Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/AtIP5ngZsZvLRLdKp4SplghlszA.roa
File: AtIP5ngZsZvLRLdKp4SplghlszA.roa (raw, json)
Hash identifier: YOwr+/qAiLn7cRZe8CWbtE+p57/1ofu78ENjFkLRmHY=
Subject key identifier: 02:D2:0F:E6:78:19:B1:9B:CB:44:B7:4A:A7:84:A9:96:08:65:B3:30
Certificate issuer: /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial: 019A0231411276712CA67954E0B19085AE3B
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/AtIP5ngZsZvLRLdKp4SplghlszA.roa
Signing time: Mon 20 Oct 2025 15:16:13 +0000
ROA not before: Mon 20 Oct 2025 15:16:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 45.66.135.0/24 maxlen: 24
45.67.55.0/24 maxlen: 24
45.82.165.0/24 maxlen: 24
45.85.2.0/24 maxlen: 24
45.90.140.0/24 maxlen: 24
45.128.152.0/24 maxlen: 24
45.134.18.0/24 maxlen: 24
45.144.242.0/24 maxlen: 24
45.144.243.0/24 maxlen: 24
81.90.190.0/24 maxlen: 24
89.31.124.0/24 maxlen: 24
91.220.202.0/24 maxlen: 24
91.220.203.0/24 maxlen: 24
147.78.14.0/24 maxlen: 24
152.89.210.0/24 maxlen: 24
185.105.191.0/24 maxlen: 24
185.120.17.0/24 maxlen: 24
185.126.68.0/24 maxlen: 24
185.126.136.0/24 maxlen: 24
185.126.137.0/24 maxlen: 24
185.126.224.0/24 maxlen: 24
185.126.227.0/24 maxlen: 24
185.167.117.0/24 maxlen: 24
185.167.118.0/24 maxlen: 24
185.167.119.0/24 maxlen: 24
185.171.122.0/24 maxlen: 24
185.171.123.0/24 maxlen: 24
185.172.114.0/24 maxlen: 24
185.175.142.0/24 maxlen: 24
185.175.143.0/24 maxlen: 24
185.187.236.0/24 maxlen: 24
188.119.102.0/24 maxlen: 24
192.54.56.0/24 maxlen: 24
192.54.58.0/24 maxlen: 24
192.54.59.0/24 maxlen: 24
193.37.56.0/24 maxlen: 24
193.37.57.0/24 maxlen: 24
193.38.136.0/24 maxlen: 24
194.124.32.0/24 maxlen: 24
194.156.229.0/24 maxlen: 24
2a0c:8a40:2::/48 maxlen: 48
2a0c:8a41:a300::/64 maxlen: 64
2a0c:8a47::/32 maxlen: 32
2a0c:8a47::/36 maxlen: 36
2a0c:8a47:1000::/36 maxlen: 36
2a0c:8a47:2000::/36 maxlen: 36
2a0c:8a47:3000::/36 maxlen: 36
2a0c:8a47:4000::/36 maxlen: 36
2a0c:8a47:5000::/36 maxlen: 36
2a0c:8a47:6000::/36 maxlen: 36
2a0c:8a47:7000::/36 maxlen: 36
2a0c:8a47:8000::/36 maxlen: 36
2a0c:8a47:9000::/36 maxlen: 36
2a0c:8a47:a000::/36 maxlen: 36
2a0c:8a47:b000::/36 maxlen: 36
2a0c:8a47:c000::/36 maxlen: 36
2a0c:8a47:d000::/36 maxlen: 36
2a0c:8a47:e000::/36 maxlen: 36
2a0c:8a47:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Oct 2025 08:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:31:41:12:76:71:2c:a6:79:54:e0:b1:90:85:ae:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Validity
Not Before: Oct 20 15:16:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=02d20fe67819b19bcb44b74aa784a9960865b330
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:aa:d3:bc:87:65:a8:be:4c:66:11:86:a0:7e:
d0:14:b5:00:cc:62:63:5a:72:a4:41:d0:88:bb:2a:
13:1e:4a:18:60:73:cc:e7:d6:76:25:17:b3:12:2b:
19:77:80:d9:ce:fe:6c:b7:c1:5a:d2:9d:5f:7f:d6:
d9:81:8a:47:d2:ad:13:40:73:1c:26:9c:63:ff:43:
32:9e:b3:00:6b:9b:b1:b3:5f:25:dc:7e:e6:66:a6:
e8:69:c5:89:35:0f:71:e1:14:f5:b0:0e:91:33:48:
5f:fe:ca:9e:c2:61:71:cd:5f:25:9a:e4:ef:eb:4f:
8b:10:c0:48:35:d8:87:ed:a5:15:e0:63:52:95:f2:
45:5a:a7:37:eb:ee:8b:ac:bb:47:32:17:86:db:8a:
2c:45:93:ff:9a:c2:2d:bb:ec:b1:6f:00:2f:e7:05:
2f:8d:7b:80:4a:cf:55:78:31:4a:a4:b9:a9:dd:1a:
5c:b9:04:d6:e7:8c:d7:cb:84:84:38:ca:bc:ce:a4:
ce:cf:9e:14:93:43:e1:27:a2:73:3e:90:16:89:fb:
b3:85:99:c2:46:a7:a1:e9:5e:34:a6:20:8d:0b:e2:
14:48:0b:cd:8c:c6:77:ac:1d:35:42:f4:4f:ac:0f:
06:bb:29:45:6b:6b:c6:55:2e:07:4b:84:03:54:e7:
79:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:D2:0F:E6:78:19:B1:9B:CB:44:B7:4A:A7:84:A9:96:08:65:B3:30
X509v3 Authority Key Identifier:
keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/AtIP5ngZsZvLRLdKp4SplghlszA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.135.0/24
45.67.55.0/24
45.82.165.0/24
45.85.2.0/24
45.90.140.0/24
45.128.152.0/24
45.134.18.0/24
45.144.242.0/23
81.90.190.0/24
89.31.124.0/24
91.220.202.0/23
147.78.14.0/24
152.89.210.0/24
185.105.191.0/24
185.120.17.0/24
185.126.68.0/24
185.126.136.0/23
185.126.224.0/24
185.126.227.0/24
185.167.117.0-185.167.119.255
185.171.122.0/23
185.172.114.0/24
185.175.142.0/23
185.187.236.0/24
188.119.102.0/24
192.54.56.0/24
192.54.58.0/23
193.37.56.0/23
193.38.136.0/24
194.124.32.0/24
194.156.229.0/24
IPv6:
2a0c:8a40:2::/48
2a0c:8a41:a300::/64
2a0c:8a47::/32
Signature Algorithm: sha256WithRSAEncryption
1b:bf:32:f3:36:43:5b:40:db:83:18:5d:5b:20:7c:19:7e:d6:
48:2c:12:52:55:20:09:26:21:32:c7:ab:ff:55:95:f6:b7:e5:
9e:25:3d:25:68:45:ed:ee:e7:43:83:f8:eb:8e:95:d8:c3:0e:
0d:97:e9:31:55:41:6a:3d:02:37:82:80:d4:c6:a1:77:a5:35:
9c:70:88:b5:b0:cc:68:e0:77:e1:de:01:46:64:cc:f3:30:6d:
17:4d:1c:6c:e3:80:54:57:f8:4a:19:d9:a4:bc:33:35:7e:a6:
55:f2:d5:55:fc:cc:23:66:a3:b5:0a:db:ce:d2:94:cd:13:bb:
ff:fa:38:df:99:dc:1a:74:fc:f4:db:c6:b9:6c:de:7b:ac:13:
4b:e4:f3:5f:d8:38:61:bd:6b:68:56:64:b0:13:ca:74:3f:aa:
b7:fe:37:fa:49:a7:7c:1d:5b:a3:8d:d2:79:c6:f4:bf:3f:15:
5f:3f:e7:92:9d:4e:e4:1a:d8:e5:37:4a:14:42:4d:3a:48:88:
9a:95:03:7c:28:ca:11:11:8d:68:4a:6c:5d:40:fa:28:88:38:
c4:cb:f3:b2:08:d4:97:f1:a3:98:7f:d1:4c:41:b7:3d:21:dc:
bf:ee:76:8d:55:f2:59:38:b4:f3:dd:64:a1:f8:8d:65:3f:84:
0c:72:6b:13
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgISAZoCMUESdnEspnlU4LGQha47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUxMDIwMTUxNjEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQyMGZlNjc4MTliMTliY2I0NGI3NGFhNzg0YTk5NjA4NjViMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6rTvIdlqL5MZhGGoH7QFLUAzGJj
WnKkQdCIuyoTHkoYYHPM59Z2JRezEisZd4DZzv5st8Fa0p1ff9bZgYpH0q0TQHMc
Jpxj/0MynrMAa5uxs18l3H7mZqboacWJNQ9x4RT1sA6RM0hf/sqewmFxzV8lmuTv
60+LEMBINdiH7aUV4GNSlfJFWqc36+6LrLtHMheG24osRZP/msItu+yxbwAv5wUv
jXuASs9VeDFKpLmp3RpcuQTW54zXy4SEOMq8zqTOz54Uk0PhJ6JzPpAWifuzhZnC
Rqeh6V40piCNC+IUSAvNjMZ3rB01QvRPrA8GuylFa2vGVS4HS4QDVOd5OQIDAQAB
o4IC7jCCAuowHQYDVR0OBBYEFALSD+Z4GbGby0S3SqeEqZYIZbMwMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvQXRJUDVuZ1pzWnZMUkxkS3A0U3BsZ2hsc3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAgYIKwYBBQUHAQcBAf8EgfIwge8wgckEAgABMIHCAwQA
LUKHAwQALUM3AwQALVKlAwQALVUCAwQALVqMAwQALYCYAwQALYYSAwQBLZDyAwQA
UVq+AwQAWR98AwQBW9zKAwQAk04OAwQAmFnSAwQAuWm/AwQAuXgRAwQAuX5EAwQB
uX6IAwQAuX7gAwQAuX7jMAwDBAC5p3UDBAO5p3ADBAG5q3oDBAC5rHIDBAG5r44D
BAC5u+wDBAC8d2YDBADANjgDBAHANjoDBAHBJTgDBADBJogDBADCfCADBADCnOUw
IQQCAAIwGwMHACoMikAAAgMJACoMikGjAAAAAwUAKgyKRzANBgkqhkiG9w0BAQsF
AAOCAQEAG78y8zZDW0DbgxhdWyB8GX7WSCwSUlUgCSYhMser/1WV9rflniU9JWhF
7e7nQ4P4646V2MMODZfpMVVBaj0CN4KA1Mahd6U1nHCItbDMaOB34d4BRmTM8zBt
F00cbOOAVFf4ShnZpLwzNX6mVfLVVfzMI2ajtQrbztKUzRO7//o435ncGnT89NvG
uWzee6wTS+TzX9g4Yb1raFZksBPKdD+qt/43+kmnfB1bo43Secb0vz8VXz/nkp1O
5BrY5TdKFEJNOkiImpUDfCjKERGNaEpsXUD6KIg4xMvzsgjUl/GjmH/RTEG3PSHc
v+52jVXyWTi0891kofiNZT+EDHJrEw==
-----END CERTIFICATE-----
Generated at Wed Oct 22 15:38:21 2025 by rpki-client