Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1IkUFPE7McXi1HD6UxtmmnSxBgQ.roa
File: 1IkUFPE7McXi1HD6UxtmmnSxBgQ.roa (raw, json)
Hash identifier: zZn1MQXeGsBXlu90OlPK2GL5ikN25RsLsWbRjDYsFE4=
Subject key identifier: D4:89:14:14:F1:3B:31:C5:E2:D4:70:FA:53:1B:66:9A:74:B1:06:04
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019970670531DAB5CACFEF61F5BF613D4693
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1IkUFPE7McXi1HD6UxtmmnSxBgQ.roa
Signing time: Mon 22 Sep 2025 07:50:23 +0000
ROA not before: Mon 22 Sep 2025 07:50:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 2.58.148.0/24 maxlen: 24
2.58.149.0/24 maxlen: 24
2.58.150.0/24 maxlen: 24
2.58.151.0/24 maxlen: 24
37.46.149.0/24 maxlen: 24
45.91.149.0/24 maxlen: 24
45.129.132.0/24 maxlen: 24
45.129.133.0/24 maxlen: 24
45.135.184.0/24 maxlen: 24
45.135.187.0/24 maxlen: 24
45.143.53.0/24 maxlen: 24
45.145.44.0/24 maxlen: 24
45.145.45.0/24 maxlen: 24
45.145.47.0/24 maxlen: 24
62.197.144.0/24 maxlen: 24
62.197.147.0/24 maxlen: 24
62.197.148.0/24 maxlen: 24
62.197.150.0/24 maxlen: 24
62.197.151.0/24 maxlen: 24
62.197.152.0/24 maxlen: 24
62.197.159.0/24 maxlen: 24
84.247.25.0/24 maxlen: 24
84.247.26.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
89.36.22.0/24 maxlen: 24
89.37.62.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
92.62.121.0/24 maxlen: 24
93.115.254.0/24 maxlen: 24
93.115.255.0/24 maxlen: 24
94.103.249.0/24 maxlen: 24
94.103.250.0/24 maxlen: 24
185.121.121.0/24 maxlen: 24
185.121.122.0/24 maxlen: 24
185.121.123.0/24 maxlen: 24
185.184.134.0/24 maxlen: 24
185.205.190.0/24 maxlen: 24
185.239.241.0/24 maxlen: 24
185.239.243.0/24 maxlen: 24
185.244.137.0/24 maxlen: 24
185.245.5.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.240.68.0/24 maxlen: 24
188.240.74.0/24 maxlen: 24
193.19.108.0/24 maxlen: 24
193.218.32.0/24 maxlen: 24
193.239.164.0/24 maxlen: 24
193.239.165.0/24 maxlen: 24
194.169.169.0/24 maxlen: 24
212.119.34.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:70:67:05:31:da:b5:ca:cf:ef:61:f5:bf:61:3d:46:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Sep 22 07:50:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4891414f13b31c5e2d470fa531b669a74b10604
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:26:f4:59:5a:38:aa:9b:09:46:ab:2d:2d:71:
33:03:63:7b:b6:7f:48:66:3f:3e:fa:41:05:24:58:
97:26:68:59:8a:a7:eb:70:43:fb:2f:14:4f:5f:40:
fd:46:c5:06:e4:09:7d:d2:c8:e2:c6:d9:6d:8e:75:
c0:9b:9d:3c:98:da:e6:d2:b0:41:c3:fd:27:66:3d:
ed:a1:0b:55:6f:82:f6:d7:d5:17:4b:64:e4:92:bf:
62:91:ca:cd:bb:7a:7b:b9:c0:74:85:f6:7b:b8:24:
75:f5:77:20:4d:61:f1:87:be:c2:5d:b7:a7:36:fc:
8c:23:35:6e:42:d5:ac:60:72:0d:ac:96:4c:94:a3:
64:7f:46:d2:34:36:cb:0a:c8:15:fb:9d:4c:2d:cb:
c6:6a:e5:4b:e3:bf:b0:76:d1:d3:4a:76:d5:1d:2d:
61:76:c8:a6:ff:89:ff:ac:7c:a8:b9:e4:13:03:d9:
01:a0:0c:0e:bc:0d:73:23:d2:67:84:0c:5c:35:44:
9c:6d:20:b1:40:54:8c:d5:f9:a1:96:74:44:37:92:
2d:9f:32:6b:bb:34:a1:a6:05:b1:c8:2e:31:84:35:
da:2c:4a:98:31:ba:6e:4b:05:2c:19:42:f1:02:c6:
7d:0a:15:a1:a5:7e:a9:05:e2:54:b0:36:bf:db:5c:
f6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:89:14:14:F1:3B:31:C5:E2:D4:70:FA:53:1B:66:9A:74:B1:06:04
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1IkUFPE7McXi1HD6UxtmmnSxBgQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.148.0/22
37.46.149.0/24
45.91.149.0/24
45.129.132.0/23
45.135.184.0/24
45.135.187.0/24
45.143.53.0/24
45.145.44.0/23
45.145.47.0/24
62.197.144.0/24
62.197.147.0-62.197.148.255
62.197.150.0-62.197.152.255
62.197.159.0/24
84.247.25.0-84.247.26.255
89.33.84.0/24
89.36.22.0/24
89.37.62.0/23
89.43.199.0/24
89.46.92.0/24
92.62.121.0/24
93.115.254.0/23
94.103.249.0-94.103.250.255
185.121.121.0-185.121.123.255
185.184.134.0/24
185.205.190.0/24
185.239.241.0/24
185.239.243.0/24
185.244.137.0/24
185.245.5.0/24
188.212.132.0/24
188.240.68.0/24
188.240.74.0/24
193.19.108.0/24
193.218.32.0/24
193.239.164.0/23
194.169.169.0/24
212.119.34.0/24
Signature Algorithm: sha256WithRSAEncryption
97:44:a2:39:46:7e:39:6e:6d:c7:7b:59:64:ab:44:35:0f:4e:
e3:c3:88:17:13:4f:c8:c4:61:d3:da:60:46:67:ef:d6:5a:62:
47:91:32:59:51:bd:7e:0e:c1:6c:67:5b:d6:14:21:ae:3a:17:
f2:36:89:8c:da:fc:03:de:3f:18:c0:0c:82:be:59:53:e2:c6:
4b:8c:f9:c3:07:f4:5d:f7:fc:f5:c3:07:75:a9:04:ea:36:cb:
24:0f:1d:b7:ab:15:51:21:8f:5c:98:6b:5d:66:90:35:72:04:
63:7a:9c:99:ae:03:ef:81:bb:be:8d:0e:8f:ff:cf:e2:33:f6:
14:6c:4c:e0:c2:15:2c:0d:15:a9:43:71:cb:e5:2d:fe:d4:6d:
6b:ef:01:52:98:5f:89:94:82:51:24:7e:5a:75:02:47:03:cc:
ab:c9:ed:be:89:ec:6e:df:16:68:ce:b9:0d:8c:a5:e7:96:7d:
0b:5e:68:c7:dc:bc:01:01:7b:87:79:ea:41:bf:54:f4:29:ce:
83:87:20:5c:3b:f9:88:2a:e0:8c:23:4d:27:d6:c3:b3:68:51:
da:e5:bc:34:9b:63:8a:df:15:5b:bf:41:86:0f:63:24:81:07:
b5:88:12:a1:2d:56:6d:a1:07:9a:24:c8:30:35:0a:69:f6:f2:
1b:b2:14:4e
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAZlwZwUx2rXKz+9h9b9hPUaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwOTIyMDc1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg5MTQxNGYxM2IzMWM1ZTJkNDcwZmE1MzFiNjY5YTc0YjEwNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yb0WVo4qpsJRqstLXEzA2N7tn9I
Zj8++kEFJFiXJmhZiqfrcEP7LxRPX0D9RsUG5Al90sjixtltjnXAm508mNrm0rBB
w/0nZj3toQtVb4L219UXS2Tkkr9ikcrNu3p7ucB0hfZ7uCR19XcgTWHxh77CXben
NvyMIzVuQtWsYHINrJZMlKNkf0bSNDbLCsgV+51MLcvGauVL47+wdtHTSnbVHS1h
dsim/4n/rHyoueQTA9kBoAwOvA1zI9JnhAxcNUScbSCxQFSM1fmhlnREN5ItnzJr
uzShpgWxyC4xhDXaLEqYMbpuSwUsGULxAsZ9ChWhpX6pBeJUsDa/21z2xwIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFNSJFBTxOzHF4tRw+lMbZpp0sQYEMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMUlrVUZQRTdNY1hpMUhENlV4dG1tblN4QmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEAgI6lAMEACUulQMEAC1blQMEAS2BhAMEAC2HuAMEAC2HuwMEAC2PNQMEAS2R
LAMEAC2RLwMEAD7FkDAMAwQAPsWTAwQAPsWUMAwDBAE+xZYDBAA+xZgDBAA+xZ8w
DAMEAFT3GQMEAFT3GgMEAFkhVAMEAFkkFgMEAVklPgMEAFkrxwMEAFkuXAMEAFw+
eQMEAV1z/jAMAwQAXmf5AwQAXmf6MAwDBAC5eXkDBAK5eXgDBAC5uIYDBAC5zb4D
BAC57/EDBAC57/MDBAC59IkDBAC59QUDBAC81IQDBAC88EQDBAC88EoDBADBE2wD
BADB2iADBAHB76QDBADCqakDBADUdyIwDQYJKoZIhvcNAQELBQADggEBAJdEojlG
fjlubcd7WWSrRDUPTuPDiBcTT8jEYdPaYEZn79ZaYkeRMllRvX4OwWxnW9YUIa46
F/I2iYza/APePxjADIK+WVPixkuM+cMH9F33/PXDB3WpBOo2yyQPHberFVEhj1yY
a11mkDVyBGN6nJmuA++Bu76NDo//z+Iz9hRsTODCFSwNFalDccvlLf7UbWvvAVKY
X4mUglEkflp1AkcDzKvJ7b6J7G7fFmjOuQ2MpeeWfQteaMfcvAEBe4d56kG/VPQp
zoOHIFw7+Ygq4IwjTSfWw7NoUdrlvDSbY4rfFVu/QYYPYySBB7WIEqEtVm2hB5ok
yDA1Cmn28huyFE4=
-----END CERTIFICATE-----
Generated at Sun Oct 19 08:19:48 2025 by rpki-client