Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/wmru7gkbD0Q5jhTBil0o1n-XXZY.roa
File: wmru7gkbD0Q5jhTBil0o1n-XXZY.roa (raw, json)
Hash identifier: aLSYcM7LxiQjHNTeSZsVR17gcFojmK5wcKMA+W/GnL8=
Subject key identifier: C2:6A:EE:EE:09:1B:0F:44:39:8E:14:C1:8A:5D:28:D6:7F:97:5D:96
Certificate issuer: /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial: 0198BCBB8BF12B74E703196B46AD1E510AF1
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/wmru7gkbD0Q5jhTBil0o1n-XXZY.roa
Signing time: Mon 18 Aug 2025 10:31:04 +0000
ROA not before: Mon 18 Aug 2025 10:31:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 45.128.20.0/22 maxlen: 24
46.183.210.0/23 maxlen: 24
46.183.212.0/22 maxlen: 24
82.97.196.0/23 maxlen: 24
85.204.241.0/24 maxlen: 24
89.38.106.0/23 maxlen: 24
89.39.214.0/24 maxlen: 24
91.238.148.0/23 maxlen: 24
103.218.252.0/24 maxlen: 24
136.242.96.0/19 maxlen: 24
176.223.168.0/22 maxlen: 24
185.77.250.0/23 maxlen: 24
188.211.250.0/24 maxlen: 24
188.211.251.0/24 maxlen: 24
188.212.131.0/24 maxlen: 24
188.214.89.0/24 maxlen: 24
188.215.233.0/24 maxlen: 24
188.241.59.0/24 maxlen: 24
188.241.127.0/24 maxlen: 24
188.241.128.0/22 maxlen: 24
188.241.132.0/23 maxlen: 24
193.37.200.0/22 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.24.234.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.135.26.0/24 maxlen: 24
194.135.27.0/24 maxlen: 24
194.135.132.0/23 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
203.168.136.0/21 maxlen: 24
203.168.144.0/20 maxlen: 24
207.45.0.0/21 maxlen: 24
207.45.24.0/21 maxlen: 24
213.159.10.0/23 maxlen: 24
213.159.12.0/23 maxlen: 24
222.167.96.0/19 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 01:02:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:bc:bb:8b:f1:2b:74:e7:03:19:6b:46:ad:1e:51:0a:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Validity
Not Before: Aug 18 10:31:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c26aeeee091b0f44398e14c18a5d28d67f975d96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:97:9a:85:2d:9e:e4:8e:54:d0:fc:da:64:45:
56:75:27:2f:fc:9c:f7:39:60:3b:c0:9d:62:cc:c1:
a1:d5:f1:06:dd:bf:b3:5c:8f:77:9d:e8:c4:cb:7f:
53:27:f3:42:17:df:48:9e:57:1d:4b:1a:c4:77:fe:
1c:61:83:f5:d4:e9:84:45:2d:52:ad:19:19:9c:6f:
2c:7d:68:62:f1:51:23:da:35:ac:f0:75:18:a8:cc:
ed:d8:44:63:4a:ac:6f:07:da:df:6e:e9:81:49:2c:
ca:b3:3e:ae:fc:49:66:e8:fa:59:2b:3c:0e:c8:87:
15:f0:89:5b:2c:4c:0a:3a:d4:2b:46:b6:a2:b0:57:
0d:2c:a3:75:7d:e9:58:7a:af:80:31:4c:4f:c9:20:
80:bb:90:81:5c:3f:6f:4f:95:1b:0e:e5:e5:3a:ab:
05:ce:b7:24:77:5a:6c:a4:49:55:38:3f:b8:26:e5:
df:b5:29:27:20:0b:a2:94:36:17:34:d0:4c:09:06:
d7:bd:37:66:a5:1b:ab:1d:5a:d7:93:02:ff:11:0e:
bd:f5:37:4a:c8:ae:ea:f7:e3:be:f8:cf:19:37:a2:
3f:7e:30:47:60:d6:6e:02:7e:54:0a:82:61:9a:75:
22:4d:4c:1d:77:fa:24:52:bc:6f:64:f3:21:d2:cc:
c2:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:6A:EE:EE:09:1B:0F:44:39:8E:14:C1:8A:5D:28:D6:7F:97:5D:96
X509v3 Authority Key Identifier:
keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/wmru7gkbD0Q5jhTBil0o1n-XXZY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.20.0/22
46.183.210.0-46.183.215.255
82.97.196.0/23
85.204.241.0/24
89.38.106.0/23
89.39.214.0/24
91.238.148.0/23
103.218.252.0/24
136.242.96.0/19
176.223.168.0/22
185.77.250.0/23
188.211.250.0/23
188.212.131.0/24
188.214.89.0/24
188.215.233.0/24
188.241.59.0/24
188.241.127.0-188.241.133.255
193.37.200.0/22
193.169.8.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.24.234.0/23
194.88.134.0/23
194.135.26.0/23
194.135.132.0/23
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.93.140.0/23
195.128.188.0/23
195.133.208.0/23
195.135.192.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
203.168.136.0-203.168.159.255
207.45.0.0/21
207.45.24.0/21
213.159.10.0-213.159.13.255
222.167.96.0/19
Signature Algorithm: sha256WithRSAEncryption
7a:7a:41:31:6a:d6:b5:66:01:6f:0e:bf:83:0b:90:f0:1b:80:
2e:01:59:ee:90:01:32:f8:46:68:2f:9e:a3:97:4c:f8:58:ad:
a5:28:44:29:75:84:97:a7:ba:cd:31:a9:11:3b:99:89:4d:b0:
ff:0c:65:d8:90:d0:0d:d6:f5:7d:75:46:7e:73:34:46:9e:51:
24:3c:7b:62:ae:ef:d8:4f:19:c8:4b:90:93:ec:a1:a5:a7:1b:
1c:50:41:f8:4e:ef:d2:a7:ec:8d:ea:f1:45:5b:ce:aa:6f:59:
f1:bb:82:b9:1c:88:0d:51:8a:ac:e9:44:f8:a7:1a:43:19:7f:
16:bd:13:6e:cf:74:88:35:08:3b:65:cb:b6:20:c2:5c:1e:05:
3b:11:76:57:ea:3d:c6:7b:12:2f:23:b5:ed:2f:27:03:e6:48:
01:f1:70:e3:37:63:72:05:7a:85:bd:4a:24:52:20:0e:2d:f4:
6c:32:90:e6:45:e4:8d:b1:ba:ba:e2:cb:f4:b4:e9:d3:45:ab:
2f:66:24:5e:76:cc:bd:c4:79:b3:b1:a1:00:dd:b1:d7:69:13:
13:d4:af:ad:d3:cc:ed:d0:82:b4:56:19:27:3b:6b:a6:a3:25:
e6:32:b5:9b:97:7c:00:3f:43:85:4d:0c:fe:a7:14:75:29:9b:
09:a5:d0:2d
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgISAZi8u4vxK3TnAxlrRq0eUQrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjUwODE4MTAzMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjZhZWVlZTA5MWIwZjQ0Mzk4ZTE0YzE4YTVkMjhkNjdmOTc1ZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJeahS2e5I5U0PzaZEVWdScv/Jz3
OWA7wJ1izMGh1fEG3b+zXI93nejEy39TJ/NCF99InlcdSxrEd/4cYYP11OmERS1S
rRkZnG8sfWhi8VEj2jWs8HUYqMzt2ERjSqxvB9rfbumBSSzKsz6u/Elm6PpZKzwO
yIcV8IlbLEwKOtQrRraisFcNLKN1felYeq+AMUxPySCAu5CBXD9vT5UbDuXlOqsF
zrckd1pspElVOD+4JuXftSknIAuilDYXNNBMCQbXvTdmpRurHVrXkwL/EQ699TdK
yK7q9+O++M8ZN6I/fjBHYNZuAn5UCoJhmnUiTUwdd/okUrxvZPMh0szC/wIDAQAB
o4IDKTCCAyUwHQYDVR0OBBYEFMJq7u4JGw9EOY4UwYpdKNZ/l12WMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvd21ydTdna2JEMFE1amhUQmlsMG8xbi1YWFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPQYIKwYBBQUHAQcBAf8EggEsMIIBKDCCASQEAgABMIIB
HAMEAi2AFDAMAwQBLrfSAwQDLrfQAwQBUmHEAwQAVczxAwQBWSZqAwQAWSfWAwQB
W+6UAwQAZ9r8AwQFiPJgAwQCsN+oAwQBuU36AwQBvNP6AwQAvNSDAwQAvNZZAwQA
vNfpAwQAvPE7MAwDBAC88X8DBAG88YQDBALBJcgDBAHBqQgDBAHBwDQDBAHB76wD
BAHB7/YDBAHCGOoDBAHCWIYDBAHChxoDBAHCh4QDBAHC9moDBAHDAsQDBAHDDTAD
BAHDIlADBAHDXYwDBAHDgLwDBAHDhdADBAHDh8ADBAHDvfoDBAHD0iwDBAHD/oww
DAMEA8uoiAMEBcuogAMEA88tAAMEA88tGDAMAwQB1Z8KAwQB1Z8MAwQF3qdgMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ekExata1ZgFvDr+DC5DwG4AuAVnukAEy+EZoL56j
l0z4WK2lKEQpdYSXp7rNMakRO5mJTbD/DGXYkNAN1vV9dUZ+czRGnlEkPHtiru/Y
TxnIS5CT7KGlpxscUEH4Tu/Sp+yN6vFFW86qb1nxu4K5HIgNUYqs6UT4pxpDGX8W
vRNuz3SINQg7Zcu2IMJcHgU7EXZX6j3GexIvI7XtLycD5kgB8XDjN2NyBXqFvUok
UiAOLfRsMpDmReSNsbq64sv0tOnTRasvZiRedsy9xHmzsaEA3bHXaRMT1K+t08zt
0IK0VhknO2umoyXmMrWbl3wAP0OFTQz+pxR1KZsJpdAt
-----END CERTIFICATE-----
Generated at Thu Aug 21 11:12:46 2025 by rpki-client