Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/baYIpR8Fy3HGS97tT3TkbmdSPzY.roa
File: baYIpR8Fy3HGS97tT3TkbmdSPzY.roa (raw, json)
Hash identifier: 7opRxausXis4QYNC4y2ER1LVJpyQDudccsf+oeNI93c=
Subject key identifier: 6D:A6:08:A5:1F:05:CB:71:C6:4B:DE:ED:4F:74:E4:6E:67:52:3F:36
Certificate issuer: /CN=f2f7b9cbbb8952ac3f196e7cd0b8a4dba5de11c3
Certificate serial: 019A7DB704D3C3A555B6502E50420585FEA4
Authority key identifier: F2:F7:B9:CB:BB:89:52:AC:3F:19:6E:7C:D0:B8:A4:DB:A5:DE:11:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8ve5y7uJUqw_GW580Lik26XeEcM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/baYIpR8Fy3HGS97tT3TkbmdSPzY.roa
Signing time: Thu 13 Nov 2025 14:55:37 +0000
ROA not before: Thu 13 Nov 2025 14:55:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41110
IP address blocks: 5.154.190.0/24 maxlen: 24
5.154.191.0/24 maxlen: 24
45.92.188.0/23 maxlen: 23
45.92.190.0/23 maxlen: 23
78.142.200.0/23 maxlen: 23
78.142.202.0/23 maxlen: 23
80.173.208.0/21 maxlen: 21
80.173.216.0/21 maxlen: 21
85.208.176.0/23 maxlen: 23
85.208.178.0/23 maxlen: 23
87.237.248.0/22 maxlen: 22
87.237.252.0/22 maxlen: 22
89.38.114.0/23 maxlen: 23
89.38.116.0/23 maxlen: 23
89.38.118.0/23 maxlen: 23
89.41.34.0/24 maxlen: 24
89.41.35.0/24 maxlen: 24
89.43.120.0/21 maxlen: 21
185.4.92.0/23 maxlen: 23
185.4.94.0/23 maxlen: 23
185.39.88.0/23 maxlen: 23
185.39.90.0/23 maxlen: 23
185.64.136.0/23 maxlen: 23
185.64.138.0/23 maxlen: 23
185.76.28.0/23 maxlen: 23
185.223.244.0/23 maxlen: 23
185.223.246.0/23 maxlen: 23
193.37.76.0/23 maxlen: 23
193.37.78.0/23 maxlen: 23
193.124.136.0/21 maxlen: 21
194.135.128.0/22 maxlen: 22
2a04:7d84::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/8ve5y7uJUqw_GW580Lik26XeEcM.crl
rsync://rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/8ve5y7uJUqw_GW580Lik26XeEcM.mft
rsync://rpki.ripe.net/repository/DEFAULT/8ve5y7uJUqw_GW580Lik26XeEcM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 17:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:7d:b7:04:d3:c3:a5:55:b6:50:2e:50:42:05:85:fe:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f2f7b9cbbb8952ac3f196e7cd0b8a4dba5de11c3
Validity
Not Before: Nov 13 14:55:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6da608a51f05cb71c64bdeed4f74e46e67523f36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:49:49:f9:64:51:10:3e:69:51:21:5b:a6:b3:
4e:61:7e:59:ba:4f:77:cf:9f:21:dc:54:e9:10:e6:
4f:83:10:5d:55:f4:4d:94:3e:67:ba:59:70:b7:5c:
94:f4:59:2d:75:d0:dd:9e:e5:67:0e:dd:74:6c:2d:
44:2f:f5:2a:98:14:0b:11:fc:53:1f:37:f8:8d:09:
8f:20:ae:03:94:a1:e5:24:e2:c0:09:14:89:58:ed:
e4:fc:df:c4:2a:75:0e:92:eb:96:80:c6:d8:1d:c9:
ed:64:6f:cb:ae:1d:a0:41:2a:3f:11:35:33:ff:4d:
fa:ab:52:46:a5:59:ce:38:69:28:28:fe:08:9a:bd:
51:2d:5b:27:91:9e:52:4e:1a:5b:fc:51:c8:f7:aa:
20:3b:27:c2:38:dd:7e:a4:55:1d:e1:60:b0:0a:da:
cb:34:7b:26:4e:36:14:ef:c3:8b:00:94:1f:35:1d:
87:58:48:bc:8d:00:99:9c:5c:2f:20:ff:bc:87:02:
61:20:2f:62:45:db:32:38:e9:b8:e4:b4:e7:80:e3:
ec:7f:21:d5:86:61:de:d2:6f:c3:ae:fd:fa:4f:a6:
41:77:66:af:8a:50:b8:f1:a4:ed:67:f6:ef:b0:28:
fb:b1:57:75:70:33:ee:cf:3e:d9:c6:d3:74:7a:80:
6a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:A6:08:A5:1F:05:CB:71:C6:4B:DE:ED:4F:74:E4:6E:67:52:3F:36
X509v3 Authority Key Identifier:
keyid:F2:F7:B9:CB:BB:89:52:AC:3F:19:6E:7C:D0:B8:A4:DB:A5:DE:11:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ve5y7uJUqw_GW580Lik26XeEcM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/baYIpR8Fy3HGS97tT3TkbmdSPzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/6714e9-3435-4e9e-a5ab-eb51949af446/1/8ve5y7uJUqw_GW580Lik26XeEcM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.190.0/23
45.92.188.0/22
78.142.200.0/22
80.173.208.0/20
85.208.176.0/22
87.237.248.0/21
89.38.114.0-89.38.119.255
89.41.34.0/23
89.43.120.0/21
185.4.92.0/22
185.39.88.0/22
185.64.136.0/22
185.76.28.0/23
185.223.244.0/22
193.37.76.0/22
193.124.136.0/21
194.135.128.0/22
IPv6:
2a04:7d84::/32
Signature Algorithm: sha256WithRSAEncryption
05:70:ed:66:53:a4:8d:0c:3e:5c:b0:d6:0d:e4:b0:c9:a5:52:
42:f4:c6:75:7c:a5:2a:9d:8d:c8:4a:c8:eb:4b:7b:b8:01:d8:
7f:9b:33:33:50:ef:c6:ad:3d:41:31:34:f6:ed:05:ca:47:72:
37:16:33:50:10:04:00:1c:0b:09:27:66:ab:b5:7c:7a:f0:47:
cd:d9:19:34:18:6e:5b:76:78:f0:e6:e5:4c:7f:89:8f:de:a2:
de:fc:68:83:2b:31:2e:3c:54:88:44:01:66:b2:4f:55:b3:41:
a2:98:a6:a6:ae:31:f3:d4:e0:55:12:34:96:ef:94:23:78:99:
1d:c5:1f:7a:89:a1:42:7f:9a:e2:9c:95:62:b9:56:30:80:0b:
df:e6:78:14:7f:4f:a9:7c:e4:33:1f:63:ed:8c:b0:3f:ef:99:
98:d1:f7:f6:c4:13:01:8b:49:c9:48:2f:7b:ee:6c:f4:f6:20:
f8:a9:01:c7:ab:2e:42:42:79:dd:d6:e1:8f:af:10:a6:d3:89:
4b:ba:89:ad:fe:6c:8e:72:23:34:f1:33:93:47:db:ad:59:b0:
ab:c5:f4:f6:7a:db:2a:0d:04:b5:21:84:43:c0:11:d6:42:1b:
e2:01:ea:b4:15:c6:c4:b5:f2:1f:bf:2d:f0:25:6c:57:cb:39:
c4:43:a5:4d
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZp9twTTw6VVtlAuUEIFhf6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZjdiOWNiYmI4OTUyYWMzZjE5NmU3Y2QwYjhhNGRiYTVk
ZTExYzMwHhcNMjUxMTEzMTQ1NTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGE2MDhhNTFmMDVjYjcxYzY0YmRlZWQ0Zjc0ZTQ2ZTY3NTIzZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0lJ+WRRED5pUSFbprNOYX5Zuk93
z58h3FTpEOZPgxBdVfRNlD5nullwt1yU9FktddDdnuVnDt10bC1EL/UqmBQLEfxT
Hzf4jQmPIK4DlKHlJOLACRSJWO3k/N/EKnUOkuuWgMbYHcntZG/Lrh2gQSo/ETUz
/036q1JGpVnOOGkoKP4Imr1RLVsnkZ5SThpb/FHI96ogOyfCON1+pFUd4WCwCtrL
NHsmTjYU78OLAJQfNR2HWEi8jQCZnFwvIP+8hwJhIC9iRdsyOOm45LTngOPsfyHV
hmHe0m/Drv36T6ZBd2avilC48aTtZ/bvsCj7sVd1cDPuzz7ZxtN0eoBqtQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFG2mCKUfBctxxkve7U905G5nUj82MB8GA1UdIwQY
MBaAFPL3ucu7iVKsPxlufNC4pNul3hHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHZlNXk3dUpVcXdfR1c1ODBMaWsyNlhlRWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My82NzE0ZTktMzQzNS00ZTllLWE1YWIt
ZWI1MTk0OWFmNDQ2LzEvYmFZSXBSOEZ5M0hHUzk3dFQzVGtibWRTUHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My82NzE0ZTktMzQzNS00ZTllLWE1YWItZWI1MTk0OWFmNDQ2
LzEvOHZlNXk3dUpVcXdfR1c1ODBMaWsyNlhlRWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTB0BAIAATBuAwQBBZq+
AwQCLVy8AwQCTo7IAwQEUK3QAwQCVdCwAwQDV+34MAwDBAFZJnIDBANZJnADBAFZ
KSIDBANZK3gDBAK5BFwDBAK5J1gDBAK5QIgDBAG5TBwDBAK53/QDBALBJUwDBAPB
fIgDBALCh4AwDQQCAAIwBwMFACoEfYQwDQYJKoZIhvcNAQELBQADggEBAAVw7WZT
pI0MPlyw1g3ksMmlUkL0xnV8pSqdjchKyOtLe7gB2H+bMzNQ78atPUExNPbtBcpH
cjcWM1AQBAAcCwknZqu1fHrwR83ZGTQYblt2ePDm5Ux/iY/eot78aIMrMS48VIhE
AWayT1WzQaKYpqauMfPU4FUSNJbvlCN4mR3FH3qJoUJ/muKclWK5VjCAC9/meBR/
T6l85DMfY+2MsD/vmZjR9/bEEwGLSclIL3vubPT2IPipAcerLkJCed3W4Y+vEKbT
iUu6ia3+bI5yIzTxM5NH261ZsKvF9PZ62yoNBLUhhEPAEdZCG+IB6rQVxsS18h+/
LfAlbFfLOcRDpU0=
-----END CERTIFICATE-----
Generated at Tue Nov 18 02:14:50 2025 by rpki-client