Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/h8czkBNDt-cQB8FHJ1_U2XxatNg.roa
File: h8czkBNDt-cQB8FHJ1_U2XxatNg.roa (raw, json)
Hash identifier: vO/I3UwvTN+xlnL59fjJs+WGRkx/veUXIWgaSeGnuII=
Subject key identifier: 87:C7:33:90:13:43:B7:E7:10:07:C1:47:27:5F:D4:D9:7C:5A:B4:D8
Certificate issuer: /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial: 0199056A4E9424A525256FC065AA78843E30
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/h8czkBNDt-cQB8FHJ1_U2XxatNg.roa
Signing time: Mon 01 Sep 2025 13:14:36 +0000
ROA not before: Mon 01 Sep 2025 13:14:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206385
IP address blocks: 37.18.41.0/24 maxlen: 24
37.230.136.0/24 maxlen: 24
37.230.163.0/24 maxlen: 24
46.243.173.0/24 maxlen: 24
141.101.175.0/24 maxlen: 24
178.170.253.0/24 maxlen: 24
185.2.33.0/24 maxlen: 24
188.72.72.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 19:00:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:05:6a:4e:94:24:a5:25:25:6f:c0:65:aa:78:84:3e:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Validity
Not Before: Sep 1 13:14:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87c733901343b7e71007c147275fd4d97c5ab4d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:07:2c:aa:fe:cb:c4:71:a6:f0:94:ca:62:6f:
ba:7c:38:66:2b:b3:e5:ef:81:1f:06:fe:bc:2f:c7:
4c:49:3c:7b:ac:2e:6a:b0:37:bc:6e:3f:7a:e9:04:
8a:19:a6:cb:cb:5c:fb:15:16:7d:82:e9:88:bc:06:
40:74:72:1d:a9:54:6a:54:c0:ac:ea:3c:e4:0f:82:
39:bc:d2:82:d3:77:61:81:92:7b:3b:27:fb:db:82:
c5:92:5e:4c:75:fd:2e:6a:d5:96:46:bf:4b:89:5d:
3a:72:2c:f6:dd:4a:54:18:14:92:f5:43:fd:c6:11:
ba:32:eb:79:df:e3:ea:db:30:3e:62:d5:25:fc:e1:
5b:4c:87:2e:da:f8:f9:08:b0:02:c6:dd:19:81:3c:
09:b5:77:e3:7c:b9:e5:e7:6c:67:d8:11:23:ef:c1:
9b:63:a7:73:8f:8e:59:51:e1:76:66:d1:de:81:bc:
33:42:9a:1e:19:39:55:c3:b7:3a:f3:bc:27:97:f1:
6d:db:a1:8a:e4:c4:7e:34:c2:e0:55:9a:ae:9b:bb:
78:99:83:90:97:b1:85:84:41:4d:56:28:89:6c:34:
c6:b8:6c:88:e2:94:59:5b:e6:cd:6d:b1:41:d8:ec:
21:fd:37:8d:c2:9a:d3:2d:dd:20:39:51:db:e7:9a:
5f:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:C7:33:90:13:43:B7:E7:10:07:C1:47:27:5F:D4:D9:7C:5A:B4:D8
X509v3 Authority Key Identifier:
keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/h8czkBNDt-cQB8FHJ1_U2XxatNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.18.41.0/24
37.230.136.0/24
37.230.163.0/24
46.243.173.0/24
141.101.175.0/24
178.170.253.0/24
185.2.33.0/24
188.72.72.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:78:f7:4e:96:10:0b:62:0c:a3:2f:56:7e:8a:36:f9:3b:21:
6c:e6:5e:ce:94:77:8d:16:69:31:d0:0b:94:1a:84:b5:67:7f:
36:ec:f4:f9:4f:3c:55:20:77:f4:bf:ed:ee:40:67:36:31:86:
03:b8:9b:fa:29:9a:b2:c5:b8:c3:a3:bc:59:9a:bb:76:12:9f:
e5:ed:19:80:58:c9:9d:ad:8a:8d:7b:aa:4e:8d:da:70:9d:39:
9d:1b:f9:3e:2b:9e:a3:7c:7c:67:37:53:70:a6:2d:d7:ad:f8:
52:0c:15:08:02:d8:79:76:2b:5e:05:b8:37:b5:1e:07:6a:99:
90:23:2a:a4:31:c8:3c:e7:fa:a1:a4:5d:3d:53:57:44:a8:e2:
3e:65:f0:f9:59:eb:15:5b:07:ee:16:ab:d1:3d:5c:fc:55:fc:
ef:cd:1b:73:68:84:34:24:7e:92:67:90:74:06:88:95:53:d4:
6b:80:7e:05:6d:32:e4:72:d9:58:14:3a:e2:c8:2e:e2:47:db:
6b:db:10:95:58:db:6b:b1:f4:ed:06:31:cf:dd:e2:6f:e8:e1:
da:76:40:7d:75:d9:3e:11:97:60:ce:3f:e3:29:28:5b:3a:4b:
30:b6:b9:84:c2:09:20:50:68:17:63:bf:8b:d7:a5:12:89:48:
ae:9e:2b:3a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZkFak6UJKUlJW/AZap4hD4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwOTAxMTMxNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M3MzM5MDEzNDNiN2U3MTAwN2MxNDcyNzVmZDRkOTdjNWFiNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwcsqv7LxHGm8JTKYm+6fDhmK7Pl
74EfBv68L8dMSTx7rC5qsDe8bj966QSKGabLy1z7FRZ9gumIvAZAdHIdqVRqVMCs
6jzkD4I5vNKC03dhgZJ7Oyf724LFkl5Mdf0uatWWRr9LiV06ciz23UpUGBSS9UP9
xhG6Mut53+Pq2zA+YtUl/OFbTIcu2vj5CLACxt0ZgTwJtXfjfLnl52xn2BEj78Gb
Y6dzj45ZUeF2ZtHegbwzQpoeGTlVw7c687wnl/Ft26GK5MR+NMLgVZqum7t4mYOQ
l7GFhEFNViiJbDTGuGyI4pRZW+bNbbFB2Owh/TeNwprTLd0gOVHb55pfSwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIfHM5ATQ7fnEAfBRydf1Nl8WrTYMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvaDhjemtCTkR0LWNRQjhGSEoxX1UyWHhhdE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAJRIpAwQA
JeaIAwQAJeajAwQALvOtAwQAjWWvAwQAsqr9AwQAuQIhAwQAvEhIMA0GCSqGSIb3
DQEBCwUAA4IBAQAdePdOlhALYgyjL1Z+ijb5OyFs5l7OlHeNFmkx0AuUGoS1Z382
7PT5TzxVIHf0v+3uQGc2MYYDuJv6KZqyxbjDo7xZmrt2Ep/l7RmAWMmdrYqNe6pO
jdpwnTmdG/k+K56jfHxnN1Nwpi3XrfhSDBUIAth5diteBbg3tR4HapmQIyqkMcg8
5/qhpF09U1dEqOI+ZfD5WesVWwfuFqvRPVz8VfzvzRtzaIQ0JH6SZ5B0BoiVU9Rr
gH4FbTLkctlYFDriyC7iR9tr2xCVWNtrsfTtBjHP3eJv6OHadkB9ddk+EZdgzj/j
KShbOkswtrmEwgkgUGgXY7+L16USiUiunis6
-----END CERTIFICATE-----
Generated at Wed Sep 10 03:08:57 2025 by rpki-client