Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CnlC6gqOGM7cGtyf3q7ZarTnKvk.roa
File: CnlC6gqOGM7cGtyf3q7ZarTnKvk.roa (raw, json)
Hash identifier: 32RpDBghAJW0XgukjS2TZPf541ueKGSu7TqcJK/unyA=
Subject key identifier: 0A:79:42:EA:0A:8E:18:CE:DC:1A:DC:9F:DE:AE:D9:6A:B4:E7:2A:F9
Certificate issuer: /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial: 019A39BD103568C0D19DA7092E3B072D3D19
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CnlC6gqOGM7cGtyf3q7ZarTnKvk.roa
Signing time: Fri 31 Oct 2025 10:08:03 +0000
ROA not before: Fri 31 Oct 2025 10:08:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48635
IP address blocks: 2.57.57.0/24 maxlen: 24
5.157.80.0/21 maxlen: 21
31.25.96.0/21 maxlen: 21
31.25.98.0/24 maxlen: 24
31.186.168.0/21 maxlen: 21
46.17.0.0/21 maxlen: 21
62.84.240.0/21 maxlen: 21
62.221.248.0/21 maxlen: 21
62.221.250.0/24 maxlen: 24
77.94.248.0/21 maxlen: 24
79.99.128.0/21 maxlen: 21
91.198.106.0/24 maxlen: 24
91.238.176.0/23 maxlen: 24
92.63.168.0/21 maxlen: 21
92.63.168.0/24 maxlen: 24
92.63.169.0/24 maxlen: 24
93.180.64.0/21 maxlen: 21
93.187.220.0/22 maxlen: 22
109.70.0.0/21 maxlen: 21
109.72.80.0/20 maxlen: 20
109.106.160.0/20 maxlen: 20
109.106.176.0/21 maxlen: 21
128.140.216.0/21 maxlen: 21
145.131.0.0/20 maxlen: 24
145.131.16.0/20 maxlen: 24
145.131.32.0/20 maxlen: 24
176.117.58.0/23 maxlen: 24
185.27.140.0/22 maxlen: 22
185.27.172.0/22 maxlen: 22
185.28.56.0/22 maxlen: 24
185.37.68.0/22 maxlen: 22
185.56.144.0/22 maxlen: 22
185.66.248.0/22 maxlen: 22
185.87.184.0/22 maxlen: 22
185.89.4.0/22 maxlen: 22
185.94.228.0/24 maxlen: 24
185.94.230.0/23 maxlen: 23
185.95.31.0/24 maxlen: 24
185.103.156.0/22 maxlen: 22
185.103.240.0/22 maxlen: 22
185.103.242.0/23 maxlen: 23
185.107.212.0/22 maxlen: 22
185.107.224.0/23 maxlen: 23
185.109.216.0/22 maxlen: 22
185.159.240.0/22 maxlen: 22
185.175.200.0/22 maxlen: 22
185.182.56.0/22 maxlen: 22
185.182.56.0/24 maxlen: 24
185.187.12.0/22 maxlen: 22
185.223.32.0/22 maxlen: 22
185.224.88.0/22 maxlen: 22
185.231.200.0/22 maxlen: 22
185.232.248.0/22 maxlen: 24
193.23.143.0/24 maxlen: 24
193.164.192.0/23 maxlen: 24
194.247.30.0/23 maxlen: 24
195.20.8.0/22 maxlen: 24
195.238.74.0/23 maxlen: 23
2001:678:76c::/48 maxlen: 48
2001:67c:28fc::/48 maxlen: 48
2a00:f10::/29 maxlen: 29
2a00:f60::/32 maxlen: 48
2a00:9b60::/40 maxlen: 48
2a01:b940::/29 maxlen: 29
2a02:2968::/29 maxlen: 29
2a02:40c1::/32 maxlen: 32
2a03:3060::/29 maxlen: 29
2a04:6bc0::/36 maxlen: 36
2a05:1500::/29 maxlen: 29
2a05:1500:600::/40 maxlen: 40
2a06:4040::/29 maxlen: 48
2a0b:7280::/29 maxlen: 29
2a0b:8f80::/29 maxlen: 29
2a0c:84c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:39:bd:10:35:68:c0:d1:9d:a7:09:2e:3b:07:2d:3d:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Validity
Not Before: Oct 31 10:08:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a7942ea0a8e18cedc1adc9fdeaed96ab4e72af9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:4f:63:14:ed:1e:68:d1:ae:a1:23:36:63:40:
17:c2:74:19:07:c9:70:4d:78:57:d6:85:a2:b5:db:
9e:ca:fd:e6:a4:67:a1:f8:fc:5e:4d:8e:81:c7:b4:
a2:e3:5c:78:a5:30:7f:cf:68:d7:4a:1b:26:38:bb:
6a:2d:66:d4:f0:a7:4f:0c:8b:76:c1:86:18:8b:f4:
6a:22:33:9f:b0:1f:94:cb:58:83:9c:91:86:bf:79:
81:05:f5:09:ee:48:6f:c4:2d:7a:59:74:80:9e:35:
4b:42:9b:d7:1a:63:3e:18:18:85:c1:7a:5e:12:8a:
1b:34:cc:d3:2a:f4:cf:99:db:2f:24:32:5e:b9:d4:
a3:02:d5:5d:c3:de:6c:ec:10:0c:53:84:f0:5d:72:
73:2f:e8:53:58:aa:ed:fa:5b:45:c9:a6:c1:4c:ee:
bd:cf:4e:96:ef:7f:1a:16:d2:60:31:ba:f7:62:59:
91:48:80:72:41:35:ca:c1:ea:4f:e9:c4:01:d3:f4:
bc:ba:9e:0c:bd:60:50:9b:08:9d:76:c4:1e:2f:47:
7a:d4:f2:be:4f:6d:89:ea:2d:86:25:5e:df:62:79:
12:9d:d5:50:f2:7f:1a:4c:61:b7:18:bd:ca:83:f6:
c3:1d:33:7d:ee:0a:56:05:57:ff:48:c5:7a:1b:d3:
c3:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:79:42:EA:0A:8E:18:CE:DC:1A:DC:9F:DE:AE:D9:6A:B4:E7:2A:F9
X509v3 Authority Key Identifier:
keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CnlC6gqOGM7cGtyf3q7ZarTnKvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.57.0/24
5.157.80.0/21
31.25.96.0/21
31.186.168.0/21
46.17.0.0/21
62.84.240.0/21
62.221.248.0/21
77.94.248.0/21
79.99.128.0/21
91.198.106.0/24
91.238.176.0/23
92.63.168.0/21
93.180.64.0/21
93.187.220.0/22
109.70.0.0/21
109.72.80.0/20
109.106.160.0-109.106.183.255
128.140.216.0/21
145.131.0.0-145.131.47.255
176.117.58.0/23
185.27.140.0/22
185.27.172.0/22
185.28.56.0/22
185.37.68.0/22
185.56.144.0/22
185.66.248.0/22
185.87.184.0/22
185.89.4.0/22
185.94.228.0/24
185.94.230.0/23
185.95.31.0/24
185.103.156.0/22
185.103.240.0/22
185.107.212.0/22
185.107.224.0/23
185.109.216.0/22
185.159.240.0/22
185.175.200.0/22
185.182.56.0/22
185.187.12.0/22
185.223.32.0/22
185.224.88.0/22
185.231.200.0/22
185.232.248.0/22
193.23.143.0/24
193.164.192.0/23
194.247.30.0/23
195.20.8.0/22
195.238.74.0/23
IPv6:
2001:678:76c::/48
2001:67c:28fc::/48
2a00:f10::/29
2a00:f60::/32
2a00:9b60::/40
2a01:b940::/29
2a02:2968::/29
2a02:40c1::/32
2a03:3060::/29
2a04:6bc0::/36
2a05:1500::/29
2a06:4040::/29
2a0b:7280::/29
2a0b:8f80::/29
2a0c:84c0::/29
Signature Algorithm: sha256WithRSAEncryption
77:d2:88:f3:cf:b3:a2:84:5a:fd:40:50:dd:7e:e5:24:aa:ee:
9d:6d:22:25:50:e5:6a:d6:da:85:25:44:f1:1b:ae:62:c9:08:
02:66:1d:2d:dd:95:ba:81:01:78:8d:ef:f9:59:f3:52:74:7f:
62:e9:6b:8f:ec:15:05:2b:44:c0:cf:d3:6b:3e:9b:37:04:9d:
73:a0:43:06:b3:46:ba:19:50:7a:7f:b9:a3:99:04:eb:94:5b:
87:94:9f:09:14:42:ce:6c:be:38:13:53:3a:57:50:ea:24:43:
53:3e:bf:cf:4a:f3:44:79:38:f7:01:00:c6:79:37:00:89:f5:
16:24:f8:f4:32:26:36:d0:34:37:10:3a:1f:d5:b2:79:dc:b3:
00:37:22:74:29:34:3e:ae:68:e7:62:92:a0:6c:a8:28:0a:57:
f0:0f:00:39:50:57:c4:5b:73:a3:54:5f:7e:03:91:29:84:75:
f1:f6:9c:1e:55:52:2e:51:66:c1:4b:af:b1:3b:7b:6b:cd:71:
6c:c7:75:d0:8a:e7:b7:f5:7a:28:b7:b8:e7:49:2d:a1:6c:bb:
79:0d:0b:91:e9:7c:58:e8:59:75:2e:02:1a:d3:4d:20:a7:42:
03:d1:f0:2b:a1:43:13:34:53:e3:a2:41:65:fe:9b:51:e5:f5:
ec:75:aa:c6
-----BEGIN CERTIFICATE-----
MIIGrTCCBZWgAwIBAgISAZo5vRA1aMDRnacJLjsHLT0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUxMDMxMTAwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc5NDJlYTBhOGUxOGNlZGMxYWRjOWZkZWFlZDk2YWI0ZTcyYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA409jFO0eaNGuoSM2Y0AXwnQZB8lw
TXhX1oWitdueyv3mpGeh+PxeTY6Bx7Si41x4pTB/z2jXShsmOLtqLWbU8KdPDIt2
wYYYi/RqIjOfsB+Uy1iDnJGGv3mBBfUJ7khvxC16WXSAnjVLQpvXGmM+GBiFwXpe
EoobNMzTKvTPmdsvJDJeudSjAtVdw95s7BAMU4TwXXJzL+hTWKrt+ltFyabBTO69
z06W738aFtJgMbr3YlmRSIByQTXKwepP6cQB0/S8up4MvWBQmwiddsQeL0d61PK+
T22J6i2GJV7fYnkSndVQ8n8aTGG3GL3Kg/bDHTN97gpWBVf/SMV6G9PDlwIDAQAB
o4IDuTCCA7UwHQYDVR0OBBYEFAp5QuoKjhjO3Brcn96u2Wq05yr5MB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvQ25sQzZncU9HTTdjR3R5ZjNxN1phclRuS3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzQYIKwYBBQUHAQcBAf8EggG8MIIBuDCCAT0EAgABMIIB
NQMEAAI5OQMEAwWdUAMEAx8ZYAMEAx+6qAMEAy4RAAMEAz5U8AMEAz7d+AMEA01e
+AMEA09jgAMEAFvGagMEAVvusAMEA1w/qAMEA120QAMEAl273AMEA21GAAMEBG1I
UDAMAwQFbWqgAwQDbWqwAwQDgIzYMAsDAwCRgwMEBJGDIAMEAbB1OgMEArkbjAME
ArkbrAMEArkcOAMEArklRAMEArk4kAMEArlC+AMEArlXuAMEArlZBAMEALle5AME
Able5gMEALlfHwMEArlnnAMEArln8AMEArlr1AMEAblr4AMEArlt2AMEArmf8AME
ArmvyAMEArm2OAMEArm7DAMEArnfIAMEArngWAMEArnnyAMEArno+AMEAMEXjwME
AcGkwAMEAcL3HgMEAsMUCAMEAcPuSjB1BAIAAjBvAwcAIAEGeAdsAwcAIAEGfCj8
AwUDKgAPEAMFACoAD2ADBgAqAJtgAAMFAyoBuUADBQMqAiloAwUAKgJAwQMFAyoD
MGADBgQqBGvAAAMFAyoFFQADBQMqBkBAAwUDKgtygAMFAyoLj4ADBQMqDITAMA0G
CSqGSIb3DQEBCwUAA4IBAQB30ojzz7OihFr9QFDdfuUkqu6dbSIlUOVq1tqFJUTx
G65iyQgCZh0t3ZW6gQF4je/5WfNSdH9i6WuP7BUFK0TAz9NrPps3BJ1zoEMGs0a6
GVB6f7mjmQTrlFuHlJ8JFELObL44E1M6V1DqJENTPr/PSvNEeTj3AQDGeTcAifUW
JPj0MiY20DQ3EDof1bJ53LMANyJ0KTQ+rmjnYpKgbKgoClfwDwA5UFfEW3OjVF9+
A5EphHXx9pweVVIuUWbBS6+xO3trzXFsx3XQiue39Xoot7jnSS2hbLt5DQuR6XxY
6Fl1LgIa000gp0ID0fAroUMTNFPjokFl/ptR5fXsdarG
-----END CERTIFICATE-----
Generated at Tue Nov 4 23:00:58 2025 by rpki-client