b1fecdeb101bc769b052e3c9b98e42feb12f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:d8:ae:90:e9:3d:ce:da:54:15:0d:bb:1c:57:
a4:a3:3b:d2:39:62:16:be:32:9b:6e:88:06:10:a1:
4e:14:1a:37:59:8c:3f:3a:5a:41:f7:a0:9d:5e:bc:
b9:29:b7:14:bc:9e:e4:ce:59:18:5d:a3:1f:0c:64:
cc:0f:8a:40:34:a9:fd:45:b0:ef:8a:11:17:c5:aa:
97:0e:2c:1e:8f:e4:70:d7:89:15:ee:ec:68:41:9a:
39:b0:65:8d:67:35:fb:7d:16:b3:cf:c1:7c:5a:6e:
71:68:cc:9c:2e:f6:e5:8d:33:31:79:8c:f3:58:af:
8b:27:15:e0:a7:48:b1:24:fd:31:ef:d0:b2:e1:39:
c1:bc:ba:38:53:37:80:8e:1f:85:94:5b:33:39:fe:
71:dc:c4:82:aa:c6:94:7d:a9:90:ba:65:c7:46:cd:
d4:81:79:53:d7:d4:1b:c2:54:40:bb:37:cd:d1:de:
fc:55:60:6d:63:83:f8:a2:a3:7e:89:ec:43:f0:df:
50:52:1c:eb:08:b5:05:fc:32:b9:16:1c:91:58:26:
5b:2a:5f:d2:dc:7e:f0:5d:92:88:a7:fd:0e:3e:af:
91:ba:a4:e1:e4:11:70:ee:3a:84:bf:e7:87:29:bd:
3c:3b:1f:46:9b:44:8d:44:bf:ff:11:fd:c4:11:ab:
e4:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:66:B1:FE:CD:EB:10:1B:C7:69:B0:52:E3:C9:B9:8E:42:FE:B1:2F
X509v3 Authority Key Identifier:
keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/oWax_s3rEBvHabBS48m5jkL-sS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.207.0.0/17
192.49.0.0/21
192.49.9.0-192.49.10.255
192.49.19.0-192.49.20.255
192.49.22.0/24
192.49.36.0-192.49.41.255
192.49.50.0/24
192.49.52.0/23
192.49.55.0-192.49.68.255
192.49.70.0-192.49.73.255
192.49.78.0/24
192.49.86.0/23
192.49.90.0-192.49.96.255
192.49.98.0-192.49.104.255
192.49.106.0-192.49.115.255
192.49.119.0-192.49.126.255
192.49.131.0/24
192.49.134.0/24
192.49.136.0/23
192.49.139.0-192.49.141.255
192.49.144.0/24
192.49.146.0/24
192.49.148.0-192.49.161.255
192.49.163.0-192.49.170.255
192.49.173.0-192.49.255.255
IPv6:
2a03:9b80::/34
Signature Algorithm: sha256WithRSAEncryption
99:fc:c3:e8:e9:0e:e6:90:6f:80:0d:4e:f0:98:c6:45:55:b7:
55:30:53:2e:33:77:95:58:02:00:8e:82:fa:89:fa:50:11:74:
05:95:23:f0:56:04:42:88:3a:0e:8e:c6:b2:11:12:57:01:a9:
3e:0e:11:ec:31:0f:4f:29:d5:d0:2c:69:61:82:30:62:2b:aa:
bd:cd:92:da:18:bd:ce:00:b8:10:85:f2:3e:aa:ea:3c:fa:2c:
a6:1d:41:15:33:af:e1:96:29:12:81:20:a0:4d:bf:d8:3f:04:
ed:c7:e6:4d:16:fc:2b:ca:39:ff:c4:8b:c4:d7:e9:0c:e0:2c:
7c:7f:47:ab:26:d1:e8:47:1f:e1:88:44:11:ac:23:cd:c8:b9:
ab:18:d9:a8:e5:b2:ac:34:ac:f6:01:87:75:ef:1f:af:53:c0:
49:35:ba:ef:75:ca:0e:f7:1e:a4:3a:c9:28:81:c0:b8:5b:ae:
0c:61:37:02:9a:e2:69:05:61:a6:ed:13:77:78:92:83:4e:c8:
c9:1f:f5:dd:31:5d:6c:8f:b9:8b:55:7a:64:8d:5c:c9:31:d9:
31:cb:ea:53:3b:62:26:c0:b8:ad:b0:ff:c1:b0:18:b3:24:22:
3c:64:66:b4:74:b7:83:6f:60:c8:f4:ce:e7:a2:69:90:ce:18:
c8:3a:62:cd
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgISAZjwzCeu+fFIv7vR7IDXA9GkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjUwODI4MTMwOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTY2YjFmZWNkZWIxMDFiYzc2OWIwNTJlM2M5Yjk4ZTQyZmViMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdiukOk9ztpUFQ27HFekozvSOWIW
vjKbbogGEKFOFBo3WYw/OlpB96CdXry5KbcUvJ7kzlkYXaMfDGTMD4pANKn9RbDv
ihEXxaqXDiwej+Rw14kV7uxoQZo5sGWNZzX7fRazz8F8Wm5xaMycLvbljTMxeYzz
WK+LJxXgp0ixJP0x79Cy4TnBvLo4UzeAjh+FlFszOf5x3MSCqsaUfamQumXHRs3U
gXlT19QbwlRAuzfN0d78VWBtY4P4oqN+iexD8N9QUhzrCLUF/DK5FhyRWCZbKl/S
3H7wXZKIp/0OPq+RuqTh5BFw7jqEv+eHKb08Ox9Gm0SNRL//Ef3EEavkZwIDAQAB
o4IDGTCCAxUwHQYDVR0OBBYEFKFmsf7N6xAbx2mwUuPJuY5C/rEvMB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvb1dheF9zM3JFQnZIYWJCUzQ4bTVqa0wtc1M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLQYIKwYBBQUHAQcBAf8EggEcMIIBGDCCAQQEAgABMIH9
AwQHg88AAwQDwDEAMAwDBADAMQkDBADAMQowDAMEAMAxEwMEAMAxFAMEAMAxFjAM
AwQCwDEkAwQBwDEoAwQAwDEyAwQBwDE0MAwDBADAMTcDBADAMUQwDAMEAcAxRgME
AcAxSAMEAMAxTgMEAcAxVjAMAwQBwDFaAwQAwDFgMAwDBAHAMWIDBADAMWgwDAME
AcAxagMEAsAxcDAMAwQAwDF3AwQAwDF+AwQAwDGDAwQAwDGGAwQBwDGIMAwDBADA
MYsDBAHAMYwDBADAMZADBADAMZIwDAMEAsAxlAMEAcAxoDAMAwQAwDGjAwQAwDGq
MAsDBADAMa0DAwHAMDAOBAIAAjAIAwYGKgObgAAwDQYJKoZIhvcNAQELBQADggEB
AJn8w+jpDuaQb4ANTvCYxkVVt1UwUy4zd5VYAgCOgvqJ+lARdAWVI/BWBEKIOg6O
xrIRElcBqT4OEewxD08p1dAsaWGCMGIrqr3NktoYvc4AuBCF8j6q6jz6LKYdQRUz
r+GWKRKBIKBNv9g/BO3H5k0W/CvKOf/Ei8TX6QzgLHx/R6sm0ehHH+GIRBGsI83I
uasY2ajlsqw0rPYBh3XvH69TwEk1uu91yg73HqQ6ySiBwLhbrgxhNwKa4mkFYabt
E3d4koNOyMkf9d0xXWyPuYtVemSNXMkx2THL6lM7YibAuK2w/8GwGLMkIjxkZrR0
t4NvYMj0zueiaZDOGMg6Ys0=
-----END CERTIFICATE-----
Generated at Wed Sep 10 09:29:11 2025 by rpki-client