Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/WTb7P4C0931XSbDIiqAz4cDY9mI.roa
File: WTb7P4C0931XSbDIiqAz4cDY9mI.roa (raw, json)
Hash identifier: xFj/i+eABnhO22wPWIMR3rft6jLIhQKTC7nIWvYvnkg=
Subject key identifier: 59:36:FB:3F:80:B4:F7:7D:57:49:B0:C8:8A:A0:33:E1:C0:D8:F6:62
Certificate issuer: /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial: 019A1AFD5C5FE00BB83BB4941173A0C7E3FC
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/WTb7P4C0931XSbDIiqAz4cDY9mI.roa
Signing time: Sat 25 Oct 2025 10:50:03 +0000
ROA not before: Sat 25 Oct 2025 10:50:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6205
IP address blocks: 104.247.170.0/24 maxlen: 24
104.247.171.0/24 maxlen: 24
104.247.172.0/24 maxlen: 24
104.247.174.0/24 maxlen: 24
104.247.175.0/24 maxlen: 24
104.247.176.0/24 maxlen: 24
104.247.177.0/24 maxlen: 24
104.247.178.0/24 maxlen: 24
104.247.179.0/24 maxlen: 24
104.247.180.0/24 maxlen: 24
104.247.181.0/24 maxlen: 24
104.247.182.0/24 maxlen: 24
104.247.183.0/24 maxlen: 24
104.247.184.0/24 maxlen: 24
104.247.185.0/24 maxlen: 24
104.247.186.0/24 maxlen: 24
104.247.187.0/24 maxlen: 24
104.247.188.0/24 maxlen: 24
104.247.189.0/24 maxlen: 24
104.247.190.0/24 maxlen: 24
104.247.191.0/24 maxlen: 24
185.73.128.0/22 maxlen: 22
185.73.129.0/24 maxlen: 24
185.73.130.0/24 maxlen: 24
185.73.131.0/24 maxlen: 24
185.137.215.0/24 maxlen: 24
2a03:a5a0::/32 maxlen: 32
2a03:a5a0:4:2::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:1a:fd:5c:5f:e0:0b:b8:3b:b4:94:11:73:a0:c7:e3:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Validity
Not Before: Oct 25 10:50:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5936fb3f80b4f77d5749b0c88aa033e1c0d8f662
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:eb:9b:74:17:af:d5:c4:3d:c6:6a:1d:ff:6d:
50:8b:f0:03:54:3c:88:b5:96:ea:35:b7:2f:a6:be:
40:57:16:b9:dd:b4:a0:3a:bb:b7:58:57:f5:c1:5a:
4b:fc:ba:c4:33:9a:09:62:45:18:89:27:13:46:51:
6a:2e:68:5d:92:82:2c:ca:5a:78:ac:e9:4a:5b:29:
a5:4b:2f:b0:b5:1d:8f:94:0e:e2:1a:33:93:ae:96:
9d:2a:c3:e1:78:de:ea:5c:24:0a:44:22:29:cb:0f:
42:f0:0d:a7:b8:87:07:2f:71:cc:96:a8:f3:4b:3e:
fc:ed:63:2e:5a:b6:1e:aa:b9:2e:39:ac:2f:c0:50:
25:a4:65:f8:58:d0:4f:7f:72:27:6d:da:ea:83:84:
90:c8:24:74:2c:c4:b1:e3:34:94:57:0a:15:93:15:
f4:96:92:1c:77:4b:c8:be:9c:97:eb:76:80:ce:21:
35:60:ed:f7:91:42:fd:14:36:8d:b4:8f:86:fe:b5:
53:c9:f8:28:01:ce:03:31:8a:97:df:05:d8:68:dc:
59:0b:cd:e1:34:85:c7:f1:f3:33:5e:ce:c4:d2:d8:
0d:03:58:f0:67:bf:f5:fd:45:57:0f:a3:66:69:9d:
89:d4:d6:77:b2:1f:52:24:03:71:89:07:1f:20:92:
9b:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:36:FB:3F:80:B4:F7:7D:57:49:B0:C8:8A:A0:33:E1:C0:D8:F6:62
X509v3 Authority Key Identifier:
keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/WTb7P4C0931XSbDIiqAz4cDY9mI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.247.170.0-104.247.172.255
104.247.174.0-104.247.191.255
185.73.128.0/22
185.137.215.0/24
IPv6:
2a03:a5a0::/32
Signature Algorithm: sha256WithRSAEncryption
7a:67:ff:e1:94:b3:6e:67:d8:b5:8f:a9:d7:3b:bd:e3:70:98:
0f:d8:26:e0:db:1a:26:64:56:a9:3e:80:9f:c2:90:a0:61:75:
f4:f4:f7:03:46:1f:35:ee:b8:ee:d4:31:d0:75:03:41:d5:44:
9b:3e:29:d2:90:3c:9f:43:61:92:fd:c2:90:d6:e9:59:b9:e6:
b8:ca:e0:ef:8b:6e:3c:c6:5b:3d:b4:2a:53:49:e1:42:d2:90:
7b:16:a2:e6:f7:86:7b:45:80:98:57:0d:ba:2e:27:51:8d:ed:
68:2a:c9:9e:36:ee:b9:c2:b1:63:93:3e:ff:ea:dd:2b:ad:95:
c6:b9:f0:1d:49:55:f0:62:6f:8e:43:73:69:bc:50:1f:10:42:
35:31:8a:30:b9:7d:d2:80:38:6c:2a:3b:30:23:f1:35:fd:e8:
c9:59:9c:4e:48:60:c7:61:89:20:be:fe:3f:8a:54:30:71:a6:
36:cb:b8:f0:d7:f3:e5:c6:9a:28:99:e4:4a:86:0f:34:36:b1:
37:85:fe:c2:26:75:03:07:8e:aa:31:6b:77:05:5c:2d:95:7e:
90:1b:77:c3:f0:53:2f:19:d0:e4:b3:b8:f2:ea:e3:54:45:08:
3a:0e:0e:45:a0:a8:87:53:e0:09:52:16:4a:58:7a:4a:f8:32:
de:2a:e1:16
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZoa/Vxf4Au4O7SUEXOgx+P8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjUxMDI1MTA1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM2ZmIzZjgwYjRmNzdkNTc0OWIwYzg4YWEwMzNlMWMwZDhmNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+ubdBev1cQ9xmod/21Qi/ADVDyI
tZbqNbcvpr5AVxa53bSgOru3WFf1wVpL/LrEM5oJYkUYiScTRlFqLmhdkoIsylp4
rOlKWymlSy+wtR2PlA7iGjOTrpadKsPheN7qXCQKRCIpyw9C8A2nuIcHL3HMlqjz
Sz787WMuWrYeqrkuOawvwFAlpGX4WNBPf3Inbdrqg4SQyCR0LMSx4zSUVwoVkxX0
lpIcd0vIvpyX63aAziE1YO33kUL9FDaNtI+G/rVTyfgoAc4DMYqX3wXYaNxZC83h
NIXH8fMzXs7E0tgNA1jwZ7/1/UVXD6NmaZ2J1NZ3sh9SJANxiQcfIJKb2wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFFk2+z+AtPd9V0mwyIqgM+HA2PZiMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvV1RiN1A0QzA5MzFYU2JESWlxQXo0Y0RZOW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoMAwDBAFo96oD
BABo96wwDAMEAWj3rgMEBmj3gAMEArlJgAMEALmJ1zANBAIAAjAHAwUAKgOloDAN
BgkqhkiG9w0BAQsFAAOCAQEAemf/4ZSzbmfYtY+p1zu943CYD9gm4NsaJmRWqT6A
n8KQoGF19PT3A0YfNe647tQx0HUDQdVEmz4p0pA8n0Nhkv3CkNbpWbnmuMrg74tu
PMZbPbQqU0nhQtKQexai5veGe0WAmFcNui4nUY3taCrJnjbuucKxY5M+/+rdK62V
xrnwHUlV8GJvjkNzabxQHxBCNTGKMLl90oA4bCo7MCPxNf3oyVmcTkhgx2GJIL7+
P4pUMHGmNsu48Nfz5caaKJnkSoYPNDaxN4X+wiZ1AweOqjFrdwVcLZV+kBt3w/BT
LxnQ5LO48urjVEUIOg4ORaCoh1PgCVIWSlh6Svgy3irhFg==
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:29:15 2025 by rpki-client