Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/8h3pv0a91kH2-o2C39d5WQpx7to.roa
File: 8h3pv0a91kH2-o2C39d5WQpx7to.roa (raw, json)
Hash identifier: fKts1ckJPbwc+fkpahnzOZr8FcFxDtnjhN/I5DI8A/Q=
Subject key identifier: F2:1D:E9:BF:46:BD:D6:41:F6:FA:8D:82:DF:D7:79:59:0A:71:EE:DA
Certificate issuer: /CN=260f1087ccd06e6b47643c4ebe78bccf5f3ce5d2
Certificate serial: 0197C51ED90C8D99969C38F9024F374E8347
Authority key identifier: 26:0F:10:87:CC:D0:6E:6B:47:64:3C:4E:BE:78:BC:CF:5F:3C:E5:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Jg8Qh8zQbmtHZDxOvni8z1885dI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/8h3pv0a91kH2-o2C39d5WQpx7to.roa
Signing time: Tue 01 Jul 2025 08:33:42 +0000
ROA not before: Tue 01 Jul 2025 08:33:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201735
IP address blocks: 37.152.80.0/21 maxlen: 21
77.220.200.0/22 maxlen: 22
85.204.146.0/24 maxlen: 24
86.106.88.0/24 maxlen: 24
89.33.160.0/23 maxlen: 23
89.35.24.0/24 maxlen: 24
89.35.134.0/24 maxlen: 24
89.35.205.0/24 maxlen: 24
109.232.64.0/21 maxlen: 21
146.66.136.0/21 maxlen: 21
185.15.148.0/22 maxlen: 22
185.65.64.0/22 maxlen: 22
185.160.230.0/24 maxlen: 24
185.201.72.0/22 maxlen: 22
185.247.180.0/22 maxlen: 22
185.249.60.0/22 maxlen: 22
185.249.84.0/22 maxlen: 22
188.214.56.0/24 maxlen: 24
194.36.28.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/Jg8Qh8zQbmtHZDxOvni8z1885dI.crl
rsync://rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/Jg8Qh8zQbmtHZDxOvni8z1885dI.mft
rsync://rpki.ripe.net/repository/DEFAULT/Jg8Qh8zQbmtHZDxOvni8z1885dI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Jul 2025 17:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c5:1e:d9:0c:8d:99:96:9c:38:f9:02:4f:37:4e:83:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260f1087ccd06e6b47643c4ebe78bccf5f3ce5d2
Validity
Not Before: Jul 1 08:33:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f21de9bf46bdd641f6fa8d82dfd779590a71eeda
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ac:ef:29:38:73:c6:76:12:4c:ac:33:2d:cf:
64:06:e9:89:5c:69:83:5e:42:bb:3e:aa:c2:a6:d8:
66:05:af:a3:e2:b3:60:b9:ba:6d:06:f1:53:af:66:
07:9e:9b:e0:9f:52:a0:97:44:bb:5b:8e:ed:70:86:
43:1e:66:c4:92:f6:18:9e:e1:aa:f3:13:8c:6c:ae:
29:a9:86:41:a6:73:31:9b:57:83:66:3f:b1:c1:49:
21:40:d5:3a:ad:41:47:68:51:08:13:8e:b6:7b:2b:
fc:6a:f1:dd:dc:76:0e:6b:b8:f7:90:96:4e:50:87:
c7:02:a7:e0:c4:35:81:db:c3:28:d7:53:d1:c2:cd:
8a:aa:42:60:8b:fb:40:75:2b:8b:c9:c2:60:dd:bb:
6c:19:38:60:2d:68:da:8e:54:db:11:e5:a3:92:70:
86:e8:52:3f:f7:48:b9:7a:25:d1:62:78:2b:e0:00:
f3:ae:c9:6c:4e:79:a4:73:c8:8f:26:09:50:e9:5e:
fc:d9:84:0e:4a:04:27:25:4d:f5:75:49:7e:4b:cf:
9e:68:2f:cd:88:cf:05:f9:63:51:09:04:ab:7c:1a:
16:77:86:0c:1a:03:d3:c6:1b:6c:be:ed:3c:bb:7c:
f6:13:ff:90:af:6c:68:52:df:49:af:2d:75:b9:2c:
6e:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:1D:E9:BF:46:BD:D6:41:F6:FA:8D:82:DF:D7:79:59:0A:71:EE:DA
X509v3 Authority Key Identifier:
keyid:26:0F:10:87:CC:D0:6E:6B:47:64:3C:4E:BE:78:BC:CF:5F:3C:E5:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jg8Qh8zQbmtHZDxOvni8z1885dI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/8h3pv0a91kH2-o2C39d5WQpx7to.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/853682-3035-44fb-b7ae-19b12a955065/1/Jg8Qh8zQbmtHZDxOvni8z1885dI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.152.80.0/21
77.220.200.0/22
85.204.146.0/24
86.106.88.0/24
89.33.160.0/23
89.35.24.0/24
89.35.134.0/24
89.35.205.0/24
109.232.64.0/21
146.66.136.0/21
185.15.148.0/22
185.65.64.0/22
185.160.230.0/24
185.201.72.0/22
185.247.180.0/22
185.249.60.0/22
185.249.84.0/22
188.214.56.0/24
194.36.28.0/22
Signature Algorithm: sha256WithRSAEncryption
54:6c:b3:cc:69:9a:77:68:9c:bf:52:b1:07:fc:02:bb:4e:c0:
aa:80:1c:53:cd:ce:f6:bf:00:00:fd:53:5f:5e:64:00:c3:67:
5f:c3:86:32:2f:67:63:47:0e:91:73:56:24:51:47:3a:6b:a9:
0a:5b:cd:80:78:99:f4:4e:2b:ec:c6:98:62:12:43:bd:28:b0:
b9:3a:33:0b:ca:b2:dd:76:2b:f7:1b:ce:50:5c:92:a6:5e:6f:
66:a8:32:cd:0e:4f:d4:fc:e8:7a:b7:76:8d:1a:08:74:3b:1c:
10:e4:71:22:07:ee:b0:5b:2d:63:0c:60:97:e2:fa:86:c0:43:
a5:94:93:dc:00:a2:57:81:12:71:eb:74:bb:c4:a0:1e:52:0e:
a4:0a:70:53:29:f5:cb:11:56:ad:25:b6:17:f6:59:9e:b7:5f:
35:63:9f:97:af:45:8f:d9:a3:fe:ae:98:bb:11:6b:4d:de:6e:
a7:67:31:43:3c:9d:07:7b:a2:14:5e:ec:80:2c:2b:f3:53:4b:
05:c5:60:b1:06:a3:86:e0:d4:99:80:48:17:59:60:25:e7:b0:
a6:86:aa:ce:fb:78:6d:80:97:be:ce:a7:6d:e7:0e:b2:42:f3:
86:51:42:ad:15:61:b1:b5:74:7a:b7:81:80:9c:27:54:9e:aa:
d8:d2:cd:62
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZfFHtkMjZmWnDj5Ak83ToNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGYxMDg3Y2NkMDZlNmI0NzY0M2M0ZWJlNzhiY2NmNWYz
Y2U1ZDIwHhcNMjUwNzAxMDgzMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFkZTliZjQ2YmRkNjQxZjZmYThkODJkZmQ3Nzk1OTBhNzFlZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApazvKThzxnYSTKwzLc9kBumJXGmD
XkK7PqrCpthmBa+j4rNgubptBvFTr2YHnpvgn1Kgl0S7W47tcIZDHmbEkvYYnuGq
8xOMbK4pqYZBpnMxm1eDZj+xwUkhQNU6rUFHaFEIE462eyv8avHd3HYOa7j3kJZO
UIfHAqfgxDWB28Mo11PRws2KqkJgi/tAdSuLycJg3btsGThgLWjajlTbEeWjknCG
6FI/90i5eiXRYngr4ADzrslsTnmkc8iPJglQ6V782YQOSgQnJU31dUl+S8+eaC/N
iM8F+WNRCQSrfBoWd4YMGgPTxhtsvu08u3z2E/+Qr2xoUt9Jry11uSxujQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFPId6b9GvdZB9vqNgt/XeVkKce7aMB8GA1UdIwQY
MBaAFCYPEIfM0G5rR2Q8Tr54vM9fPOXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmc4UWg4elFibXRIWkR4T3ZuaTh6MTg4NWRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy84NTM2ODItMzAzNS00NGZiLWI3YWUt
MTliMTJhOTU1MDY1LzEvOGgzcHYwYTkxa0gyLW8yQzM5ZDVXUXB4N3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy84NTM2ODItMzAzNS00NGZiLWI3YWUtMTliMTJhOTU1MDY1
LzEvSmc4UWg4elFibXRIWkR4T3ZuaTh6MTg4NWRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEAyWYUAME
Ak3cyAMEAFXMkgMEAFZqWAMEAVkhoAMEAFkjGAMEAFkjhgMEAFkjzQMEA23oQAME
A5JCiAMEArkPlAMEArlBQAMEALmg5gMEArnJSAMEArn3tAMEArn5PAMEArn5VAME
ALzWOAMEAsIkHDANBgkqhkiG9w0BAQsFAAOCAQEAVGyzzGmad2icv1KxB/wCu07A
qoAcU83O9r8AAP1TX15kAMNnX8OGMi9nY0cOkXNWJFFHOmupClvNgHiZ9E4r7MaY
YhJDvSiwuTozC8qy3XYr9xvOUFySpl5vZqgyzQ5P1Pzoerd2jRoIdDscEORxIgfu
sFstYwxgl+L6hsBDpZST3ACiV4EScet0u8SgHlIOpApwUyn1yxFWrSW2F/ZZnrdf
NWOfl69Fj9mj/q6YuxFrTd5up2cxQzydB3uiFF7sgCwr81NLBcVgsQajhuDUmYBI
F1lgJeewpoaqzvt4bYCXvs6nbecOskLzhlFCrRVhsbV0ereBgJwnVJ6q2NLNYg==
-----END CERTIFICATE-----
Generated at Fri Jul 4 19:09:16 2025 by rpki-client