Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nH_AgugiN95aEynZoZs6bo5GsEM.roa
File: nH_AgugiN95aEynZoZs6bo5GsEM.roa (raw, json)
Hash identifier: qVv24LEZKOrk2x/9C+9lvL9Zpx2hHc4hVZnCVZhnH0w=
Subject key identifier: 9C:7F:C0:82:E8:22:37:DE:5A:13:29:D9:A1:9B:3A:6E:8E:46:B0:43
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01990A4FAA287A75B6123FF93C5BDAD27BFB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nH_AgugiN95aEynZoZs6bo5GsEM.roa
Signing time: Tue 02 Sep 2025 12:03:37 +0000
ROA not before: Tue 02 Sep 2025 12:03:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
81.168.125.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Sep 2025 19:46:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0a:4f:aa:28:7a:75:b6:12:3f:f9:3c:5b:da:d2:7b:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 2 12:03:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c7fc082e82237de5a1329d9a19b3a6e8e46b043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:e1:68:d1:cf:24:d2:35:0f:34:ce:6a:7d:ce:
f0:82:b3:80:3e:6e:6e:41:1f:4c:58:56:15:2f:01:
b5:25:b3:f4:2d:90:15:1c:81:11:e3:90:a2:85:4a:
ed:b9:13:2b:fb:d3:cf:9c:8e:e5:42:f4:0f:ff:fb:
b6:3b:fe:4e:53:fe:67:70:9c:6e:24:25:1d:df:db:
fa:26:2c:a1:38:a2:75:1a:27:13:23:e8:5c:a6:51:
1c:46:0a:ec:50:5c:31:78:63:65:a3:32:19:de:00:
2f:97:1d:a2:12:31:49:3a:9d:e1:a3:ba:0a:0f:30:
82:a3:05:a7:18:a0:79:a3:ce:37:db:3f:4a:94:4f:
c6:01:09:8d:ac:c9:b4:e0:0d:c3:02:76:61:ca:98:
69:46:cc:9b:08:0c:33:0b:a6:4c:86:2d:8c:9f:7b:
6a:ec:f2:5a:9e:e7:24:84:76:89:2d:23:98:84:ac:
9d:5a:f6:68:9c:a4:6a:b8:93:fb:38:a2:ac:4c:7b:
41:d1:d7:c0:99:0d:a9:63:eb:54:9c:b1:09:68:7b:
45:22:7b:44:5b:24:89:c2:f4:32:9e:eb:45:81:c9:
d1:3f:57:23:fc:63:d4:92:3d:26:13:bb:f6:9f:93:
72:91:e3:99:90:1d:ce:63:05:bc:bd:aa:4d:90:ec:
b9:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:7F:C0:82:E8:22:37:DE:5A:13:29:D9:A1:9B:3A:6E:8E:46:B0:43
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nH_AgugiN95aEynZoZs6bo5GsEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
81.168.125.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.250.0/24
89.213.136.0/24
89.213.153.0/24
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
8c:44:98:00:74:1b:40:cb:8d:1b:0a:ad:f3:5b:0a:13:c5:e9:
4d:a0:a9:14:5d:9d:76:6b:3b:14:ca:22:37:70:bf:68:2c:1c:
81:73:5c:bc:52:fd:4c:0f:4c:7b:25:92:59:8d:a3:80:58:bb:
5b:7d:57:b1:e5:ee:cd:3c:83:97:53:9e:07:7d:15:c2:e2:85:
e0:75:5f:23:cd:04:0d:ac:5c:41:54:eb:95:e4:70:88:f8:a7:
20:c5:d9:ba:76:b2:5a:bb:18:2a:55:a4:30:fb:1c:8d:ef:f5:
18:5b:c2:96:cb:02:f2:bc:cf:88:95:74:2b:26:30:ef:48:bb:
ba:6a:51:6f:12:92:b4:bb:ec:b8:6b:6d:5f:de:61:65:ea:38:
36:5d:f7:f7:da:70:81:d3:46:2d:fe:25:e7:c0:c0:c0:d4:52:
1f:f0:05:31:97:63:d7:8f:54:96:ed:82:dd:3a:c9:03:05:c5:
b3:f5:cf:35:1e:f5:93:1a:0f:f4:fb:48:17:86:c3:6c:b0:94:
8d:86:05:1d:b9:49:3f:ca:ad:91:3a:ed:41:97:72:b2:d8:a3:
b4:b9:ae:97:91:a9:1b:b2:6e:a6:e7:9e:80:82:7d:d0:7e:43:
80:96:a2:ba:73:2d:6b:a1:97:e6:a3:22:de:51:02:68:94:0d:
40:40:a7:9a
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAZkKT6ooenW2Ej/5PFva0nv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTAyMTIwMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdmYzA4MmU4MjIzN2RlNWExMzI5ZDlhMTliM2E2ZThlNDZiMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+Fo0c8k0jUPNM5qfc7wgrOAPm5u
QR9MWFYVLwG1JbP0LZAVHIER45CihUrtuRMr+9PPnI7lQvQP//u2O/5OU/5ncJxu
JCUd39v6JiyhOKJ1GicTI+hcplEcRgrsUFwxeGNlozIZ3gAvlx2iEjFJOp3ho7oK
DzCCowWnGKB5o8432z9KlE/GAQmNrMm04A3DAnZhyphpRsybCAwzC6ZMhi2Mn3tq
7PJanuckhHaJLSOYhKydWvZonKRquJP7OKKsTHtB0dfAmQ2pY+tUnLEJaHtFIntE
WySJwvQynutFgcnRP1cj/GPUkj0mE7v2n5NykeOZkB3OYwW8vapNkOy5IQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFJx/wILoIjfeWhMp2aGbOm6ORrBDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbkhfQWd1Z2lOOTVhRXluWm9aczZibzVHc0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBABR
BZwDBABRqCkDBABRqH0DBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABS
mUkDBABSmU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AME
AFKZ+gMEAFnViAMEAFnVmQMEAG2w0QMEAG2w0wMEA22w2AMEAG2w+QMEALkxfTAM
AwQA1Zg9AwQA1Zg+MA0GCSqGSIb3DQEBCwUAA4IBAQCMRJgAdBtAy40bCq3zWwoT
xelNoKkUXZ12azsUyiI3cL9oLByBc1y8Uv1MD0x7JZJZjaOAWLtbfVex5e7NPIOX
U54HfRXC4oXgdV8jzQQNrFxBVOuV5HCI+Kcgxdm6drJauxgqVaQw+xyN7/UYW8KW
ywLyvM+IlXQrJjDvSLu6alFvEpK0u+y4a21f3mFl6jg2Xff32nCB00Yt/iXnwMDA
1FIf8AUxl2PXj1SW7YLdOskDBcWz9c81HvWTGg/0+0gXhsNssJSNhgUduUk/yq2R
Ou1Bl3Ky2KO0ua6Xkakbsm6m556Agn3QfkOAlqK6cy1roZfmoyLeUQJolA1AQKea
-----END CERTIFICATE-----
Generated at Fri Sep 5 02:34:08 2025 by rpki-client