Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HNDLhjaoLur5nIvrrXaK14ujzvM.roa
File: HNDLhjaoLur5nIvrrXaK14ujzvM.roa (raw, json)
Hash identifier: +cU4PrBDIN2CITvV8/Ghq6qDbVnBtxu5/sUDtuH9Cak=
Subject key identifier: 1C:D0:CB:86:36:A8:2E:EA:F9:9C:8B:EB:AD:76:8A:D7:8B:A3:CE:F3
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0198F52B1103FB5494BA8045804DF75B63C8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HNDLhjaoLur5nIvrrXaK14ujzvM.roa
Signing time: Fri 29 Aug 2025 09:31:36 +0000
ROA not before: Fri 29 Aug 2025 09:31:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 176.125.248.0/24 maxlen: 24
185.210.232.0/24 maxlen: 24
185.214.102.0/24 maxlen: 24
185.225.0.0/24 maxlen: 24
185.225.2.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 17:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f5:2b:11:03:fb:54:94:ba:80:45:80:4d:f7:5b:63:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Aug 29 09:31:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1cd0cb8636a82eeaf99c8bebad768ad78ba3cef3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:e2:52:d2:d0:2d:3e:e5:76:0c:66:ef:d1:88:
1d:01:51:8c:fc:ce:f4:5b:57:65:0e:ee:ca:18:f5:
27:1d:8e:5f:83:36:97:da:3d:8f:c8:a4:69:02:9f:
18:d1:91:e8:08:5c:df:af:a8:48:74:03:78:70:6b:
cb:95:b8:ee:03:9a:00:9a:42:c2:f4:90:00:a9:e9:
29:ff:df:65:ec:a5:c1:37:5d:2d:a8:66:23:f7:16:
9c:88:2b:bd:9b:0d:80:8d:c7:12:6f:fb:85:55:cb:
98:32:cb:6b:70:8b:00:cd:47:1c:a6:8a:dd:ab:cb:
88:18:b5:f5:9e:3e:57:ec:d8:0c:b9:6e:40:dd:18:
34:ca:5f:f6:25:c3:f3:51:ad:9c:f9:fa:33:99:18:
49:be:5d:df:95:1d:11:93:16:3d:fa:6e:0d:fe:1a:
55:33:23:e6:4a:ee:76:d3:b0:17:08:32:c2:36:e5:
31:7e:1c:44:5b:63:5a:a6:b8:e8:2b:2a:80:8c:d9:
03:d0:33:29:f4:5b:db:d9:f4:33:26:18:af:22:2e:
f0:10:6e:b4:05:1f:66:51:22:eb:b7:c1:43:db:a4:
05:21:7d:5b:4c:8d:f9:5d:b3:06:dc:24:f1:fb:8d:
43:b3:12:1a:8d:55:c6:5f:32:de:d4:f7:8f:93:d2:
fb:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:D0:CB:86:36:A8:2E:EA:F9:9C:8B:EB:AD:76:8A:D7:8B:A3:CE:F3
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/HNDLhjaoLur5nIvrrXaK14ujzvM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.125.248.0/24
185.210.232.0/24
185.214.102.0/24
185.225.0.0/24
185.225.2.0/24
185.251.231.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:7a:01:e4:80:8e:30:ea:b9:0b:49:d9:6d:0f:80:73:ca:ae:
3a:18:fd:d8:4b:31:b5:21:47:07:2a:57:1f:82:cd:e3:28:23:
b4:ff:5d:f7:e8:f1:d7:8e:68:cd:8f:58:e1:ab:0c:9c:86:39:
9a:7e:93:c1:de:25:55:5d:4e:40:5e:e2:e0:6f:47:c5:58:42:
84:d6:d8:5c:b0:3d:de:a8:6b:af:75:69:a8:29:f4:ad:0c:14:
c2:0a:6e:6a:c2:78:ac:5a:fb:34:28:59:2a:4e:00:c9:2d:1d:
b8:06:63:01:1f:04:98:3d:29:54:1a:a8:1f:2d:ec:af:45:56:
b3:eb:46:e7:51:4e:2d:9d:91:30:0d:1e:55:80:b4:b5:6b:97:
b7:c1:5f:8a:f5:c8:12:42:ec:7c:62:03:e7:17:51:fc:96:2b:
cb:f0:ab:b7:87:0c:b8:4c:96:20:52:c7:5d:5d:3b:96:9e:f4:
10:ea:36:16:9e:41:34:9c:47:af:03:bc:c0:db:7a:24:31:d7:
71:6f:ac:d8:f2:0f:60:63:45:67:cc:0a:0e:c1:92:61:56:ba:
9b:ca:c2:29:7a:c4:64:54:3e:29:ac:8f:c2:4e:0f:05:a0:87:
06:54:e2:94:4d:78:41:5d:9f:6d:70:e0:1f:2b:c4:d3:8f:b7:
7e:80:a0:36
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZj1KxED+1SUuoBFgE33W2PIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODI5MDkzMTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2QwY2I4NjM2YTgyZWVhZjk5YzhiZWJhZDc2OGFkNzhiYTNjZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+JS0tAtPuV2DGbv0YgdAVGM/M70
W1dlDu7KGPUnHY5fgzaX2j2PyKRpAp8Y0ZHoCFzfr6hIdAN4cGvLlbjuA5oAmkLC
9JAAqekp/99l7KXBN10tqGYj9xaciCu9mw2AjccSb/uFVcuYMstrcIsAzUccpord
q8uIGLX1nj5X7NgMuW5A3Rg0yl/2JcPzUa2c+fozmRhJvl3flR0RkxY9+m4N/hpV
MyPmSu5207AXCDLCNuUxfhxEW2NaprjoKyqAjNkD0DMp9Fvb2fQzJhivIi7wEG60
BR9mUSLrt8FD26QFIX1bTI35XbMG3CTx+41DsxIajVXGXzLe1PePk9L7NQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBzQy4Y2qC7q+ZyL6612iteLo87zMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSE5ETGhqYW9MdXI1bkl2cnJYYUsxNHVqenZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAsH34AwQA
udLoAwQAudZmAwQAueEAAwQAueECAwQAufvnMA0GCSqGSIb3DQEBCwUAA4IBAQAL
egHkgI4w6rkLSdltD4Bzyq46GP3YSzG1IUcHKlcfgs3jKCO0/1336PHXjmjNj1jh
qwychjmafpPB3iVVXU5AXuLgb0fFWEKE1thcsD3eqGuvdWmoKfStDBTCCm5qwnis
Wvs0KFkqTgDJLR24BmMBHwSYPSlUGqgfLeyvRVaz60bnUU4tnZEwDR5VgLS1a5e3
wV+K9cgSQux8YgPnF1H8livL8Ku3hwy4TJYgUsddXTuWnvQQ6jYWnkE0nEevA7zA
23okMddxb6zY8g9gY0VnzAoOwZJhVrqbysIpesRkVD4prI/CTg8FoIcGVOKUTXhB
XZ9tcOAfK8TTj7d+gKA2
-----END CERTIFICATE-----
Generated at Thu Sep 18 03:23:12 2025 by rpki-client