Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IsQofdN_5DxnXCQjfN_E3jW_a3w.roa
File: IsQofdN_5DxnXCQjfN_E3jW_a3w.roa (raw, json)
Hash identifier: wluHO2I4ReLSIji3FneHBHNnp5Plebj6kpMhZoeP0LE=
Subject key identifier: 22:C4:28:7D:D3:7F:E4:3C:67:5C:24:23:7C:DF:C4:DE:35:BF:6B:7C
Certificate issuer: /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial: 01985F6768010554EAF839DF18BC91D771B8
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IsQofdN_5DxnXCQjfN_E3jW_a3w.roa
Signing time: Thu 31 Jul 2025 07:34:28 +0000
ROA not before: Thu 31 Jul 2025 07:34:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54994
IP address blocks: 91.194.205.0/24 maxlen: 24
91.202.200.0/24 maxlen: 24
93.188.132.0/24 maxlen: 24
93.188.135.0/24 maxlen: 24
148.253.34.0/24 maxlen: 24
148.253.36.0/24 maxlen: 24
148.253.41.0/24 maxlen: 24
148.253.42.0/24 maxlen: 24
148.253.44.0/24 maxlen: 24
148.253.47.0/24 maxlen: 24
148.253.60.0/24 maxlen: 24
148.253.61.0/24 maxlen: 24
148.253.62.0/24 maxlen: 24
148.253.63.0/24 maxlen: 24
148.253.228.0/24 maxlen: 24
148.253.229.0/24 maxlen: 24
148.253.231.0/24 maxlen: 24
148.253.232.0/24 maxlen: 24
148.253.233.0/24 maxlen: 24
148.253.234.0/24 maxlen: 24
148.253.235.0/24 maxlen: 24
148.253.237.0/24 maxlen: 24
148.253.239.0/24 maxlen: 24
148.253.244.0/24 maxlen: 24
148.253.245.0/24 maxlen: 24
148.253.246.0/24 maxlen: 24
148.253.248.0/24 maxlen: 24
151.249.92.0/24 maxlen: 24
151.249.93.0/24 maxlen: 24
151.249.94.0/24 maxlen: 24
163.171.64.0/24 maxlen: 24
163.171.67.0/24 maxlen: 24
163.171.70.0/24 maxlen: 24
163.171.71.0/24 maxlen: 24
163.171.77.0/24 maxlen: 24
163.171.84.0/24 maxlen: 24
163.171.85.0/24 maxlen: 24
163.171.87.0/24 maxlen: 24
163.171.93.0/24 maxlen: 24
163.171.94.0/24 maxlen: 24
163.171.96.0/24 maxlen: 24
163.171.97.0/24 maxlen: 24
163.171.98.0/24 maxlen: 24
163.171.101.0/24 maxlen: 24
163.171.102.0/24 maxlen: 24
163.171.103.0/24 maxlen: 24
163.171.104.0/24 maxlen: 24
163.171.119.0/24 maxlen: 24
163.171.126.0/24 maxlen: 24
163.171.143.0/24 maxlen: 24
163.171.153.0/24 maxlen: 24
163.171.166.0/24 maxlen: 24
163.171.176.0/24 maxlen: 24
163.171.177.0/24 maxlen: 24
163.171.182.0/24 maxlen: 24
163.171.188.0/24 maxlen: 24
163.171.198.0/24 maxlen: 24
163.171.207.0/24 maxlen: 24
163.171.215.0/24 maxlen: 24
163.171.216.0/24 maxlen: 24
163.171.217.0/24 maxlen: 24
163.171.218.0/24 maxlen: 24
163.171.222.0/24 maxlen: 24
163.171.224.0/24 maxlen: 24
163.171.225.0/24 maxlen: 24
163.171.230.0/24 maxlen: 24
163.171.231.0/24 maxlen: 24
163.171.234.0/24 maxlen: 24
163.171.237.0/24 maxlen: 24
163.171.249.0/24 maxlen: 24
163.171.252.0/24 maxlen: 24
185.27.230.0/24 maxlen: 24
194.107.19.0/24 maxlen: 24
2a01:53c0:ffc6::/48 maxlen: 48
2a01:53c0:ffe7::/48 maxlen: 48
2a01:53c0:fff2::/48 maxlen: 48
2a01:53c0:fff4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 05:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:5f:67:68:01:05:54:ea:f8:39:df:18:bc:91:d7:71:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Validity
Not Before: Jul 31 07:34:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=22c4287dd37fe43c675c24237cdfc4de35bf6b7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:53:74:57:a3:5a:8d:ba:e7:93:77:dd:5f:02:
62:b1:84:6b:05:75:14:7a:3c:34:a5:bd:a3:19:ad:
e9:b5:00:b5:15:0f:a0:85:84:30:6e:f6:71:7d:d3:
d7:1a:2d:e2:d5:39:43:a2:4a:b7:6e:e2:f2:17:f3:
6b:9f:0e:99:cf:2b:e9:f4:5f:ff:04:6f:51:a5:c5:
fc:04:a3:b3:26:db:bc:8f:fc:28:91:5f:ef:2c:7e:
75:a1:a2:fc:26:37:1b:b7:5a:12:b4:19:cf:22:ca:
aa:0c:f0:da:55:57:69:60:3b:95:39:8a:01:5a:03:
0f:3e:8b:a4:dd:29:c1:15:4a:2b:68:0f:af:ea:b1:
d4:c1:e0:af:29:42:7c:82:06:a2:a3:8f:cb:8d:e7:
1f:95:d4:68:a2:92:0a:ad:8f:32:ca:bf:bc:b3:ce:
d0:16:d0:e6:4d:18:4e:56:a1:2b:2f:bd:2d:d5:83:
78:2e:79:5f:8e:9d:de:ea:dc:e9:d3:e9:63:02:d6:
73:4c:c0:41:23:47:b1:30:0e:03:82:dd:79:db:ff:
59:93:14:1d:00:1b:10:c9:9a:63:3b:d1:4b:b9:1b:
15:b8:52:a7:a0:e2:d3:88:a6:27:9d:1e:63:47:e5:
f5:45:97:27:a4:3a:6f:93:08:79:3d:5c:01:19:98:
c4:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:C4:28:7D:D3:7F:E4:3C:67:5C:24:23:7C:DF:C4:DE:35:BF:6B:7C
X509v3 Authority Key Identifier:
keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IsQofdN_5DxnXCQjfN_E3jW_a3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.205.0/24
91.202.200.0/24
93.188.132.0/24
93.188.135.0/24
148.253.34.0/24
148.253.36.0/24
148.253.41.0-148.253.42.255
148.253.44.0/24
148.253.47.0/24
148.253.60.0/22
148.253.228.0/23
148.253.231.0-148.253.235.255
148.253.237.0/24
148.253.239.0/24
148.253.244.0-148.253.246.255
148.253.248.0/24
151.249.92.0-151.249.94.255
163.171.64.0/24
163.171.67.0/24
163.171.70.0/23
163.171.77.0/24
163.171.84.0/23
163.171.87.0/24
163.171.93.0-163.171.94.255
163.171.96.0-163.171.98.255
163.171.101.0-163.171.104.255
163.171.119.0/24
163.171.126.0/24
163.171.143.0/24
163.171.153.0/24
163.171.166.0/24
163.171.176.0/23
163.171.182.0/24
163.171.188.0/24
163.171.198.0/24
163.171.207.0/24
163.171.215.0-163.171.218.255
163.171.222.0/24
163.171.224.0/23
163.171.230.0/23
163.171.234.0/24
163.171.237.0/24
163.171.249.0/24
163.171.252.0/24
185.27.230.0/24
194.107.19.0/24
IPv6:
2a01:53c0:ffc6::/48
2a01:53c0:ffe7::/48
2a01:53c0:fff2::/48
2a01:53c0:fff4::/48
Signature Algorithm: sha256WithRSAEncryption
c3:a8:44:a9:e5:50:9d:af:01:27:1a:f1:99:61:4c:86:5d:69:
97:b3:a1:71:f4:b5:66:cc:7a:bb:ce:08:f8:75:6d:0a:e9:bc:
bd:3c:50:cd:bd:0d:e2:fd:17:87:70:7b:40:ca:22:cd:74:9c:
6e:1b:5d:95:ed:59:7e:e3:af:dd:2d:30:24:8f:cf:8b:a6:23:
d1:b5:b2:93:a5:6b:9f:1e:b9:a3:08:91:04:42:67:87:9e:dd:
79:60:5d:ba:6c:6a:37:f4:34:51:c0:ee:5d:59:91:2a:c0:89:
79:33:50:f4:ae:4e:ef:22:29:4b:83:02:6e:d6:fb:03:96:87:
a7:fe:11:64:e0:00:ba:d9:a8:57:5c:ec:03:70:55:de:ac:05:
b6:c9:04:b5:68:59:bc:8d:84:2f:6c:0a:32:10:13:0e:04:0e:
b0:e8:bf:ae:fc:bb:5d:47:ee:a1:a3:5f:69:f1:b8:15:f9:72:
e5:14:88:2f:7c:9e:d1:38:d5:7e:22:c7:fe:03:cc:98:7c:96:
6f:4e:81:7e:f7:a1:3e:3c:99:53:a3:53:87:7e:05:b0:11:77:
fd:a8:14:05:be:4f:3f:46:9c:86:9b:2e:d8:e1:88:a2:ab:9c:
ce:13:2c:41:61:80:79:fc:c3:f9:9c:b7:82:51:22:95:04:54:
22:60:ba:f4
-----BEGIN CERTIFICATE-----
MIIGgTCCBWmgAwIBAgISAZhfZ2gBBVTq+DnfGLyR13G4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwNzMxMDczNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmM0Mjg3ZGQzN2ZlNDNjNjc1YzI0MjM3Y2RmYzRkZTM1YmY2YjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFN0V6Najbrnk3fdXwJisYRrBXUU
ejw0pb2jGa3ptQC1FQ+ghYQwbvZxfdPXGi3i1TlDokq3buLyF/Nrnw6Zzyvp9F//
BG9RpcX8BKOzJtu8j/wokV/vLH51oaL8Jjcbt1oStBnPIsqqDPDaVVdpYDuVOYoB
WgMPPouk3SnBFUoraA+v6rHUweCvKUJ8ggaio4/LjecfldRoopIKrY8yyr+8s87Q
FtDmTRhOVqErL70t1YN4Lnlfjp3e6tzp0+ljAtZzTMBBI0exMA4Dgt152/9ZkxQd
ABsQyZpjO9FLuRsVuFKnoOLTiKYnnR5jR+X1RZcnpDpvkwh5PVwBGZjEoQIDAQAB
o4IDjTCCA4kwHQYDVR0OBBYEFCLEKH3Tf+Q8Z1wkI3zfxN41v2t8MB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvSXNRb2ZkTl81RHhuWENRamZOX0UzaldfYTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBoQYIKwYBBQUHAQcBAf8EggGQMIIBjDCCAVwEAgABMIIB
VAMEAFvCzQMEAFvKyAMEAF28hAMEAF28hwMEAJT9IgMEAJT9JDAMAwQAlP0pAwQA
lP0qAwQAlP0sAwQAlP0vAwQClP08AwQBlP3kMAwDBACU/ecDBAKU/egDBACU/e0D
BACU/e8wDAMEApT99AMEAJT99gMEAJT9+DAMAwQCl/lcAwQAl/leAwQAo6tAAwQA
o6tDAwQBo6tGAwQAo6tNAwQBo6tUAwQAo6tXMAwDBACjq10DBACjq14wDAMEBaOr
YAMEAKOrYjAMAwQAo6tlAwQAo6toAwQAo6t3AwQAo6t+AwQAo6uPAwQAo6uZAwQA
o6umAwQBo6uwAwQAo6u2AwQAo6u8AwQAo6vGAwQAo6vPMAwDBACjq9cDBACjq9oD
BACjq94DBAGjq+ADBAGjq+YDBACjq+oDBACjq+0DBACjq/kDBACjq/wDBAC5G+YD
BADCaxMwKgQCAAIwJAMHACoBU8D/xgMHACoBU8D/5wMHACoBU8D/8gMHACoBU8D/
9DANBgkqhkiG9w0BAQsFAAOCAQEAw6hEqeVQna8BJxrxmWFMhl1pl7OhcfS1Zsx6
u84I+HVtCum8vTxQzb0N4v0Xh3B7QMoizXScbhtdle1ZfuOv3S0wJI/Pi6Yj0bWy
k6Vrnx65owiRBEJnh57deWBdumxqN/Q0UcDuXVmRKsCJeTNQ9K5O7yIpS4MCbtb7
A5aHp/4RZOAAutmoV1zsA3BV3qwFtskEtWhZvI2EL2wKMhATDgQOsOi/rvy7XUfu
oaNfafG4Ffly5RSIL3ye0TjVfiLH/gPMmHyWb06BfvehPjyZU6NTh34FsBF3/agU
Bb5PP0achpsu2OGIoquczhMsQWGAefzD+Zy3glEilQRUImC69A==
-----END CERTIFICATE-----
Generated at Sat Aug 9 15:18:30 2025 by rpki-client