Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/L8fPujIKsBi6jtF3wpi92LaR5sM.roa
File: L8fPujIKsBi6jtF3wpi92LaR5sM.roa (raw, json)
Hash identifier: meNehvqkmBkNG6v4QZ+r0ymGAotj7DbJNLEAKS/pf5I=
Subject key identifier: 2F:C7:CF:BA:32:0A:B0:18:BA:8E:D1:77:C2:98:BD:D8:B6:91:E6:C3
Certificate issuer: /CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Certificate serial: 019A0240A80A20EE6E0999F3D3662F2A3278
Authority key identifier: 34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/L8fPujIKsBi6jtF3wpi92LaR5sM.roa
Signing time: Mon 20 Oct 2025 15:33:03 +0000
ROA not before: Mon 20 Oct 2025 15:33:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25540
IP address blocks: 45.81.212.0/22 maxlen: 22
77.81.49.0/24 maxlen: 24
83.172.137.0/24 maxlen: 24
83.172.142.0/23 maxlen: 23
83.172.149.0/24 maxlen: 24
83.172.152.0/24 maxlen: 24
83.172.154.0/23 maxlen: 23
83.172.156.0/23 maxlen: 23
83.172.158.0/24 maxlen: 24
83.172.166.0/23 maxlen: 23
83.172.168.0/24 maxlen: 24
83.172.170.0/23 maxlen: 23
83.172.184.0/23 maxlen: 23
83.172.187.0/24 maxlen: 24
83.172.190.0/24 maxlen: 24
83.172.191.0/24 maxlen: 24
89.37.107.0/24 maxlen: 24
93.114.176.0/22 maxlen: 22
94.177.28.0/24 maxlen: 24
94.177.144.0/24 maxlen: 24
130.93.0.0/17 maxlen: 24
130.93.0.0/24 maxlen: 24
130.93.128.0/18 maxlen: 22
130.93.128.0/19 maxlen: 19
130.93.160.0/20 maxlen: 20
130.93.176.0/22 maxlen: 22
185.9.248.0/22 maxlen: 22
185.12.0.0/22 maxlen: 22
185.23.164.0/22 maxlen: 22
185.120.176.0/22 maxlen: 22
185.122.160.0/22 maxlen: 22
185.133.128.0/22 maxlen: 22
185.137.72.0/22 maxlen: 22
185.153.172.0/22 maxlen: 22
193.84.89.0/24 maxlen: 24
195.68.224.0/22 maxlen: 22
206.124.104.0/21 maxlen: 21
2a02:ec00::/29 maxlen: 29
2a0e:4180::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.mft
rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:02:40:a8:0a:20:ee:6e:09:99:f3:d3:66:2f:2a:32:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Validity
Not Before: Oct 20 15:33:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2fc7cfba320ab018ba8ed177c298bdd8b691e6c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:8d:a1:bb:a9:42:ff:4e:2e:46:4c:e0:63:46:
2a:4d:1f:f4:85:e0:18:92:71:3a:a4:91:e7:df:b2:
b5:1e:93:f8:e8:53:fa:54:0c:85:af:89:b8:1f:82:
6b:37:2a:8c:83:ee:21:a2:b3:02:4d:df:28:6c:7a:
63:7d:a1:7d:18:7b:21:64:de:49:9c:cc:e9:0f:72:
ae:42:f1:6f:9b:b7:d0:fc:42:c4:7b:03:77:89:aa:
60:c1:19:2a:a0:97:9f:a7:b3:9f:dd:40:62:d4:1b:
99:3b:ca:08:ab:74:22:55:ee:7b:60:0f:c0:c2:a4:
42:6a:2d:1a:8f:a7:ac:b6:ec:8e:0b:ad:2b:e2:e5:
fc:e5:f1:93:e3:ed:21:df:87:d8:07:0c:ba:a3:97:
e0:c9:cf:07:3c:bf:be:94:8f:d1:3f:4c:eb:e4:f1:
ca:f0:36:27:8a:88:c8:91:a2:5d:fb:43:be:18:06:
b7:f5:06:8d:c3:b7:70:80:f6:84:a3:c4:80:bc:8b:
76:b0:d3:5c:fd:b9:30:be:22:05:30:39:1d:61:a5:
d2:2c:fe:84:0e:5f:c4:51:31:5d:c2:61:71:9f:d8:
d0:4a:da:84:f9:6b:1d:27:93:7c:1b:12:dd:b5:81:
24:a8:3c:83:88:ec:66:57:c9:88:4f:ff:67:b6:4b:
41:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:C7:CF:BA:32:0A:B0:18:BA:8E:D1:77:C2:98:BD:D8:B6:91:E6:C3
X509v3 Authority Key Identifier:
keyid:34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/L8fPujIKsBi6jtF3wpi92LaR5sM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.212.0/22
77.81.49.0/24
83.172.137.0/24
83.172.142.0/23
83.172.149.0/24
83.172.152.0/24
83.172.154.0-83.172.158.255
83.172.166.0-83.172.168.255
83.172.170.0/23
83.172.184.0/23
83.172.187.0/24
83.172.190.0/23
89.37.107.0/24
93.114.176.0/22
94.177.28.0/24
94.177.144.0/24
130.93.0.0-130.93.191.255
185.9.248.0/22
185.12.0.0/22
185.23.164.0/22
185.120.176.0/22
185.122.160.0/22
185.133.128.0/22
185.137.72.0/22
185.153.172.0/22
193.84.89.0/24
195.68.224.0/22
206.124.104.0/21
IPv6:
2a02:ec00::/29
2a0e:4180::/29
Signature Algorithm: sha256WithRSAEncryption
80:9c:f6:a7:be:6f:c3:e9:59:c8:46:22:c5:bc:12:5b:4c:d9:
2e:7c:76:59:8b:25:d4:03:d1:7b:ad:0b:61:b4:ad:82:e2:df:
10:73:be:e1:ca:a0:f0:14:54:45:1d:d8:17:8a:2d:32:98:ec:
5f:0d:e1:d4:88:96:a1:08:3d:23:c1:bb:21:d8:ac:85:d9:d9:
55:63:1d:a5:b2:52:eb:29:48:19:37:48:d9:24:c3:d4:2b:6c:
62:9b:76:fb:2a:a2:33:93:a2:b7:82:ac:e0:21:63:ed:8a:f1:
77:05:e7:01:0e:e3:3c:2d:ae:cf:7c:34:fc:59:ec:4d:40:ee:
da:74:2c:81:bb:ca:ee:6f:24:05:03:58:a6:2e:e5:0d:ed:5c:
ba:4c:3d:47:f4:f7:e3:2c:af:86:8b:48:81:60:51:39:a8:bf:
b1:92:1e:89:5f:a4:0d:3c:4b:c2:0a:5d:ec:11:27:ff:7d:f2:
70:1a:91:f9:be:15:d0:4a:da:9c:28:41:ba:70:e1:51:ec:71:
25:8b:85:20:1e:3b:92:48:9c:71:13:c4:00:eb:67:25:18:40:
61:0e:8e:52:f7:f1:3b:47:93:be:55:88:34:02:1f:c6:83:66:
ee:7e:7e:19:42:a7:ab:aa:6f:af:4d:0f:3f:58:6e:d2:f7:f2:
23:b3:43:1d
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgISAZoCQKgKIO5uCZnz02YvKjJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWZiM2ZlYjE1YzAzYzRkMzRkOWZmNDQ0ZDlhZDdlMzAw
NjcyMDgwHhcNMjUxMDIwMTUzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmM3Y2ZiYTMyMGFiMDE4YmE4ZWQxNzdjMjk4YmRkOGI2OTFlNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu42hu6lC/04uRkzgY0YqTR/0heAY
knE6pJHn37K1HpP46FP6VAyFr4m4H4JrNyqMg+4horMCTd8obHpjfaF9GHshZN5J
nMzpD3KuQvFvm7fQ/ELEewN3iapgwRkqoJefp7Of3UBi1BuZO8oIq3QiVe57YA/A
wqRCai0aj6estuyOC60r4uX85fGT4+0h34fYBwy6o5fgyc8HPL++lI/RP0zr5PHK
8DYniojIkaJd+0O+GAa39QaNw7dwgPaEo8SAvIt2sNNc/bkwviIFMDkdYaXSLP6E
Dl/EUTFdwmFxn9jQStqE+WsdJ5N8GxLdtYEkqDyDiOxmV8mIT/9ntktBSwIDAQAB
o4IC3TCCAtkwHQYDVR0OBBYEFC/Hz7oyCrAYuo7Rd8KYvdi2kebDMB8GA1UdIwQY
MBaAFDRfs/6xXAPE002f9ETZrX4wBnIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUt
YmM1NGIxMjExYjYwLzEvTDhmUHVqSUtzQmk2anRGM3dwaTkyTGFSNXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUtYmM1NGIxMjExYjYw
LzEvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHyBggrBgEFBQcBBwEB/wSB4jCB3zCBxgQCAAEwgb8DBAIt
UdQDBABNUTEDBABTrIkDBAFTrI4DBABTrJUDBABTrJgwDAMEAVOsmgMEAFOsnjAM
AwQBU6ymAwQAU6yoAwQBU6yqAwQBU6y4AwQAU6y7AwQBU6y+AwQAWSVrAwQCXXKw
AwQAXrEcAwQAXrGQMAsDAwCCXQMEBoJdgAMEArkJ+AMEArkMAAMEArkXpAMEArl4
sAMEArl6oAMEArmFgAMEArmJSAMEArmZrAMEAMFUWQMEAsNE4AMEA858aDAUBAIA
AjAOAwUDKgLsAAMFAyoOQYAwDQYJKoZIhvcNAQELBQADggEBAICc9qe+b8PpWchG
IsW8EltM2S58dlmLJdQD0XutC2G0rYLi3xBzvuHKoPAUVEUd2BeKLTKY7F8N4dSI
lqEIPSPBuyHYrIXZ2VVjHaWyUuspSBk3SNkkw9QrbGKbdvsqojOToreCrOAhY+2K
8XcF5wEO4zwtrs98NPxZ7E1A7tp0LIG7yu5vJAUDWKYu5Q3tXLpMPUf09+Msr4aL
SIFgUTmov7GSHolfpA08S8IKXewRJ/998nAakfm+FdBK2pwoQbpw4VHscSWLhSAe
O5JInHETxADrZyUYQGEOjlL38TtHk75ViDQCH8aDZu5+fhlCp6uqb69NDz9YbtL3
8iOzQx0=
-----END CERTIFICATE-----
Generated at Wed Nov 5 04:50:28 2025 by rpki-client