Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/KvjO9at7aAUMPE-dC1Xsr3kBBXM.roa
File: KvjO9at7aAUMPE-dC1Xsr3kBBXM.roa (raw, json)
Hash identifier: RPZJ2zUAASlEKB+meljBQovGxMMTqD1PRtdtHgbUXlU=
Subject key identifier: 2A:F8:CE:F5:AB:7B:68:05:0C:3C:4F:9D:0B:55:EC:AF:79:01:05:73
Certificate issuer: /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial: 019A39C1A3E1D4E46140BE4E38A3CA0C00EF
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/KvjO9at7aAUMPE-dC1Xsr3kBBXM.roa
Signing time: Fri 31 Oct 2025 10:13:02 +0000
ROA not before: Fri 31 Oct 2025 10:13:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197540
IP address blocks: 2.56.96.0/22 maxlen: 22
5.45.96.0/20 maxlen: 32
5.181.48.0/22 maxlen: 22
5.252.224.0/22 maxlen: 22
37.120.160.0/19 maxlen: 32
37.120.160.0/20 maxlen: 22
37.120.176.0/22 maxlen: 22
37.120.182.0/23 maxlen: 24
37.120.184.0/21 maxlen: 22
37.221.192.0/21 maxlen: 32
45.9.60.0/22 maxlen: 22
45.83.104.0/22 maxlen: 22
45.90.4.0/22 maxlen: 22
45.129.180.0/22 maxlen: 22
45.132.244.0/22 maxlen: 22
45.136.28.0/22 maxlen: 22
45.142.176.0/22 maxlen: 22
45.157.176.0/22 maxlen: 22
46.38.224.0/20 maxlen: 32
46.38.240.0/21 maxlen: 32
46.38.248.0/22 maxlen: 32
46.38.252.0/22 maxlen: 32
46.232.248.0/22 maxlen: 22
81.16.16.0/22 maxlen: 22
85.209.48.0/22 maxlen: 22
85.235.64.0/22 maxlen: 22
89.58.0.0/22 maxlen: 22
89.58.4.0/22 maxlen: 22
89.58.8.0/22 maxlen: 22
89.58.12.0/22 maxlen: 22
89.58.16.0/21 maxlen: 21
89.58.20.0/24 maxlen: 24
89.58.24.0/22 maxlen: 22
89.58.28.0/22 maxlen: 22
89.58.32.0/22 maxlen: 22
89.58.36.0/22 maxlen: 22
89.58.40.0/22 maxlen: 22
89.58.44.0/22 maxlen: 22
89.58.48.0/22 maxlen: 22
89.58.52.0/22 maxlen: 22
89.58.56.0/22 maxlen: 22
89.58.60.0/22 maxlen: 22
91.132.144.0/22 maxlen: 22
91.204.44.0/22 maxlen: 24
92.60.36.0/22 maxlen: 22
93.177.64.0/22 maxlen: 22
152.89.104.0/22 maxlen: 22
159.195.1.0/24 maxlen: 24
159.195.4.0/22 maxlen: 22
159.195.8.0/22 maxlen: 22
159.195.20.0/22 maxlen: 22
159.195.24.0/22 maxlen: 22
159.195.28.0/22 maxlen: 22
159.195.32.0/22 maxlen: 22
159.195.36.0/22 maxlen: 22
159.195.40.0/22 maxlen: 22
159.195.44.0/22 maxlen: 22
159.195.84.0/22 maxlen: 22
185.16.60.0/22 maxlen: 32
185.162.248.0/22 maxlen: 32
185.163.116.0/22 maxlen: 22
185.170.112.0/22 maxlen: 32
185.183.156.0/22 maxlen: 32
185.194.140.0/22 maxlen: 22
185.207.104.0/22 maxlen: 32
185.228.136.0/22 maxlen: 32
185.233.104.0/22 maxlen: 32
185.243.8.0/22 maxlen: 32
185.244.192.0/22 maxlen: 32
188.68.32.0/19 maxlen: 32
192.145.44.0/22 maxlen: 22
193.30.120.0/22 maxlen: 22
193.31.24.0/22 maxlen: 22
194.13.80.0/22 maxlen: 22
194.55.12.0/22 maxlen: 22
194.59.204.0/22 maxlen: 22
195.128.100.0/22 maxlen: 22
213.109.160.0/22 maxlen: 22
2a03:4000::/32 maxlen: 48
2a03:4000:63:1000::/52 maxlen: 52
2a03:4001::/32 maxlen: 48
2a0a:4cc0::/40 maxlen: 40
2a0a:4cc0::/43 maxlen: 43
2a0a:4cc0:40::/43 maxlen: 43
2a0a:4cc0:40:2000::/56 maxlen: 56
2a0a:4cc0:80::/43 maxlen: 43
2a0a:4cc0:c0::/43 maxlen: 43
2a0a:4cc0:fe::/48 maxlen: 48
2a0a:4cc0:ff::/48 maxlen: 48
2a0a:4cc0:ff:1000::/52 maxlen: 52
2a0a:4cc0:100::/48 maxlen: 48
2a0a:4cc0:104::/48 maxlen: 48
2a0a:4cc0:104::/52 maxlen: 52
2a0a:4cc0:104:1000::/52 maxlen: 52
2a0a:4cc0:2000:4000::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:39:c1:a3:e1:d4:e4:61:40:be:4e:38:a3:ca:0c:00:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
Validity
Not Before: Oct 31 10:13:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2af8cef5ab7b68050c3c4f9d0b55ecaf79010573
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:10:de:c3:5c:ef:a7:79:60:90:29:83:56:73:
28:20:7e:fd:31:48:d1:47:9a:08:11:c5:7a:64:3e:
8d:93:17:94:8d:c7:55:ce:e0:cf:1e:f4:d2:28:95:
7f:81:54:6c:07:67:c9:ed:fa:ef:eb:67:08:9a:79:
bd:fa:d9:ad:11:df:76:ac:6e:31:f6:c6:db:9e:4a:
d9:0e:3a:bf:4c:d2:4b:a2:e4:e8:c9:27:b5:8e:61:
1e:da:13:c8:c9:26:a0:1c:b7:0c:a5:e5:b3:3d:5c:
32:bd:af:e5:9f:ca:d5:e0:4d:0c:89:17:a9:60:2b:
a2:6e:94:6c:dd:40:d3:0f:72:b1:4a:34:06:9e:5e:
cc:37:93:51:0a:2e:95:50:23:e8:78:07:47:33:b5:
2a:a3:70:a2:c9:7b:e7:af:c0:74:33:7c:a1:53:63:
b6:ad:a5:ad:2d:c5:cd:59:c2:22:37:8f:6d:3c:a0:
19:3f:2e:a8:e1:5c:07:bd:93:90:2a:b0:ea:94:0a:
eb:ba:50:31:b9:55:fe:ce:91:ae:d2:a5:27:c0:32:
8d:88:f3:14:ab:59:32:5c:14:f9:3f:2a:a6:50:12:
b7:1b:bd:92:5b:6a:4c:81:c2:98:a7:65:a6:7a:7c:
15:04:8a:b0:73:4d:2d:27:40:85:f8:6f:c9:da:db:
47:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:F8:CE:F5:AB:7B:68:05:0C:3C:4F:9D:0B:55:EC:AF:79:01:05:73
X509v3 Authority Key Identifier:
keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/KvjO9at7aAUMPE-dC1Xsr3kBBXM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.96.0/22
5.45.96.0/20
5.181.48.0/22
5.252.224.0/22
37.120.160.0/19
37.221.192.0/21
45.9.60.0/22
45.83.104.0/22
45.90.4.0/22
45.129.180.0/22
45.132.244.0/22
45.136.28.0/22
45.142.176.0/22
45.157.176.0/22
46.38.224.0/19
46.232.248.0/22
81.16.16.0/22
85.209.48.0/22
85.235.64.0/22
89.58.0.0/18
91.132.144.0/22
91.204.44.0/22
92.60.36.0/22
93.177.64.0/22
152.89.104.0/22
159.195.1.0/24
159.195.4.0-159.195.11.255
159.195.20.0-159.195.47.255
159.195.84.0/22
185.16.60.0/22
185.162.248.0/22
185.163.116.0/22
185.170.112.0/22
185.183.156.0/22
185.194.140.0/22
185.207.104.0/22
185.228.136.0/22
185.233.104.0/22
185.243.8.0/22
185.244.192.0/22
188.68.32.0/19
192.145.44.0/22
193.30.120.0/22
193.31.24.0/22
194.13.80.0/22
194.55.12.0/22
194.59.204.0/22
195.128.100.0/22
213.109.160.0/22
IPv6:
2a03:4000::/31
2a0a:4cc0::-2a0a:4cc0:100:ffff:ffff:ffff:ffff:ffff
2a0a:4cc0:104::/48
2a0a:4cc0:2000:4000::/56
Signature Algorithm: sha256WithRSAEncryption
8a:f5:c3:5c:39:69:80:82:3d:74:d3:38:c8:a5:95:2a:8c:15:
a9:50:f8:c5:e4:2f:08:f4:8f:36:f7:f5:4a:fe:b7:56:be:fc:
05:0c:e7:0f:91:b2:aa:4c:aa:30:fd:c7:7e:64:c8:7a:ca:8c:
56:b2:d6:c7:21:e4:41:9c:f0:cb:d8:d6:e8:76:04:5e:56:0b:
ae:fa:dc:ad:85:d2:ff:e3:56:7f:4e:07:9c:10:01:a5:6d:f6:
52:96:eb:65:39:ac:c8:15:d0:22:b5:79:71:6d:09:09:cb:31:
90:86:20:b0:47:63:d4:8a:e2:81:b0:b3:f9:6d:8d:7d:be:98:
35:0c:d7:f6:c7:bc:54:24:89:dd:21:ad:70:d4:36:22:6b:03:
18:1b:09:06:a7:11:d5:eb:fc:81:38:52:a5:16:dc:21:6f:9e:
58:5c:e2:97:88:b4:a8:e5:78:99:aa:c0:2b:e5:a3:e9:a5:b6:
5a:b2:cd:c9:75:6a:3e:c0:0c:16:0d:73:11:99:62:60:bf:66:
96:a4:83:d3:32:62:a4:a4:7a:07:26:b8:3f:43:7e:b4:ef:cd:
79:10:da:d6:34:57:79:f5:fa:54:9a:91:cc:32:25:db:d0:09:
f0:33:ee:19:16:bc:6d:c3:a9:d5:a1:68:c5:98:42:59:d2:e4:
32:b4:59:a3
-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgISAZo5waPh1ORhQL5OOKPKDADvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjUxMDMxMTAxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY4Y2VmNWFiN2I2ODA1MGMzYzRmOWQwYjU1ZWNhZjc5MDEwNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRDew1zvp3lgkCmDVnMoIH79MUjR
R5oIEcV6ZD6NkxeUjcdVzuDPHvTSKJV/gVRsB2fJ7frv62cImnm9+tmtEd92rG4x
9sbbnkrZDjq/TNJLouToySe1jmEe2hPIySagHLcMpeWzPVwyva/ln8rV4E0MiRep
YCuibpRs3UDTD3KxSjQGnl7MN5NRCi6VUCPoeAdHM7Uqo3CiyXvnr8B0M3yhU2O2
raWtLcXNWcIiN49tPKAZPy6o4VwHvZOQKrDqlArrulAxuVX+zpGu0qUnwDKNiPMU
q1kyXBT5PyqmUBK3G72SW2pMgcKYp2WmenwVBIqwc00tJ0CF+G/J2ttH+QIDAQAB
o4IDdzCCA3MwHQYDVR0OBBYEFCr4zvWre2gFDDxPnQtV7K95AQVzMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvS3ZqTzlhdDdhQVVNUEUtZEMxWHNyM2tCQlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBiwYIKwYBBQUHAQcBAf8EggF6MIIBdjCCAT4EAgABMIIB
NgMEAgI4YAMEBAUtYAMEAgW1MAMEAgX84AMEBSV4oAMEAyXdwAMEAi0JPAMEAi1T
aAMEAi1aBAMEAi2BtAMEAi2E9AMEAi2IHAMEAi2OsAMEAi2dsAMEBS4m4AMEAi7o
+AMEAlEQEAMEAlXRMAMEAlXrQAMEBlk6AAMEAluEkAMEAlvMLAMEAlw8JAMEAl2x
QAMEAphZaAMEAJ/DATAMAwQCn8MEAwQCn8MIMAwDBAKfwxQDBASfwyADBAKfw1QD
BAK5EDwDBAK5ovgDBAK5o3QDBAK5qnADBAK5t5wDBAK5wowDBAK5z2gDBAK55IgD
BAK56WgDBAK58wgDBAK59MADBAW8RCADBALAkSwDBALBHngDBALBHxgDBALCDVAD
BALCNwwDBALCO8wDBALDgGQDBALVbaAwMgQCAAIwLAMFASoDQAAwEAMFBioKTMAD
BwAqCkzAAQADBwAqCkzAAQQDCAAqCkzAIABAMA0GCSqGSIb3DQEBCwUAA4IBAQCK
9cNcOWmAgj100zjIpZUqjBWpUPjF5C8I9I829/VK/rdWvvwFDOcPkbKqTKow/cd+
ZMh6yoxWstbHIeRBnPDL2NbodgReVguu+tythdL/41Z/TgecEAGlbfZSlutlOazI
FdAitXlxbQkJyzGQhiCwR2PUiuKBsLP5bY19vpg1DNf2x7xUJIndIa1w1DYiawMY
GwkGpxHV6/yBOFKlFtwhb55YXOKXiLSo5XiZqsAr5aPppbZass3JdWo+wAwWDXMR
mWJgv2aWpIPTMmKkpHoHJrg/Q3607815ENrWNFd59fpUmpHMMiXb0AnwM+4ZFrxt
w6nVoWjFmEJZ0uQytFmj
-----END CERTIFICATE-----
Generated at Wed Nov 5 04:01:29 2025 by rpki-client