Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pcXYlaDPwjog7iEv3SU8SnXzBAo.roa
File: pcXYlaDPwjog7iEv3SU8SnXzBAo.roa (raw, json)
Hash identifier: /AdWWJb1IqZ42mmM/SvQrc5HCBK96OSXdfXnx0nlkCw=
Subject key identifier: A5:C5:D8:95:A0:CF:C2:3A:20:EE:21:2F:DD:25:3C:4A:75:F3:04:0A
Certificate issuer: /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial: 019A25E123634C28CC5E809077FBE6D18C88
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pcXYlaDPwjog7iEv3SU8SnXzBAo.roa
Signing time: Mon 27 Oct 2025 13:35:02 +0000
ROA not before: Mon 27 Oct 2025 13:35:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44654
IP address blocks: 37.252.208.0/23 maxlen: 23
37.252.208.0/24 maxlen: 24
37.252.209.0/24 maxlen: 24
37.252.210.0/23 maxlen: 23
37.252.210.0/24 maxlen: 24
37.252.211.0/24 maxlen: 24
37.252.212.0/23 maxlen: 23
37.252.212.0/24 maxlen: 24
37.252.213.0/24 maxlen: 24
37.252.215.0/24 maxlen: 24
109.205.8.0/21 maxlen: 24
109.205.9.0/24 maxlen: 24
185.36.124.0/22 maxlen: 24
185.36.124.0/23 maxlen: 23
185.36.126.0/24 maxlen: 24
185.36.127.0/24 maxlen: 24
2a02:d8::/32 maxlen: 48
2a02:d8:8::/48 maxlen: 48
2a02:d8:9::/48 maxlen: 48
2a02:d8:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:e1:23:63:4c:28:cc:5e:80:90:77:fb:e6:d1:8c:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
Validity
Not Before: Oct 27 13:35:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5c5d895a0cfc23a20ee212fdd253c4a75f3040a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ca:35:1e:29:f8:c0:f5:ac:23:d1:bd:2e:8a:
2e:d8:29:a7:9b:99:1d:a4:7c:50:a8:11:67:db:a9:
ba:85:10:05:da:12:8b:b9:89:8d:8d:4d:3a:85:05:
52:8e:24:b3:8d:e1:77:d2:a2:bc:79:a1:a3:46:04:
40:07:4b:d7:34:d9:3b:be:3d:68:4c:58:8e:84:b5:
7c:13:0d:70:d1:2a:c8:30:39:cb:67:1a:d6:18:34:
a9:9c:11:c3:74:cc:33:21:d5:3b:04:96:75:e9:62:
94:d1:de:63:10:3f:44:6c:eb:a8:d7:9e:b2:7f:bb:
e8:fc:f9:48:00:4b:b7:cb:32:d8:b7:39:c2:91:69:
28:99:32:75:fa:d6:5f:ef:76:c4:e2:f6:09:f4:0c:
ab:6e:ff:a8:2f:a8:e2:c0:c4:1e:39:0f:4c:49:74:
33:8c:09:69:fb:86:d4:b6:2a:b4:84:a2:f0:bb:33:
fe:43:b2:50:47:5c:d9:dd:a1:59:27:ae:61:6f:8b:
d4:2c:81:e8:6e:56:2b:f9:3c:dd:22:68:be:7f:16:
2d:95:cf:7d:90:e8:23:bf:6d:71:78:11:91:0b:17:
17:17:f4:40:1e:04:de:e3:d8:f7:21:c5:c1:0a:a4:
87:39:8e:68:67:83:71:b9:e5:dd:e7:7d:6e:a1:e3:
85:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:C5:D8:95:A0:CF:C2:3A:20:EE:21:2F:DD:25:3C:4A:75:F3:04:0A
X509v3 Authority Key Identifier:
keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/pcXYlaDPwjog7iEv3SU8SnXzBAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.208.0-37.252.213.255
37.252.215.0/24
109.205.8.0/21
185.36.124.0/22
IPv6:
2a02:d8::/32
Signature Algorithm: sha256WithRSAEncryption
92:df:f6:26:4f:ab:5e:3b:6a:e3:b3:ea:5c:f2:b2:ff:52:71:
cd:a5:f1:62:65:bb:3e:a1:ee:fa:90:ac:f3:52:a3:c8:3d:e9:
e6:6a:1d:1a:65:3b:63:f5:d5:d6:3e:95:bb:fc:4d:ff:19:bc:
62:38:33:2c:e4:85:4b:a8:89:9c:db:c9:6d:35:a4:73:49:91:
d0:9f:ac:5b:56:e7:4c:50:b3:95:68:58:29:54:a4:40:88:de:
05:45:9f:fb:21:8b:bd:ff:65:fb:10:27:e6:49:17:bc:bc:af:
6a:52:ba:af:a2:2b:59:8e:dc:35:0a:75:46:05:7b:28:7d:50:
dc:d3:1a:39:4d:fe:ad:ad:e7:41:d7:13:df:ac:d7:a0:75:e8:
e0:ff:32:0c:f9:7c:ca:de:76:dc:c3:5a:23:0a:c9:de:f9:3e:
f3:43:1a:e1:d8:5e:88:9c:44:18:11:7c:1c:32:f7:8f:e7:96:
42:be:f1:ae:6e:16:37:f2:49:49:49:61:c0:ab:0f:36:e8:b9:
b0:36:2f:a9:e3:31:c0:5e:c9:41:9d:36:32:e8:7e:86:93:04:
d3:8e:69:f2:76:d7:a9:8d:44:79:f2:e6:4c:c6:a5:3a:d9:c7:
0e:40:a2:ee:c3:59:af:4e:9f:05:5c:b8:4f:60:b1:fa:bb:77:
14:11:1e:40
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZol4SNjTCjMXoCQd/vm0YyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUxMDI3MTMzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWM1ZDg5NWEwY2ZjMjNhMjBlZTIxMmZkZDI1M2M0YTc1ZjMwNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMo1Hin4wPWsI9G9Loou2Cmnm5kd
pHxQqBFn26m6hRAF2hKLuYmNjU06hQVSjiSzjeF30qK8eaGjRgRAB0vXNNk7vj1o
TFiOhLV8Ew1w0SrIMDnLZxrWGDSpnBHDdMwzIdU7BJZ16WKU0d5jED9EbOuo156y
f7vo/PlIAEu3yzLYtznCkWkomTJ1+tZf73bE4vYJ9Ayrbv+oL6jiwMQeOQ9MSXQz
jAlp+4bUtiq0hKLwuzP+Q7JQR1zZ3aFZJ65hb4vULIHoblYr+TzdImi+fxYtlc99
kOgjv21xeBGRCxcXF/RAHgTe49j3IcXBCqSHOY5oZ4NxueXd531uoeOFvQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFKXF2JWgz8I6IO4hL90lPEp18wQKMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvcGNYWWxhRFB3am9nN2lFdjNTVThTblh6QkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBAJLf9iZPq147auOz6lzysv9Scc2l8WJluz6h7vqQrPNSo8g96eZq
HRplO2P11dY+lbv8Tf8ZvGI4MyzkhUuoiZzbyW01pHNJkdCfrFtW50xQs5VoWClU
pECI3gVFn/shi73/ZfsQJ+ZJF7y8r2pSuq+iK1mO3DUKdUYFeyh9UNzTGjlN/q2t
50HXE9+s16B16OD/Mgz5fMredtzDWiMKyd75PvNDGuHYXoicRBgRfBwy94/nlkK+
8a5uFjfySUlJYcCrDzboubA2L6njMcBeyUGdNjLofoaTBNOOafJ216mNRHny5kzG
pTrZxw5Aou7DWa9OnwVcuE9gsfq7dxQRHkA=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:47:10 2025 by rpki-client