Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-RH9idx43UbCrglpASwWeMOZ-eQ.roa
File: 1-RH9idx43UbCrglpASwWeMOZ-eQ.roa (raw, json)
Hash identifier: a/oRgjns4/gkry0avHPZEQaul+aKKuUcyzPvFqOQtVk=
Subject key identifier: F9:11:FD:89:DC:78:DD:46:C2:AE:09:69:01:2C:16:78:C3:99:F9:E4
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0198EB3A56DE616EF1C4FABBB99278A4535A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-RH9idx43UbCrglpASwWeMOZ-eQ.roa
Signing time: Wed 27 Aug 2025 11:12:05 +0000
ROA not before: Wed 27 Aug 2025 11:12:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61112
IP address blocks: 82.152.90.0/23 maxlen: 24
82.153.65.0/24 maxlen: 24
82.153.135.0/24 maxlen: 24
82.163.16.0/24 maxlen: 24
89.213.40.0/24 maxlen: 24
89.213.182.0/24 maxlen: 24
89.213.184.0/24 maxlen: 24
194.105.81.0/24 maxlen: 24
213.218.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 02:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:eb:3a:56:de:61:6e:f1:c4:fa:bb:b9:92:78:a4:53:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 27 11:12:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f911fd89dc78dd46c2ae0969012c1678c399f9e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:6c:5b:93:a3:55:e7:0d:83:3c:26:b6:95:a6:
91:ff:ec:b9:37:e0:b8:80:29:62:e8:0f:d5:f4:f0:
d1:10:04:27:50:5b:c0:29:b3:73:1d:31:82:a0:ab:
6e:92:24:1a:d8:f3:74:49:a7:be:f5:ad:02:79:69:
f0:86:85:f7:98:82:d3:36:90:2e:29:a4:4d:54:30:
5e:49:dd:2e:2c:62:f1:7d:91:1c:e7:b7:4c:bc:12:
8b:a1:e0:59:98:13:49:48:cb:f5:9e:a0:72:54:08:
86:1d:3e:27:3a:0e:49:49:e2:e5:03:8b:e0:4f:2d:
95:40:f0:e9:14:3e:22:8b:cd:50:32:49:46:51:e5:
dc:2a:af:8d:2a:f1:72:aa:ed:a8:4d:e5:97:9f:ce:
ef:8d:2b:75:52:07:00:3f:a4:5c:8e:14:5f:76:f9:
9f:23:69:5c:6f:22:b0:e1:02:ee:27:11:1c:f9:0a:
d7:c6:25:16:cb:bb:b7:b4:35:27:c8:e5:cf:b3:10:
9d:4b:10:1d:70:ca:28:3d:ef:27:24:c1:8b:b1:26:
4a:62:13:d5:10:63:fa:64:c6:21:c8:14:a4:a6:03:
cf:16:a1:91:d8:ac:21:1b:5d:86:b5:38:c9:04:70:
e2:81:63:dc:f0:2f:59:99:2e:ef:da:ff:26:57:9e:
41:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:11:FD:89:DC:78:DD:46:C2:AE:09:69:01:2C:16:78:C3:99:F9:E4
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-RH9idx43UbCrglpASwWeMOZ-eQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.90.0/23
82.153.65.0/24
82.153.135.0/24
82.163.16.0/24
89.213.40.0/24
89.213.182.0/24
89.213.184.0/24
194.105.81.0/24
213.218.254.0/24
Signature Algorithm: sha256WithRSAEncryption
26:1d:43:c5:a8:40:a8:12:c9:24:95:bc:98:2d:a2:bd:04:a3:
b0:49:1c:29:84:bc:4f:8f:d8:f1:9e:18:9d:8d:6a:b2:72:82:
78:ad:50:6d:b6:86:4c:31:ed:d1:59:18:6d:f7:c7:2a:b0:35:
45:4d:a0:27:7c:1f:a4:b5:69:5e:a6:24:3b:f8:0b:1d:c9:9a:
42:f0:44:de:d1:dd:40:f3:35:3e:f0:d1:8a:d7:46:73:61:4e:
56:e1:80:8c:12:76:e5:58:9a:15:0b:6b:65:2d:bd:cc:8a:49:
7b:e0:e4:24:00:79:cf:18:48:a0:b3:bf:dc:e6:a2:3c:99:f8:
2a:fc:8b:2b:70:9d:28:9a:02:b2:80:58:09:64:57:5c:95:14:
f9:77:59:47:e1:9a:37:00:c8:93:85:0f:ed:f0:1e:47:94:d0:
48:36:7d:2d:3d:29:64:de:b4:da:35:8d:13:b3:02:3f:cb:e9:
63:fb:f7:a0:42:f8:64:c8:bb:e9:02:32:42:46:50:e0:37:0b:
51:74:f9:7d:be:5a:6f:0f:3d:bd:22:51:85:e3:71:20:d8:ee:
4d:53:0a:a9:3f:8c:18:04:4d:74:0e:9e:2e:bf:c6:a1:9e:e1:
86:e1:9e:56:9a:4f:49:cf:c1:be:50:f7:d4:62:58:97:6d:94:
e8:f7:b1:59
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZjrOlbeYW7xxPq7uZJ4pFNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODI3MTExMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTExZmQ4OWRjNzhkZDQ2YzJhZTA5NjkwMTJjMTY3OGMzOTlmOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmxbk6NV5w2DPCa2laaR/+y5N+C4
gCli6A/V9PDREAQnUFvAKbNzHTGCoKtukiQa2PN0Sae+9a0CeWnwhoX3mILTNpAu
KaRNVDBeSd0uLGLxfZEc57dMvBKLoeBZmBNJSMv1nqByVAiGHT4nOg5JSeLlA4vg
Ty2VQPDpFD4ii81QMklGUeXcKq+NKvFyqu2oTeWXn87vjSt1UgcAP6RcjhRfdvmf
I2lcbyKw4QLuJxEc+QrXxiUWy7u3tDUnyOXPsxCdSxAdcMooPe8nJMGLsSZKYhPV
EGP6ZMYhyBSkpgPPFqGR2KwhG12GtTjJBHDigWPc8C9ZmS7v2v8mV55BgwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPkR/YnceN1Gwq4JaQEsFnjDmfnkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1SSDlpZHg0M1ViQ3JnbHBBU3dXZU1PWi1lUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBPBggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAVKYWgME
AFKZQQMEAFKZhwMEAFKjEAMEAFnVKAMEAFnVtgMEAFnVuAMEAMJpUQMEANXa/jAN
BgkqhkiG9w0BAQsFAAOCAQEAJh1DxahAqBLJJJW8mC2ivQSjsEkcKYS8T4/Y8Z4Y
nY1qsnKCeK1QbbaGTDHt0VkYbffHKrA1RU2gJ3wfpLVpXqYkO/gLHcmaQvBE3tHd
QPM1PvDRitdGc2FOVuGAjBJ25ViaFQtrZS29zIpJe+DkJAB5zxhIoLO/3OaiPJn4
KvyLK3CdKJoCsoBYCWRXXJUU+XdZR+GaNwDIk4UP7fAeR5TQSDZ9LT0pZN602jWN
E7MCP8vpY/v3oEL4ZMi76QIyQkZQ4DcLUXT5fb5abw89vSJRheNxINjuTVMKqT+M
GARNdA6eLr/GoZ7hhuGeVppPSc/BvlD31GJYl22U6PexWQ==
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:31:16 2025 by rpki-client