Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/hdMkPl7s2YB89idhIxYcGPzaiZo.roa
File: hdMkPl7s2YB89idhIxYcGPzaiZo.roa (raw, json)
Hash identifier: q6te0h/+0cNOVTmrYYD/w25qYeg8iK/SgNvQqCUtOGQ=
Subject key identifier: 85:D3:24:3E:5E:EC:D9:80:7C:F6:27:61:23:16:1C:18:FC:DA:89:9A
Certificate issuer: /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial: 0198EB55C7FBABB13F51BD42635042B5A757
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/hdMkPl7s2YB89idhIxYcGPzaiZo.roa
Signing time: Wed 27 Aug 2025 11:42:04 +0000
ROA not before: Wed 27 Aug 2025 11:42:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203020
IP address blocks: 37.61.226.0/24 maxlen: 32
37.61.227.0/24 maxlen: 32
37.200.104.0/21 maxlen: 32
43.252.28.0/22 maxlen: 32
45.12.56.0/22 maxlen: 32
45.117.154.0/24 maxlen: 32
45.117.155.0/24 maxlen: 32
45.130.120.0/22 maxlen: 32
46.182.168.0/22 maxlen: 32
78.156.160.0/20 maxlen: 32
78.156.176.0/20 maxlen: 32
85.208.148.0/22 maxlen: 32
89.104.110.0/23 maxlen: 32
89.184.192.0/19 maxlen: 32
89.223.14.0/23 maxlen: 32
89.223.18.0/23 maxlen: 32
92.255.32.0/21 maxlen: 32
92.255.86.0/23 maxlen: 32
94.46.0.0/21 maxlen: 32
94.46.2.0/23 maxlen: 32
94.46.32.0/21 maxlen: 32
103.30.12.0/22 maxlen: 32
103.211.184.0/23 maxlen: 32
103.225.128.0/22 maxlen: 32
103.245.40.0/22 maxlen: 32
103.250.134.0/24 maxlen: 32
103.252.184.0/22 maxlen: 32
109.198.32.0/20 maxlen: 32
109.198.48.0/20 maxlen: 32
116.212.188.0/22 maxlen: 32
163.53.26.0/24 maxlen: 32
163.53.27.0/24 maxlen: 32
176.117.88.0/22 maxlen: 32
176.117.92.0/22 maxlen: 32
180.92.128.0/19 maxlen: 32
180.94.216.0/22 maxlen: 32
185.10.7.0/24 maxlen: 32
185.18.104.0/22 maxlen: 32
185.64.180.0/22 maxlen: 32
193.151.52.0/22 maxlen: 32
194.32.88.0/22 maxlen: 32
202.51.78.0/24 maxlen: 32
202.51.84.0/24 maxlen: 32
202.51.85.0/24 maxlen: 32
202.51.87.0/24 maxlen: 32
202.51.90.0/24 maxlen: 32
202.51.91.0/24 maxlen: 32
203.78.168.0/21 maxlen: 32
206.204.0.0/18 maxlen: 32
207.29.200.0/21 maxlen: 32
213.188.80.0/20 maxlen: 32
216.194.80.0/20 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:eb:55:c7:fb:ab:b1:3f:51:bd:42:63:50:42:b5:a7:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
Validity
Not Before: Aug 27 11:42:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85d3243e5eecd9807cf6276123161c18fcda899a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:75:40:af:30:30:c2:8f:c0:0b:e6:21:2e:58:
52:0e:f3:91:46:24:b9:12:2c:b2:44:89:0e:e4:c9:
fb:54:66:7d:78:0c:8f:ac:72:a7:df:87:7a:e6:98:
57:ac:48:29:4b:af:fc:31:1d:ff:e6:1f:7a:7d:b9:
70:e5:1f:f1:5d:2b:a6:44:63:1a:a5:56:dc:c8:06:
b9:8b:0e:f0:ee:b1:bd:e1:60:50:5e:cd:64:20:f0:
07:f8:b3:1b:a3:98:85:7d:39:36:98:7e:b6:5b:c1:
9b:68:12:a7:d7:95:bd:6b:ae:4d:a7:60:51:19:41:
66:19:53:29:7b:20:1a:c6:44:d1:7e:02:e4:9f:03:
7a:00:5c:9b:b8:23:cb:61:de:32:65:dc:c2:4a:bf:
be:60:ad:d8:e0:53:ba:32:08:8c:f3:34:f2:fb:ed:
c3:34:8b:93:62:21:da:cb:0f:2e:c5:4b:78:63:9d:
67:7f:71:db:49:81:65:e0:cc:4a:77:f1:03:d7:07:
cd:db:47:e5:93:df:21:d0:d7:bd:af:1e:67:3e:fe:
41:0c:10:32:94:34:09:1a:aa:4b:cf:d8:54:a8:ce:
9c:bb:36:5c:af:a3:70:e8:e5:3c:55:30:09:83:26:
2d:2c:64:58:10:00:3d:41:11:ad:ab:69:c7:33:f2:
48:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:D3:24:3E:5E:EC:D9:80:7C:F6:27:61:23:16:1C:18:FC:DA:89:9A
X509v3 Authority Key Identifier:
keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/hdMkPl7s2YB89idhIxYcGPzaiZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.226.0/23
37.200.104.0/21
43.252.28.0/22
45.12.56.0/22
45.117.154.0/23
45.130.120.0/22
46.182.168.0/22
78.156.160.0/19
85.208.148.0/22
89.104.110.0/23
89.184.192.0/19
89.223.14.0/23
89.223.18.0/23
92.255.32.0/21
92.255.86.0/23
94.46.0.0/21
94.46.32.0/21
103.30.12.0/22
103.211.184.0/23
103.225.128.0/22
103.245.40.0/22
103.250.134.0/24
103.252.184.0/22
109.198.32.0/19
116.212.188.0/22
163.53.26.0/23
176.117.88.0/21
180.92.128.0/19
180.94.216.0/22
185.10.7.0/24
185.18.104.0/22
185.64.180.0/22
193.151.52.0/22
194.32.88.0/22
202.51.78.0/24
202.51.84.0/23
202.51.87.0/24
202.51.90.0/23
203.78.168.0/21
206.204.0.0/18
207.29.200.0/21
213.188.80.0/20
216.194.80.0/20
Signature Algorithm: sha256WithRSAEncryption
48:94:c8:a6:1f:4a:1a:80:f4:99:ec:95:b4:33:d6:02:f5:14:
a5:c6:87:b7:d0:bd:b2:75:cd:05:94:04:7f:78:be:37:cf:2c:
75:14:e0:0b:5c:c3:35:53:66:d3:c3:17:46:7f:4a:1a:43:1a:
d8:32:c1:3a:00:1d:19:6d:67:79:b3:8c:71:03:2a:af:49:57:
ee:29:d9:72:27:d9:82:06:4d:2b:17:41:6a:94:57:2c:01:a5:
8d:bc:df:f1:99:80:29:46:01:c2:f4:88:dd:8a:b2:78:fd:4a:
b7:e6:35:2d:b5:45:e2:0a:c6:8d:d5:3d:59:01:48:ee:5c:f3:
7f:93:5b:66:d9:9f:bb:cc:d4:d9:dd:4b:65:ca:ce:1b:2d:a1:
b3:c1:57:08:34:d1:e2:91:a8:79:46:52:5a:fd:95:8d:f8:80:
47:c0:11:03:54:53:e9:09:af:ed:48:e2:b8:a1:fb:c9:4f:4a:
f2:1e:e1:81:95:cc:a7:fa:9d:ec:91:04:a5:b9:bb:63:05:c4:
42:92:c1:9f:08:04:5f:60:bd:a0:80:12:35:86:62:27:6d:69:
4d:ee:77:e5:15:69:7c:b3:05:36:3e:1a:25:bb:fc:07:5d:42:
21:14:5b:fc:27:0e:68:47:cd:c9:93:56:20:73:8d:54:ca:a3:
ec:60:55:b4
-----BEGIN CERTIFICATE-----
MIIGAzCCBOugAwIBAgISAZjrVcf7q7E/Ub1CY1BCtadXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjUwODI3MTE0MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQzMjQzZTVlZWNkOTgwN2NmNjI3NjEyMzE2MWMxOGZjZGE4OTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnVArzAwwo/AC+YhLlhSDvORRiS5
EiyyRIkO5Mn7VGZ9eAyPrHKn34d65phXrEgpS6/8MR3/5h96fblw5R/xXSumRGMa
pVbcyAa5iw7w7rG94WBQXs1kIPAH+LMbo5iFfTk2mH62W8GbaBKn15W9a65Np2BR
GUFmGVMpeyAaxkTRfgLknwN6AFybuCPLYd4yZdzCSr++YK3Y4FO6MgiM8zTy++3D
NIuTYiHayw8uxUt4Y51nf3HbSYFl4MxKd/ED1wfN20flk98h0Ne9rx5nPv5BDBAy
lDQJGqpLz9hUqM6cuzZcr6Nw6OU8VTAJgyYtLGRYEAA9QRGtq2nHM/JIkwIDAQAB
o4IDDzCCAwswHQYDVR0OBBYEFIXTJD5e7NmAfPYnYSMWHBj82omaMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvaGRNa1BsN3MyWUI4OWlkaEl4WWNHUHphaVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIwYIKwYBBQUHAQcBAf8EggESMIIBDjCCAQoEAgABMIIB
AgMEASU94gMEAyXIaAMEAiv8HAMEAi0MOAMEAS11mgMEAi2CeAMEAi62qAMEBU6c
oAMEAlXQlAMEAVlobgMEBVm4wAMEAVnfDgMEAVnfEgMEA1z/IAMEAVz/VgMEA14u
AAMEA14uIAMEAmceDAMEAWfTuAMEAmfhgAMEAmf1KAMEAGf6hgMEAmf8uAMEBW3G
IAMEAnTUvAMEAaM1GgMEA7B1WAMEBbRcgAMEArRe2AMEALkKBwMEArkSaAMEArlA
tAMEAsGXNAMEAsIgWAMEAMozTgMEAcozVAMEAMozVwMEAcozWgMEA8tOqAMEBs7M
AAMEA88dyAMEBNW8UAMEBNjCUDANBgkqhkiG9w0BAQsFAAOCAQEASJTIph9KGoD0
meyVtDPWAvUUpcaHt9C9snXNBZQEf3i+N88sdRTgC1zDNVNm08MXRn9KGkMa2DLB
OgAdGW1nebOMcQMqr0lX7inZcifZggZNKxdBapRXLAGljbzf8ZmAKUYBwvSI3Yqy
eP1Kt+Y1LbVF4grGjdU9WQFI7lzzf5NbZtmfu8zU2d1LZcrOGy2hs8FXCDTR4pGo
eUZSWv2VjfiAR8ARA1RT6Qmv7UjiuKH7yU9K8h7hgZXMp/qd7JEEpbm7YwXEQpLB
nwgEX2C9oIASNYZiJ21pTe535RVpfLMFNj4aJbv8B11CIRRb/CcOaEfNyZNWIHON
VMqj7GBVtA==
-----END CERTIFICATE-----
Generated at Fri Sep 5 08:56:46 2025 by rpki-client