Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kOdUd0BJh7m4b0s0dCs4QgMWNUQ.roa
File: kOdUd0BJh7m4b0s0dCs4QgMWNUQ.roa (raw, json)
Hash identifier: tZ3TxxDR2EXxSPIMDVq3TJt9N6UyL2XMXlm7RgpGHLk=
Subject key identifier: 90:E7:54:77:40:49:87:B9:B8:6F:4B:34:74:2B:38:42:03:16:35:44
Certificate issuer: /CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Certificate serial: 019913AF1010BB576DED9B710A1256060E49
Authority key identifier: A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kOdUd0BJh7m4b0s0dCs4QgMWNUQ.roa
Signing time: Thu 04 Sep 2025 07:44:24 +0000
ROA not before: Thu 04 Sep 2025 07:44:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8473
IP address blocks: 5.150.192.0/18 maxlen: 18
37.123.128.0/18 maxlen: 18
46.59.0.0/17 maxlen: 17
62.63.192.0/18 maxlen: 18
79.136.0.0/17 maxlen: 17
79.136.72.0/22 maxlen: 22
81.170.128.0/17 maxlen: 17
82.196.96.0/19 maxlen: 19
85.24.128.0/17 maxlen: 17
91.132.176.0/22 maxlen: 22
94.254.0.0/17 maxlen: 17
98.128.0.0/16 maxlen: 16
109.228.128.0/18 maxlen: 18
176.10.128.0/17 maxlen: 17
178.174.128.0/17 maxlen: 17
185.9.60.0/22 maxlen: 22
185.57.4.0/22 maxlen: 22
185.90.176.0/22 maxlen: 22
195.178.160.0/19 maxlen: 19
212.85.64.0/19 maxlen: 19
212.116.64.0/19 maxlen: 19
213.80.96.0/19 maxlen: 19
213.80.120.0/24 maxlen: 24
213.80.125.0/24 maxlen: 24
213.136.32.0/19 maxlen: 19
213.164.192.0/19 maxlen: 19
217.27.160.0/19 maxlen: 19
217.27.164.0/23 maxlen: 23
217.31.160.0/19 maxlen: 19
2001:9b0::/29 maxlen: 29
2001:9b0::/32 maxlen: 32
2001:9b2::/34 maxlen: 34
2001:9b2:4000::/34 maxlen: 34
2001:9b2:c000::/34 maxlen: 34
2a02:508::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.mft
rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:13:af:10:10:bb:57:6d:ed:9b:71:0a:12:56:06:0e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Validity
Not Before: Sep 4 07:44:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90e75477404987b9b86f4b34742b384203163544
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:22:87:05:88:c6:0b:61:4e:c5:f6:de:a8:12:
37:c9:4a:5a:e1:3e:a8:bb:fd:11:ba:46:36:78:41:
80:a9:a5:bf:92:7b:84:8d:69:b2:03:cc:fe:1d:d2:
5c:c4:19:b7:8c:1f:86:f0:f2:09:3c:bb:4d:47:02:
dd:a7:2d:0f:03:a3:05:df:ef:ed:1c:f4:a2:95:46:
1c:4c:1e:af:73:6c:e2:56:d2:12:9b:3c:be:88:1e:
f5:51:d9:9a:80:3d:6b:33:27:cc:54:cd:f2:a6:63:
f3:a0:ff:d1:d2:4b:29:26:bc:04:70:ea:b0:66:64:
c1:ad:6a:d5:68:c2:17:8f:1e:bb:e2:43:27:5e:58:
25:61:fc:ca:d3:2c:54:4b:f8:c5:1b:d4:63:2f:52:
b6:6f:69:84:04:7e:d9:64:0d:db:c5:93:99:61:86:
78:31:0e:a3:82:2e:f8:29:1e:6d:3e:1d:52:ec:de:
f4:ed:ca:b6:9a:5c:fc:ef:e5:5f:34:26:02:36:4f:
08:dc:c0:55:43:17:18:a4:c9:62:9d:b4:ac:72:46:
10:d6:98:98:52:54:2a:74:b6:23:51:46:3d:5c:8d:
05:bd:19:fd:ed:33:2c:53:bd:38:52:6b:fe:ee:f1:
8a:d1:2c:26:b2:40:16:64:cd:73:92:6c:f3:24:cb:
0e:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:E7:54:77:40:49:87:B9:B8:6F:4B:34:74:2B:38:42:03:16:35:44
X509v3 Authority Key Identifier:
keyid:A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/kOdUd0BJh7m4b0s0dCs4QgMWNUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.150.192.0/18
37.123.128.0/18
46.59.0.0/17
62.63.192.0/18
79.136.0.0/17
81.170.128.0/17
82.196.96.0/19
85.24.128.0/17
91.132.176.0/22
94.254.0.0/17
98.128.0.0/16
109.228.128.0/18
176.10.128.0/17
178.174.128.0/17
185.9.60.0/22
185.57.4.0/22
185.90.176.0/22
195.178.160.0/19
212.85.64.0/19
212.116.64.0/19
213.80.96.0/19
213.136.32.0/19
213.164.192.0/19
217.27.160.0/19
217.31.160.0/19
IPv6:
2001:9b0::/29
2a02:508::/29
Signature Algorithm: sha256WithRSAEncryption
99:49:a6:76:0f:b8:ca:b3:ed:b8:82:95:db:11:3d:c2:91:36:
45:27:93:39:80:a9:87:d3:5a:7b:a2:3e:82:a7:6d:23:5a:e5:
5f:24:16:44:d8:20:bb:99:f2:33:3b:6b:18:7e:a9:db:51:0d:
22:9d:d5:91:6f:94:5d:bd:7c:b6:f0:fa:7d:3c:39:93:9c:42:
89:78:25:e0:21:92:6e:42:ab:46:f8:ed:bc:9f:22:4c:ed:64:
7c:fc:31:3f:92:65:d3:c3:2c:f7:5f:b1:bd:c5:bf:4b:ca:52:
71:c8:2f:3b:02:9b:83:eb:00:ca:9d:28:42:b1:63:22:63:d7:
59:c9:0b:b0:42:29:a4:3e:68:64:e8:4f:71:26:5a:b6:3d:31:
c1:a2:8e:e8:6a:71:e3:3a:18:76:93:74:ef:c6:cc:af:84:9c:
60:bf:e6:e8:9d:10:86:f2:d0:42:3b:3d:af:2d:a6:ba:34:0f:
8d:75:a5:be:cb:9a:34:88:0b:ac:21:ea:39:10:11:a8:19:77:
38:01:6c:d8:da:06:32:64:64:e8:d1:c3:97:08:d7:2e:54:69:
e8:23:7a:b0:db:a2:40:90:da:f8:35:2f:91:df:f0:b1:65:e0:
36:88:2d:4d:2e:df:61:49:30:2e:72:ba:71:dc:3e:45:09:fa:
5d:27:07:6f
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgISAZkTrxAQu1dt7ZtxChJWBg5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMjJmMjI5ZWRjMmYzMTRhMmZhNWVmMGQ3YWYxZGRkYjQ5
OWVhMzEwHhcNMjUwOTA0MDc0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGU3NTQ3NzQwNDk4N2I5Yjg2ZjRiMzQ3NDJiMzg0MjAzMTYzNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiKHBYjGC2FOxfbeqBI3yUpa4T6o
u/0RukY2eEGAqaW/knuEjWmyA8z+HdJcxBm3jB+G8PIJPLtNRwLdpy0PA6MF3+/t
HPSilUYcTB6vc2ziVtISmzy+iB71UdmagD1rMyfMVM3ypmPzoP/R0kspJrwEcOqw
ZmTBrWrVaMIXjx674kMnXlglYfzK0yxUS/jFG9RjL1K2b2mEBH7ZZA3bxZOZYYZ4
MQ6jgi74KR5tPh1S7N707cq2mlz87+VfNCYCNk8I3MBVQxcYpMlinbSsckYQ1piY
UlQqdLYjUUY9XI0FvRn97TMsU704Umv+7vGK0SwmskAWZM1zkmzzJMsOYQIDAQAB
o4ICszCCAq8wHQYDVR0OBBYEFJDnVHdASYe5uG9LNHQrOEIDFjVEMB8GA1UdIwQY
MBaAFKMi8intwvMUovpe8NevHd20meoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgt
NjVmODI0N2ZmYTkxLzEva09kVWQwQkpoN200YjBzMGRDczRRZ01XTlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgtNjVmODI0N2ZmYTkx
LzEvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHIBggrBgEFBQcBBwEB/wSBuDCBtTCBnAQCAAEwgZUDBAYF
lsADBAYle4ADBAcuOwADBAY+P8ADBAdPiAADBAdRqoADBAVSxGADBAdVGIADBAJb
hLADBAde/gADAwBigAMEBm3kgAMEB7AKgAMEB7KugAMEArkJPAMEArk5BAMEArla
sAMEBcOyoAMEBdRVQAMEBdR0QAMEBdVQYAMEBdWIIAMEBdWkwAMEBdkboAMEBdkf
oDAUBAIAAjAOAwUDIAEJsAMFAyoCBQgwDQYJKoZIhvcNAQELBQADggEBAJlJpnYP
uMqz7biCldsRPcKRNkUnkzmAqYfTWnuiPoKnbSNa5V8kFkTYILuZ8jM7axh+qdtR
DSKd1ZFvlF29fLbw+n08OZOcQol4JeAhkm5Cq0b47byfIkztZHz8MT+SZdPDLPdf
sb3Fv0vKUnHILzsCm4PrAMqdKEKxYyJj11nJC7BCKaQ+aGToT3EmWrY9McGijuhq
ceM6GHaTdO/GzK+EnGC/5uidEIby0EI7Pa8tpro0D411pb7LmjSIC6wh6jkQEagZ
dzgBbNjaBjJkZOjRw5cI1y5UaegjerDbokCQ2vg1L5Hf8LFl4DaILU0u32FJMC5y
unHcPkUJ+l0nB28=
-----END CERTIFICATE-----
Generated at Wed Sep 10 11:29:43 2025 by rpki-client