Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/1-PaCd_Y10QJoUUeIrj0GdEbNVLI.roa
File: 1-PaCd_Y10QJoUUeIrj0GdEbNVLI.roa (raw, json)
Hash identifier: j+eLciDjCsp12nQcBR9D7UEF1xqzrRU1gZJQ4tcVOKg=
Subject key identifier: F8:F6:82:77:F6:35:D1:02:68:51:47:88:AE:3D:06:74:46:CD:54:B2
Certificate issuer: /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial: 019A3AD70B8E59D47B0FB9CCB686910B35B2
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/1-PaCd_Y10QJoUUeIrj0GdEbNVLI.roa
Signing time: Fri 31 Oct 2025 15:16:03 +0000
ROA not before: Fri 31 Oct 2025 15:16:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212027
IP address blocks: 37.230.138.0/24 maxlen: 24
45.143.196.0/22 maxlen: 24
45.143.196.0/24 maxlen: 24
45.143.197.0/24 maxlen: 24
45.143.198.0/24 maxlen: 24
45.143.199.0/24 maxlen: 24
81.16.176.0/24 maxlen: 24
81.16.177.0/24 maxlen: 24
91.208.92.0/24 maxlen: 24
185.83.152.0/24 maxlen: 24
185.83.153.0/24 maxlen: 24
185.83.154.0/23 maxlen: 23
185.83.154.0/24 maxlen: 24
185.83.155.0/24 maxlen: 24
185.206.148.0/24 maxlen: 24
185.206.149.0/24 maxlen: 24
185.206.150.0/24 maxlen: 24
185.206.151.0/24 maxlen: 24
188.64.33.0/24 maxlen: 24
194.164.96.0/24 maxlen: 24
194.213.3.0/24 maxlen: 24
213.170.135.0/24 maxlen: 24
2a10:e780::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.mft
rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3a:d7:0b:8e:59:d4:7b:0f:b9:cc:b6:86:91:0b:35:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
Validity
Not Before: Oct 31 15:16:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8f68277f635d10268514788ae3d067446cd54b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:2e:bd:e9:fe:ef:1b:7e:45:75:a0:96:c4:c4:
f2:98:cc:7b:6e:ab:69:d5:e7:25:8a:0e:d5:61:e1:
92:2d:d0:03:c0:9e:e1:32:44:d8:4c:9d:95:91:ce:
77:b7:7f:77:45:0d:6c:92:9a:20:66:29:8b:ce:f8:
62:16:a6:ff:b9:a9:e4:fc:2f:f3:01:59:95:6b:b2:
1f:73:86:90:74:4e:b9:18:f2:7b:87:4b:cf:e4:c7:
2e:c2:12:b9:ff:6a:ff:37:10:9f:32:ff:b6:a2:2b:
74:33:2d:f6:49:66:2a:18:46:aa:20:ed:79:df:dc:
06:48:26:8f:50:ad:29:12:54:a6:f1:47:3b:58:bd:
2f:8c:ad:eb:16:c7:56:26:7e:e6:b7:09:89:af:85:
c8:d7:8d:b5:f5:70:83:56:ef:e0:3e:27:12:cc:15:
8a:29:02:db:1e:be:7e:fe:ec:91:b5:ea:ec:22:76:
f6:86:67:42:c1:84:1d:0d:d7:9b:76:ee:ff:a4:11:
f0:84:00:40:64:41:f5:3c:00:7f:2c:a8:98:81:08:
3a:87:d4:4f:47:73:af:5a:ed:0b:3c:33:69:fc:db:
c3:f2:ac:4e:79:e0:7d:4f:46:58:82:7b:14:19:ae:
3b:50:7c:dc:27:6c:5d:36:b5:94:9b:65:c7:ef:b2:
94:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:F6:82:77:F6:35:D1:02:68:51:47:88:AE:3D:06:74:46:CD:54:B2
X509v3 Authority Key Identifier:
keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/1-PaCd_Y10QJoUUeIrj0GdEbNVLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.138.0/24
45.143.196.0/22
81.16.176.0/23
91.208.92.0/24
185.83.152.0/22
185.206.148.0/22
188.64.33.0/24
194.164.96.0/24
194.213.3.0/24
213.170.135.0/24
IPv6:
2a10:e780::/40
Signature Algorithm: sha256WithRSAEncryption
11:eb:2d:0c:d7:d3:b0:19:5c:fc:47:43:16:4c:23:93:3b:82:
a8:6d:1c:f9:30:61:5a:d5:e4:e3:75:49:e1:4b:6b:f4:7b:72:
71:a0:5d:34:c1:99:ab:9b:c4:d0:57:da:38:bb:7e:ff:0d:03:
68:12:e7:0c:d1:99:f9:67:fe:5f:7a:57:a7:6e:37:06:af:3b:
6a:db:f2:48:a2:9c:2a:10:d9:a6:af:bf:18:7c:be:03:b6:34:
9b:a2:bf:23:93:87:26:52:70:8b:7a:71:70:d7:68:5f:cc:40:
d7:c4:99:0f:1e:aa:c6:44:db:23:87:82:bc:81:c7:21:7e:57:
f6:ae:9d:2b:ad:76:c2:8c:9c:a1:07:5c:91:24:87:ce:6e:42:
d8:ae:7f:0d:b7:b0:60:93:c9:53:e5:f6:a5:87:5e:07:01:d4:
62:44:da:5a:38:54:2f:3e:31:8e:88:5d:37:35:cb:34:6c:83:
f8:20:a2:a5:a6:1e:8a:91:52:c0:34:12:46:8a:d9:da:db:ee:
be:d9:84:00:f7:c5:7b:b3:67:24:e3:64:11:fa:8c:f9:20:92:
7b:5e:be:a0:7a:13:dd:f0:e7:3b:f1:60:f1:d8:19:63:9a:cc:
50:3d:3e:6b:12:8a:94:eb:11:7f:50:40:03:fe:d4:e3:7c:ea:
a7:f2:70:15
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZo61wuOWdR7D7nMtoaRCzWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjUxMDMxMTUxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGY2ODI3N2Y2MzVkMTAyNjg1MTQ3ODhhZTNkMDY3NDQ2Y2Q1NGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i696f7vG35FdaCWxMTymMx7bqtp
1eclig7VYeGSLdADwJ7hMkTYTJ2Vkc53t393RQ1skpogZimLzvhiFqb/uank/C/z
AVmVa7Ifc4aQdE65GPJ7h0vP5McuwhK5/2r/NxCfMv+2oit0My32SWYqGEaqIO15
39wGSCaPUK0pElSm8Uc7WL0vjK3rFsdWJn7mtwmJr4XI14219XCDVu/gPicSzBWK
KQLbHr5+/uyRtersInb2hmdCwYQdDdebdu7/pBHwhABAZEH1PAB/LKiYgQg6h9RP
R3OvWu0LPDNp/NvD8qxOeeB9T0ZYgnsUGa47UHzcJ2xdNrWUm2XH77KUGQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFPj2gnf2NdECaFFHiK49BnRGzVSyMB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEvMS1QYUNkX1kxMFFKb1VVZUlyajBHZEViTlZMSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvZDkwNjM1LWIyODItNGU4Ni05ZTUzLWRmODJmYTg5NzMy
Ni8xL29JaXdWSDhKX3BJa0JRMXdwU1BhVy0yLUJ6Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBlBggrBgEFBQcBBwEB/wRWMFQwQgQCAAEwPAMEACXmigME
Ai2PxAMEAVEQsAMEAFvQXAMEArlTmAMEArnOlAMEALxAIQMEAMKkYAMEAMLVAwME
ANWqhzAOBAIAAjAIAwYAKhDngAAwDQYJKoZIhvcNAQELBQADggEBABHrLQzX07AZ
XPxHQxZMI5M7gqhtHPkwYVrV5ON1SeFLa/R7cnGgXTTBmaubxNBX2ji7fv8NA2gS
5wzRmfln/l96V6duNwavO2rb8kiinCoQ2aavvxh8vgO2NJuivyOThyZScIt6cXDX
aF/MQNfEmQ8eqsZE2yOHgryBxyF+V/aunSutdsKMnKEHXJEkh85uQtiufw23sGCT
yVPl9qWHXgcB1GJE2lo4VC8+MY6IXTc1yzRsg/ggoqWmHoqRUsA0EkaK2drb7r7Z
hAD3xXuzZyTjZBH6jPkgkntevqB6E93w5zvxYPHYGWOazFA9PmsSipTrEX9QQAP+
1ON86qfycBU=
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:50:22 2025 by rpki-client