Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/fQYAcL0-rJq_uMdZWclON1VTkrY.roa
File: fQYAcL0-rJq_uMdZWclON1VTkrY.roa (raw, json)
Hash identifier: ARia2lYdqm6oJPEr5DbQrZ/JEissTWN7HQPGdNA4UYY=
Subject key identifier: 7D:06:00:70:BD:3E:AC:9A:BF:B8:C7:59:59:C9:4E:37:55:53:92:B6
Certificate issuer: /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial: 019A0AE9282E91EE905FB3BAEE29A54260D0
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/fQYAcL0-rJq_uMdZWclON1VTkrY.roa
Signing time: Wed 22 Oct 2025 07:54:03 +0000
ROA not before: Wed 22 Oct 2025 07:54:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 5.157.136.0/24 maxlen: 24
5.157.139.0/24 maxlen: 24
5.157.160.0/22 maxlen: 22
37.35.36.0/24 maxlen: 24
37.35.37.0/24 maxlen: 24
37.35.39.0/24 maxlen: 24
62.216.72.0/24 maxlen: 24
62.216.73.0/24 maxlen: 24
62.216.74.0/24 maxlen: 24
62.216.75.0/24 maxlen: 24
62.216.80.0/24 maxlen: 24
62.216.81.0/24 maxlen: 24
62.216.82.0/24 maxlen: 24
62.216.83.0/24 maxlen: 24
62.216.92.0/24 maxlen: 24
62.216.93.0/24 maxlen: 24
62.216.94.0/24 maxlen: 24
62.216.95.0/24 maxlen: 24
91.225.14.0/24 maxlen: 24
91.225.15.0/24 maxlen: 24
91.235.123.0/24 maxlen: 24
146.66.208.0/24 maxlen: 24
146.66.209.0/24 maxlen: 24
146.66.212.0/22 maxlen: 22
146.66.212.0/23 maxlen: 23
146.66.212.0/24 maxlen: 24
146.66.213.0/24 maxlen: 24
146.66.214.0/24 maxlen: 24
146.66.215.0/24 maxlen: 24
146.66.220.0/24 maxlen: 24
146.66.221.0/24 maxlen: 24
146.66.222.0/24 maxlen: 24
146.66.223.0/24 maxlen: 24
178.157.76.0/24 maxlen: 24
178.157.94.0/24 maxlen: 24
178.157.108.0/24 maxlen: 24
178.157.110.0/24 maxlen: 24
178.157.124.0/24 maxlen: 24
178.157.126.0/24 maxlen: 24
185.76.60.0/24 maxlen: 24
185.76.62.0/24 maxlen: 24
188.74.130.0/24 maxlen: 24
188.74.152.0/24 maxlen: 24
188.74.155.0/24 maxlen: 24
188.74.171.0/24 maxlen: 24
188.74.181.0/24 maxlen: 24
188.74.190.0/24 maxlen: 24
188.74.208.0/24 maxlen: 24
188.74.209.0/24 maxlen: 24
188.74.212.0/22 maxlen: 22
188.74.245.0/24 maxlen: 24
188.119.165.0/24 maxlen: 24
188.119.166.0/24 maxlen: 24
188.119.181.0/24 maxlen: 24
188.119.190.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0a:e9:28:2e:91:ee:90:5f:b3:ba:ee:29:a5:42:60:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Validity
Not Before: Oct 22 07:54:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d060070bd3eac9abfb8c75959c94e37555392b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2b:7b:1b:44:6c:a0:b8:ea:62:d5:21:3d:65:
0d:79:8a:9a:05:5f:50:c6:27:96:8e:88:f7:37:02:
0f:cd:19:c5:2e:c2:66:0f:f7:a0:1d:8d:0d:de:7d:
0b:58:78:ee:3e:77:68:9c:50:cc:32:1a:52:bb:04:
60:c1:b1:76:5e:7c:e6:4f:6b:35:4e:9e:56:81:47:
d1:b4:5f:bb:56:80:dc:eb:0f:da:fb:4b:cf:e6:9b:
05:33:fa:83:30:8f:61:56:7e:b1:ff:84:36:34:aa:
3a:d8:6c:3f:d6:da:de:7c:1e:48:ed:ff:63:a2:ef:
a5:8e:c0:b7:c5:cc:db:3d:e6:2e:ca:aa:c3:38:16:
84:a2:3e:4a:8c:76:71:92:50:cc:fb:3c:91:6a:e4:
6f:7a:fc:a3:d4:f6:75:b1:4c:c1:c8:a9:88:5c:5d:
d3:c8:37:47:6f:45:82:d8:a2:0c:84:fb:64:7e:74:
64:e7:c9:86:f9:69:0e:c4:6f:01:08:47:ae:47:f7:
eb:e7:7d:eb:9e:5c:4a:ed:4a:f5:37:8e:ef:44:15:
c6:d1:d0:a9:0d:0b:57:99:fe:fa:79:83:05:02:63:
f9:2a:7e:66:6d:77:32:55:0d:5d:41:f6:63:35:f7:
eb:66:97:79:5b:e7:a9:2d:65:2d:4a:47:be:9b:c7:
24:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:06:00:70:BD:3E:AC:9A:BF:B8:C7:59:59:C9:4E:37:55:53:92:B6
X509v3 Authority Key Identifier:
keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/fQYAcL0-rJq_uMdZWclON1VTkrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.157.136.0/24
5.157.139.0/24
5.157.160.0/22
37.35.36.0/23
37.35.39.0/24
62.216.72.0/22
62.216.80.0/22
62.216.92.0/22
91.225.14.0/23
91.235.123.0/24
146.66.208.0/23
146.66.212.0/22
146.66.220.0/22
178.157.76.0/24
178.157.94.0/24
178.157.108.0/24
178.157.110.0/24
178.157.124.0/24
178.157.126.0/24
185.76.60.0/24
185.76.62.0/24
188.74.130.0/24
188.74.152.0/24
188.74.155.0/24
188.74.171.0/24
188.74.181.0/24
188.74.190.0/24
188.74.208.0/23
188.74.212.0/22
188.74.245.0/24
188.119.165.0-188.119.166.255
188.119.181.0/24
188.119.190.0/24
Signature Algorithm: sha256WithRSAEncryption
20:be:d4:ba:15:7b:5c:fc:7d:53:59:fe:37:38:59:2e:74:e2:
1f:2b:a8:47:f7:6f:02:70:8a:89:6f:5a:c4:c4:88:98:07:2c:
2a:ec:6f:c7:bb:5d:c8:ec:c1:46:7d:20:60:7a:29:0e:35:4b:
f9:e4:40:99:5c:41:20:7b:6b:ea:c6:a0:c2:9a:40:ad:d7:d9:
d0:30:c0:f7:2e:b4:3f:31:1e:f2:1a:5f:5d:68:dc:65:a1:7a:
43:a7:4a:91:58:48:12:40:34:ea:0c:18:f5:4c:15:63:97:48:
7f:b8:c0:a2:30:9b:8c:10:3b:79:05:ad:3c:f9:e7:2c:4b:f7:
fd:10:d7:bd:62:af:7f:e7:28:cb:35:e2:8f:80:4f:69:3b:4e:
fb:09:e6:3d:02:e2:c7:16:17:c8:ba:67:bd:53:9e:5a:86:91:
09:40:12:75:3e:f5:cd:4a:21:da:83:6c:b7:0b:82:39:e2:cf:
a7:dc:e1:15:9d:a5:24:d4:11:fc:ce:00:66:26:2b:9c:d1:88:
d1:5d:96:fa:fe:68:60:5c:18:fd:c6:fb:97:b0:b3:08:ec:a8:
d6:de:34:37:07:4e:d1:7f:c2:86:f2:c5:6c:7f:f9:eb:a1:18:
c0:11:df:d6:3a:3d:50:b2:34:f0:b0:f4:95:f0:1c:b4:81:e8:
53:f7:6a:1d
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZoK6Sguke6QX7O67imlQmDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjUxMDIyMDc1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA2MDA3MGJkM2VhYzlhYmZiOGM3NTk1OWM5NGUzNzU1NTM5MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCt7G0RsoLjqYtUhPWUNeYqaBV9Q
xieWjoj3NwIPzRnFLsJmD/egHY0N3n0LWHjuPndonFDMMhpSuwRgwbF2XnzmT2s1
Tp5WgUfRtF+7VoDc6w/a+0vP5psFM/qDMI9hVn6x/4Q2NKo62Gw/1trefB5I7f9j
ou+ljsC3xczbPeYuyqrDOBaEoj5KjHZxklDM+zyRauRvevyj1PZ1sUzByKmIXF3T
yDdHb0WC2KIMhPtkfnRk58mG+WkOxG8BCEeuR/fr533rnlxK7Ur1N47vRBXG0dCp
DQtXmf76eYMFAmP5Kn5mbXcyVQ1dQfZjNffrZpd5W+epLWUtSke+m8ckgwIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFH0GAHC9Pqyav7jHWVnJTjdVU5K2MB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvZlFZQWNMMC1ySnFfdU1kWldjbE9OMVZUa3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAAF
nYgDBAAFnYsDBAIFnaADBAElIyQDBAAlIycDBAI+2EgDBAI+2FADBAI+2FwDBAFb
4Q4DBABb63sDBAGSQtADBAKSQtQDBAKSQtwDBACynUwDBACynV4DBACynWwDBACy
nW4DBACynXwDBACynX4DBAC5TDwDBAC5TD4DBAC8SoIDBAC8SpgDBAC8SpsDBAC8
SqsDBAC8SrUDBAC8Sr4DBAG8StADBAK8StQDBAC8SvUwDAMEALx3pQMEALx3pgME
ALx3tQMEALx3vjANBgkqhkiG9w0BAQsFAAOCAQEAIL7UuhV7XPx9U1n+NzhZLnTi
HyuoR/dvAnCKiW9axMSImAcsKuxvx7tdyOzBRn0gYHopDjVL+eRAmVxBIHtr6sag
wppArdfZ0DDA9y60PzEe8hpfXWjcZaF6Q6dKkVhIEkA06gwY9UwVY5dIf7jAojCb
jBA7eQWtPPnnLEv3/RDXvWKvf+coyzXij4BPaTtO+wnmPQLixxYXyLpnvVOeWoaR
CUASdT71zUoh2oNstwuCOeLPp9zhFZ2lJNQR/M4AZiYrnNGI0V2W+v5oYFwY/cb7
l7CzCOyo1t40NwdO0X/ChvLFbH/566EYwBHf1jo9ULI08LD0lfActIHoU/dqHQ==
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:45:47 2025 by rpki-client