Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/hs7LWx99onWfa7NDQgswR8o6gaE.roa
File: hs7LWx99onWfa7NDQgswR8o6gaE.roa (raw, json)
Hash identifier: Ass+jNWe5lghZzBAkHny706eHe/Mnq+7tyKFB/O7uyM=
Subject key identifier: 86:CE:CB:5B:1F:7D:A2:75:9F:6B:B3:43:42:0B:30:47:CA:3A:81:A1
Certificate issuer: /CN=494d7873416510a2fb2346ef342280155522713b
Certificate serial: 01989D3AF947EFFD6796DB7FF0ADD3F8B78F
Authority key identifier: 49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/hs7LWx99onWfa7NDQgswR8o6gaE.roa
Signing time: Tue 12 Aug 2025 07:42:24 +0000
ROA not before: Tue 12 Aug 2025 07:42:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29141
IP address blocks: 5.45.176.0/21 maxlen: 21
31.14.46.0/23 maxlen: 23
31.170.104.0/21 maxlen: 21
31.170.111.0/24 maxlen: 24
80.83.112.0/20 maxlen: 20
80.83.116.0/24 maxlen: 24
130.255.72.0/21 maxlen: 21
130.255.184.0/21 maxlen: 21
185.13.148.0/22 maxlen: 22
185.45.112.0/22 maxlen: 22
195.68.246.0/23 maxlen: 23
195.128.160.0/23 maxlen: 23
2a02:e00::/32 maxlen: 32
2a02:e00:fff0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.mft
rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 04:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9d:3a:f9:47:ef:fd:67:96:db:7f:f0:ad:d3:f8:b7:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=494d7873416510a2fb2346ef342280155522713b
Validity
Not Before: Aug 12 07:42:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86cecb5b1f7da2759f6bb343420b3047ca3a81a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:34:9a:f5:c4:85:b6:ab:fb:99:cc:eb:73:1b:
65:bd:4a:89:0f:0b:21:21:64:01:ae:03:c4:9b:47:
7d:4c:49:99:1d:11:be:ad:c3:85:ec:56:f8:47:f8:
6e:24:b1:c4:98:e4:17:23:8f:f7:3a:30:ba:12:97:
45:f7:69:a4:e2:ac:2e:59:39:1f:e0:37:01:99:e5:
aa:ff:59:f8:72:04:f1:1b:c9:79:bb:49:f2:8c:b6:
f6:42:57:1a:c3:21:8b:4c:b5:c4:a9:07:4a:1c:e3:
9c:e8:1b:d3:4a:fb:86:24:eb:28:16:a1:08:cd:ee:
d6:6e:28:3e:12:2c:c6:e8:a5:b3:d1:85:e5:7e:e3:
52:a2:c6:f1:dc:6a:3c:74:94:be:17:8e:3b:37:e0:
41:a6:86:b3:f0:45:50:ad:04:52:e0:5d:f6:50:5f:
03:13:2e:ec:2b:06:f1:11:fb:50:03:0a:66:d1:2b:
d7:f1:33:af:b6:8e:5b:05:e2:b7:2a:f2:ca:76:ee:
4a:49:30:aa:8d:0b:cf:32:fd:e3:d1:e3:eb:50:74:
ad:0e:b1:1c:e3:45:f9:7b:b4:11:be:d2:e5:aa:75:
f1:aa:42:5b:b8:65:d4:4e:d9:95:44:71:22:c1:65:
ef:dc:75:3f:3d:76:28:1b:41:de:a4:ee:cd:22:bf:
fb:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:CE:CB:5B:1F:7D:A2:75:9F:6B:B3:43:42:0B:30:47:CA:3A:81:A1
X509v3 Authority Key Identifier:
keyid:49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/hs7LWx99onWfa7NDQgswR8o6gaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.176.0/21
31.14.46.0/23
31.170.104.0/21
80.83.112.0/20
130.255.72.0/21
130.255.184.0/21
185.13.148.0/22
185.45.112.0/22
195.68.246.0/23
195.128.160.0/23
IPv6:
2a02:e00::/32
Signature Algorithm: sha256WithRSAEncryption
3f:f3:f4:a8:69:5c:ba:f1:3e:a3:03:ff:1a:48:53:67:3c:09:
6a:f0:19:ea:50:7b:dd:27:c3:75:ad:89:38:79:95:2d:de:1a:
f4:41:c8:50:fb:ad:cc:5f:5c:35:c0:35:43:18:e8:a2:35:d2:
f7:8a:ab:05:ef:7a:ac:bc:b4:81:16:ca:c6:78:62:e0:1f:be:
46:54:52:18:f8:8f:10:81:5c:5a:bb:92:2f:ea:f1:0c:32:86:
1a:db:b9:f6:ec:70:36:0b:66:5d:60:a3:de:c4:d9:d1:dd:5d:
f8:12:c3:13:74:b8:61:47:cd:a4:84:9d:74:c1:25:be:e3:6f:
65:79:05:fa:37:e1:bd:1a:a6:d6:3c:4b:a6:dc:66:69:98:dc:
12:63:8d:56:85:f0:60:18:7a:e5:43:e5:78:28:c1:b3:4b:df:
0b:87:1b:19:fe:2c:c6:d9:e2:f9:3f:5e:d6:9b:5f:1d:04:37:
9f:fd:65:4e:e9:66:0e:ab:66:7f:1a:da:8d:8d:44:22:3c:68:
52:b9:dc:91:96:c7:26:ef:d9:24:a5:04:ed:c4:47:cb:e7:88:
7e:11:5a:cd:41:6e:fb:3c:7d:a7:f8:94:10:ad:26:1b:ee:69:
a6:26:1f:23:f8:56:86:b6:5a:35:4c:76:27:53:e4:21:1a:bf:
ba:60:48:53
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZidOvlH7/1nltt/8K3T+LePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGQ3ODczNDE2NTEwYTJmYjIzNDZlZjM0MjI4MDE1NTUy
MjcxM2IwHhcNMjUwODEyMDc0MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNlY2I1YjFmN2RhMjc1OWY2YmIzNDM0MjBiMzA0N2NhM2E4MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DSa9cSFtqv7mczrcxtlvUqJDwsh
IWQBrgPEm0d9TEmZHRG+rcOF7Fb4R/huJLHEmOQXI4/3OjC6EpdF92mk4qwuWTkf
4DcBmeWq/1n4cgTxG8l5u0nyjLb2QlcawyGLTLXEqQdKHOOc6BvTSvuGJOsoFqEI
ze7Wbig+EizG6KWz0YXlfuNSosbx3Go8dJS+F447N+BBpoaz8EVQrQRS4F32UF8D
Ey7sKwbxEftQAwpm0SvX8TOvto5bBeK3KvLKdu5KSTCqjQvPMv3j0ePrUHStDrEc
40X5e7QRvtLlqnXxqkJbuGXUTtmVRHEiwWXv3HU/PXYoG0HepO7NIr/7hwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFIbOy1sffaJ1n2uzQ0ILMEfKOoGhMB8GA1UdIwQY
MBaAFElNeHNBZRCi+yNG7zQigBVVInE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjIt
ZTE4ZTdiMmFjNTM2LzEvaHM3TFd4OTlvbldmYTdORFFnc3dSOG82Z2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjItZTE4ZTdiMmFjNTM2
LzEvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBS2wAwQB
Hw4uAwQDH6poAwQEUFNwAwQDgv9IAwQDgv+4AwQCuQ2UAwQCuS1wAwQBw0T2AwQB
w4CgMA0EAgACMAcDBQAqAg4AMA0GCSqGSIb3DQEBCwUAA4IBAQA/8/SoaVy68T6j
A/8aSFNnPAlq8BnqUHvdJ8N1rYk4eZUt3hr0QchQ+63MX1w1wDVDGOiiNdL3iqsF
73qsvLSBFsrGeGLgH75GVFIY+I8QgVxau5Iv6vEMMoYa27n27HA2C2ZdYKPexNnR
3V34EsMTdLhhR82khJ10wSW+429leQX6N+G9GqbWPEum3GZpmNwSY41WhfBgGHrl
Q+V4KMGzS98LhxsZ/izG2eL5P17Wm18dBDef/WVO6WYOq2Z/GtqNjUQiPGhSudyR
lscm79kkpQTtxEfL54h+EVrNQW77PH2n+JQQrSYb7mmmJh8j+FaGtlo1THYnU+Qh
Gr+6YEhT
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:19:51 2025 by rpki-client