Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/P8ZGABCIgKC_ep214wpUbefu2FM.roa
File: P8ZGABCIgKC_ep214wpUbefu2FM.roa (raw, json)
Hash identifier: Y4Pa9YGKLB8ROiwx2DGtA5aKxDohmm3YX8gn3D9Lf4U=
Subject key identifier: 3F:C6:46:00:10:88:80:A0:BF:7A:9D:B5:E3:0A:54:6D:E7:EE:D8:53
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 019A34569E582771358A413ECD34B7A77C9E
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/P8ZGABCIgKC_ep214wpUbefu2FM.roa
Signing time: Thu 30 Oct 2025 08:58:03 +0000
ROA not before: Thu 30 Oct 2025 08:58:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8359
IP address blocks: 5.144.96.0/19 maxlen: 19
5.144.125.0/24 maxlen: 24
5.189.208.0/21 maxlen: 21
5.227.170.0/23 maxlen: 23
31.40.112.0/20 maxlen: 20
37.208.120.0/21 maxlen: 21
62.118.0.0/16 maxlen: 24
62.168.224.0/19 maxlen: 19
79.171.115.0/24 maxlen: 24
80.80.96.0/19 maxlen: 19
80.83.236.0/24 maxlen: 24
80.83.237.0/24 maxlen: 24
81.91.32.0/19 maxlen: 19
81.91.41.0/24 maxlen: 24
81.195.0.0/16 maxlen: 24
82.96.192.0/18 maxlen: 18
83.237.0.0/16 maxlen: 16
85.140.0.0/15 maxlen: 24
85.235.32.0/19 maxlen: 19
89.175.0.0/16 maxlen: 16
89.175.248.0/21 maxlen: 21
91.76.0.0/14 maxlen: 14
91.195.210.0/23 maxlen: 23
92.43.184.0/21 maxlen: 21
93.90.224.0/20 maxlen: 20
93.90.224.0/22 maxlen: 22
94.77.128.0/18 maxlen: 18
94.77.144.0/22 maxlen: 22
94.140.128.0/19 maxlen: 19
94.243.5.0/24 maxlen: 24
94.243.32.0/24 maxlen: 24
95.153.136.0/22 maxlen: 22
95.169.128.0/19 maxlen: 19
109.198.224.0/19 maxlen: 19
141.105.24.0/21 maxlen: 21
176.222.17.0/24 maxlen: 24
178.141.0.0/16 maxlen: 16
178.155.0.0/17 maxlen: 17
178.155.48.0/22 maxlen: 22
178.159.16.0/20 maxlen: 20
185.168.236.0/22 maxlen: 22
193.104.128.0/24 maxlen: 24
193.169.118.0/23 maxlen: 23
193.189.68.0/23 maxlen: 23
194.126.203.0/24 maxlen: 24
195.34.0.0/19 maxlen: 19
195.34.15.0/24 maxlen: 24
195.34.32.0/19 maxlen: 19
195.34.36.0/24 maxlen: 24
195.34.38.0/24 maxlen: 24
195.34.42.0/24 maxlen: 24
212.188.0.0/17 maxlen: 17
212.188.1.0/24 maxlen: 24
212.188.16.0/24 maxlen: 24
212.188.29.0/24 maxlen: 24
213.27.0.0/17 maxlen: 17
213.87.0.0/16 maxlen: 16
213.87.64.0/22 maxlen: 22
213.87.70.0/23 maxlen: 23
213.87.76.0/23 maxlen: 23
213.87.80.0/20 maxlen: 20
213.87.98.0/23 maxlen: 23
213.87.100.0/24 maxlen: 24
213.87.104.0/24 maxlen: 24
213.87.105.0/24 maxlen: 24
213.87.106.0/23 maxlen: 23
213.87.128.0/19 maxlen: 19
213.87.160.0/22 maxlen: 22
213.87.200.0/22 maxlen: 22
213.87.204.0/22 maxlen: 22
213.87.208.0/23 maxlen: 23
213.87.210.0/23 maxlen: 23
213.87.240.0/22 maxlen: 22
213.87.244.0/23 maxlen: 23
213.87.246.0/24 maxlen: 24
213.87.248.0/22 maxlen: 22
213.147.32.0/19 maxlen: 19
213.176.228.0/22 maxlen: 22
217.74.244.0/22 maxlen: 22
217.74.248.0/21 maxlen: 21
2a00:1fa0::/29 maxlen: 29
2a00:1fa0::/33 maxlen: 33
2a00:1fa0:8000::/33 maxlen: 33
2a00:1fa1::/33 maxlen: 33
2a00:1fa2::/33 maxlen: 33
2a00:1fa3::/33 maxlen: 33
2a00:1fa3:8000::/40 maxlen: 40
2a02:28::/29 maxlen: 29
2a02:28::/32 maxlen: 32
2a02:28:1::/48 maxlen: 48
2a02:28:a::/48 maxlen: 48
2a02:29::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:34:56:9e:58:27:71:35:8a:41:3e:cd:34:b7:a7:7c:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Oct 30 08:58:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3fc64600108880a0bf7a9db5e30a546de7eed853
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:54:65:7b:6f:df:9a:7e:83:af:9d:d1:c9:44:
58:37:a6:68:39:7a:26:c6:eb:7e:01:e6:86:99:ae:
a6:a2:da:f8:1f:a2:db:5b:d7:f7:ea:99:14:50:9b:
75:6d:93:4d:7c:3e:aa:2d:ce:82:df:3c:c0:df:e0:
71:a4:76:95:a4:cf:5a:7d:fa:28:02:dd:7f:44:79:
96:fd:be:ae:61:19:56:1e:ee:e0:cf:9c:34:59:c0:
75:24:32:08:b2:de:72:c2:64:90:f1:36:1e:40:57:
05:ba:18:21:7b:36:e1:ac:c6:03:46:c6:0f:f3:f9:
41:b0:c4:bd:57:eb:77:8b:34:24:ec:d6:13:ad:e0:
e1:4f:e6:97:9c:48:7d:62:98:dc:f6:b2:73:da:44:
8f:d2:6a:cb:f3:e6:9c:23:56:7d:01:56:ff:41:bf:
55:c0:f4:35:52:76:8e:c9:26:73:90:52:e4:f4:7a:
61:31:98:e2:c6:3a:c4:09:4c:91:48:5e:3d:26:23:
da:bc:55:e9:94:6a:60:d7:70:08:05:20:a3:7b:f7:
21:cd:9d:27:e4:32:12:7a:75:9c:50:5e:48:60:5d:
2f:62:49:21:bf:0f:8d:0b:7d:9e:3c:3a:a5:7c:b2:
44:e6:cf:df:26:6a:5b:84:50:1c:95:45:a5:23:4e:
ca:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:C6:46:00:10:88:80:A0:BF:7A:9D:B5:E3:0A:54:6D:E7:EE:D8:53
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/P8ZGABCIgKC_ep214wpUbefu2FM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.144.96.0/19
5.189.208.0/21
5.227.170.0/23
31.40.112.0/20
37.208.120.0/21
62.118.0.0/16
62.168.224.0/19
79.171.115.0/24
80.80.96.0/19
80.83.236.0/23
81.91.32.0/19
81.195.0.0/16
82.96.192.0/18
83.237.0.0/16
85.140.0.0/15
85.235.32.0/19
89.175.0.0/16
91.76.0.0/14
91.195.210.0/23
92.43.184.0/21
93.90.224.0/20
94.77.128.0/18
94.140.128.0/19
94.243.5.0/24
94.243.32.0/24
95.153.136.0/22
95.169.128.0/19
109.198.224.0/19
141.105.24.0/21
176.222.17.0/24
178.141.0.0/16
178.155.0.0/17
178.159.16.0/20
185.168.236.0/22
193.104.128.0/24
193.169.118.0/23
193.189.68.0/23
194.126.203.0/24
195.34.0.0/18
212.188.0.0/17
213.27.0.0/17
213.87.0.0/16
213.147.32.0/19
213.176.228.0/22
217.74.244.0-217.74.255.255
IPv6:
2a00:1fa0::/29
2a02:28::/29
Signature Algorithm: sha256WithRSAEncryption
24:85:d4:7a:57:5f:e2:12:1c:52:1f:d0:fb:13:93:60:8f:a9:
63:f3:dd:b2:b6:35:7e:d4:d0:28:45:7f:85:ec:10:6e:8d:5b:
41:5a:0c:bb:03:32:16:74:f2:66:65:d7:8b:c3:d3:f4:ef:93:
64:3f:d6:a9:8d:7e:10:b1:7b:43:40:c0:b9:f2:8b:12:a7:e0:
b6:56:a4:a4:13:1f:97:21:0c:66:71:27:45:9f:c7:dd:1b:ec:
70:0b:7a:0b:48:fc:5b:df:8f:dc:14:8f:2e:bc:35:e2:81:48:
63:dd:c7:b6:60:29:ef:83:b9:9f:d4:a7:29:d5:f0:a0:94:1b:
58:e8:df:04:60:a5:1c:03:81:98:b9:12:be:6f:b5:58:55:a3:
64:82:2a:03:69:b2:f6:1b:ff:c5:1d:15:75:2b:cd:3f:24:6c:
03:fa:28:62:ff:7c:b9:02:1a:6d:61:3f:5a:7b:e1:96:29:ad:
ce:f3:58:ae:47:41:dc:a5:34:63:e5:80:31:1d:ac:9b:9f:79:
c7:51:67:5b:54:50:88:5a:3c:61:aa:08:75:45:32:46:46:79:
73:ae:10:22:67:b8:5e:5c:12:a5:7b:a1:da:7b:56:d9:90:99:
28:7a:67:ef:44:5c:dc:43:33:62:33:2d:24:a6:6e:7c:4b:6c:
fd:d9:20:fb
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgISAZo0Vp5YJ3E1ikE+zTS3p3yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUxMDMwMDg1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmM2NDYwMDEwODg4MGEwYmY3YTlkYjVlMzBhNTQ2ZGU3ZWVkODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FRle2/fmn6Dr53RyURYN6ZoOXom
xut+AeaGma6motr4H6LbW9f36pkUUJt1bZNNfD6qLc6C3zzA3+BxpHaVpM9affoo
At1/RHmW/b6uYRlWHu7gz5w0WcB1JDIIst5ywmSQ8TYeQFcFuhghezbhrMYDRsYP
8/lBsMS9V+t3izQk7NYTreDhT+aXnEh9Ypjc9rJz2kSP0mrL8+acI1Z9AVb/Qb9V
wPQ1UnaOySZzkFLk9HphMZjixjrECUyRSF49JiPavFXplGpg13AIBSCje/chzZ0n
5DISenWcUF5IYF0vYkkhvw+NC32ePDqlfLJE5s/fJmpbhFAclUWlI07KIwIDAQAB
o4IDMDCCAywwHQYDVR0OBBYEFD/GRgAQiICgv3qdteMKVG3n7thTMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvUDhaR0FCQ0lnS0NfZXAyMTR3cFViZWZ1MkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRAYIKwYBBQUHAQcBAf8EggEzMIIBLzCCARUEAgABMIIB
DQMEBQWQYAMEAwW90AMEAQXjqgMEBB8ocAMEAyXQeAMDAD52AwQFPqjgAwQAT6tz
AwQFUFBgAwQBUFPsAwQFUVsgAwMAUcMDBAZSYMADAwBT7QMDAVWMAwQFVesgAwMA
Wa8DAwJbTAMEAVvD0gMEA1wruAMEBF1a4AMEBl5NgAMEBV6MgAMEAF7zBQMEAF7z
IAMEAl+ZiAMEBV+pgAMEBW3G4AMEA41pGAMEALDeEQMDALKNAwQHspsAAwQEsp8Q
AwQCuajsAwQAwWiAAwQBwal2AwQBwb1EAwQAwn7LAwQGwyIAAwQH1LwAAwQH1RsA
AwMA1VcDBAXVkyADBALVsOQwCwMEAtlK9AMDANlKMBQEAgACMA4DBQMqAB+gAwUD
KgIAKDANBgkqhkiG9w0BAQsFAAOCAQEAJIXUeldf4hIcUh/Q+xOTYI+pY/PdsrY1
ftTQKEV/hewQbo1bQVoMuwMyFnTyZmXXi8PT9O+TZD/WqY1+ELF7Q0DAufKLEqfg
tlakpBMflyEMZnEnRZ/H3RvscAt6C0j8W9+P3BSPLrw14oFIY93HtmAp74O5n9Sn
KdXwoJQbWOjfBGClHAOBmLkSvm+1WFWjZIIqA2my9hv/xR0VdSvNPyRsA/ooYv98
uQIabWE/WnvhlimtzvNYrkdB3KU0Y+WAMR2sm595x1FnW1RQiFo8YaoIdUUyRkZ5
c64QIme4XlwSpXuh2ntW2ZCZKHpn70Rc3EMzYjMtJKZufEts/dkg+w==
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:35:06 2025 by rpki-client