Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hfbW-MgSGHukUskkJyFvMqHg57I.roa
File: hfbW-MgSGHukUskkJyFvMqHg57I.roa (raw, json)
Hash identifier: U5M8t+APG7iIrHAOeUcvMU6TbXCfXX9ps0T4pjHdOL8=
Subject key identifier: 85:F6:D6:F8:C8:12:18:7B:A4:52:C9:24:27:21:6F:32:A1:E0:E7:B2
Certificate issuer: /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial: 0199E3366ACDD8C425F4336F2FB8ED349201
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hfbW-MgSGHukUskkJyFvMqHg57I.roa
Signing time: Tue 14 Oct 2025 14:53:38 +0000
ROA not before: Tue 14 Oct 2025 14:53:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209847
IP address blocks: 5.182.36.0/24 maxlen: 24
5.182.37.0/24 maxlen: 24
5.182.38.0/24 maxlen: 24
5.182.39.0/24 maxlen: 24
45.8.144.0/24 maxlen: 24
45.8.145.0/24 maxlen: 24
45.8.146.0/24 maxlen: 24
45.67.34.0/24 maxlen: 24
45.67.35.0/24 maxlen: 24
45.84.0.0/24 maxlen: 24
45.87.152.0/24 maxlen: 24
45.87.153.0/24 maxlen: 24
45.87.154.0/24 maxlen: 24
45.89.52.0/24 maxlen: 24
45.89.53.0/24 maxlen: 24
45.89.54.0/24 maxlen: 24
45.89.55.0/24 maxlen: 24
45.93.10.0/24 maxlen: 24
45.93.11.0/24 maxlen: 24
45.159.248.0/24 maxlen: 24
45.159.249.0/24 maxlen: 24
45.159.250.0/24 maxlen: 24
45.159.251.0/24 maxlen: 24
93.185.166.0/24 maxlen: 24
141.98.168.0/24 maxlen: 24
141.98.169.0/24 maxlen: 24
141.98.170.0/24 maxlen: 24
185.231.204.0/24 maxlen: 24
185.231.205.0/24 maxlen: 24
185.231.206.0/24 maxlen: 24
185.231.207.0/24 maxlen: 24
188.119.123.0/24 maxlen: 24
193.43.146.0/24 maxlen: 24
193.43.147.0/24 maxlen: 24
193.46.56.0/24 maxlen: 24
193.46.57.0/24 maxlen: 24
193.57.136.0/24 maxlen: 24
193.57.137.0/24 maxlen: 24
193.57.138.0/24 maxlen: 24
193.57.139.0/24 maxlen: 24
194.4.48.0/24 maxlen: 24
194.4.49.0/24 maxlen: 24
194.4.50.0/24 maxlen: 24
194.4.51.0/24 maxlen: 24
194.116.172.0/24 maxlen: 24
194.116.173.0/24 maxlen: 24
194.116.190.0/24 maxlen: 24
194.116.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e3:36:6a:cd:d8:c4:25:f4:33:6f:2f:b8:ed:34:92:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Validity
Not Before: Oct 14 14:53:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85f6d6f8c812187ba452c92427216f32a1e0e7b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:28:fb:a3:23:a6:6e:b4:14:a0:54:e5:5e:a5:
b1:c5:b1:d4:46:df:d2:59:54:74:00:69:7e:6a:43:
97:0b:7e:81:d1:5e:10:f7:15:6c:d4:ab:e1:38:71:
00:62:a9:da:6f:46:df:fa:11:d8:30:7b:47:7f:0a:
08:fd:6b:f4:d7:09:62:64:7e:b4:54:95:3d:3f:36:
b4:22:f3:d6:5b:2a:d6:f0:b0:50:16:3e:cc:f8:b3:
cb:76:e0:e3:46:8e:eb:ae:6c:a0:c1:9f:fd:c7:67:
80:0b:b7:a7:ac:6e:83:ac:7c:d4:19:56:ab:4c:c0:
a9:ad:f2:43:27:e5:e8:dd:c0:d8:5a:a6:02:5b:2a:
25:59:47:fb:ee:1e:aa:dd:ba:bd:c2:88:e9:66:9c:
a0:c5:c0:1d:c9:2d:78:ab:21:24:11:47:d7:ea:49:
7b:63:80:45:2d:1b:9a:e5:5b:a0:82:f4:86:3f:67:
1c:c4:5b:8f:69:b1:33:c9:73:1b:04:ab:17:03:f4:
ad:7a:10:78:dc:65:1c:53:e2:4a:34:7c:d8:e6:3f:
ac:0d:e4:e2:68:2f:3a:07:be:b8:b0:4e:8f:a4:84:
23:18:a6:c2:2d:99:34:a5:57:3c:73:f3:5a:47:ca:
db:27:83:d1:65:7a:4a:4b:0b:91:f0:d1:62:76:e7:
ab:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:F6:D6:F8:C8:12:18:7B:A4:52:C9:24:27:21:6F:32:A1:E0:E7:B2
X509v3 Authority Key Identifier:
keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hfbW-MgSGHukUskkJyFvMqHg57I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.36.0/22
45.8.144.0-45.8.146.255
45.67.34.0/23
45.84.0.0/24
45.87.152.0-45.87.154.255
45.89.52.0/22
45.93.10.0/23
45.159.248.0/22
93.185.166.0/24
141.98.168.0-141.98.170.255
185.231.204.0/22
188.119.123.0/24
193.43.146.0/23
193.46.56.0/23
193.57.136.0/22
194.4.48.0/22
194.116.172.0/23
194.116.190.0/23
Signature Algorithm: sha256WithRSAEncryption
40:ed:3d:4a:33:cc:f9:9b:9a:bd:86:2e:1e:fb:b6:90:5d:bd:
06:34:41:72:f8:52:7f:5a:9a:03:a7:7f:7d:b9:36:07:72:b1:
16:0e:c4:9b:08:7a:13:ff:f4:da:da:58:5c:c3:1c:2b:63:ce:
09:da:2f:2f:e0:58:24:f9:99:75:e9:68:9d:84:62:4f:8e:18:
9b:23:46:14:ca:0c:f4:e5:1d:8a:c8:56:2a:ca:d6:77:5a:94:
42:8c:91:15:ee:83:84:17:f7:4e:9f:75:e5:5d:cc:ed:12:b2:
87:2f:b0:a7:5c:80:36:7d:99:d8:b6:c5:81:cd:9e:8a:7f:cf:
08:96:17:52:e0:80:ef:ab:65:1f:fc:57:a9:2d:75:ed:00:69:
30:16:85:b2:da:58:c7:24:16:00:ae:f6:b6:6a:75:d2:3d:53:
71:4c:2a:60:e7:aa:0f:a2:a8:87:73:0d:db:64:fc:01:37:60:
7e:1f:14:27:eb:df:44:62:3d:06:dd:0a:66:a5:bb:b1:05:28:
9c:a2:1f:25:60:f8:a2:00:9c:2a:93:4a:d5:57:81:95:a6:34:
9f:8e:90:49:3e:ca:21:1f:eb:4a:38:2b:cd:23:9e:16:33:cb:
18:64:19:3f:27:0a:ad:de:de:b3:9b:a5:57:a9:81:39:02:78:
d5:1f:c6:a9
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZnjNmrN2MQl9DNvL7jtNJIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUxMDE0MTQ1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY2ZDZmOGM4MTIxODdiYTQ1MmM5MjQyNzIxNmYzMmExZTBlN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yj7oyOmbrQUoFTlXqWxxbHURt/S
WVR0AGl+akOXC36B0V4Q9xVs1KvhOHEAYqnab0bf+hHYMHtHfwoI/Wv01wliZH60
VJU9Pza0IvPWWyrW8LBQFj7M+LPLduDjRo7rrmygwZ/9x2eAC7enrG6DrHzUGVar
TMCprfJDJ+Xo3cDYWqYCWyolWUf77h6q3bq9wojpZpygxcAdyS14qyEkEUfX6kl7
Y4BFLRua5VuggvSGP2ccxFuPabEzyXMbBKsXA/StehB43GUcU+JKNHzY5j+sDeTi
aC86B764sE6PpIQjGKbCLZk0pVc8c/NaR8rbJ4PRZXpKSwuR8NFiduermwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFIX21vjIEhh7pFLJJCchbzKh4OeyMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvaGZiVy1NZ1NHSHVrVXNra0p5RnZNcUhnNTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAIF
tiQwDAMEBC0IkAMEAC0IkgMEAS1DIgMEAC1UADAMAwQDLVeYAwQALVeaAwQCLVk0
AwQBLV0KAwQCLZ/4AwQAXbmmMAwDBAONYqgDBACNYqoDBAK558wDBAC8d3sDBAHB
K5IDBAHBLjgDBALBOYgDBALCBDADBAHCdKwDBAHCdL4wDQYJKoZIhvcNAQELBQAD
ggEBAEDtPUozzPmbmr2GLh77tpBdvQY0QXL4Un9amgOnf325NgdysRYOxJsIehP/
9NraWFzDHCtjzgnaLy/gWCT5mXXpaJ2EYk+OGJsjRhTKDPTlHYrIVirK1ndalEKM
kRXug4QX906fdeVdzO0SsocvsKdcgDZ9mdi2xYHNnop/zwiWF1LggO+rZR/8V6kt
de0AaTAWhbLaWMckFgCu9rZqddI9U3FMKmDnqg+iqIdzDdtk/AE3YH4fFCfr30Ri
PQbdCmalu7EFKJyiHyVg+KIAnCqTStVXgZWmNJ+OkEk+yiEf60o4K80jnhYzyxhk
GT8nCq3e3rObpVepgTkCeNUfxqk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:59:50 2025 by rpki-client