Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/9d8XTUk9TbSzvtZtN5phdUW5wu8.roa
File: 9d8XTUk9TbSzvtZtN5phdUW5wu8.roa (raw, json)
Hash identifier: ydFW5OHKBHrO4TEmbGWs2IxoX00EQeurHTKe7otBmgM=
Subject key identifier: F5:DF:17:4D:49:3D:4D:B4:B3:BE:D6:6D:37:9A:61:75:45:B9:C2:EF
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019A24DE0C4B5BF719EC6263820D6AF7DB25
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/9d8XTUk9TbSzvtZtN5phdUW5wu8.roa
Signing time: Mon 27 Oct 2025 08:52:03 +0000
ROA not before: Mon 27 Oct 2025 08:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 45.43.136.0/24 maxlen: 24
45.43.138.0/24 maxlen: 24
45.43.139.0/24 maxlen: 24
45.43.153.0/24 maxlen: 24
45.43.164.0/23 maxlen: 23
64.137.8.0/24 maxlen: 24
64.137.10.0/23 maxlen: 23
64.137.14.0/23 maxlen: 23
64.137.18.0/23 maxlen: 23
64.137.42.0/23 maxlen: 23
64.137.48.0/23 maxlen: 23
64.137.58.0/23 maxlen: 23
64.137.60.0/22 maxlen: 22
64.137.73.0/24 maxlen: 24
64.137.74.0/24 maxlen: 24
64.137.77.0/24 maxlen: 24
64.137.78.0/24 maxlen: 24
64.137.80.0/22 maxlen: 22
64.137.89.0/24 maxlen: 24
64.137.92.0/23 maxlen: 23
64.137.94.0/23 maxlen: 23
64.137.96.0/22 maxlen: 22
64.137.100.0/23 maxlen: 23
104.143.232.0/21 maxlen: 21
104.143.240.0/22 maxlen: 22
104.143.248.0/21 maxlen: 24
104.222.190.0/24 maxlen: 24
104.233.31.0/24 maxlen: 24
104.233.32.0/20 maxlen: 20
104.233.57.0/24 maxlen: 24
104.233.60.0/24 maxlen: 24
104.233.61.0/24 maxlen: 24
104.233.62.0/24 maxlen: 24
104.238.15.0/24 maxlen: 24
104.238.16.0/24 maxlen: 24
104.238.18.0/24 maxlen: 24
104.238.22.0/24 maxlen: 24
104.238.25.0/24 maxlen: 24
104.239.9.0/24 maxlen: 24
104.239.45.0/24 maxlen: 24
104.239.46.0/24 maxlen: 24
104.239.48.0/24 maxlen: 24
104.239.95.0/24 maxlen: 24
104.239.99.0/24 maxlen: 24
104.239.110.0/24 maxlen: 24
104.249.29.0/24 maxlen: 24
104.249.32.0/22 maxlen: 22
104.249.36.0/24 maxlen: 24
104.249.37.0/24 maxlen: 24
104.249.55.0/24 maxlen: 24
104.250.192.0/21 maxlen: 21
104.250.208.0/20 maxlen: 20
138.128.151.0/24 maxlen: 24
138.128.153.0/24 maxlen: 24
216.173.111.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:24:de:0c:4b:5b:f7:19:ec:62:63:82:0d:6a:f7:db:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Oct 27 08:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f5df174d493d4db4b3bed66d379a617545b9c2ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:19:59:4b:bc:e2:0f:c8:84:ff:44:5e:31:95:
15:90:3a:84:dd:6a:8c:40:53:94:5f:66:b9:b2:0d:
45:5f:f4:4e:e8:95:7a:bd:b3:15:c9:53:5e:3e:25:
76:c1:5b:37:3e:f6:3b:7a:cb:de:a1:63:7a:03:0a:
18:10:8a:2c:91:63:ac:d1:e7:9e:54:a4:e5:86:65:
39:1f:29:a1:db:13:19:52:20:85:fb:0c:05:f1:ae:
6a:59:d5:93:f0:90:a3:a5:09:63:e9:60:23:bc:1a:
f4:e4:d5:75:a8:f6:68:42:f7:47:e7:82:a5:82:31:
03:4a:2c:b3:dc:e2:a4:86:39:7d:6b:e7:b5:ec:ad:
a7:be:97:57:95:bc:8e:48:e7:49:be:70:98:44:3d:
b4:76:0a:57:21:31:83:6f:45:61:ed:c7:5f:8c:8b:
d1:f0:94:80:36:28:b9:a3:72:83:bf:21:de:6d:2a:
a0:ce:9a:56:3e:f5:f2:42:0e:cf:26:71:de:f6:de:
98:a9:9b:a2:64:9c:23:1b:6f:e8:ef:36:7f:d4:51:
b3:14:cd:56:21:0a:88:01:1b:2c:eb:b2:38:08:af:
d0:5f:0c:3f:28:4d:f9:7b:78:dc:f1:b9:ef:a8:a8:
b9:68:6f:8a:9b:39:34:11:fb:86:35:e5:31:67:00:
4c:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:DF:17:4D:49:3D:4D:B4:B3:BE:D6:6D:37:9A:61:75:45:B9:C2:EF
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/9d8XTUk9TbSzvtZtN5phdUW5wu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.136.0/24
45.43.138.0/23
45.43.153.0/24
45.43.164.0/23
64.137.8.0/24
64.137.10.0/23
64.137.14.0/23
64.137.18.0/23
64.137.42.0/23
64.137.48.0/23
64.137.58.0-64.137.63.255
64.137.73.0-64.137.74.255
64.137.77.0-64.137.78.255
64.137.80.0/22
64.137.89.0/24
64.137.92.0-64.137.101.255
104.143.232.0-104.143.243.255
104.143.248.0/21
104.222.190.0/24
104.233.31.0-104.233.47.255
104.233.57.0/24
104.233.60.0-104.233.62.255
104.238.15.0-104.238.16.255
104.238.18.0/24
104.238.22.0/24
104.238.25.0/24
104.239.9.0/24
104.239.45.0-104.239.46.255
104.239.48.0/24
104.239.95.0/24
104.239.99.0/24
104.239.110.0/24
104.249.29.0/24
104.249.32.0-104.249.37.255
104.249.55.0/24
104.250.192.0/21
104.250.208.0/20
138.128.151.0/24
138.128.153.0/24
216.173.111.0/24
Signature Algorithm: sha256WithRSAEncryption
64:84:f4:bc:58:a7:73:db:a0:e0:6d:a6:d5:f8:b7:d4:bf:fd:
ed:be:79:1c:08:2e:8e:af:c9:ae:20:13:da:c1:de:ae:09:d1:
9f:51:b1:a8:4f:5f:48:d5:ca:7c:e4:c8:04:af:ba:38:47:cf:
4f:ef:c1:52:2b:88:40:be:93:1a:56:a4:33:3f:96:17:e7:b9:
38:1f:a2:33:fa:5d:0d:58:a4:fa:d6:d9:49:31:e4:96:e0:95:
90:34:67:a0:89:e9:ee:9c:e0:a2:e9:7a:4f:a3:f5:40:d6:96:
3e:2f:a0:d6:77:6f:b1:1c:e4:63:be:e4:4b:9e:ca:7c:fa:04:
b1:04:fc:53:ee:10:a0:c7:2b:0e:c7:53:17:e6:e9:06:25:41:
4f:39:dd:f0:87:43:2c:69:d2:0c:93:73:04:02:ec:d4:30:5e:
1c:bd:ff:5e:11:01:c8:1e:24:4d:d4:0d:d1:09:ec:96:36:87:
d1:58:1f:ee:ec:87:9a:d8:ba:ca:b0:35:98:4e:cf:84:3d:50:
a1:f5:04:81:00:16:99:d1:72:39:2f:c1:c2:12:63:13:a2:04:
5d:d7:6b:61:a0:08:79:0a:1d:e4:1d:20:aa:99:6d:35:d6:ee:
ef:aa:68:3b:01:b8:bf:6d:55:8b:8b:c5:be:21:0a:21:5b:ef:
7b:53:87:b0
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgISAZok3gxLW/cZ7GJjgg1q99slMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUxMDI3MDg1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWRmMTc0ZDQ5M2Q0ZGI0YjNiZWQ2NmQzNzlhNjE3NTQ1YjljMmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hlZS7ziD8iE/0ReMZUVkDqE3WqM
QFOUX2a5sg1FX/RO6JV6vbMVyVNePiV2wVs3PvY7esveoWN6AwoYEIoskWOs0eee
VKTlhmU5Hymh2xMZUiCF+wwF8a5qWdWT8JCjpQlj6WAjvBr05NV1qPZoQvdH54Kl
gjEDSiyz3OKkhjl9a+e17K2nvpdXlbyOSOdJvnCYRD20dgpXITGDb0Vh7cdfjIvR
8JSANii5o3KDvyHebSqgzppWPvXyQg7PJnHe9t6YqZuiZJwjG2/o7zZ/1FGzFM1W
IQqIARss67I4CK/QXww/KE35e3jc8bnvqKi5aG+Kmzk0EfuGNeUxZwBMzwIDAQAB
o4IDTTCCA0kwHQYDVR0OBBYEFPXfF01JPU20s77WbTeaYXVFucLvMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvOWQ4WFRVazlUYlN6dnRadE41cGhkVVc1d3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBYQYIKwYBBQUHAQcBAf8EggFQMIIBTDCCAUgEAgABMIIB
QAMEAC0riAMEAS0rigMEAC0rmQMEAS0rpAMEAECJCAMEAUCJCgMEAUCJDgMEAUCJ
EgMEAUCJKgMEAUCJMDAMAwQBQIk6AwQGQIkAMAwDBABAiUkDBABAiUowDAMEAECJ
TQMEAECJTgMEAkCJUAMEAECJWTAMAwQCQIlcAwQBQIlkMAwDBANoj+gDBAJoj/AD
BANoj/gDBABo3r4wDAMEAGjpHwMEBGjpIAMEAGjpOTAMAwQCaOk8AwQAaOk+MAwD
BABo7g8DBABo7hADBABo7hIDBABo7hYDBABo7hkDBABo7wkwDAMEAGjvLQMEAGjv
LgMEAGjvMAMEAGjvXwMEAGjvYwMEAGjvbgMEAGj5HTAMAwQFaPkgAwQBaPkkAwQA
aPk3AwQDaPrAAwQEaPrQAwQAioCXAwQAioCZAwQA2K1vMA0GCSqGSIb3DQEBCwUA
A4IBAQBkhPS8WKdz26DgbabV+LfUv/3tvnkcCC6Or8muIBPawd6uCdGfUbGoT19I
1cp85MgEr7o4R89P78FSK4hAvpMaVqQzP5YX57k4H6Iz+l0NWKT61tlJMeSW4JWQ
NGegienunOCi6XpPo/VA1pY+L6DWd2+xHORjvuRLnsp8+gSxBPxT7hCgxysOx1MX
5ukGJUFPOd3wh0MsadIMk3MEAuzUMF4cvf9eEQHIHiRN1A3RCeyWNofRWB/u7Iea
2LrKsDWYTs+EPVCh9QSBABaZ0XI5L8HCEmMTogRd12thoAh5Ch3kHSCqmW011u7v
qmg7Abi/bVWLi8W+IQohW+97U4ew
-----END CERTIFICATE-----
Generated at Mon Nov 3 14:17:55 2025 by rpki-client