
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/S_-0FDIrVQDzaijY6VxqByAB1lc.roa
File: S_-0FDIrVQDzaijY6VxqByAB1lc.roa (raw, json)
Hash identifier: TfqMFDdllR/MppgsJbJ3DDwOFZhjdMJFII0e9w5g/s0=
Subject key identifier: 4B:FF:B4:14:32:2B:55:00:F3:6A:28:D8:E9:5C:6A:07:20:01:D6:57
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019862F65B0A3D6A245C4F193311C1C63333
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/S_-0FDIrVQDzaijY6VxqByAB1lc.roa
Signing time: Fri 01 Aug 2025 00:09:28 +0000
ROA not before: Fri 01 Aug 2025 00:09:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 22616
IP address blocks: 147.161.128.0/23 maxlen: 24
164.137.4.0/24 maxlen: 24
164.137.5.0/24 maxlen: 24
164.137.6.0/24 maxlen: 24
164.137.7.0/24 maxlen: 24
164.137.8.0/24 maxlen: 24
164.137.9.0/24 maxlen: 24
164.137.10.0/24 maxlen: 24
164.137.11.0/24 maxlen: 24
164.137.12.0/24 maxlen: 24
164.137.13.0/24 maxlen: 24
164.137.14.0/24 maxlen: 24
164.137.15.0/24 maxlen: 24
164.137.16.0/24 maxlen: 24
164.137.17.0/24 maxlen: 24
164.137.18.0/24 maxlen: 24
164.137.19.0/24 maxlen: 24
164.137.20.0/24 maxlen: 24
164.137.21.0/24 maxlen: 24
164.137.22.0/24 maxlen: 24
164.137.23.0/24 maxlen: 24
164.137.24.0/24 maxlen: 24
164.137.25.0/24 maxlen: 24
164.137.26.0/24 maxlen: 24
164.137.27.0/24 maxlen: 24
164.137.28.0/24 maxlen: 24
164.137.29.0/24 maxlen: 24
164.137.30.0/24 maxlen: 24
164.137.31.0/24 maxlen: 24
164.137.32.0/24 maxlen: 24
164.137.33.0/24 maxlen: 24
164.137.34.0/24 maxlen: 24
164.137.35.0/24 maxlen: 24
164.137.36.0/24 maxlen: 24
164.137.37.0/24 maxlen: 24
164.137.38.0/24 maxlen: 24
164.137.39.0/24 maxlen: 24
164.137.40.0/24 maxlen: 24
164.137.41.0/24 maxlen: 24
164.137.42.0/24 maxlen: 24
164.137.43.0/24 maxlen: 24
164.137.44.0/24 maxlen: 24
164.137.45.0/24 maxlen: 24
164.137.46.0/24 maxlen: 24
164.137.47.0/24 maxlen: 24
164.137.48.0/24 maxlen: 24
164.137.49.0/24 maxlen: 24
164.137.50.0/24 maxlen: 24
164.137.51.0/24 maxlen: 24
164.137.52.0/24 maxlen: 24
164.137.53.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 20:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:62:f6:5b:0a:3d:6a:24:5c:4f:19:33:11:c1:c6:33:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Aug 1 00:09:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4bffb414322b5500f36a28d8e95c6a072001d657
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:c4:c8:ca:4d:6c:24:0d:a5:54:5f:ac:bc:93:
23:21:93:0a:80:30:0a:9e:83:2a:b6:fd:14:cd:5c:
0a:b3:8c:74:e4:0a:31:07:ee:33:71:11:9a:a8:26:
ca:08:68:af:58:0e:9e:79:c6:74:9d:14:15:a2:f7:
a3:b8:af:13:02:d7:09:01:40:a7:0c:60:76:74:04:
50:bc:1b:9f:f8:28:2b:3d:82:b2:10:6d:ea:8a:1f:
ce:88:4d:6f:00:4d:86:43:11:4f:40:9c:30:62:d2:
5b:2c:83:39:75:fa:21:e3:f3:43:aa:83:91:a2:7c:
3c:97:b2:48:fa:65:f8:33:4d:76:a5:6b:7e:1e:4e:
da:c8:5b:1d:6c:4c:4b:7b:a7:ac:c9:3e:8e:03:9d:
6f:3c:d2:d1:4a:94:20:05:8e:b6:7d:ba:25:50:03:
98:80:2f:c5:df:fe:f4:21:d0:10:c9:bd:9c:0e:f9:
b1:c0:dd:8d:76:95:01:63:0b:26:61:77:ae:4e:fa:
8b:1e:fa:59:d4:b2:c6:58:74:d9:77:6b:64:31:03:
19:d9:76:77:97:44:57:de:ff:97:6d:ec:00:f8:c6:
a0:4e:80:cb:e6:88:b9:70:86:ef:db:79:1d:77:5f:
cf:e5:12:18:95:f6:a5:0b:76:6e:8c:e0:6f:d0:32:
8a:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:FF:B4:14:32:2B:55:00:F3:6A:28:D8:E9:5C:6A:07:20:01:D6:57
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/S_-0FDIrVQDzaijY6VxqByAB1lc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.128.0/23
164.137.4.0-164.137.53.255
Signature Algorithm: sha256WithRSAEncryption
73:fa:98:ec:1b:bb:1b:d6:fc:91:50:f3:fd:4a:13:7b:14:72:
12:bf:51:ec:38:d5:52:e8:83:47:1a:85:d9:4a:54:c7:c4:6e:
52:e8:11:a7:66:db:ca:47:1c:a9:22:a9:6f:5f:55:31:77:cf:
02:78:1d:9b:2f:76:e8:31:f6:89:6a:9e:6c:18:b7:52:a2:dd:
bf:d4:fc:5f:cc:a6:72:73:2b:f8:69:78:de:fb:c6:38:bb:04:
5a:a9:a5:d0:82:36:7d:f2:bb:ff:08:91:b5:d8:7b:e1:fd:40:
c0:76:09:27:d1:0e:10:c7:31:e5:9c:ad:ff:11:7a:0d:74:46:
44:dc:27:73:d2:ca:40:a3:c6:cf:77:e7:9f:ec:b6:cc:2c:85:
4e:88:39:84:ff:16:07:0d:c7:60:72:fe:e0:80:3a:c9:55:f2:
98:32:ee:22:b2:1f:07:b9:a3:a5:d4:b4:b5:ac:20:8d:2d:09:
70:42:d9:5f:8d:18:79:73:a8:73:71:5b:63:95:41:7f:9f:5c:
ed:92:49:14:34:d2:ed:b8:f4:29:45:cf:bd:bc:52:2a:c2:3e:
dd:7c:99:f9:7e:10:6f:cb:8d:ce:67:e9:d2:99:97:7d:a9:e0:
cc:8f:8f:c9:c5:39:5d:a0:8d:ff:e6:c8:61:c0:1d:28:63:87:
58:ff:96:12
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZhi9lsKPWokXE8ZMxHBxjMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUwODAxMDAwOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmZmYjQxNDMyMmI1NTAwZjM2YTI4ZDhlOTVjNmEwNzIwMDFkNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMTIyk1sJA2lVF+svJMjIZMKgDAK
noMqtv0UzVwKs4x05AoxB+4zcRGaqCbKCGivWA6eecZ0nRQVovejuK8TAtcJAUCn
DGB2dARQvBuf+CgrPYKyEG3qih/OiE1vAE2GQxFPQJwwYtJbLIM5dfoh4/NDqoOR
onw8l7JI+mX4M012pWt+Hk7ayFsdbExLe6esyT6OA51vPNLRSpQgBY62fbolUAOY
gC/F3/70IdAQyb2cDvmxwN2NdpUBYwsmYXeuTvqLHvpZ1LLGWHTZd2tkMQMZ2XZ3
l0RX3v+XbewA+MagToDL5oi5cIbv23kdd1/P5RIYlfalC3ZujOBv0DKKgwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEv/tBQyK1UA82oo2OlcagcgAdZXMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvU18tMEZESXJWUUR6YWlqWTZWeHFCeUFCMWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBk6GAMAwD
BAKkiQQDBAGkiTQwDQYJKoZIhvcNAQELBQADggEBAHP6mOwbuxvW/JFQ8/1KE3sU
chK/Uew41VLog0cahdlKVMfEblLoEadm28pHHKkiqW9fVTF3zwJ4HZsvdugx9olq
nmwYt1Ki3b/U/F/MpnJzK/hpeN77xji7BFqppdCCNn3yu/8IkbXYe+H9QMB2CSfR
DhDHMeWcrf8Reg10RkTcJ3PSykCjxs9355/stswshU6IOYT/FgcNx2By/uCAOslV
8pgy7iKyHwe5o6XUtLWsII0tCXBC2V+NGHlzqHNxW2OVQX+fXO2SSRQ00u249ClF
z728UirCPt18mfl+EG/Ljc5n6dKZl32p4MyPj8nFOV2gjf/myGHAHShjh1j/lhI=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:04:56 2025 by rpki-client