Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SXHU1S2bTA5omjdki7ezT3Ho6xk.roa
File: SXHU1S2bTA5omjdki7ezT3Ho6xk.roa (raw, json)
Hash identifier: vtoNIStpZuxvfh+4OaqD4uz3VqhFoqIhd/sHjVQcWGU=
Subject key identifier: 49:71:D4:D5:2D:9B:4C:0E:68:9A:37:64:8B:B7:B3:4F:71:E8:EB:19
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019807AFF6AB270211709C4EEFB22864B749
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SXHU1S2bTA5omjdki7ezT3Ho6xk.roa
Signing time: Mon 14 Jul 2025 06:47:09 +0000
ROA not before: Mon 14 Jul 2025 06:47:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
81.168.125.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 04:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:07:af:f6:ab:27:02:11:70:9c:4e:ef:b2:28:64:b7:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 14 06:47:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4971d4d52d9b4c0e689a37648bb7b34f71e8eb19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:03:42:95:1e:a4:51:b8:fc:d7:0f:20:ad:b4:
70:ac:7d:3f:37:5d:53:23:24:8f:c0:83:06:1a:34:
56:4a:c0:0c:88:34:53:8c:7d:bb:8b:23:17:a1:f5:
76:53:f7:8d:39:b7:4b:f0:b3:48:1b:47:a6:0f:5a:
1f:f9:60:72:1f:20:0c:96:e4:c0:31:39:ba:25:bf:
59:bd:34:32:c1:ff:b7:f6:f6:6a:8d:fd:63:f2:82:
07:41:86:34:c2:6d:27:9f:48:21:dc:cf:53:bb:05:
8d:a3:7e:96:6f:1a:e1:8f:8b:81:50:d4:d7:de:8f:
08:42:34:27:19:3f:db:36:d1:da:aa:7a:25:15:58:
ea:ed:29:57:94:3a:75:23:43:49:97:ac:29:a3:8a:
f7:a2:e8:7f:dc:48:20:26:37:27:b7:5d:a3:42:43:
13:25:a5:59:41:52:a2:5e:07:9c:1e:42:16:66:18:
9a:09:87:cf:ec:e0:08:c1:b2:73:f2:1b:3f:3b:f4:
c1:af:ef:5b:61:f4:66:82:3b:8a:89:ca:9f:13:73:
76:31:ce:d8:8c:db:f5:76:e5:df:42:0e:39:de:6d:
bb:05:95:bb:86:c2:40:e2:3c:38:9c:43:e1:7c:e3:
42:51:f5:73:83:4e:70:5c:a2:5b:5b:e8:d6:d3:19:
91:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:71:D4:D5:2D:9B:4C:0E:68:9A:37:64:8B:B7:B3:4F:71:E8:EB:19
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SXHU1S2bTA5omjdki7ezT3Ho6xk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
81.168.125.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.250.0/24
89.213.136.0/24
89.213.153.0/24
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
93:0a:dd:10:2b:0d:97:03:df:47:0b:d4:15:da:19:35:ab:0b:
e6:93:7d:08:2c:75:1b:22:e5:94:1a:e7:27:00:bb:2d:6c:0e:
7a:6a:13:c1:46:55:24:51:c7:99:29:ac:8f:f7:0c:98:a0:5e:
9a:a9:8c:bd:0d:6b:76:9d:86:1c:24:bd:aa:4b:27:fa:ee:eb:
78:5e:3f:18:c2:aa:62:0e:eb:72:05:f5:a7:1d:e7:46:a9:9a:
d8:48:d5:7e:12:dd:73:87:07:93:44:b5:c8:2a:1e:bd:02:0f:
38:6b:fd:11:08:db:9d:16:25:b3:6c:8e:6a:7d:a5:f7:9f:2a:
05:25:e4:a4:38:38:0c:d9:4c:bd:2b:f1:eb:d2:b3:14:d9:90:
16:31:c9:26:0d:48:69:14:83:03:ec:80:9f:d8:ab:ea:7e:52:
ec:88:22:f1:93:e7:6a:d1:c4:b6:fb:e2:ab:42:8d:f5:97:32:
d2:9f:05:d5:49:78:f9:c9:0f:5c:7b:e7:fc:82:6c:1e:a6:53:
f2:32:b3:80:65:db:54:1d:ac:04:f4:ac:2c:24:46:f8:ec:6a:
01:99:13:68:aa:62:06:05:33:ff:b4:58:7a:66:04:f5:47:95:
60:81:1f:56:47:d1:c2:8b:ec:67:bb:3a:de:fd:b8:bc:89:1c:
21:f0:3a:b0
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAZgHr/arJwIRcJxO77IoZLdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzE0MDY0NzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTcxZDRkNTJkOWI0YzBlNjg5YTM3NjQ4YmI3YjM0ZjcxZThlYjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwANClR6kUbj81w8grbRwrH0/N11T
IySPwIMGGjRWSsAMiDRTjH27iyMXofV2U/eNObdL8LNIG0emD1of+WByHyAMluTA
MTm6Jb9ZvTQywf+39vZqjf1j8oIHQYY0wm0nn0gh3M9TuwWNo36Wbxrhj4uBUNTX
3o8IQjQnGT/bNtHaqnolFVjq7SlXlDp1I0NJl6wpo4r3ouh/3EggJjcnt12jQkMT
JaVZQVKiXgecHkIWZhiaCYfP7OAIwbJz8hs/O/TBr+9bYfRmgjuKicqfE3N2Mc7Y
jNv1duXfQg453m27BZW7hsJA4jw4nEPhfONCUfVzg05wXKJbW+jW0xmRNQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFElx1NUtm0wOaJo3ZIu3s09x6OsZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU1hIVTFTMmJUQTVvbWpka2k3ZXpUM0hvNnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBABR
BZwDBABRqCkDBABRqH0DBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABS
mUkDBABSmU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AME
AFKZ+gMEAFnViAMEAFnVmQMEAG2w0QMEAG2w0wMEA22w2AMEAG2w+QMEALkxfTAM
AwQA1Zg9AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IBAQCTCt0QKw2XA99HC9QV2hk1
qwvmk30ILHUbIuWUGucnALstbA56ahPBRlUkUceZKayP9wyYoF6aqYy9DWt2nYYc
JL2qSyf67ut4Xj8YwqpiDutyBfWnHedGqZrYSNV+Et1zhweTRLXIKh69Ag84a/0R
CNudFiWzbI5qfaX3nyoFJeSkODgM2Uy9K/Hr0rMU2ZAWMckmDUhpFIMD7ICf2Kvq
flLsiCLxk+dq0cS2++KrQo31lzLSnwXVSXj5yQ9ce+f8gmweplPyMrOAZdtUHawE
9KwsJEb47GoBmRNoqmIGBTP/tFh6ZgT1R5VggR9WR9HCi+xnuzre/bi8iRwh8Dqw
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:19:04 2025 by rpki-client