Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/mda8QR5F8LzXtT2rD8haKXFSDdc.roa
File: mda8QR5F8LzXtT2rD8haKXFSDdc.roa (raw, json)
Hash identifier: i4agz+Z11Iqdd1bLYvYpwwEMIFhIlz9hmUQ0CUO9HLY=
Subject key identifier: 99:D6:BC:41:1E:45:F0:BC:D7:B5:3D:AB:0F:C8:5A:29:71:52:0D:D7
Certificate issuer: /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial: 019909FF1645DE46BFDADEBBEA0CC3D59263
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/mda8QR5F8LzXtT2rD8haKXFSDdc.roa
Signing time: Tue 02 Sep 2025 10:35:36 +0000
ROA not before: Tue 02 Sep 2025 10:35:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44654
IP address blocks: 37.252.208.0/23 maxlen: 23
37.252.208.0/24 maxlen: 24
37.252.209.0/24 maxlen: 24
37.252.210.0/23 maxlen: 23
37.252.210.0/24 maxlen: 24
37.252.211.0/24 maxlen: 24
37.252.212.0/23 maxlen: 23
37.252.212.0/24 maxlen: 24
37.252.213.0/24 maxlen: 24
37.252.215.0/24 maxlen: 24
109.205.8.0/21 maxlen: 24
185.36.124.0/22 maxlen: 24
185.36.124.0/23 maxlen: 23
2a02:d8::/32 maxlen: 48
2a02:d8:8::/48 maxlen: 48
2a02:d8:9::/48 maxlen: 48
2a02:d8:a::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:09:ff:16:45:de:46:bf:da:de:bb:ea:0c:c3:d5:92:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
Validity
Not Before: Sep 2 10:35:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=99d6bc411e45f0bcd7b53dab0fc85a2971520dd7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:3c:96:0a:85:6c:5a:cb:76:34:21:b0:59:0e:
4e:69:c9:7b:09:97:79:fa:35:b9:4b:e4:3b:c6:15:
9c:26:87:d0:0e:ab:af:a4:4d:5a:d2:99:6f:54:a6:
68:01:cc:41:0e:b7:7c:36:dd:48:0f:80:7f:5a:86:
a3:f8:aa:45:c7:21:c8:7c:a8:1f:83:7f:cd:4f:33:
b6:b2:06:2a:b4:ff:50:60:21:8d:b2:95:f0:fb:5c:
a4:a7:b8:3a:95:31:1a:ff:6f:20:19:98:c5:00:59:
1d:4b:d0:e5:b2:5c:78:db:5f:2b:08:f3:8e:b4:5f:
ca:b0:9f:95:ed:65:dc:88:10:4b:26:d0:7e:cf:e2:
4d:fd:72:3a:af:7d:c2:fa:87:a9:7c:08:02:0f:56:
95:ea:9b:82:6f:0e:c4:52:86:1b:0a:af:e0:ba:85:
c1:94:54:63:db:d2:c2:76:70:d4:c7:c1:13:70:97:
54:03:58:da:31:2d:68:33:da:2b:0f:ee:05:cc:bc:
7a:2c:ca:a5:58:d4:54:49:ff:02:44:59:23:28:05:
e5:01:9c:47:98:74:75:e9:5d:ab:ab:f3:48:b7:68:
a8:7d:8d:3a:9a:24:9a:b2:82:c7:bd:62:e3:b5:6d:
12:da:18:8c:b7:b5:0f:a9:b2:6b:5e:1c:35:9c:0e:
31:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:D6:BC:41:1E:45:F0:BC:D7:B5:3D:AB:0F:C8:5A:29:71:52:0D:D7
X509v3 Authority Key Identifier:
keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/mda8QR5F8LzXtT2rD8haKXFSDdc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.252.208.0-37.252.213.255
37.252.215.0/24
109.205.8.0/21
185.36.124.0/22
IPv6:
2a02:d8::/32
Signature Algorithm: sha256WithRSAEncryption
6b:fc:6c:f7:86:59:3c:41:db:fe:48:44:10:49:ca:ff:48:37:
75:25:5d:9d:61:6d:e6:9f:4c:63:68:8b:79:a8:a6:56:a4:97:
1d:c7:5b:16:04:ff:25:f0:26:72:24:0a:a6:71:9d:2d:25:37:
c8:b2:e5:a1:5f:e0:ea:2c:93:73:d5:82:5e:45:7b:7a:20:db:
6e:5d:aa:7c:1d:00:e9:0f:95:a7:be:e1:4f:1e:ee:f1:fa:d5:
ff:ad:9d:5f:60:e2:da:90:d4:93:f5:c0:8a:6a:66:d1:90:6c:
8a:3d:91:61:44:b5:5d:29:0b:1d:f7:f8:d0:07:87:1e:f5:ec:
48:4a:50:41:cb:5e:0e:4d:03:b4:1b:92:da:2c:8d:8b:ec:37:
e5:8e:f7:e2:d3:e5:60:09:70:72:44:16:9a:89:4e:7b:d6:8a:
79:9f:5c:4d:a4:12:00:4b:42:e6:06:da:13:7e:25:68:9d:e5:
45:a7:0d:40:b0:61:e2:57:f1:32:e5:d8:59:b3:87:7e:dc:a3:
95:23:e7:38:32:71:5c:d3:95:ac:1d:78:6f:53:81:79:e0:bf:
59:51:d2:63:03:67:33:ed:95:11:92:7e:54:b1:2d:c6:9d:fb:
e8:ff:89:63:51:26:ea:30:69:a5:ec:c8:4e:0c:a3:b9:c7:f9:
4d:a3:a0:57
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZkJ/xZF3ka/2t676gzD1ZJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwOTAyMTAzNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWQ2YmM0MTFlNDVmMGJjZDdiNTNkYWIwZmM4NWEyOTcxNTIwZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTyWCoVsWst2NCGwWQ5Oacl7CZd5
+jW5S+Q7xhWcJofQDquvpE1a0plvVKZoAcxBDrd8Nt1ID4B/Woaj+KpFxyHIfKgf
g3/NTzO2sgYqtP9QYCGNspXw+1ykp7g6lTEa/28gGZjFAFkdS9Dlslx4218rCPOO
tF/KsJ+V7WXciBBLJtB+z+JN/XI6r33C+oepfAgCD1aV6puCbw7EUoYbCq/guoXB
lFRj29LCdnDUx8ETcJdUA1jaMS1oM9orD+4FzLx6LMqlWNRUSf8CRFkjKAXlAZxH
mHR16V2rq/NIt2iofY06miSasoLHvWLjtW0S2hiMt7UPqbJrXhw1nA4xdQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJnWvEEeRfC817U9qw/IWilxUg3XMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvbWRhOFFSNUY4THpYdFQyckQ4aGFLWEZTRGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJKoZIhvcN
AQELBQADggEBAGv8bPeGWTxB2/5IRBBJyv9IN3UlXZ1hbeafTGNoi3moplaklx3H
WxYE/yXwJnIkCqZxnS0lN8iy5aFf4Oosk3PVgl5Fe3og225dqnwdAOkPlae+4U8e
7vH61f+tnV9g4tqQ1JP1wIpqZtGQbIo9kWFEtV0pCx33+NAHhx717EhKUEHLXg5N
A7QbktosjYvsN+WO9+LT5WAJcHJEFpqJTnvWinmfXE2kEgBLQuYG2hN+JWid5UWn
DUCwYeJX8TLl2Fmzh37co5Uj5zgycVzTlawdeG9TgXngv1lR0mMDZzPtlRGSflSx
Lcad++j/iWNRJuowaaXsyE4Mo7nH+U2joFc=
-----END CERTIFICATE-----
Generated at Mon Sep 8 05:17:25 2025 by rpki-client