Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/NFVItNq2OuycBZAKwujdNRPdjR4.roa
File: NFVItNq2OuycBZAKwujdNRPdjR4.roa (raw, json)
Hash identifier: kFLAiEsjdkmomPuGBpZgEpCt6qeMdIVgeardYp2BucY=
Subject key identifier: 34:55:48:B4:DA:B6:3A:EC:9C:05:90:0A:C2:E8:DD:35:13:DD:8D:1E
Certificate issuer: /CN=3bde2cd5215e93bfa0ca6df8b2c1f5ed2c94af74
Certificate serial: 019A4E2B7930FBFDAA658FD00357866EA329
Authority key identifier: 3B:DE:2C:D5:21:5E:93:BF:A0:CA:6D:F8:B2:C1:F5:ED:2C:94:AF:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/NFVItNq2OuycBZAKwujdNRPdjR4.roa
Signing time: Tue 04 Nov 2025 09:21:03 +0000
ROA not before: Tue 04 Nov 2025 09:21:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33915
IP address blocks: 80.112.128.0/18 maxlen: 18
80.112.128.0/19 maxlen: 19
80.112.160.0/19 maxlen: 19
80.114.128.0/18 maxlen: 18
80.114.128.0/19 maxlen: 19
80.114.160.0/19 maxlen: 19
80.115.224.0/19 maxlen: 19
80.115.224.0/20 maxlen: 20
80.115.240.0/20 maxlen: 20
80.242.224.0/19 maxlen: 19
80.242.224.0/20 maxlen: 20
80.242.240.0/20 maxlen: 20
91.221.96.0/23 maxlen: 23
185.130.174.0/23 maxlen: 23
195.35.128.0/17 maxlen: 17
195.35.128.0/18 maxlen: 18
195.35.192.0/18 maxlen: 18
195.85.128.0/18 maxlen: 18
195.85.128.0/19 maxlen: 19
195.85.160.0/19 maxlen: 19
212.178.64.0/18 maxlen: 18
212.178.64.0/19 maxlen: 19
212.178.96.0/19 maxlen: 19
212.178.128.0/19 maxlen: 19
212.178.128.0/20 maxlen: 20
212.178.144.0/20 maxlen: 20
212.178.192.0/19 maxlen: 19
212.178.192.0/20 maxlen: 20
212.178.208.0/20 maxlen: 20
212.203.0.0/19 maxlen: 19
212.203.0.0/20 maxlen: 20
212.203.16.0/20 maxlen: 20
213.34.64.0/19 maxlen: 19
213.34.64.0/20 maxlen: 20
213.34.80.0/20 maxlen: 20
213.34.160.0/19 maxlen: 19
213.34.160.0/20 maxlen: 20
213.34.176.0/20 maxlen: 20
213.124.0.0/17 maxlen: 17
213.124.0.0/18 maxlen: 18
213.124.64.0/18 maxlen: 18
213.124.128.0/19 maxlen: 19
213.124.128.0/20 maxlen: 20
213.124.144.0/20 maxlen: 20
213.125.0.0/16 maxlen: 16
213.125.0.0/17 maxlen: 17
213.125.128.0/17 maxlen: 17
213.126.0.0/17 maxlen: 17
213.126.0.0/18 maxlen: 18
213.126.64.0/18 maxlen: 18
213.132.160.0/19 maxlen: 19
213.132.160.0/20 maxlen: 20
213.132.176.0/20 maxlen: 20
217.100.0.0/16 maxlen: 16
217.100.0.0/17 maxlen: 17
217.100.128.0/17 maxlen: 17
217.102.224.0/21 maxlen: 21
217.102.224.0/22 maxlen: 22
217.102.228.0/22 maxlen: 22
217.105.192.0/19 maxlen: 19
217.105.192.0/20 maxlen: 20
217.105.208.0/20 maxlen: 20
2001:41f0::/29 maxlen: 29
2001:41f0::/32 maxlen: 32
2001:41f0::/33 maxlen: 33
2001:41f0:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:2b:79:30:fb:fd:aa:65:8f:d0:03:57:86:6e:a3:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3bde2cd5215e93bfa0ca6df8b2c1f5ed2c94af74
Validity
Not Before: Nov 4 09:21:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=345548b4dab63aec9c05900ac2e8dd3513dd8d1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:09:cb:95:23:39:31:e2:64:41:93:65:f7:57:
7d:83:ed:6b:07:e8:4c:c6:eb:b2:46:53:14:2d:fb:
22:d2:f8:48:29:02:5f:fb:b9:48:46:5c:23:f3:f1:
29:aa:9d:dd:95:9d:f6:4d:f5:b4:ff:66:ac:7a:0d:
ae:50:1b:0a:c0:91:ed:df:20:30:bc:0a:1f:77:c0:
5c:2c:28:e9:a0:88:55:ea:0f:5c:16:50:3b:35:99:
ab:51:a8:9c:8a:45:fb:60:d5:27:f4:b0:40:61:eb:
89:10:a8:cd:74:7c:4b:2b:97:94:6b:9a:02:50:7d:
98:c9:c6:53:cd:aa:9d:25:1b:17:49:6b:e6:7c:63:
30:c5:22:94:7a:51:75:da:28:fb:70:34:41:0b:e4:
09:76:7d:c6:32:b7:ee:d3:3d:e3:fb:10:1a:77:4b:
0e:2d:00:65:ef:12:d7:1e:72:be:09:83:d4:24:92:
33:e4:2d:bc:23:03:80:d5:88:1f:8a:d0:32:8e:3d:
43:18:71:4a:2d:45:40:30:5e:04:f2:33:f6:da:ff:
37:44:da:a6:a9:35:f3:eb:18:11:97:82:02:9d:fc:
0d:42:aa:fc:f2:f4:98:38:37:6e:27:25:15:7a:27:
6b:52:4f:78:79:54:9b:61:4c:96:3a:62:f4:c2:b3:
b4:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:55:48:B4:DA:B6:3A:EC:9C:05:90:0A:C2:E8:DD:35:13:DD:8D:1E
X509v3 Authority Key Identifier:
keyid:3B:DE:2C:D5:21:5E:93:BF:A0:CA:6D:F8:B2:C1:F5:ED:2C:94:AF:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O94s1SFek7-gym34ssH17SyUr3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/NFVItNq2OuycBZAKwujdNRPdjR4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c53a3e-f90d-4742-84fb-db319a31bdf7/1/O94s1SFek7-gym34ssH17SyUr3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.112.128.0/18
80.114.128.0/18
80.115.224.0/19
80.242.224.0/19
91.221.96.0/23
185.130.174.0/23
195.35.128.0/17
195.85.128.0/18
212.178.64.0-212.178.159.255
212.178.192.0/19
212.203.0.0/19
213.34.64.0/19
213.34.160.0/19
213.124.0.0-213.124.159.255
213.125.0.0-213.126.127.255
213.132.160.0/19
217.100.0.0/16
217.102.224.0/21
217.105.192.0/19
IPv6:
2001:41f0::/29
Signature Algorithm: sha256WithRSAEncryption
12:54:58:e9:f1:55:3c:bd:1f:29:73:fe:8c:c9:4d:cb:46:c3:
8d:93:1d:86:3e:76:52:14:67:6d:84:6c:e9:c7:3c:09:98:e8:
1f:fc:68:69:a4:e5:da:65:5a:36:84:d5:c4:61:80:4a:a4:7c:
35:13:c6:25:80:ac:e4:33:07:b2:ea:d3:af:f6:03:87:a9:cd:
28:65:d5:00:ba:79:01:97:aa:1e:8e:90:e3:87:ec:02:ec:65:
10:f4:5f:6c:02:e8:89:63:a8:4d:dc:ee:9b:bf:78:16:34:b6:
45:b3:0a:d9:b1:ed:b7:eb:31:d9:85:36:b7:5b:c0:26:15:91:
e8:6c:ba:93:4a:b4:75:88:45:db:6c:75:e8:26:38:23:f1:7b:
7c:e7:55:2e:50:23:c7:45:c0:9c:ee:bc:63:df:d6:23:08:02:
19:df:d5:fa:9b:69:d6:96:d4:b3:99:95:d1:2c:77:6b:80:68:
3b:86:ae:b2:b5:bb:61:43:21:c2:a7:2a:3d:78:a6:3e:52:de:
42:5e:d6:c2:93:75:d3:d8:2c:ef:03:9a:69:3c:62:77:70:ba:
0d:1c:7a:27:ec:29:64:e2:8b:f4:b6:6a:9a:7b:e8:83:4f:aa:
9d:6c:a0:fc:98:23:64:9d:df:bc:8c:34:18:d5:ea:1b:ad:e2:
ee:ef:9b:c8
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZpOK3kw+/2qZY/QA1eGbqMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZGUyY2Q1MjE1ZTkzYmZhMGNhNmRmOGIyYzFmNWVkMmM5
NGFmNzQwHhcNMjUxMTA0MDkyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDU1NDhiNGRhYjYzYWVjOWMwNTkwMGFjMmU4ZGQzNTEzZGQ4ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwnLlSM5MeJkQZNl91d9g+1rB+hM
xuuyRlMULfsi0vhIKQJf+7lIRlwj8/Epqp3dlZ32TfW0/2aseg2uUBsKwJHt3yAw
vAofd8BcLCjpoIhV6g9cFlA7NZmrUaicikX7YNUn9LBAYeuJEKjNdHxLK5eUa5oC
UH2YycZTzaqdJRsXSWvmfGMwxSKUelF12ij7cDRBC+QJdn3GMrfu0z3j+xAad0sO
LQBl7xLXHnK+CYPUJJIz5C28IwOA1YgfitAyjj1DGHFKLUVAMF4E8jP22v83RNqm
qTXz6xgRl4ICnfwNQqr88vSYODduJyUVeidrUk94eVSbYUyWOmL0wrO02wIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFDRVSLTatjrsnAWQCsLo3TUT3Y0eMB8GA1UdIwQY
MBaAFDveLNUhXpO/oMpt+LLB9e0slK90MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzk0czFTRmVrNy1neW0zNHNzSDE3U3lVcjNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jNTNhM2UtZjkwZC00NzQyLTg0ZmIt
ZGIzMTlhMzFiZGY3LzEvTkZWSXROcTJPdXljQlpBS3d1amROUlBkalI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jNTNhM2UtZjkwZC00NzQyLTg0ZmItZGIzMTlhMzFiZGY3
LzEvTzk0czFTRmVrNy1neW0zNHNzSDE3U3lVcjNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBjgQCAAEwgYcDBAZQ
cIADBAZQcoADBAVQc+ADBAVQ8uADBAFb3WADBAG5gq4DBAfDI4ADBAbDVYAwDAME
BtSyQAMEBdSygAMEBdSywAMEBdTLAAMEBdUiQAMEBdUioDALAwMC1XwDBAXVfIAw
CwMDANV9AwQH1X4AAwQF1YSgAwMA2WQDBAPZZuADBAXZacAwDQQCAAIwBwMFAyAB
QfAwDQYJKoZIhvcNAQELBQADggEBABJUWOnxVTy9Hylz/ozJTctGw42THYY+dlIU
Z22EbOnHPAmY6B/8aGmk5dplWjaE1cRhgEqkfDUTxiWArOQzB7Lq06/2A4epzShl
1QC6eQGXqh6OkOOH7ALsZRD0X2wC6IljqE3c7pu/eBY0tkWzCtmx7bfrMdmFNrdb
wCYVkehsupNKtHWIRdtsdegmOCPxe3znVS5QI8dFwJzuvGPf1iMIAhnf1fqbadaW
1LOZldEsd2uAaDuGrrK1u2FDIcKnKj14pj5S3kJe1sKTddPYLO8Dmmk8Yndwug0c
eifsKWTii/S2app76INPqp1soPyYI2Sd37yMNBjV6hut4u7vm8g=
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:35:59 2025 by rpki-client