Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/8cHr2mkJzn1QpKoQW6YmFw7DlzE.roa
File: 8cHr2mkJzn1QpKoQW6YmFw7DlzE.roa (raw, json)
Hash identifier: t5szeV65SN4GVGDNCF4ePCjQmk1+gvyVxgvAgyz5YRg=
Subject key identifier: F1:C1:EB:DA:69:09:CE:7D:50:A4:AA:10:5B:A6:26:17:0E:C3:97:31
Certificate issuer: /CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Certificate serial: 0199BDCB9CF562BA9DDAA127EA66C81C05E6
Authority key identifier: 8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/8cHr2mkJzn1QpKoQW6YmFw7DlzE.roa
Signing time: Tue 07 Oct 2025 08:31:01 +0000
ROA not before: Tue 07 Oct 2025 08:31:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31477
IP address blocks: 83.137.144.0/21 maxlen: 24
87.238.168.0/21 maxlen: 24
89.188.0.0/19 maxlen: 24
89.200.200.0/21 maxlen: 24
91.196.104.0/24 maxlen: 24
91.196.105.0/24 maxlen: 24
185.80.245.0/24 maxlen: 24
185.80.246.0/24 maxlen: 24
193.138.248.0/22 maxlen: 24
2a01:1b0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.mft
rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:bd:cb:9c:f5:62:ba:9d:da:a1:27:ea:66:c8:1c:05:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Validity
Not Before: Oct 7 08:31:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1c1ebda6909ce7d50a4aa105ba626170ec39731
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:d5:f6:5c:a9:00:e7:42:9a:f6:5d:29:b5:92:
51:83:49:39:de:7c:86:2a:38:e1:df:c4:41:e6:95:
b3:6b:29:13:9c:d0:85:ec:43:df:b8:e6:9d:0e:ea:
fc:18:42:7f:7e:fe:32:25:07:db:27:6b:c6:37:c7:
50:1e:7c:eb:f9:10:63:17:d1:a7:00:ef:8b:0e:6a:
ad:0f:6c:f1:3f:f1:39:0c:b2:72:b1:1c:1c:f6:60:
d5:5e:85:2d:4c:48:aa:c3:a2:72:c8:b8:94:82:0b:
b3:27:19:cf:9f:48:10:98:12:42:aa:33:15:ce:2b:
22:c4:1c:a4:11:03:41:0c:4c:59:83:81:8d:95:a9:
bc:3b:79:19:6f:03:95:08:3e:41:24:a2:69:ac:aa:
5d:67:16:b9:c4:3f:05:82:61:92:66:3d:66:bc:3d:
20:61:c5:a4:4b:68:28:e8:72:31:e4:74:33:d9:b9:
d8:79:54:12:c3:e0:82:58:9c:ca:93:19:b7:76:83:
b3:46:db:fe:cf:af:71:3e:c3:f1:20:69:bf:dd:52:
1e:92:04:b3:18:29:b5:05:e6:cc:99:d4:21:b0:0e:
a5:29:02:f8:62:18:04:cb:25:b3:25:03:54:9e:04:
0c:13:37:82:93:62:13:80:b0:5c:84:ab:f8:db:ad:
f7:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:C1:EB:DA:69:09:CE:7D:50:A4:AA:10:5B:A6:26:17:0E:C3:97:31
X509v3 Authority Key Identifier:
keyid:8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/8cHr2mkJzn1QpKoQW6YmFw7DlzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.144.0/21
87.238.168.0/21
89.188.0.0/19
89.200.200.0/21
91.196.104.0/23
185.80.245.0-185.80.246.255
193.138.248.0/22
IPv6:
2a01:1b0::/32
Signature Algorithm: sha256WithRSAEncryption
38:1a:d7:69:66:81:b7:52:8b:0f:3f:2f:0d:be:08:62:eb:0e:
c4:94:07:61:40:2a:13:6e:3a:ba:ce:03:47:39:78:4e:59:43:
9f:45:98:b1:e8:4c:35:7c:f0:eb:2b:15:f0:c4:69:e6:06:a7:
f5:2f:51:f1:a4:35:63:b8:05:53:64:92:9d:ba:c9:ac:ed:b6:
79:f5:e2:2b:02:2e:1e:bb:08:31:d3:16:37:85:23:bb:f8:59:
79:04:46:86:a1:e5:33:f7:2f:69:38:24:4f:ab:5f:02:43:ad:
06:63:94:a5:c0:2f:a0:9a:c1:32:09:ad:a1:0d:17:87:7b:21:
72:b0:49:42:04:b5:6e:89:51:a7:95:cf:83:91:97:e1:c5:7e:
7d:16:68:45:09:0e:9e:bd:de:ae:93:80:c6:6b:8b:76:a0:50:
89:2d:88:4f:30:fc:dc:2f:f7:28:db:58:59:8b:46:9a:bf:37:
a7:6c:fe:f0:4f:cf:0c:25:63:8f:21:4b:9a:63:a3:b5:4d:3b:
40:8e:b7:b9:31:4d:79:2f:c4:98:ab:eb:06:62:78:8d:57:37:
e3:7b:dd:b6:60:3d:67:4c:91:aa:f5:e1:66:29:b6:15:46:9e:
bb:29:cb:f2:81:e3:cb:8f:a9:d5:6d:e2:ce:c2:34:bb:9f:18:
81:0a:83:aa
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZm9y5z1Yrqd2qEn6mbIHAXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZmZmMjE1MzhlMjI1NjE4MzE0NjE1ZTRmMGQwNjg4Yjdi
MGRkNWEwHhcNMjUxMDA3MDgzMTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWMxZWJkYTY5MDljZTdkNTBhNGFhMTA1YmE2MjYxNzBlYzM5NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytX2XKkA50Ka9l0ptZJRg0k53nyG
Kjjh38RB5pWzaykTnNCF7EPfuOadDur8GEJ/fv4yJQfbJ2vGN8dQHnzr+RBjF9Gn
AO+LDmqtD2zxP/E5DLJysRwc9mDVXoUtTEiqw6JyyLiUgguzJxnPn0gQmBJCqjMV
zisixBykEQNBDExZg4GNlam8O3kZbwOVCD5BJKJprKpdZxa5xD8FgmGSZj1mvD0g
YcWkS2go6HIx5HQz2bnYeVQSw+CCWJzKkxm3doOzRtv+z69xPsPxIGm/3VIekgSz
GCm1BebMmdQhsA6lKQL4YhgEyyWzJQNUngQMEzeCk2ITgLBchKv42633bQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFPHB69ppCc59UKSqEFumJhcOw5cxMB8GA1UdIwQY
MBaAFIz/8hU44iVhgxRhXk8NBoi3sN1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUt
MjYxNjY2YzNhNTg5LzEvOGNIcjJta0p6bjFRcEtvUVc2WW1GdzdEbHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUtMjYxNjY2YzNhNTg5
LzEvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDU4mQAwQD
V+6oAwQFWbwAAwQDWcjIAwQBW8RoMAwDBAC5UPUDBAC5UPYDBALBivgwDQQCAAIw
BwMFACoBAbAwDQYJKoZIhvcNAQELBQADggEBADga12lmgbdSiw8/Lw2+CGLrDsSU
B2FAKhNuOrrOA0c5eE5ZQ59FmLHoTDV88OsrFfDEaeYGp/UvUfGkNWO4BVNkkp26
yazttnn14isCLh67CDHTFjeFI7v4WXkERoah5TP3L2k4JE+rXwJDrQZjlKXAL6Ca
wTIJraENF4d7IXKwSUIEtW6JUaeVz4ORl+HFfn0WaEUJDp693q6TgMZri3agUIkt
iE8w/Nwv9yjbWFmLRpq/N6ds/vBPzwwlY48hS5pjo7VNO0COt7kxTXkvxJir6wZi
eI1XN+N73bZgPWdMkar14WYpthVGnrspy/KB48uPqdVt4s7CNLufGIEKg6o=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:58:31 2025 by rpki-client