Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/Tge76w--mLK8h6ItDfaBoPjYqVo.roa
File: Tge76w--mLK8h6ItDfaBoPjYqVo.roa (raw, json)
Hash identifier: 9V3RUbTnMu3g1emAx63hoe2FPk/d/B5APDPw6pVAO0o=
Subject key identifier: 4E:07:BB:EB:0F:BE:98:B2:BC:87:A2:2D:0D:F6:81:A0:F8:D8:A9:5A
Certificate issuer: /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial: 019A25DC901FD7D854F2E9F256A395819DE2
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/Tge76w--mLK8h6ItDfaBoPjYqVo.roa
Signing time: Mon 27 Oct 2025 13:30:03 +0000
ROA not before: Mon 27 Oct 2025 13:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44534
IP address blocks: 5.45.209.0/24 maxlen: 24
5.45.214.0/24 maxlen: 24
5.45.219.0/24 maxlen: 24
5.45.241.0/24 maxlen: 24
5.45.243.0/24 maxlen: 24
5.45.252.0/22 maxlen: 22
5.255.203.0/24 maxlen: 24
5.255.205.0/24 maxlen: 24
5.255.232.0/24 maxlen: 24
5.255.234.0/23 maxlen: 23
37.9.75.0/24 maxlen: 24
37.9.86.0/24 maxlen: 24
37.9.98.0/24 maxlen: 24
37.140.168.0/24 maxlen: 24
77.88.6.0/24 maxlen: 24
77.88.12.0/23 maxlen: 23
77.88.42.0/23 maxlen: 23
77.88.61.0/24 maxlen: 24
84.252.160.0/19 maxlen: 20
87.250.232.0/24 maxlen: 24
87.250.238.0/24 maxlen: 24
87.250.240.0/24 maxlen: 24
90.156.176.0/20 maxlen: 24
90.156.176.0/24 maxlen: 24
93.158.144.0/22 maxlen: 22
93.158.155.0/24 maxlen: 24
93.158.168.0/22 maxlen: 22
93.158.182.0/24 maxlen: 24
93.158.184.0/24 maxlen: 24
93.158.185.0/24 maxlen: 24
93.158.186.0/24 maxlen: 24
93.158.187.0/24 maxlen: 24
95.108.168.0/22 maxlen: 22
95.108.170.0/24 maxlen: 24
141.8.130.0/23 maxlen: 23
178.154.152.0/24 maxlen: 24
2a02:6bf:8000::/34 maxlen: 48
2a02:6bf:8005::/48 maxlen: 48
2a02:6bf:8006::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.mft
rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:25:dc:90:1f:d7:d8:54:f2:e9:f2:56:a3:95:81:9d:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Validity
Not Before: Oct 27 13:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4e07bbeb0fbe98b2bc87a22d0df681a0f8d8a95a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:da:9f:a3:17:6f:b8:f2:0d:ee:4d:87:7d:41:
e0:41:ba:49:50:d6:a2:dd:f6:d7:68:b0:ee:02:ad:
e6:be:07:c4:cb:3b:bd:8a:e6:2a:91:cf:49:08:03:
5b:63:40:03:80:bc:cb:e4:76:59:5a:02:c5:e3:2d:
a7:38:47:2e:a1:26:cd:18:47:2b:77:52:b3:27:d6:
89:f7:8a:a3:7c:b1:06:0d:4c:26:a9:76:3c:1e:93:
18:e8:eb:3e:ae:2a:c1:cf:fe:a0:5a:52:a9:33:95:
3f:a8:84:29:39:b9:49:6c:6f:eb:1f:aa:49:97:b8:
91:c1:3a:1f:c2:29:3d:c1:99:ca:7c:aa:7f:1d:25:
73:c4:df:63:bc:cf:11:4f:76:90:63:92:cd:28:26:
2f:27:ac:24:41:4a:50:0f:8e:6c:93:ee:49:ad:02:
a3:3c:f1:4e:6e:3d:15:72:9a:9b:b3:ed:13:37:83:
5b:f8:f9:1c:24:62:20:a1:c1:92:33:01:15:a5:77:
ad:69:6c:05:6e:55:7b:36:41:5a:c6:82:30:d2:17:
2d:c5:a0:a2:3b:c5:49:be:ab:f2:22:98:6c:cd:16:
be:31:11:09:16:39:e0:e6:50:eb:d7:11:6e:04:4a:
a6:3b:18:c6:cf:26:21:14:5e:cf:d3:2c:1d:77:d0:
a2:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:07:BB:EB:0F:BE:98:B2:BC:87:A2:2D:0D:F6:81:A0:F8:D8:A9:5A
X509v3 Authority Key Identifier:
keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/Tge76w--mLK8h6ItDfaBoPjYqVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.209.0/24
5.45.214.0/24
5.45.219.0/24
5.45.241.0/24
5.45.243.0/24
5.45.252.0/22
5.255.203.0/24
5.255.205.0/24
5.255.232.0/24
5.255.234.0/23
37.9.75.0/24
37.9.86.0/24
37.9.98.0/24
37.140.168.0/24
77.88.6.0/24
77.88.12.0/23
77.88.42.0/23
77.88.61.0/24
84.252.160.0/19
87.250.232.0/24
87.250.238.0/24
87.250.240.0/24
90.156.176.0/20
93.158.144.0/22
93.158.155.0/24
93.158.168.0/22
93.158.182.0/24
93.158.184.0/22
95.108.168.0/22
141.8.130.0/23
178.154.152.0/24
IPv6:
2a02:6bf:8000::/34
Signature Algorithm: sha256WithRSAEncryption
7f:55:e3:22:e9:e9:7e:07:6f:46:08:96:3f:01:a1:2c:4e:00:
80:d6:34:14:c4:e1:25:89:15:a4:9b:35:21:3b:f1:e2:cf:6b:
12:8c:e6:ff:67:e4:1c:48:04:fa:08:84:92:76:ed:5c:96:1a:
69:ba:17:3e:66:b2:95:5a:79:e4:67:92:da:4e:2c:9b:d7:9f:
df:b0:bc:a8:76:62:40:2e:b1:26:25:8a:78:99:85:4f:30:b4:
7f:57:2c:4e:04:a1:c6:ef:a0:84:01:37:80:24:ed:86:0a:89:
2b:98:f0:e9:ca:cf:bd:8c:0e:93:bd:99:c9:bf:c2:2f:9a:2c:
e4:10:50:39:60:ab:f7:80:5f:2c:5b:75:5d:30:af:db:05:af:
6d:00:5d:2b:5a:30:0b:fb:c8:0b:7b:56:7b:12:be:e1:f8:fe:
93:d6:48:93:32:35:e0:0c:da:29:59:11:53:44:56:2a:04:91:
df:bf:d7:29:d5:14:2c:69:2f:03:ab:9a:ce:40:6d:ac:5b:5b:
4b:b5:2a:2f:f0:08:c0:e2:ad:a6:a1:1e:e0:98:6b:b2:d3:48:
bb:a3:49:da:54:ab:a9:11:c3:bc:72:f0:9c:7d:c3:9f:15:ab:
f7:28:eb:d6:ed:2a:97:88:46:0a:6f:a9:27:91:ad:46:0e:6e:
7f:e4:c5:21
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZol3JAf19hU8unyVqOVgZ3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQ0MDRlNWY4YTRiMTE3YWU0NGU3M2Q1M2M0NGVjZGQ1
NzgzNDIwHhcNMjUxMDI3MTMzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTA3YmJlYjBmYmU5OGIyYmM4N2EyMmQwZGY2ODFhMGY4ZDhhOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNqfoxdvuPIN7k2HfUHgQbpJUNai
3fbXaLDuAq3mvgfEyzu9iuYqkc9JCANbY0ADgLzL5HZZWgLF4y2nOEcuoSbNGEcr
d1KzJ9aJ94qjfLEGDUwmqXY8HpMY6Os+rirBz/6gWlKpM5U/qIQpOblJbG/rH6pJ
l7iRwTofwik9wZnKfKp/HSVzxN9jvM8RT3aQY5LNKCYvJ6wkQUpQD45sk+5JrQKj
PPFObj0Vcpqbs+0TN4Nb+PkcJGIgocGSMwEVpXetaWwFblV7NkFaxoIw0hctxaCi
O8VJvqvyIphszRa+MREJFjng5lDr1xFuBEqmOxjGzyYhFF7P0ywdd9CiYwIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFE4Hu+sPvpiyvIeiLQ32gaD42KlaMB8GA1UdIwQY
MBaAFI2EQE5fiksReuROc9U8ROzdV4NCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjkt
MmNkOThlZTUzNTY5LzEvVGdlNzZ3LS1tTEs4aDZJdERmYUJvUGpZcVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjktMmNkOThlZTUzNTY5
LzEvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCBwQQCAAEwgboDBAAF
LdEDBAAFLdYDBAAFLdsDBAAFLfEDBAAFLfMDBAIFLfwDBAAF/8sDBAAF/80DBAAF
/+gDBAEF/+oDBAAlCUsDBAAlCVYDBAAlCWIDBAAljKgDBABNWAYDBAFNWAwDBAFN
WCoDBABNWD0DBAVU/KADBABX+ugDBABX+u4DBABX+vADBARanLADBAJdnpADBABd
npsDBAJdnqgDBABdnrYDBAJdnrgDBAJfbKgDBAGNCIIDBACympgwDgQCAAIwCAMG
BioCBr+AMA0GCSqGSIb3DQEBCwUAA4IBAQB/VeMi6el+B29GCJY/AaEsTgCA1jQU
xOEliRWkmzUhO/Hiz2sSjOb/Z+QcSAT6CISSdu1clhppuhc+ZrKVWnnkZ5LaTiyb
15/fsLyodmJALrEmJYp4mYVPMLR/VyxOBKHG76CEATeAJO2GCokrmPDpys+9jA6T
vZnJv8IvmizkEFA5YKv3gF8sW3VdMK/bBa9tAF0rWjAL+8gLe1Z7Er7h+P6T1kiT
MjXgDNopWRFTRFYqBJHfv9cp1RQsaS8Dq5rOQG2sW1tLtSov8AjA4q2moR7gmGuy
00i7o0naVKupEcO8cvCcfcOfFav3KOvW7SqXiEYKb6knka1GDm5/5MUh
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:29:18 2025 by rpki-client