Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/5u-8SVAUpvub-Cd_4HeNtrzoMPU.roa
File: 5u-8SVAUpvub-Cd_4HeNtrzoMPU.roa (raw, json)
Hash identifier: 5Zs2cIrpeScYU+cWC5shvjijxjcgsi5DEwtyivdW300=
Subject key identifier: E6:EF:BC:49:50:14:A6:FB:9B:F8:27:7F:E0:77:8D:B6:BC:E8:30:F5
Certificate issuer: /CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
Certificate serial: 019A4F4DB22FF59239788DAF5AFD8F348EC2
Authority key identifier: 80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/5u-8SVAUpvub-Cd_4HeNtrzoMPU.roa
Signing time: Tue 04 Nov 2025 14:38:02 +0000
ROA not before: Tue 04 Nov 2025 14:38:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 5.39.0.0/17 maxlen: 17
5.135.0.0/16 maxlen: 16
5.196.0.0/16 maxlen: 16
37.59.0.0/16 maxlen: 16
37.187.0.0/16 maxlen: 16
46.105.0.0/16 maxlen: 16
46.105.198.0/24 maxlen: 24
46.105.199.0/24 maxlen: 24
46.105.200.0/24 maxlen: 24
46.105.201.0/24 maxlen: 24
46.105.202.0/24 maxlen: 24
46.105.203.0/24 maxlen: 24
46.105.204.0/24 maxlen: 24
46.105.206.0/24 maxlen: 24
46.105.207.0/24 maxlen: 24
51.38.0.0/16 maxlen: 16
51.68.0.0/16 maxlen: 16
51.75.0.0/16 maxlen: 16
51.77.0.0/16 maxlen: 16
51.83.0.0/16 maxlen: 16
51.89.0.0/16 maxlen: 16
51.91.0.0/16 maxlen: 16
51.178.0.0/16 maxlen: 16
51.195.0.0/16 maxlen: 16
51.210.0.0/16 maxlen: 16
51.254.0.0/15 maxlen: 15
54.36.0.0/16 maxlen: 16
54.37.0.0/16 maxlen: 16
54.38.0.0/16 maxlen: 16
57.128.0.0/17 maxlen: 17
57.128.128.0/18 maxlen: 18
57.128.192.0/18 maxlen: 18
57.129.0.0/17 maxlen: 17
57.129.128.0/17 maxlen: 17
57.130.0.0/16 maxlen: 16
57.131.0.0/17 maxlen: 17
79.137.0.0/17 maxlen: 17
87.98.128.0/17 maxlen: 17
91.121.0.0/16 maxlen: 16
91.134.0.0/16 maxlen: 16
92.222.0.0/16 maxlen: 16
94.23.0.0/16 maxlen: 16
135.125.0.0/17 maxlen: 17
135.125.128.0/17 maxlen: 17
137.74.0.0/16 maxlen: 16
141.94.0.0/16 maxlen: 16
141.95.0.0/17 maxlen: 17
141.95.128.0/17 maxlen: 17
141.227.128.0/20 maxlen: 24
141.227.160.0/19 maxlen: 24
145.239.0.0/16 maxlen: 16
146.59.0.0/16 maxlen: 16
146.59.0.0/17 maxlen: 17
147.135.128.0/17 maxlen: 17
149.202.0.0/16 maxlen: 16
151.80.0.0/16 maxlen: 16
152.228.128.0/17 maxlen: 17
162.19.0.0/17 maxlen: 17
162.19.128.0/17 maxlen: 17
164.132.0.0/16 maxlen: 16
176.31.0.0/16 maxlen: 16
178.32.0.0/15 maxlen: 15
188.165.0.0/16 maxlen: 16
193.70.0.0/17 maxlen: 17
198.244.128.0/17 maxlen: 17
213.32.0.0/17 maxlen: 17
213.186.32.0/19 maxlen: 19
213.251.128.0/18 maxlen: 18
217.182.0.0/16 maxlen: 16
2001:41d0::/32 maxlen: 32
2001:41d0:ab00::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.mft
rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 14:38:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4f:4d:b2:2f:f5:92:39:78:8d:af:5a:fd:8f:34:8e:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=80a9fff63a3477957ff75ccdc003dab68cf9d155
Validity
Not Before: Nov 4 14:38:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e6efbc495014a6fb9bf8277fe0778db6bce830f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:0e:99:fa:61:3e:fb:30:e1:ff:8c:0f:e2:b4:
a8:73:99:c2:2f:9c:4b:f2:ef:88:9c:ec:95:22:9d:
0e:54:cb:91:97:d2:8c:ae:73:a8:a8:1c:39:d2:cb:
fe:53:95:52:c4:11:0f:7e:dc:f9:4f:1e:7b:d5:b2:
e6:1b:e9:00:60:e2:9d:7c:f9:86:46:3d:b9:86:7f:
22:b0:17:aa:28:16:4b:00:67:4e:8e:54:61:c8:f0:
79:0a:4a:c9:48:5b:54:ef:7d:3c:1c:f3:96:3b:73:
cb:8c:bb:e7:e5:5b:d0:ed:85:29:9a:2d:f6:82:5e:
93:c4:7f:21:f3:d7:48:0c:a0:3c:2c:13:4e:31:5a:
e3:38:fc:7b:4d:3e:cb:14:17:8c:44:86:a8:0e:ac:
cb:fc:1f:88:25:72:20:5e:69:8a:4f:82:cf:54:09:
e1:e1:9f:d1:07:fc:53:4c:8e:e7:20:51:ae:c4:5c:
cd:d2:72:bc:d5:af:80:52:46:7d:a5:9a:bf:ab:9a:
e7:28:09:17:e0:29:dc:31:f3:e4:cc:3c:ef:66:52:
fb:ec:c9:3f:04:8d:96:16:ec:5f:76:e3:6e:79:ec:
9c:b5:8b:38:f2:a6:dc:7e:a3:d1:f8:01:f2:b2:e6:
d1:20:a9:c0:dd:c4:de:56:c9:36:cc:f7:e9:49:bf:
61:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:EF:BC:49:50:14:A6:FB:9B:F8:27:7F:E0:77:8D:B6:BC:E8:30:F5
X509v3 Authority Key Identifier:
keyid:80:A9:FF:F6:3A:34:77:95:7F:F7:5C:CD:C0:03:DA:B6:8C:F9:D1:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKn_9jo0d5V_91zNwAPatoz50VU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/5u-8SVAUpvub-Cd_4HeNtrzoMPU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b084bf-a454-43cf-ac92-47d98e58545a/1/gKn_9jo0d5V_91zNwAPatoz50VU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.0.0/17
5.135.0.0/16
5.196.0.0/16
37.59.0.0/16
37.187.0.0/16
46.105.0.0/16
51.38.0.0/16
51.68.0.0/16
51.75.0.0/16
51.77.0.0/16
51.83.0.0/16
51.89.0.0/16
51.91.0.0/16
51.178.0.0/16
51.195.0.0/16
51.210.0.0/16
51.254.0.0/15
54.36.0.0-54.38.255.255
57.128.0.0-57.131.127.255
79.137.0.0/17
87.98.128.0/17
91.121.0.0/16
91.134.0.0/16
92.222.0.0/16
94.23.0.0/16
135.125.0.0/16
137.74.0.0/16
141.94.0.0/15
141.227.128.0/20
141.227.160.0/19
145.239.0.0/16
146.59.0.0/16
147.135.128.0/17
149.202.0.0/16
151.80.0.0/16
152.228.128.0/17
162.19.0.0/16
164.132.0.0/16
176.31.0.0/16
178.32.0.0/15
188.165.0.0/16
193.70.0.0/17
198.244.128.0/17
213.32.0.0/17
213.186.32.0/19
213.251.128.0/18
217.182.0.0/16
IPv6:
2001:41d0::/32
Signature Algorithm: sha256WithRSAEncryption
1d:3b:33:9e:5e:89:34:aa:60:72:b5:64:9b:7d:4d:69:69:93:
65:9e:ff:bb:3e:b9:cf:6c:43:0a:5d:9d:c7:18:7e:01:76:11:
fc:6e:2f:00:ac:e2:87:8b:14:cd:93:fb:a4:fb:ff:83:11:5f:
82:d5:58:c6:91:87:35:58:01:21:ac:de:8f:03:ed:ff:64:9d:
98:78:b5:8b:1d:fa:4d:3c:7b:7d:8d:b0:61:f0:dc:84:3b:cf:
4a:f6:a7:91:4a:58:17:89:13:3f:6e:d3:8b:f0:f6:08:37:c6:
80:1b:b9:8b:63:f4:92:0c:51:af:69:7f:9a:7a:9d:9d:35:b0:
33:5b:23:ee:f1:de:23:44:88:50:ac:18:60:6f:d5:1c:ba:68:
3c:0c:5b:51:01:b4:86:9c:e1:b9:71:36:81:b8:a6:f5:2c:85:
ed:12:1f:62:9e:7b:05:ba:56:ee:6d:3b:a1:5f:38:04:e5:1f:
53:15:11:f7:7a:24:3c:db:4d:a8:24:27:e6:f0:36:4a:9a:b9:
64:cd:6e:1d:f1:72:e4:af:ab:be:77:07:ce:02:4b:6f:7d:e3:
09:85:f4:b4:b2:6c:b2:bd:ac:c9:9b:e4:77:fd:0b:79:d5:c5:
34:0b:5b:e2:af:d1:4e:6d:4d:29:fa:92:2b:ec:d0:7a:bb:f1:
cc:9f:46:fd
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgISAZpPTbIv9ZI5eI2vWv2PNI7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYTlmZmY2M2EzNDc3OTU3ZmY3NWNjZGMwMDNkYWI2OGNm
OWQxNTUwHhcNMjUxMTA0MTQzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVmYmM0OTUwMTRhNmZiOWJmODI3N2ZlMDc3OGRiNmJjZTgzMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApg6Z+mE++zDh/4wP4rSoc5nCL5xL
8u+InOyVIp0OVMuRl9KMrnOoqBw50sv+U5VSxBEPftz5Tx571bLmG+kAYOKdfPmG
Rj25hn8isBeqKBZLAGdOjlRhyPB5CkrJSFtU7308HPOWO3PLjLvn5VvQ7YUpmi32
gl6TxH8h89dIDKA8LBNOMVrjOPx7TT7LFBeMRIaoDqzL/B+IJXIgXmmKT4LPVAnh
4Z/RB/xTTI7nIFGuxFzN0nK81a+AUkZ9pZq/q5rnKAkX4CncMfPkzDzvZlL77Mk/
BI2WFuxfduNueeyctYs48qbcfqPR+AHysubRIKnA3cTeVsk2zPfpSb9h9wIDAQAB
o4IDIjCCAx4wHQYDVR0OBBYEFObvvElQFKb7m/gnf+B3jba86DD1MB8GA1UdIwQY
MBaAFICp//Y6NHeVf/dczcAD2raM+dFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTIt
NDdkOThlNTg1NDVhLzEvNXUtOFNWQVVwdnViLUNkXzRIZU50cnpvTVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iMDg0YmYtYTQ1NC00M2NmLWFjOTItNDdkOThlNTg1NDVh
LzEvZ0tuXzlqbzBkNVZfOTF6TndBUGF0b3o1MFZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNgYIKwYBBQUHAQcBAf8EggElMIIBITCCAQ4EAgABMIIB
BgMEBwUnAAMDAAWHAwMABcQDAwAlOwMDACW7AwMALmkDAwAzJgMDADNEAwMAM0sD
AwAzTQMDADNTAwMAM1kDAwAzWwMDADOyAwMAM8MDAwAz0gMDATP+MAoDAwI2JAMD
ADYmMAsDAwc5gAMEBzmDAAMEB0+JAAMEB1digAMDAFt5AwMAW4YDAwBc3gMDAF4X
AwMAh30DAwCJSgMDAY1eAwQEjeOAAwQFjeOgAwMAke8DAwCSOwMEB5OHgAMDAJXK
AwMAl1ADBAeY5IADAwCiEwMDAKSEAwMAsB8DAwGyIAMDALylAwQHwUYAAwQHxvSA
AwQH1SAAAwQF1bogAwQG1fuAAwMA2bYwDQQCAAIwBwMFACABQdAwDQYJKoZIhvcN
AQELBQADggEBAB07M55eiTSqYHK1ZJt9TWlpk2We/7s+uc9sQwpdnccYfgF2Efxu
LwCs4oeLFM2T+6T7/4MRX4LVWMaRhzVYASGs3o8D7f9knZh4tYsd+k08e32NsGHw
3IQ7z0r2p5FKWBeJEz9u04vw9gg3xoAbuYtj9JIMUa9pf5p6nZ01sDNbI+7x3iNE
iFCsGGBv1Ry6aDwMW1EBtIac4blxNoG4pvUshe0SH2KeewW6Vu5tO6FfOATlH1MV
Efd6JDzbTagkJ+bwNkqauWTNbh3xcuSvq753B84CS2994wmF9LSybLK9rMmb5Hf9
C3nVxTQLW+Kv0U5tTSn6kivs0Hq78cyfRv0=
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:02:07 2025 by rpki-client