Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/D-GsIWtjkGrv71o6WVASz__4nUo.roa
File: D-GsIWtjkGrv71o6WVASz__4nUo.roa (raw, json)
Hash identifier: xI+MyYGgHTyw/7b8ViqLiYV/cQgHGxetiUhlDMs1TYo=
Subject key identifier: 0F:E1:AC:21:6B:63:90:6A:EF:EF:5A:3A:59:50:12:CF:FF:F8:9D:4A
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 019A3F0722EA11F2F0E6E8599BAC6400B286
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/D-GsIWtjkGrv71o6WVASz__4nUo.roa
Signing time: Sat 01 Nov 2025 10:47:03 +0000
ROA not before: Sat 01 Nov 2025 10:47:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 5.175.213.0/24 maxlen: 24
5.175.220.0/24 maxlen: 24
5.175.221.0/24 maxlen: 24
5.175.223.0/24 maxlen: 24
5.175.224.0/24 maxlen: 24
5.231.71.0/24 maxlen: 24
5.231.74.0/24 maxlen: 24
5.231.79.0/24 maxlen: 24
5.231.92.0/24 maxlen: 24
5.231.106.0/24 maxlen: 24
5.231.107.0/24 maxlen: 24
5.231.108.0/24 maxlen: 24
5.231.109.0/24 maxlen: 24
5.231.110.0/24 maxlen: 24
5.231.117.0/24 maxlen: 24
5.231.118.0/24 maxlen: 24
5.231.119.0/24 maxlen: 24
5.231.120.0/24 maxlen: 24
5.231.121.0/24 maxlen: 24
5.231.122.0/24 maxlen: 24
5.231.123.0/24 maxlen: 24
5.231.203.0/24 maxlen: 24
5.231.207.0/24 maxlen: 24
5.231.241.0/24 maxlen: 24
5.231.252.0/24 maxlen: 24
5.231.253.0/24 maxlen: 24
89.106.85.0/24 maxlen: 24
89.106.86.0/24 maxlen: 24
89.106.87.0/24 maxlen: 24
89.106.88.0/24 maxlen: 24
89.106.91.0/24 maxlen: 24
89.144.60.0/24 maxlen: 24
94.249.190.0/24 maxlen: 24
94.249.195.0/24 maxlen: 24
94.249.205.0/24 maxlen: 24
94.249.239.0/24 maxlen: 24
94.249.243.0/24 maxlen: 24
94.249.244.0/24 maxlen: 24
94.249.246.0/24 maxlen: 24
94.249.247.0/24 maxlen: 24
94.249.248.0/24 maxlen: 24
94.249.249.0/24 maxlen: 24
94.249.252.0/24 maxlen: 24
185.119.18.0/24 maxlen: 24
185.119.19.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 05:06:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3f:07:22:ea:11:f2:f0:e6:e8:59:9b:ac:64:00:b2:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Nov 1 10:47:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0fe1ac216b63906aefef5a3a595012cffff89d4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:33:e2:52:88:d9:aa:24:e5:3f:4c:a4:41:f5:
08:a6:ed:46:c5:a8:e5:a9:77:56:62:35:0a:e3:3c:
9a:c2:fa:75:a7:8b:0d:f1:2d:19:d1:ca:8f:b9:3e:
a2:b8:1c:12:e3:ef:40:99:ed:aa:b9:af:39:f8:cb:
87:69:42:3a:72:57:93:db:9c:42:24:19:01:bf:6b:
bd:67:50:00:0f:05:ad:67:aa:d9:66:27:65:ce:60:
c7:f4:91:b8:2c:bf:b3:5d:27:99:f2:e0:51:c7:a5:
1b:a5:f7:5d:da:2c:f8:00:52:b8:78:fa:17:b3:91:
df:7e:6d:72:56:b4:0e:da:20:31:c9:6b:8b:70:6a:
e9:72:4c:ea:b2:64:95:25:f5:3c:3b:b6:a9:a2:b0:
14:f8:57:ad:10:c3:ac:d1:49:d0:80:c2:79:cf:02:
2f:aa:91:f3:7e:1b:2c:b5:42:e1:c3:fb:bb:79:b3:
4c:27:8b:be:77:dc:6b:77:20:f2:02:69:de:67:ad:
a3:4a:6e:b2:4f:46:bc:06:87:5d:3d:40:54:ef:c3:
9c:54:a7:42:1b:45:7d:c8:d9:fe:d9:22:9f:e6:ab:
07:39:64:ba:8b:ab:73:26:52:f6:81:1d:b7:fa:a3:
a0:bc:63:12:ee:a9:c1:ea:df:06:9b:1a:e6:36:92:
7f:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:E1:AC:21:6B:63:90:6A:EF:EF:5A:3A:59:50:12:CF:FF:F8:9D:4A
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/D-GsIWtjkGrv71o6WVASz__4nUo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.213.0/24
5.175.220.0/23
5.175.223.0-5.175.224.255
5.231.71.0/24
5.231.74.0/24
5.231.79.0/24
5.231.92.0/24
5.231.106.0-5.231.110.255
5.231.117.0-5.231.123.255
5.231.203.0/24
5.231.207.0/24
5.231.241.0/24
5.231.252.0/23
89.106.85.0-89.106.88.255
89.106.91.0/24
89.144.60.0/24
94.249.190.0/24
94.249.195.0/24
94.249.205.0/24
94.249.239.0/24
94.249.243.0-94.249.244.255
94.249.246.0-94.249.249.255
94.249.252.0/24
185.119.18.0/23
Signature Algorithm: sha256WithRSAEncryption
36:9c:cb:9f:0c:c3:97:0d:54:45:ab:67:59:55:bf:27:69:fd:
30:89:ab:48:52:9f:3b:b4:8b:1f:6c:c5:24:cb:20:ba:86:c9:
d5:26:63:6c:31:67:a8:33:95:c9:80:9a:c3:a4:68:40:29:50:
9d:af:2c:25:f8:eb:a7:34:4f:9e:a5:d1:3c:23:3b:ae:b3:ce:
d8:a4:30:bc:74:64:b1:ae:b0:2b:b9:2e:38:d3:77:0d:75:a6:
a2:33:53:b9:a5:5f:26:5a:88:94:5c:35:0d:e9:42:80:ef:47:
ec:21:28:07:41:3c:92:6d:f1:2f:e4:0a:cb:3f:60:74:e6:57:
84:cc:01:1f:51:6a:7c:a5:37:33:cf:52:ed:9a:d3:13:b1:fa:
77:27:86:d8:7d:26:59:22:ec:7b:09:7f:1c:ec:91:61:2e:07:
c4:bc:c5:dc:52:b1:1a:44:22:7a:00:36:10:fe:d6:8b:fe:cd:
6b:76:97:67:01:fb:94:63:2b:57:ba:cc:3e:ed:79:44:cf:9d:
40:df:31:5c:9a:d3:6b:0a:53:52:ec:35:e0:63:c6:65:f3:57:
89:ce:04:55:fc:9e:74:99:be:95:f2:4e:fa:87:3c:ee:29:a3:
b6:20:a3:10:25:49:2b:27:02:15:07:49:04:87:11:ca:f5:62:
34:63:c7:ec
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAZo/ByLqEfLw5uhZm6xkALKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTAxMTA0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmUxYWMyMTZiNjM5MDZhZWZlZjVhM2E1OTUwMTJjZmZmZjg5ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zPiUojZqiTlP0ykQfUIpu1Gxajl
qXdWYjUK4zyawvp1p4sN8S0Z0cqPuT6iuBwS4+9Ame2qua85+MuHaUI6cleT25xC
JBkBv2u9Z1AADwWtZ6rZZidlzmDH9JG4LL+zXSeZ8uBRx6Ubpfdd2iz4AFK4ePoX
s5Hffm1yVrQO2iAxyWuLcGrpckzqsmSVJfU8O7aporAU+FetEMOs0UnQgMJ5zwIv
qpHzfhsstULhw/u7ebNMJ4u+d9xrdyDyAmneZ62jSm6yT0a8BoddPUBU78OcVKdC
G0V9yNn+2SKf5qsHOWS6i6tzJlL2gR23+qOgvGMS7qnB6t8GmxrmNpJ/KQIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFA/hrCFrY5Bq7+9aOllQEs//+J1KMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRC1Hc0lXdGprR3J2NzFvNldWQVN6X180blVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBxwQCAAEwgcADBAAF
r9UDBAEFr9wwDAMEAAWv3wMEAAWv4AMEAAXnRwMEAAXnSgMEAAXnTwMEAAXnXDAM
AwQBBedqAwQABeduMAwDBAAF53UDBAIF53gDBAAF58sDBAAF588DBAAF5/EDBAEF
5/wwDAMEAFlqVQMEAFlqWAMEAFlqWwMEAFmQPAMEAF75vgMEAF75wwMEAF75zQME
AF757zAMAwQAXvnzAwQAXvn0MAwDBAFe+fYDBAFe+fgDBABe+fwDBAG5dxIwDQYJ
KoZIhvcNAQELBQADggEBADacy58Mw5cNVEWrZ1lVvydp/TCJq0hSnzu0ix9sxSTL
ILqGydUmY2wxZ6gzlcmAmsOkaEApUJ2vLCX466c0T56l0TwjO66zztikMLx0ZLGu
sCu5LjjTdw11pqIzU7mlXyZaiJRcNQ3pQoDvR+whKAdBPJJt8S/kCss/YHTmV4TM
AR9RanylNzPPUu2a0xOx+ncnhth9Jlki7HsJfxzskWEuB8S8xdxSsRpEInoANhD+
1ov+zWt2l2cB+5RjK1e6zD7teUTPnUDfMVya02sKU1LsNeBjxmXzV4nOBFX8nnSZ
vpXyTvqHPO4po7YgoxAlSSsnAhUHSQSHEcr1YjRjx+w=
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:47:11 2025 by rpki-client