Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/hvH1lUFj1VAFusb_pQJRTraQJ4U.roa
File: hvH1lUFj1VAFusb_pQJRTraQJ4U.roa (raw, json)
Hash identifier: AJ2AV5CVSEoSqNl0zVVSMcCjH1TLixfyv1cSlmQnkz0=
Subject key identifier: 86:F1:F5:95:41:63:D5:50:05:BA:C6:FF:A5:02:51:4E:B6:90:27:85
Certificate issuer: /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial: 019929AE78C100CACBA98C1970AB39EDC20A
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/hvH1lUFj1VAFusb_pQJRTraQJ4U.roa
Signing time: Mon 08 Sep 2025 14:15:23 +0000
ROA not before: Mon 08 Sep 2025 14:15:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25198
IP address blocks: 46.229.243.0/24 maxlen: 24
46.229.251.0/24 maxlen: 24
46.229.253.0/24 maxlen: 24
76.164.200.0/24 maxlen: 24
76.164.201.0/24 maxlen: 24
76.164.202.0/24 maxlen: 24
76.164.203.0/24 maxlen: 24
77.74.123.0/24 maxlen: 24
83.229.61.0/24 maxlen: 24
85.204.107.0/24 maxlen: 24
92.42.100.0/24 maxlen: 24
103.112.171.0/24 maxlen: 24
103.121.48.0/24 maxlen: 24
103.121.49.0/24 maxlen: 24
103.126.50.0/24 maxlen: 24
103.126.51.0/24 maxlen: 24
103.244.144.0/24 maxlen: 24
103.244.145.0/24 maxlen: 24
103.246.248.0/24 maxlen: 24
162.249.124.0/24 maxlen: 24
162.249.125.0/24 maxlen: 24
162.249.126.0/24 maxlen: 24
162.249.127.0/24 maxlen: 24
185.104.63.0/24 maxlen: 24
195.74.93.0/24 maxlen: 24
203.14.32.0/24 maxlen: 24
203.25.108.0/24 maxlen: 24
205.237.109.0/24 maxlen: 24
205.237.110.0/24 maxlen: 24
205.237.111.0/24 maxlen: 24
2a12:3200::/36 maxlen: 36
2a12:3200:1000::/36 maxlen: 36
2a12:3200:2000::/36 maxlen: 36
2a12:3200:3000::/36 maxlen: 36
2a12:3200:4000::/36 maxlen: 36
2a12:3200:5000::/36 maxlen: 36
2a12:3200:6000::/36 maxlen: 36
2a12:3200:7000::/36 maxlen: 36
2a12:3200:8000::/36 maxlen: 36
2a12:3200:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:29:ae:78:c1:00:ca:cb:a9:8c:19:70:ab:39:ed:c2:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Validity
Not Before: Sep 8 14:15:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86f1f5954163d55005bac6ffa502514eb6902785
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:a1:aa:71:12:8f:b0:e1:9e:f0:c1:83:9b:91:
05:58:df:a3:82:5f:a3:32:5b:87:03:f0:f4:55:81:
25:96:af:a2:5d:36:d8:67:63:52:69:15:0e:cc:e6:
09:12:8f:b1:2b:f7:c1:ea:91:4f:6f:9f:cd:26:7f:
e9:2a:c0:53:0c:fc:12:da:61:ae:58:4c:40:b3:90:
aa:c4:92:62:dd:3c:11:3f:d0:61:dc:6b:7f:2c:34:
ec:0b:2a:48:6c:93:8f:01:b3:c9:2d:5c:74:85:af:
fc:5a:08:ec:13:21:15:30:92:ad:8f:da:a7:e7:01:
7e:69:84:2b:38:9c:db:bc:fa:58:42:f1:7d:aa:99:
ad:b2:d5:1d:62:8b:61:be:cd:4f:67:6e:bd:b2:15:
0b:64:8a:42:6b:73:aa:5a:9f:55:97:6c:33:97:17:
06:9f:87:ca:c8:28:a1:b3:98:64:8c:fe:5c:77:89:
d2:d8:14:ee:fe:94:fc:53:30:15:f2:35:30:97:bc:
b9:8c:db:25:2b:1f:cd:8d:ea:6f:95:3d:ca:df:6b:
ab:66:f0:5c:25:fe:ff:4e:02:c5:a4:40:5d:f9:1c:
06:df:54:c5:b4:87:b5:71:b9:d5:55:d9:26:0b:d0:
5e:dd:ee:6c:d4:7f:13:ac:cb:0e:5c:7b:ef:06:31:
ed:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:F1:F5:95:41:63:D5:50:05:BA:C6:FF:A5:02:51:4E:B6:90:27:85
X509v3 Authority Key Identifier:
keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/hvH1lUFj1VAFusb_pQJRTraQJ4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.229.243.0/24
46.229.251.0/24
46.229.253.0/24
76.164.200.0/22
77.74.123.0/24
83.229.61.0/24
85.204.107.0/24
92.42.100.0/24
103.112.171.0/24
103.121.48.0/23
103.126.50.0/23
103.244.144.0/23
103.246.248.0/24
162.249.124.0/22
185.104.63.0/24
195.74.93.0/24
203.14.32.0/24
203.25.108.0/24
205.237.109.0-205.237.111.255
IPv6:
2a12:3200::-2a12:3200:9000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3f:2a:cb:41:f2:b5:06:ad:96:10:72:a7:56:59:2f:f4:63:55:
90:45:4f:78:00:03:bf:ab:74:dc:97:74:c7:ca:79:44:7b:c2:
26:60:a8:89:96:8e:a8:30:8f:dd:01:8f:05:3c:12:c1:e1:b8:
cb:25:6c:bd:19:4f:31:e3:09:1e:3c:9b:e6:12:5e:40:53:f3:
79:b9:76:95:ea:06:d8:31:1b:ec:1c:34:9d:7f:e4:c4:e1:2d:
85:8b:76:60:15:b3:55:44:37:f7:7e:ab:50:2d:7c:1a:41:76:
68:b4:6e:ee:bb:9e:f4:44:1d:ac:5f:ca:73:73:08:8f:65:30:
49:81:4c:7a:18:29:54:f8:5c:7a:a0:07:59:86:40:37:d3:30:
82:9d:b5:52:74:6a:c6:58:f0:53:62:51:2e:f8:4e:56:0f:75:
e8:24:cb:d7:ce:7f:24:c1:42:fd:d6:8b:a5:99:f1:35:61:55:
59:ef:d0:68:f0:92:bc:7b:e3:10:7a:e0:7f:8f:54:e4:84:33:
be:67:c7:99:5e:ae:44:ac:71:d0:c6:74:70:34:7f:b0:ec:51:
56:9a:42:a3:ea:64:22:8d:2e:fe:c9:03:cd:be:56:62:94:f8:
dd:87:20:e1:42:61:c2:12:7f:57:bc:af:ec:be:13:6f:2e:5d:
ac:4c:53:2a
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAZkprnjBAMrLqYwZcKs57cIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjUwOTA4MTQxNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmYxZjU5NTQxNjNkNTUwMDViYWM2ZmZhNTAyNTE0ZWI2OTAyNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqGqcRKPsOGe8MGDm5EFWN+jgl+j
MluHA/D0VYEllq+iXTbYZ2NSaRUOzOYJEo+xK/fB6pFPb5/NJn/pKsBTDPwS2mGu
WExAs5CqxJJi3TwRP9Bh3Gt/LDTsCypIbJOPAbPJLVx0ha/8WgjsEyEVMJKtj9qn
5wF+aYQrOJzbvPpYQvF9qpmtstUdYothvs1PZ269shULZIpCa3OqWp9Vl2wzlxcG
n4fKyCihs5hkjP5cd4nS2BTu/pT8UzAV8jUwl7y5jNslKx/NjepvlT3K32urZvBc
Jf7/TgLFpEBd+RwG31TFtIe1cbnVVdkmC9Be3e5s1H8TrMsOXHvvBjHtDwIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFIbx9ZVBY9VQBbrG/6UCUU62kCeFMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvaHZIMWxVRmoxVkFGdXNiX3BRSlJUcmFRSjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBgAQCAAEwegMEAC7l
8wMEAC7l+wMEAC7l/QMEAkykyAMEAE1KewMEAFPlPQMEAFXMawMEAFwqZAMEAGdw
qwMEAWd5MAMEAWd+MgMEAWf0kAMEAGf2+AMEAqL5fAMEALloPwMEAMNKXQMEAMsO
IAMEAMsZbDAMAwQAze1tAwQEze1gMBcEAgACMBEwDwMEASoSMgMHACoSMgCQADAN
BgkqhkiG9w0BAQsFAAOCAQEAPyrLQfK1Bq2WEHKnVlkv9GNVkEVPeAADv6t03Jd0
x8p5RHvCJmCoiZaOqDCP3QGPBTwSweG4yyVsvRlPMeMJHjyb5hJeQFPzebl2leoG
2DEb7Bw0nX/kxOEthYt2YBWzVUQ3936rUC18GkF2aLRu7rue9EQdrF/Kc3MIj2Uw
SYFMehgpVPhceqAHWYZAN9Mwgp21UnRqxljwU2JRLvhOVg916CTL185/JMFC/daL
pZnxNWFVWe/QaPCSvHvjEHrgf49U5IQzvmfHmV6uRKxx0MZ0cDR/sOxRVppCo+pk
Io0u/skDzb5WYpT43Ycg4UJhwhJ/V7yv7L4Tby5drExTKg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:23:10 2025 by rpki-client