Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/nuWEXz5iouFYw69x7pHB9Q_otls.roa
File: nuWEXz5iouFYw69x7pHB9Q_otls.roa (raw, json)
Hash identifier: Umr2jfHGMWfjhuAzoJGL6f5R4bWkeW3ijsBAOIiH6+U=
Subject key identifier: 9E:E5:84:5F:3E:62:A2:E1:58:C3:AF:71:EE:91:C1:F5:0F:E8:B6:5B
Certificate issuer: /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial: 019A02B7ACF07D06B7F8F81E0AA6B7DB49A4
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/nuWEXz5iouFYw69x7pHB9Q_otls.roa
Signing time: Mon 20 Oct 2025 17:43:03 +0000
ROA not before: Mon 20 Oct 2025 17:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209847
IP address blocks: 5.182.36.0/24 maxlen: 24
5.182.37.0/24 maxlen: 24
5.182.38.0/24 maxlen: 24
5.182.39.0/24 maxlen: 24
45.8.144.0/24 maxlen: 24
45.8.145.0/24 maxlen: 24
45.8.146.0/24 maxlen: 24
45.67.34.0/24 maxlen: 24
45.67.35.0/24 maxlen: 24
45.84.0.0/24 maxlen: 24
45.87.152.0/24 maxlen: 24
45.87.153.0/24 maxlen: 24
45.87.154.0/24 maxlen: 24
45.87.155.0/24 maxlen: 24
45.89.52.0/24 maxlen: 24
45.89.53.0/24 maxlen: 24
45.89.54.0/24 maxlen: 24
45.89.55.0/24 maxlen: 24
45.93.10.0/24 maxlen: 24
45.93.11.0/24 maxlen: 24
45.159.248.0/24 maxlen: 24
45.159.249.0/24 maxlen: 24
45.159.250.0/24 maxlen: 24
45.159.251.0/24 maxlen: 24
93.185.166.0/24 maxlen: 24
141.98.168.0/24 maxlen: 24
141.98.169.0/24 maxlen: 24
141.98.170.0/24 maxlen: 24
185.231.204.0/24 maxlen: 24
185.231.205.0/24 maxlen: 24
185.231.206.0/24 maxlen: 24
185.231.207.0/24 maxlen: 24
188.119.123.0/24 maxlen: 24
193.43.146.0/24 maxlen: 24
193.43.147.0/24 maxlen: 24
193.46.56.0/24 maxlen: 24
193.46.57.0/24 maxlen: 24
193.57.136.0/24 maxlen: 24
193.57.137.0/24 maxlen: 24
193.57.138.0/24 maxlen: 24
193.57.139.0/24 maxlen: 24
194.4.48.0/24 maxlen: 24
194.4.49.0/24 maxlen: 24
194.4.50.0/24 maxlen: 24
194.4.51.0/24 maxlen: 24
194.116.172.0/24 maxlen: 24
194.116.173.0/24 maxlen: 24
194.116.190.0/24 maxlen: 24
194.116.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 20:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:b7:ac:f0:7d:06:b7:f8:f8:1e:0a:a6:b7:db:49:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Validity
Not Before: Oct 20 17:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ee5845f3e62a2e158c3af71ee91c1f50fe8b65b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:16:9a:19:3c:d8:bf:54:ed:37:e0:86:b8:df:
1b:8d:52:8c:ed:ee:43:3e:f3:e4:e7:f3:bd:6f:13:
01:46:3a:c9:ee:4d:79:fd:07:83:f2:8a:34:aa:82:
2f:b0:b4:5b:a9:c1:e6:b8:38:8d:11:95:f4:35:f6:
d6:37:79:f7:8c:f9:e8:03:92:b1:de:50:a0:59:21:
05:73:31:ff:7c:16:07:42:4a:9b:5f:2f:b8:a4:7c:
d3:78:2a:61:d4:bb:23:b1:0f:83:ea:7e:ac:b5:39:
15:93:02:a4:57:82:e8:bd:14:a4:61:0d:63:d0:47:
3f:05:5f:5e:4d:c0:4e:c2:f5:ee:f0:83:a0:70:55:
82:17:64:61:6c:a3:41:2f:7a:e3:49:e4:d6:f4:d6:
2a:b7:f5:ec:b1:54:38:cf:43:25:74:e5:23:37:2d:
6f:5a:5a:d0:be:cd:03:9a:4f:93:e8:63:66:d4:44:
78:84:2b:0e:25:c6:b5:bf:ad:c1:5c:0c:76:e2:21:
4c:8a:f4:84:64:dd:d5:2f:b8:fa:cd:54:44:a2:5c:
99:e5:8c:c6:0a:e0:d2:62:78:2a:f9:d9:35:8c:f1:
05:04:8c:42:0b:15:a0:79:b9:9d:cc:a2:5c:0b:34:
1b:85:9f:7e:5d:28:bb:71:03:ef:1a:98:12:0e:8f:
83:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:E5:84:5F:3E:62:A2:E1:58:C3:AF:71:EE:91:C1:F5:0F:E8:B6:5B
X509v3 Authority Key Identifier:
keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/nuWEXz5iouFYw69x7pHB9Q_otls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.36.0/22
45.8.144.0-45.8.146.255
45.67.34.0/23
45.84.0.0/24
45.87.152.0/22
45.89.52.0/22
45.93.10.0/23
45.159.248.0/22
93.185.166.0/24
141.98.168.0-141.98.170.255
185.231.204.0/22
188.119.123.0/24
193.43.146.0/23
193.46.56.0/23
193.57.136.0/22
194.4.48.0/22
194.116.172.0/23
194.116.190.0/23
Signature Algorithm: sha256WithRSAEncryption
46:06:86:ea:f9:24:0c:47:2e:78:d8:d2:f8:fc:80:20:40:59:
de:ce:08:d5:2b:ee:9d:9b:7d:df:fb:23:4e:b3:5e:26:87:d5:
22:0e:bc:da:35:c2:f8:97:9c:82:41:b0:fd:3b:d6:e1:03:20:
39:f0:68:94:dd:a8:fa:b1:3d:3a:c2:c2:8c:0b:0a:3c:18:93:
34:c9:42:83:7a:16:10:26:7a:49:84:df:e4:ed:a2:f3:0a:54:
f2:5e:74:22:87:53:f0:eb:94:2b:66:dc:ec:ae:8a:30:f9:e8:
f2:dd:b8:eb:b1:9c:12:7c:14:28:0e:7b:3e:2a:53:1b:c8:13:
45:cc:96:c7:40:75:a9:ca:e5:e3:da:36:3c:94:0f:dc:c4:7f:
33:4e:08:48:9d:74:e0:d2:9f:a5:1d:f0:23:83:ad:0d:37:69:
78:00:d0:ce:63:4b:14:65:11:5c:77:83:4b:4d:a1:1f:5f:39:
2c:29:ef:53:17:58:ec:54:60:78:9a:72:ac:33:9e:80:d4:5e:
85:32:41:25:7e:c6:79:e2:90:6b:65:ab:f0:33:77:6f:b7:a9:
47:fa:05:a1:06:ac:2b:35:80:e2:c7:26:fd:14:44:a5:ee:52:
12:6f:28:ed:d1:80:11:6b:c0:ff:a1:7c:c0:3d:16:7e:af:bd:
b5:8d:c0:c2
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZoCt6zwfQa3+PgeCqa320mkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUxMDIwMTc0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWU1ODQ1ZjNlNjJhMmUxNThjM2FmNzFlZTkxYzFmNTBmZThiNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRaaGTzYv1TtN+CGuN8bjVKM7e5D
PvPk5/O9bxMBRjrJ7k15/QeD8oo0qoIvsLRbqcHmuDiNEZX0NfbWN3n3jPnoA5Kx
3lCgWSEFczH/fBYHQkqbXy+4pHzTeCph1LsjsQ+D6n6stTkVkwKkV4LovRSkYQ1j
0Ec/BV9eTcBOwvXu8IOgcFWCF2RhbKNBL3rjSeTW9NYqt/XssVQ4z0MldOUjNy1v
WlrQvs0Dmk+T6GNm1ER4hCsOJca1v63BXAx24iFMivSEZN3VL7j6zVREolyZ5YzG
CuDSYngq+dk1jPEFBIxCCxWgebmdzKJcCzQbhZ9+XSi7cQPvGpgSDo+D5wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFJ7lhF8+YqLhWMOvce6RwfUP6LZbMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvbnVXRVh6NWlvdUZZdzY5eDdwSEI5UV9vdGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAgW2
JDAMAwQELQiQAwQALQiSAwQBLUMiAwQALVQAAwQCLVeYAwQCLVk0AwQBLV0KAwQC
LZ/4AwQAXbmmMAwDBAONYqgDBACNYqoDBAK558wDBAC8d3sDBAHBK5IDBAHBLjgD
BALBOYgDBALCBDADBAHCdKwDBAHCdL4wDQYJKoZIhvcNAQELBQADggEBAEYGhur5
JAxHLnjY0vj8gCBAWd7OCNUr7p2bfd/7I06zXiaH1SIOvNo1wviXnIJBsP071uED
IDnwaJTdqPqxPTrCwowLCjwYkzTJQoN6FhAmekmE3+TtovMKVPJedCKHU/DrlCtm
3OyuijD56PLduOuxnBJ8FCgOez4qUxvIE0XMlsdAdanK5ePaNjyUD9zEfzNOCEid
dODSn6Ud8CODrQ03aXgA0M5jSxRlEVx3g0tNoR9fOSwp71MXWOxUYHiacqwznoDU
XoUyQSV+xnnikGtlq/Azd2+3qUf6BaEGrCs1gOLHJv0URKXuUhJvKO3RgBFrwP+h
fMA9Fn6vvbWNwMI=
-----END CERTIFICATE-----
Generated at Wed Oct 22 05:10:13 2025 by rpki-client