Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/Cg5T48TUPca0S0XXfoVT2tfb6IA.roa
File: Cg5T48TUPca0S0XXfoVT2tfb6IA.roa (raw, json)
Hash identifier: NqjT02SB0pWsYJUffqmkToaUqip2wfB7CLc5muniYlk=
Subject key identifier: 0A:0E:53:E3:C4:D4:3D:C6:B4:4B:45:D7:7E:85:53:DA:D7:DB:E8:80
Certificate issuer: /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial: 019A537B335A70C6B3DB1600034E57F25A4F
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/Cg5T48TUPca0S0XXfoVT2tfb6IA.roa
Signing time: Wed 05 Nov 2025 10:06:14 +0000
ROA not before: Wed 05 Nov 2025 10:06:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 2.24.0.0/13 maxlen: 13
31.64.0.0/12 maxlen: 12
31.90.0.0/15 maxlen: 15
31.92.0.0/15 maxlen: 15
31.94.0.0/16 maxlen: 16
31.96.0.0/16 maxlen: 16
31.99.0.0/16 maxlen: 16
31.99.0.0/18 maxlen: 18
31.99.64.0/18 maxlen: 18
31.99.128.0/18 maxlen: 18
31.99.192.0/18 maxlen: 18
31.100.0.0/14 maxlen: 14
31.104.0.0/16 maxlen: 16
31.105.0.0/16 maxlen: 16
31.106.0.0/15 maxlen: 15
31.112.0.0/14 maxlen: 14
31.116.0.0/14 maxlen: 14
31.116.0.0/16 maxlen: 16
31.117.0.0/16 maxlen: 16
31.118.0.0/16 maxlen: 16
31.119.0.0/16 maxlen: 16
31.120.0.0/16 maxlen: 16
31.121.0.0/16 maxlen: 16
31.122.0.0/15 maxlen: 15
31.124.0.0/16 maxlen: 16
31.126.0.0/15 maxlen: 15
46.68.66.0/24 maxlen: 24
82.192.112.0/20 maxlen: 20
91.110.0.0/16 maxlen: 16
91.111.0.0/16 maxlen: 16
95.144.0.0/13 maxlen: 13
109.180.0.0/15 maxlen: 15
178.98.0.0/15 maxlen: 15
178.100.0.0/14 maxlen: 14
178.106.0.0/16 maxlen: 16
178.107.128.0/17 maxlen: 17
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 19:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:7b:33:5a:70:c6:b3:db:16:00:03:4e:57:f2:5a:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
Validity
Not Before: Nov 5 10:06:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a0e53e3c4d43dc6b44b45d77e8553dad7dbe880
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:72:6c:2d:4c:d2:1b:c0:07:58:9d:01:0c:e2:
0d:16:30:ee:fa:0d:80:46:a1:64:59:62:fe:2d:0f:
5b:ae:ce:06:12:f8:80:f8:5d:c6:98:2f:38:f2:13:
17:dc:d7:40:21:0d:b0:21:ec:7e:fc:d5:5f:13:df:
a5:b8:5d:87:27:14:f4:98:7a:be:63:c6:72:f4:83:
ab:34:2a:80:9a:54:69:e6:0b:19:c4:dd:51:33:e4:
df:0d:b4:88:87:0b:fc:b7:48:2f:82:98:d6:c7:70:
6e:12:76:4f:69:9f:fc:b2:23:f3:6a:0b:1e:05:3c:
a5:37:51:30:f9:36:0b:71:44:91:d6:7d:81:d8:26:
58:64:78:6e:84:b9:48:8d:3c:47:69:f1:fa:61:08:
6d:37:4f:55:67:ee:c1:63:6a:5b:c1:42:80:5b:4e:
fa:a8:32:0d:f3:ee:87:4a:b1:92:a6:27:5c:6a:78:
5a:b4:18:c2:f1:22:72:d0:fe:df:44:0c:fa:82:a8:
47:0a:db:1f:2a:f0:ea:30:d9:35:8b:e0:4e:73:aa:
ab:c1:bc:ce:8f:2e:93:50:d0:90:b7:63:bc:2d:8d:
ee:65:24:c2:07:03:39:3f:60:7e:fd:35:7b:fb:88:
9b:97:78:6a:a9:96:d1:cf:96:2d:e6:1c:91:4b:9b:
b6:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:0E:53:E3:C4:D4:3D:C6:B4:4B:45:D7:7E:85:53:DA:D7:DB:E8:80
X509v3 Authority Key Identifier:
keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/Cg5T48TUPca0S0XXfoVT2tfb6IA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.24.0.0/13
31.64.0.0/12
31.90.0.0-31.94.255.255
31.96.0.0/16
31.99.0.0-31.107.255.255
31.112.0.0-31.124.255.255
31.126.0.0/15
46.68.66.0/24
82.192.112.0/20
91.110.0.0/15
95.144.0.0/13
109.180.0.0/15
178.98.0.0-178.103.255.255
178.106.0.0/16
178.107.128.0/17
Signature Algorithm: sha256WithRSAEncryption
0c:66:0b:db:24:96:c2:8c:bb:bc:29:26:2d:03:55:df:58:70:
38:8b:b1:ae:00:67:66:ff:28:5d:93:e1:97:c4:9f:1e:e4:ff:
be:2e:a7:d1:a2:ac:b5:84:8f:e2:e1:ae:fe:25:cc:ff:e3:84:
2f:98:6f:83:e5:a8:6f:b8:5e:21:c1:e4:7d:97:13:d1:73:7b:
ef:ac:34:aa:42:8a:d5:6b:09:85:b3:03:00:a3:c2:d0:07:05:
24:a2:d9:d0:9a:b7:fd:a4:69:c1:77:bf:f4:c8:67:8d:03:5f:
04:5c:41:e5:70:f1:ac:c5:2c:76:ee:af:37:6e:04:e2:09:50:
c5:0e:90:95:15:c4:fb:42:92:79:13:09:86:99:bb:5e:37:ee:
66:9e:bc:0a:10:af:45:d0:e4:69:6f:5a:2a:bd:f5:5b:99:8d:
13:8c:e9:ec:c2:e4:8d:1f:de:f6:b9:7e:11:3c:26:d2:73:e8:
38:9a:73:20:34:68:57:5e:eb:f9:1c:ca:72:de:32:4b:77:3a:
4e:5a:17:d7:99:77:1d:8a:70:93:ff:14:f1:19:e1:57:99:cf:
64:1a:26:a2:90:23:0a:5a:0b:fc:d2:91:0b:25:18:7e:ee:39:
0f:c1:c0:95:fb:09:e9:70:44:bc:b1:8b:4c:b7:f3:08:b1:06:
e9:3d:d9:f2
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZpTezNacMaz2xYAA05X8lpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjUxMTA1MTAwNjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBlNTNlM2M0ZDQzZGM2YjQ0YjQ1ZDc3ZTg1NTNkYWQ3ZGJlODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHJsLUzSG8AHWJ0BDOINFjDu+g2A
RqFkWWL+LQ9brs4GEviA+F3GmC848hMX3NdAIQ2wIex+/NVfE9+luF2HJxT0mHq+
Y8Zy9IOrNCqAmlRp5gsZxN1RM+TfDbSIhwv8t0gvgpjWx3BuEnZPaZ/8siPzagse
BTylN1Ew+TYLcUSR1n2B2CZYZHhuhLlIjTxHafH6YQhtN09VZ+7BY2pbwUKAW076
qDIN8+6HSrGSpidcanhatBjC8SJy0P7fRAz6gqhHCtsfKvDqMNk1i+BOc6qrwbzO
jy6TUNCQt2O8LY3uZSTCBwM5P2B+/TV7+4ibl3hqqZbRz5Yt5hyRS5u24wIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFAoOU+PE1D3GtEtF136FU9rX2+iAMB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEvQ2c1VDQ4VFVQY2EwUzBYWGZvVlQydGZiNklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMDAwIYAwME
H0AwCgMDAR9aAwMAH14DAwAfYDAKAwMAH2MDAwIfaDAKAwMEH3ADAwAffAMDAR9+
AwQALkRCAwQEUsBwAwMBW24DAwNfkAMDAW20MAoDAwGyYgMDA7JgAwMAsmoDBAey
a4AwDQYJKoZIhvcNAQELBQADggEBAAxmC9sklsKMu7wpJi0DVd9YcDiLsa4AZ2b/
KF2T4ZfEnx7k/74up9GirLWEj+Lhrv4lzP/jhC+Yb4PlqG+4XiHB5H2XE9Fze++s
NKpCitVrCYWzAwCjwtAHBSSi2dCat/2kacF3v/TIZ40DXwRcQeVw8azFLHburzdu
BOIJUMUOkJUVxPtCknkTCYaZu1437maevAoQr0XQ5GlvWiq99VuZjROM6ezC5I0f
3va5fhE8JtJz6DiacyA0aFde6/kcynLeMkt3Ok5aF9eZdx2KcJP/FPEZ4VeZz2Qa
JqKQIwpaC/zSkQslGH7uOQ/BwJX7CelwRLyxi0y38wixBuk92fI=
-----END CERTIFICATE-----
Generated at Thu Nov 6 03:00:43 2025 by rpki-client