Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/1-LzJo-wqbXyMIW7dShaQShecG4A.roa
File: 1-LzJo-wqbXyMIW7dShaQShecG4A.roa (raw, json)
Hash identifier: zk5MBDVPSqfgXloU9IVz77yOOxCyNDA4FFF8iDzvQ0U=
Subject key identifier: F8:BC:C9:A3:EC:2A:6D:7C:8C:21:6E:DD:4A:16:90:4A:17:9C:1B:80
Certificate issuer: /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial: 019A076B97D4101F089C38BD1C18D702F989
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/1-LzJo-wqbXyMIW7dShaQShecG4A.roa
Signing time: Tue 21 Oct 2025 15:38:03 +0000
ROA not before: Tue 21 Oct 2025 15:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44285
IP address blocks: 5.1.43.0/24 maxlen: 24
37.32.32.0/21 maxlen: 21
37.32.32.0/22 maxlen: 22
37.32.32.0/24 maxlen: 24
37.32.33.0/24 maxlen: 24
37.32.34.0/24 maxlen: 24
37.32.35.0/24 maxlen: 24
37.32.37.0/24 maxlen: 24
37.32.38.0/24 maxlen: 24
37.32.39.0/24 maxlen: 24
37.75.243.0/24 maxlen: 24
37.75.244.0/22 maxlen: 22
37.75.244.0/24 maxlen: 24
37.75.245.0/24 maxlen: 24
37.75.246.0/24 maxlen: 24
37.75.247.0/24 maxlen: 24
45.9.252.0/22 maxlen: 24
45.9.252.0/24 maxlen: 24
45.9.253.0/24 maxlen: 24
45.9.254.0/24 maxlen: 24
45.87.4.0/23 maxlen: 24
45.140.224.0/22 maxlen: 22
46.28.72.0/21 maxlen: 24
46.28.72.0/24 maxlen: 24
46.28.73.0/24 maxlen: 24
46.28.74.0/24 maxlen: 24
78.110.120.0/22 maxlen: 24
84.47.224.0/21 maxlen: 21
84.47.224.0/22 maxlen: 22
84.47.224.0/24 maxlen: 24
84.47.225.0/24 maxlen: 24
84.47.226.0/24 maxlen: 24
84.47.227.0/24 maxlen: 24
84.47.228.0/22 maxlen: 22
84.47.228.0/24 maxlen: 24
84.47.229.0/24 maxlen: 24
84.47.230.0/24 maxlen: 24
84.47.231.0/24 maxlen: 24
85.198.24.0/22 maxlen: 24
88.135.37.0/24 maxlen: 24
88.135.38.0/24 maxlen: 24
88.135.39.0/24 maxlen: 24
91.236.168.0/23 maxlen: 23
91.236.168.0/24 maxlen: 24
91.236.169.0/24 maxlen: 24
185.18.212.0/22 maxlen: 22
185.18.212.0/24 maxlen: 24
185.18.213.0/24 maxlen: 24
185.18.214.0/24 maxlen: 24
185.18.215.0/24 maxlen: 24
185.51.200.0/24 maxlen: 24
185.51.201.0/24 maxlen: 24
185.51.202.0/24 maxlen: 24
185.51.203.0/24 maxlen: 24
185.121.128.0/22 maxlen: 24
185.121.128.0/24 maxlen: 24
185.121.129.0/24 maxlen: 24
185.121.130.0/24 maxlen: 24
185.121.131.0/24 maxlen: 24
185.128.136.0/24 maxlen: 24
185.128.137.0/24 maxlen: 24
185.128.138.0/24 maxlen: 24
185.128.139.0/24 maxlen: 24
185.141.132.0/24 maxlen: 24
185.141.133.0/24 maxlen: 24
185.141.134.0/24 maxlen: 24
185.141.135.0/24 maxlen: 24
185.182.248.0/22 maxlen: 22
185.182.248.0/23 maxlen: 23
185.182.250.0/23 maxlen: 23
185.182.250.0/24 maxlen: 24
185.182.251.0/24 maxlen: 24
188.209.152.0/23 maxlen: 23
195.110.38.0/23 maxlen: 23
195.110.38.0/24 maxlen: 24
195.110.39.0/24 maxlen: 24
217.172.120.0/21 maxlen: 24
217.172.124.0/23 maxlen: 23
217.172.126.0/23 maxlen: 23
217.172.127.0/24 maxlen: 24
2a02:828::/29 maxlen: 29
2a02:828::/32 maxlen: 32
2a02:828::/48 maxlen: 48
2a02:828::/64 maxlen: 64
2a02:828:1::/48 maxlen: 48
2a02:829::/32 maxlen: 32
2a02:82a::/32 maxlen: 32
2a02:82b::/32 maxlen: 32
2a02:82c::/32 maxlen: 32
2a02:82d::/32 maxlen: 32
2a02:82e::/32 maxlen: 32
2a02:82f::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.mft
rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:07:6b:97:d4:10:1f:08:9c:38:bd:1c:18:d7:02:f9:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Validity
Not Before: Oct 21 15:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8bcc9a3ec2a6d7c8c216edd4a16904a179c1b80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:c7:d0:b4:53:d7:e3:3a:4b:4b:fe:9c:cd:87:
61:a8:e5:f0:87:66:55:f1:6e:b2:2f:18:13:87:b8:
eb:7a:c5:15:d6:be:28:75:2a:62:40:31:fc:00:ec:
40:0b:19:73:3e:41:71:f9:ea:45:9e:5d:8c:e5:ce:
f7:57:98:27:a5:42:41:22:a7:91:e7:d3:37:de:3d:
d2:86:64:fc:91:b0:a9:08:c9:fe:6b:11:85:5f:73:
c0:fd:97:e0:a2:42:1c:18:db:72:d1:97:dd:0b:e8:
52:fa:6d:36:3a:0c:f7:75:7f:2e:88:43:fc:98:30:
1a:e7:34:59:46:84:fb:87:40:58:79:3e:05:7c:af:
6c:fb:b3:eb:2f:fc:76:cc:50:ca:4e:9d:1c:4a:f4:
b5:16:71:53:2e:7c:2e:7e:85:ad:53:58:2e:23:c0:
3a:e0:b6:41:d6:75:69:c7:bb:a5:23:8e:b8:ab:91:
d2:eb:d6:c2:39:ba:12:12:bb:db:44:4c:e7:04:5f:
7a:fe:ed:b6:75:8e:f3:2c:0b:87:b5:07:1c:aa:fa:
0c:b3:d4:2b:24:93:37:06:4d:07:bc:2b:11:eb:78:
e5:d1:43:6f:49:6d:d6:9b:ae:0b:ff:84:9f:9c:a9:
6b:0d:b4:e7:ad:18:9b:47:ad:31:ef:bd:03:a3:06:
c0:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:BC:C9:A3:EC:2A:6D:7C:8C:21:6E:DD:4A:16:90:4A:17:9C:1B:80
X509v3 Authority Key Identifier:
keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/1-LzJo-wqbXyMIW7dShaQShecG4A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.43.0/24
37.32.32.0/21
37.75.243.0-37.75.247.255
45.9.252.0/22
45.87.4.0/23
45.140.224.0/22
46.28.72.0/21
78.110.120.0/22
84.47.224.0/21
85.198.24.0/22
88.135.37.0-88.135.39.255
91.236.168.0/23
185.18.212.0/22
185.51.200.0/22
185.121.128.0/22
185.128.136.0/22
185.141.132.0/22
185.182.248.0/22
188.209.152.0/23
195.110.38.0/23
217.172.120.0/21
IPv6:
2a02:828::/29
Signature Algorithm: sha256WithRSAEncryption
b2:e2:74:8d:57:1a:ce:da:ac:74:32:e9:44:14:d4:94:15:38:
de:5e:29:d5:2e:96:dc:82:59:a4:5f:b5:d3:d9:0f:ce:09:62:
53:7e:56:4d:05:fb:33:f3:6a:9f:33:8b:73:f5:1b:9c:31:1f:
4b:32:2b:78:cd:d2:02:28:1f:45:c5:80:f6:c1:36:71:db:ce:
70:70:c2:02:77:41:03:7f:ff:b7:e9:9d:7a:22:96:a5:0d:e1:
6f:81:31:6c:4f:6c:7d:a5:03:b6:3f:fa:04:77:79:f6:c7:46:
e7:be:ab:8a:51:98:94:41:14:0b:02:a5:24:af:42:1a:ed:8c:
95:ab:cc:fa:25:e0:1b:f2:b2:66:8d:05:f0:ea:16:09:2a:fb:
64:c6:fd:aa:f6:fc:27:bf:72:74:bb:87:59:76:b2:1f:c3:dd:
ba:2b:2a:c3:2a:b0:ac:34:03:fc:35:37:a8:43:ae:95:45:f3:
2e:68:6e:d3:61:66:fa:ec:90:12:0c:8d:1d:a5:26:01:ae:40:
42:5a:6c:cc:16:66:c6:24:29:35:c6:19:d2:8f:c2:be:03:21:
c2:07:99:e2:a9:54:eb:01:31:e9:98:da:55:59:aa:9e:27:b7:
48:0a:77:4e:ea:a1:a9:86:da:73:fd:03:ee:ac:6a:79:81:8d:
3e:19:6b:f0
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZoHa5fUEB8InDi9HBjXAvmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWI3YTIyZTUxY2ZiOWNmODQyMDVlNDQ0OTk5OGFkNTVk
OGYwNjUwHhcNMjUxMDIxMTUzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJjYzlhM2VjMmE2ZDdjOGMyMTZlZGQ0YTE2OTA0YTE3OWMxYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsfQtFPX4zpLS/6czYdhqOXwh2ZV
8W6yLxgTh7jresUV1r4odSpiQDH8AOxACxlzPkFx+epFnl2M5c73V5gnpUJBIqeR
59M33j3ShmT8kbCpCMn+axGFX3PA/ZfgokIcGNty0ZfdC+hS+m02Ogz3dX8uiEP8
mDAa5zRZRoT7h0BYeT4FfK9s+7PrL/x2zFDKTp0cSvS1FnFTLnwufoWtU1guI8A6
4LZB1nVpx7ulI464q5HS69bCOboSErvbREznBF96/u22dY7zLAuHtQccqvoMs9Qr
JJM3Bk0HvCsR63jl0UNvSW3Wm64L/4SfnKlrDbTnrRibR60x770DowbA6QIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFPi8yaPsKm18jCFu3UoWkEoXnBuAMB8GA1UdIwQY
MBaAFAgbeiLlHPuc+EIF5ESZmK1V2PBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J0Nkl1VWMtNXo0UWdYa1JKbVlyVlhZOEdVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNTE1YzktZGYwOC00MjZjLTgwZTYt
MDM2NzI2OGZmODcxLzEvMS1MekpvLXdxYlh5TUlXN2RTaGFRU2hlY0c0QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGMvYzUxNWM5LWRmMDgtNDI2Yy04MGU2LTAzNjcyNjhmZjg3
MS8xL0NCdDZJdVVjLTV6NFFnWGtSSm1ZclZYWThHVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBugYIKwYBBQUHAQcBAf8EgaowgacwgZUEAgABMIGOAwQA
BQErAwQDJSAgMAwDBAAlS/MDBAMlS/ADBAItCfwDBAEtVwQDBAItjOADBAMuHEgD
BAJObngDBANUL+ADBAJVxhgwDAMEAFiHJQMEA1iHIAMEAVvsqAMEArkS1AMEArkz
yAMEArl5gAMEArmAiAMEArmNhAMEArm2+AMEAbzRmAMEAcNuJgMEA9mseDANBAIA
AjAHAwUDKgIIKDANBgkqhkiG9w0BAQsFAAOCAQEAsuJ0jVcaztqsdDLpRBTUlBU4
3l4p1S6W3IJZpF+109kPzgliU35WTQX7M/NqnzOLc/UbnDEfSzIreM3SAigfRcWA
9sE2cdvOcHDCAndBA3//t+mdeiKWpQ3hb4ExbE9sfaUDtj/6BHd59sdG576rilGY
lEEUCwKlJK9CGu2MlavM+iXgG/KyZo0F8OoWCSr7ZMb9qvb8J79ydLuHWXayH8Pd
uisqwyqwrDQD/DU3qEOulUXzLmhu02Fm+uyQEgyNHaUmAa5AQlpszBZmxiQpNcYZ
0o/CvgMhwgeZ4qlU6wEx6ZjaVVmqnie3SAp3TuqhqYbac/0D7qxqeYGNPhlr8A==
-----END CERTIFICATE-----
Generated at Sun Oct 26 08:39:43 2025 by rpki-client