Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/bLgHvX9mUEMCm3vK1IJDbb9y5As.roa
File: bLgHvX9mUEMCm3vK1IJDbb9y5As.roa (raw, json)
Hash identifier: Iec8+7QORam9tyXriXGZeRrV2+q085iOZxr107/LHws=
Subject key identifier: 6C:B8:07:BD:7F:66:50:43:02:9B:7B:CA:D4:82:43:6D:BF:72:E4:0B
Certificate issuer: /CN=c44db8b0983acf97a3255152c2ea592adae7735b
Certificate serial: 019A44CE9FE422D6B047B5491B1C0FBFEC04
Authority key identifier: C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/bLgHvX9mUEMCm3vK1IJDbb9y5As.roa
Signing time: Sun 02 Nov 2025 13:43:03 +0000
ROA not before: Sun 02 Nov 2025 13:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203020
IP address blocks: 2.57.76.0/22 maxlen: 32
14.102.20.0/24 maxlen: 32
14.102.21.0/24 maxlen: 32
14.102.28.0/22 maxlen: 32
14.102.39.0/24 maxlen: 32
14.102.49.0/24 maxlen: 32
14.102.51.0/24 maxlen: 32
14.102.58.0/24 maxlen: 32
14.102.124.0/24 maxlen: 32
31.14.26.0/24 maxlen: 32
45.78.84.0/22 maxlen: 32
45.78.88.0/23 maxlen: 32
45.120.188.0/24 maxlen: 32
45.120.189.0/24 maxlen: 32
45.120.190.0/24 maxlen: 32
45.120.191.0/24 maxlen: 32
62.101.168.0/21 maxlen: 32
62.101.176.0/21 maxlen: 32
62.101.184.0/21 maxlen: 32
77.81.92.0/22 maxlen: 32
85.217.190.0/23 maxlen: 32
85.217.220.0/23 maxlen: 32
86.104.76.0/22 maxlen: 32
86.104.192.0/24 maxlen: 32
86.104.195.0/24 maxlen: 32
86.106.176.0/23 maxlen: 32
89.32.132.0/22 maxlen: 32
89.38.155.0/24 maxlen: 32
89.40.81.0/24 maxlen: 32
89.46.242.0/24 maxlen: 32
89.104.122.0/23 maxlen: 32
89.223.22.0/23 maxlen: 32
91.92.17.0/24 maxlen: 32
91.92.20.0/24 maxlen: 32
91.92.22.0/23 maxlen: 32
91.92.64.0/24 maxlen: 32
91.92.138.0/24 maxlen: 32
91.92.178.0/23 maxlen: 32
91.92.216.0/23 maxlen: 32
91.92.218.0/24 maxlen: 32
91.192.212.0/22 maxlen: 32
91.203.128.0/22 maxlen: 32
91.233.108.0/22 maxlen: 32
91.235.208.0/22 maxlen: 32
92.114.60.0/22 maxlen: 32
92.114.81.0/24 maxlen: 32
92.255.0.0/24 maxlen: 32
92.255.52.0/24 maxlen: 32
92.255.64.0/24 maxlen: 32
92.255.80.0/22 maxlen: 32
93.113.52.0/23 maxlen: 24
93.114.136.0/23 maxlen: 32
93.114.236.0/22 maxlen: 32
93.115.4.0/23 maxlen: 32
94.139.48.0/21 maxlen: 32
94.139.56.0/22 maxlen: 32
94.139.60.0/23 maxlen: 32
94.139.224.0/20 maxlen: 24
94.176.0.0/23 maxlen: 32
94.176.172.0/22 maxlen: 32
94.177.14.0/23 maxlen: 32
103.61.13.0/24 maxlen: 32
103.61.14.0/24 maxlen: 32
103.82.151.0/24 maxlen: 32
103.206.14.0/23 maxlen: 32
103.211.84.0/22 maxlen: 32
103.211.88.0/22 maxlen: 32
110.172.128.0/23 maxlen: 32
110.172.137.0/24 maxlen: 32
110.172.141.0/24 maxlen: 32
110.172.144.0/24 maxlen: 32
110.172.165.0/24 maxlen: 32
110.172.169.0/24 maxlen: 32
110.172.172.0/24 maxlen: 32
110.172.173.0/24 maxlen: 32
110.172.176.0/24 maxlen: 32
110.238.192.0/19 maxlen: 32
114.69.250.0/23 maxlen: 32
119.12.192.0/20 maxlen: 32
160.202.52.0/22 maxlen: 32
176.223.68.0/22 maxlen: 32
176.223.104.0/22 maxlen: 32
176.223.182.0/23 maxlen: 32
180.235.160.0/20 maxlen: 32
180.235.176.0/20 maxlen: 32
185.66.136.0/22 maxlen: 32
188.94.84.0/22 maxlen: 32
188.211.24.0/23 maxlen: 32
188.212.136.0/21 maxlen: 32
188.240.48.0/23 maxlen: 32
188.240.214.0/23 maxlen: 32
188.241.0.0/23 maxlen: 32
188.241.15.0/24 maxlen: 32
188.241.200.0/21 maxlen: 32
188.241.249.0/24 maxlen: 32
193.56.24.0/22 maxlen: 32
193.142.103.0/24 maxlen: 32
193.163.74.0/24 maxlen: 32
193.200.104.0/23 maxlen: 32
202.89.75.0/24 maxlen: 32
212.70.3.0/24 maxlen: 32
212.70.8.0/21 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.mft
rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:44:ce:9f:e4:22:d6:b0:47:b5:49:1b:1c:0f:bf:ec:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c44db8b0983acf97a3255152c2ea592adae7735b
Validity
Not Before: Nov 2 13:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6cb807bd7f665043029b7bcad482436dbf72e40b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c8:56:d6:a7:01:6e:5b:d0:c6:2b:2f:58:29:
43:a6:9c:ed:74:f2:1d:8b:4b:4d:43:f9:93:0c:92:
62:73:df:a6:36:95:d0:c2:0c:e4:46:81:d3:6f:8a:
b4:7c:7c:6b:2f:4a:fa:85:7b:5e:d3:3c:d2:e2:7d:
0f:84:9d:ee:37:16:f6:ce:e7:c1:77:6e:22:33:56:
47:b8:ac:9a:68:a9:7a:15:f4:e7:33:ea:16:8b:66:
3e:9c:d1:01:bc:33:ab:b2:f7:8f:08:1a:4f:63:87:
fa:ef:02:2b:2f:e7:f5:84:5a:88:97:d2:d0:d3:55:
10:9e:cc:97:e9:af:13:21:e0:e6:0c:c6:54:c4:1c:
38:e5:bc:ae:9d:75:67:2f:f8:6c:de:9c:da:22:57:
29:52:fb:fc:c2:92:13:59:4f:2b:86:44:81:56:15:
af:44:66:2d:27:18:19:75:c4:eb:12:ea:74:41:dd:
60:e3:a2:2a:1f:8e:c9:17:90:08:45:9e:d7:62:67:
a6:06:fe:9a:06:71:6b:d7:4e:bb:9a:92:a7:7c:48:
c3:49:b5:04:e9:b9:9c:31:6b:71:bd:f4:31:fc:9c:
f6:33:b5:3e:09:42:9e:77:fa:5c:c6:9a:d4:71:52:
8c:51:31:db:84:a6:21:bc:f2:2b:be:be:09:93:28:
a8:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:B8:07:BD:7F:66:50:43:02:9B:7B:CA:D4:82:43:6D:BF:72:E4:0B
X509v3 Authority Key Identifier:
keyid:C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/bLgHvX9mUEMCm3vK1IJDbb9y5As.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.76.0/22
14.102.20.0/23
14.102.28.0/22
14.102.39.0/24
14.102.49.0/24
14.102.51.0/24
14.102.58.0/24
14.102.124.0/24
31.14.26.0/24
45.78.84.0-45.78.89.255
45.120.188.0/22
62.101.168.0-62.101.191.255
77.81.92.0/22
85.217.190.0/23
85.217.220.0/23
86.104.76.0/22
86.104.192.0/24
86.104.195.0/24
86.106.176.0/23
89.32.132.0/22
89.38.155.0/24
89.40.81.0/24
89.46.242.0/24
89.104.122.0/23
89.223.22.0/23
91.92.17.0/24
91.92.20.0/24
91.92.22.0/23
91.92.64.0/24
91.92.138.0/24
91.92.178.0/23
91.92.216.0-91.92.218.255
91.192.212.0/22
91.203.128.0/22
91.233.108.0/22
91.235.208.0/22
92.114.60.0/22
92.114.81.0/24
92.255.0.0/24
92.255.52.0/24
92.255.64.0/24
92.255.80.0/22
93.113.52.0/23
93.114.136.0/23
93.114.236.0/22
93.115.4.0/23
94.139.48.0-94.139.61.255
94.139.224.0/20
94.176.0.0/23
94.176.172.0/22
94.177.14.0/23
103.61.13.0-103.61.14.255
103.82.151.0/24
103.206.14.0/23
103.211.84.0-103.211.91.255
110.172.128.0/23
110.172.137.0/24
110.172.141.0/24
110.172.144.0/24
110.172.165.0/24
110.172.169.0/24
110.172.172.0/23
110.172.176.0/24
110.238.192.0/19
114.69.250.0/23
119.12.192.0/20
160.202.52.0/22
176.223.68.0/22
176.223.104.0/22
176.223.182.0/23
180.235.160.0/19
185.66.136.0/22
188.94.84.0/22
188.211.24.0/23
188.212.136.0/21
188.240.48.0/23
188.240.214.0/23
188.241.0.0/23
188.241.15.0/24
188.241.200.0/21
188.241.249.0/24
193.56.24.0/22
193.142.103.0/24
193.163.74.0/24
193.200.104.0/23
202.89.75.0/24
212.70.3.0/24
212.70.8.0/21
Signature Algorithm: sha256WithRSAEncryption
9f:11:39:d4:e9:57:4f:1e:ca:79:ec:9c:3f:ae:a6:a0:e6:db:
0e:51:7f:de:3c:26:77:d9:82:2a:1a:d5:32:24:2c:0d:2b:a6:
19:28:1f:89:6f:b1:ea:01:95:d3:51:f2:c0:61:7f:f6:c0:de:
88:a1:3b:f6:b8:5d:c7:f7:57:c9:d5:fe:05:35:22:0a:fe:ea:
17:9b:b0:92:d3:f1:25:64:25:cd:3e:51:f6:dc:0b:78:36:bd:
96:1f:f5:45:15:08:1a:2a:c5:c0:b4:9f:ef:6b:05:35:34:f7:
2a:9a:10:7a:c7:e1:89:c4:a3:83:11:41:22:aa:4d:7b:74:96:
4c:08:9d:fe:cf:f1:91:3c:02:29:43:28:ff:56:49:8b:1d:c2:
33:64:4d:e9:cb:8f:9f:75:f8:db:db:99:4f:da:ff:b6:55:09:
85:12:06:8a:27:b3:c2:86:07:31:4f:87:a4:aa:66:ff:59:69:
02:bb:fe:de:3a:5c:0c:f5:bb:66:7d:d4:a0:41:8b:96:df:eb:
9c:79:79:5f:b7:c7:9b:05:93:03:d2:a0:e5:8a:dc:06:cc:34:
e1:6b:ca:78:9d:5e:56:a8:98:63:8a:65:a5:dc:f3:ed:58:d2:
d3:28:37:24:51:78:4e:4f:93:71:a4:29:e8:8f:1e:aa:96:61:
56:d8:3c:63
-----BEGIN CERTIFICATE-----
MIIHQTCCBimgAwIBAgISAZpEzp/kItawR7VJGxwPv+wEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NGRiOGIwOTgzYWNmOTdhMzI1NTE1MmMyZWE1OTJhZGFl
NzczNWIwHhcNMjUxMTAyMTM0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2I4MDdiZDdmNjY1MDQzMDI5YjdiY2FkNDgyNDM2ZGJmNzJlNDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMhW1qcBblvQxisvWClDppztdPId
i0tNQ/mTDJJic9+mNpXQwgzkRoHTb4q0fHxrL0r6hXte0zzS4n0PhJ3uNxb2zufB
d24iM1ZHuKyaaKl6FfTnM+oWi2Y+nNEBvDOrsvePCBpPY4f67wIrL+f1hFqIl9LQ
01UQnsyX6a8TIeDmDMZUxBw45byunXVnL/hs3pzaIlcpUvv8wpITWU8rhkSBVhWv
RGYtJxgZdcTrEup0Qd1g46IqH47JF5AIRZ7XYmemBv6aBnFr1067mpKnfEjDSbUE
6bmcMWtxvfQx/Jz2M7U+CUKed/pcxprUcVKMUTHbhKYhvPIrvr4JkyiouwIDAQAB
o4IETTCCBEkwHQYDVR0OBBYEFGy4B71/ZlBDApt7ytSCQ22/cuQLMB8GA1UdIwQY
MBaAFMRNuLCYOs+XoyVRUsLqWSra53NbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYt
ZWVkZDk0ZWMxMjhjLzEvYkxnSHZYOW1VRU1DbTN2SzFJSkRiYjl5NUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYtZWVkZDk0ZWMxMjhj
LzEveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICYQYIKwYBBQUHAQcBAf8EggJQMIICTDCCAkgEAgABMIIC
QAMEAgI5TAMEAQ5mFAMEAg5mHAMEAA5mJwMEAA5mMQMEAA5mMwMEAA5mOgMEAA5m
fAMEAB8OGjAMAwQCLU5UAwQBLU5YAwQCLXi8MAwDBAM+ZagDBAY+ZYADBAJNUVwD
BAFV2b4DBAFV2dwDBAJWaEwDBABWaMADBABWaMMDBAFWarADBAJZIIQDBABZJpsD
BABZKFEDBABZLvIDBAFZaHoDBAFZ3xYDBABbXBEDBABbXBQDBAFbXBYDBABbXEAD
BABbXIoDBAFbXLIwDAMEA1tc2AMEAFtc2gMEAlvA1AMEAlvLgAMEAlvpbAMEAlvr
0AMEAlxyPAMEAFxyUQMEAFz/AAMEAFz/NAMEAFz/QAMEAlz/UAMEAV1xNAMEAV1y
iAMEAl1y7AMEAV1zBDAMAwQEXoswAwQBXos8AwQEXovgAwQBXrAAAwQCXrCsAwQB
XrEOMAwDBABnPQ0DBABnPQ4DBABnUpcDBAFnzg4wDAMEAmfTVAMEAmfTWAMEAW6s
gAMEAG6siQMEAG6sjQMEAG6skAMEAG6spQMEAG6sqQMEAW6srAMEAG6ssAMEBW7u
wAMEAXJF+gMEBHcMwAMEAqDKNAMEArDfRAMEArDfaAMEAbDftgMEBbTroAMEArlC
iAMEArxeVAMEAbzTGAMEA7zUiAMEAbzwMAMEAbzw1gMEAbzxAAMEALzxDwMEA7zx
yAMEALzx+QMEAsE4GAMEAMGOZwMEAMGjSgMEAcHIaAMEAMpZSwMEANRGAwMEA9RG
CDANBgkqhkiG9w0BAQsFAAOCAQEAnxE51OlXTx7KeeycP66moObbDlF/3jwmd9mC
KhrVMiQsDSumGSgfiW+x6gGV01HywGF/9sDeiKE79rhdx/dXydX+BTUiCv7qF5uw
ktPxJWQlzT5R9twLeDa9lh/1RRUIGirFwLSf72sFNTT3KpoQesfhicSjgxFBIqpN
e3SWTAid/s/xkTwCKUMo/1ZJix3CM2RN6cuPn3X429uZT9r/tlUJhRIGiiezwoYH
MU+HpKpm/1lpArv+3jpcDPW7Zn3UoEGLlt/rnHl5X7fHmwWTA9Kg5YrcBsw04WvK
eJ1eVqiYY4plpdzz7VjS0yg3JFF4Tk+TcaQp6I8eqpZhVtg8Yw==
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:58:18 2025 by rpki-client