Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mD2itgzbZytpmbGVRMIxCynLanQ.roa
File: mD2itgzbZytpmbGVRMIxCynLanQ.roa (raw, json)
Hash identifier: ak26CPhHQRvxXYqv8xdKHPiYwC+gJYopV2P34WxqeLc=
Subject key identifier: 98:3D:A2:B6:0C:DB:67:2B:69:99:B1:95:44:C2:31:0B:29:CB:6A:74
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0198F0898A3B38284870A5857F9C4646CA66
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mD2itgzbZytpmbGVRMIxCynLanQ.roa
Signing time: Thu 28 Aug 2025 11:56:42 +0000
ROA not before: Thu 28 Aug 2025 11:56:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 81.168.105.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.57.0/24 maxlen: 24
82.152.58.0/24 maxlen: 24
82.152.61.0/24 maxlen: 24
82.152.73.0/24 maxlen: 24
82.152.75.0/24 maxlen: 24
82.152.98.0/24 maxlen: 24
82.152.109.0/24 maxlen: 24
82.152.122.0/24 maxlen: 24
82.152.226.0/24 maxlen: 24
82.152.240.0/24 maxlen: 24
82.152.243.0/24 maxlen: 24
82.153.205.0/24 maxlen: 24
82.153.217.0/24 maxlen: 24
82.163.23.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
109.176.40.0/21 maxlen: 24
109.176.48.0/21 maxlen: 24
109.176.153.0/24 maxlen: 24
109.176.244.0/24 maxlen: 24
212.38.79.0/24 maxlen: 24
213.130.130.0/24 maxlen: 24
213.130.149.0/24 maxlen: 24
213.210.54.0/24 maxlen: 24
213.218.214.0/24 maxlen: 24
213.218.234.0/24 maxlen: 24
213.218.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 07:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f0:89:8a:3b:38:28:48:70:a5:85:7f:9c:46:46:ca:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 28 11:56:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=983da2b60cdb672b6999b19544c2310b29cb6a74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3a:ac:55:34:4e:6d:85:0c:12:68:a3:ea:6d:
75:41:92:ad:29:78:c5:79:4a:94:a3:8e:46:24:fe:
c7:99:1c:33:88:d0:ed:0f:4b:e8:5b:a6:58:94:00:
e3:27:77:3e:d8:72:94:00:db:79:a7:be:4e:f3:14:
b7:9f:87:ca:2e:c2:de:55:9f:9e:04:95:13:9e:6f:
1e:db:71:4d:dd:6e:61:57:43:de:47:98:96:9f:01:
54:01:c6:8a:ad:cb:c5:81:ae:fc:b3:db:6d:5b:87:
b5:4c:e1:f4:70:b9:9b:93:08:68:fe:5d:dc:71:af:
97:84:d9:5c:16:7c:88:be:15:1b:2b:e3:75:d9:00:
72:e7:85:69:d4:a1:05:e4:33:99:19:18:2b:4c:f4:
57:2d:f8:ec:49:1d:ee:3a:43:f6:ab:ab:a1:df:1a:
a3:b6:2d:65:a2:8a:5e:62:dd:75:dd:02:a2:a7:10:
33:9b:8d:8f:66:85:ce:d9:12:c1:d0:43:d1:78:6f:
a3:6e:01:c7:3a:6b:eb:45:f1:8f:88:e4:57:bc:3c:
38:72:e0:71:fe:84:3e:d4:b5:38:04:e9:b6:ee:67:
78:38:4f:0f:39:b3:de:19:b1:cd:cc:e9:35:a1:d0:
3b:45:0c:b7:24:4d:2d:d3:f4:82:b2:fb:7f:06:78:
b1:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:3D:A2:B6:0C:DB:67:2B:69:99:B1:95:44:C2:31:0B:29:CB:6A:74
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mD2itgzbZytpmbGVRMIxCynLanQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.105.0/24
82.152.8.0/24
82.152.57.0-82.152.58.255
82.152.61.0/24
82.152.73.0/24
82.152.75.0/24
82.152.98.0/24
82.152.109.0/24
82.152.122.0/24
82.152.226.0/24
82.152.240.0/24
82.152.243.0/24
82.153.205.0/24
82.153.217.0/24
82.163.23.0/24
89.213.145.0/24
89.213.154.0/24
89.213.164.0/24
109.176.40.0-109.176.55.255
109.176.153.0/24
109.176.244.0/24
212.38.79.0/24
213.130.130.0/24
213.130.149.0/24
213.210.54.0/24
213.218.214.0/24
213.218.234.0/24
213.218.238.0/24
Signature Algorithm: sha256WithRSAEncryption
40:d7:d4:b8:19:7f:65:40:1a:4f:be:4f:f6:69:0e:60:cd:e5:
83:2d:14:05:bc:67:71:2e:bb:90:1c:6f:c9:45:f0:03:bc:c5:
3f:24:32:31:85:f4:0a:a8:a7:d5:1f:50:3a:25:e5:4a:a1:71:
e6:5c:0d:9d:54:11:41:90:c9:77:f8:40:14:f0:ef:f0:14:bd:
de:0f:be:3b:b0:3c:59:66:87:a0:3b:55:d9:50:ae:42:60:92:
e4:a2:e1:48:c1:0e:50:bb:a5:c0:b7:0d:9a:cf:84:c1:ce:ab:
94:2b:be:76:e3:6e:df:7b:5d:cc:5f:19:f6:05:73:91:ca:f3:
be:84:f2:b0:5f:c7:5b:36:42:5f:2d:15:f1:22:b6:80:87:13:
ea:d5:71:50:d2:3b:0e:05:94:2d:39:26:f9:9c:3b:6f:1e:ff:
18:7e:9b:31:07:c5:a4:99:76:86:eb:50:6d:f1:af:3a:28:91:
2c:dd:8c:76:e8:d7:94:41:f1:c1:a2:3a:26:92:f6:2b:47:d2:
8d:b5:dc:19:e5:59:ed:99:25:e4:6d:79:f7:6d:39:e8:22:a9:
e9:e8:08:b6:23:66:44:47:b5:53:67:c7:80:cd:8b:b2:b7:9a:
49:3f:e9:17:3f:48:c9:a6:d3:ea:bc:70:75:95:4b:57:ba:6a:
2e:8b:0b:1c
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAZjwiYo7OChIcKWFf5xGRspmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODI4MTE1NjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNkYTJiNjBjZGI2NzJiNjk5OWIxOTU0NGMyMzEwYjI5Y2I2YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDqsVTRObYUMEmij6m11QZKtKXjF
eUqUo45GJP7HmRwziNDtD0voW6ZYlADjJ3c+2HKUANt5p75O8xS3n4fKLsLeVZ+e
BJUTnm8e23FN3W5hV0PeR5iWnwFUAcaKrcvFga78s9ttW4e1TOH0cLmbkwho/l3c
ca+XhNlcFnyIvhUbK+N12QBy54Vp1KEF5DOZGRgrTPRXLfjsSR3uOkP2q6uh3xqj
ti1loopeYt113QKipxAzm42PZoXO2RLB0EPReG+jbgHHOmvrRfGPiORXvDw4cuBx
/oQ+1LU4BOm27md4OE8PObPeGbHNzOk1odA7RQy3JE0t0/SCsvt/Bnix0wIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFJg9orYM22craZmxlUTCMQspy2p0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbUQyaXRnemJaeXRwbWJHVlJNSXhDeW5MYW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHVBggrBgEFBQcBBwEB/wSBxTCBwjCBvwQCAAEwgbgDBABR
qGkDBABSmAgwDAMEAFKYOQMEAFKYOgMEAFKYPQMEAFKYSQMEAFKYSwMEAFKYYgME
AFKYbQMEAFKYegMEAFKY4gMEAFKY8AMEAFKY8wMEAFKZzQMEAFKZ2QMEAFKjFwME
AFnVkQMEAFnVmgMEAFnVpDAMAwQDbbAoAwQDbbAwAwQAbbCZAwQAbbD0AwQA1CZP
AwQA1YKCAwQA1YKVAwQA1dI2AwQA1drWAwQA1drqAwQA1druMA0GCSqGSIb3DQEB
CwUAA4IBAQBA19S4GX9lQBpPvk/2aQ5gzeWDLRQFvGdxLruQHG/JRfADvMU/JDIx
hfQKqKfVH1A6JeVKoXHmXA2dVBFBkMl3+EAU8O/wFL3eD747sDxZZoegO1XZUK5C
YJLkouFIwQ5Qu6XAtw2az4TBzquUK752427fe13MXxn2BXORyvO+hPKwX8dbNkJf
LRXxIraAhxPq1XFQ0jsOBZQtOSb5nDtvHv8YfpsxB8WkmXaG61Bt8a86KJEs3Yx2
6NeUQfHBojomkvYrR9KNtdwZ5VntmSXkbXn3bTnoIqnp6Ai2I2ZER7VTZ8eAzYuy
t5pJP+kXP0jJptPqvHB1lUtXumouiwsc
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:44:01 2025 by rpki-client