Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8rDHkLe0TSTwHx4WDDvrR-_Rnow.roa
File: 8rDHkLe0TSTwHx4WDDvrR-_Rnow.roa (raw, json)
Hash identifier: 29wxN1vn1T45ahVLJ7TowTdHbtjp7jm1ioyZkNKCMeI=
Subject key identifier: F2:B0:C7:90:B7:B4:4D:24:F0:1F:1E:16:0C:3B:EB:47:EF:D1:9E:8C
Certificate issuer: /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial: 01992EC8E82C9F5191891CBE8C3C1DEB2E3E
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8rDHkLe0TSTwHx4WDDvrR-_Rnow.roa
Signing time: Tue 09 Sep 2025 14:02:22 +0000
ROA not before: Tue 09 Sep 2025 14:02:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57433
IP address blocks: 37.114.32.0/19 maxlen: 32
37.114.32.0/24 maxlen: 24
37.114.37.0/24 maxlen: 24
37.114.44.0/24 maxlen: 24
37.114.46.0/24 maxlen: 24
37.114.50.0/24 maxlen: 24
37.114.54.0/24 maxlen: 24
43.251.160.0/22 maxlen: 32
43.251.160.0/24 maxlen: 24
43.251.161.0/24 maxlen: 24
43.251.162.0/24 maxlen: 24
43.251.163.0/24 maxlen: 24
94.154.48.0/21 maxlen: 32
94.154.48.0/24 maxlen: 24
94.154.49.0/24 maxlen: 24
94.154.50.0/24 maxlen: 24
94.154.51.0/24 maxlen: 24
94.154.52.0/24 maxlen: 24
94.154.53.0/24 maxlen: 24
94.154.54.0/24 maxlen: 24
94.154.55.0/24 maxlen: 24
103.252.88.0/22 maxlen: 32
176.100.32.0/21 maxlen: 32
176.100.32.0/24 maxlen: 24
176.100.38.0/24 maxlen: 24
176.100.39.0/24 maxlen: 24
185.14.92.0/22 maxlen: 32
185.14.92.0/24 maxlen: 24
185.14.93.0/24 maxlen: 24
2a00:ccc0::/29 maxlen: 128
2a00:ccc0::/32 maxlen: 32
2a00:ccc0::/48 maxlen: 48
2a00:ccc1::/32 maxlen: 48
2a00:ccc1::/48 maxlen: 48
2a00:ccc1:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2e:c8:e8:2c:9f:51:91:89:1c:be:8c:3c:1d:eb:2e:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Validity
Not Before: Sep 9 14:02:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f2b0c790b7b44d24f01f1e160c3beb47efd19e8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:30:3f:64:b3:fe:8e:c3:0c:19:ca:69:8a:17:
c9:f4:97:79:21:08:e7:78:61:a0:70:23:72:43:05:
28:d9:2e:a3:1f:35:08:7c:b9:00:d1:c5:51:9d:cd:
3b:13:b0:5b:33:81:6e:13:6a:a5:d2:5a:4a:10:35:
78:1c:bb:68:e9:10:b8:f8:4a:37:ca:f4:79:1c:05:
00:a8:75:38:94:08:89:a0:9f:1d:e5:54:31:c6:8e:
45:c5:4e:9f:e3:f2:92:cd:e7:5a:ad:52:d0:9b:3e:
e0:4d:d5:16:85:26:b5:9d:45:83:4e:fa:ab:d7:77:
f4:fa:13:5a:5f:93:27:8f:e6:86:c3:15:4b:93:ed:
7d:9a:da:94:a2:ee:b9:9b:8b:0c:33:82:ab:46:00:
97:8a:33:78:50:2d:46:53:a6:99:3d:f8:52:9c:9b:
30:fb:9b:21:97:19:63:17:9e:32:5e:16:8d:9f:5f:
ee:f1:a0:20:2d:80:c0:28:51:58:89:1b:e2:78:c9:
4e:de:19:88:ae:17:47:fa:52:d2:aa:37:ff:fb:80:
b0:04:6c:08:46:b1:cd:13:ee:f8:0a:8e:56:b3:9c:
4f:cf:06:b1:d2:45:68:ad:af:60:80:5b:3e:7c:de:
f6:2c:18:1f:d4:c7:f4:bd:8a:b9:5a:a0:a4:49:e7:
ad:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:B0:C7:90:B7:B4:4D:24:F0:1F:1E:16:0C:3B:EB:47:EF:D1:9E:8C
X509v3 Authority Key Identifier:
keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/8rDHkLe0TSTwHx4WDDvrR-_Rnow.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.114.32.0/19
43.251.160.0/22
94.154.48.0/21
103.252.88.0/22
176.100.32.0/21
185.14.92.0/22
IPv6:
2a00:ccc0::/29
Signature Algorithm: sha256WithRSAEncryption
42:51:41:2f:14:f1:1f:1e:2c:56:46:0a:76:6d:fc:5f:64:9f:
0c:cc:03:83:69:da:d6:58:be:88:22:86:d5:4e:1f:9f:6d:54:
23:35:ca:d7:d2:29:45:27:e6:79:0e:7b:95:c7:fe:55:ef:9f:
8a:93:9b:40:17:3d:3f:1a:bf:f2:27:a7:ab:77:37:a1:b7:66:
bd:a5:22:0d:62:b5:b1:e7:9c:c1:b1:60:a4:2f:f0:da:c0:8f:
71:94:ad:b9:52:f0:4e:8a:93:fc:63:02:25:59:4b:83:fb:cc:
d4:eb:40:23:a3:47:f3:66:c5:5f:ef:1e:d3:22:d5:00:21:c1:
5b:5a:15:a7:17:aa:29:eb:54:92:33:79:4a:28:ed:65:78:20:
16:a8:38:63:9d:c7:5d:31:92:ef:e8:ce:15:3a:58:99:27:de:
48:1b:f0:1c:95:5a:1e:e9:a1:1f:66:6a:f9:f6:6c:1d:76:f8:
c5:a0:20:a7:b7:0c:95:07:29:95:46:a3:df:3f:17:9a:ca:35:
c0:8b:bb:57:96:3e:6b:24:89:79:f4:a3:60:31:97:1f:8f:b6:
d2:9b:a6:a7:ee:76:ef:80:b5:7b:87:7a:c5:7c:be:7f:92:99:
ec:fe:f4:3a:dd:24:66:7a:b0:ca:44:02:0d:5b:e9:76:cf:61:
2e:aa:f1:2e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZkuyOgsn1GRiRy+jDwd6y4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwOTA5MTQwMjIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIwYzc5MGI3YjQ0ZDI0ZjAxZjFlMTYwYzNiZWI0N2VmZDE5ZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDA/ZLP+jsMMGcppihfJ9Jd5IQjn
eGGgcCNyQwUo2S6jHzUIfLkA0cVRnc07E7BbM4FuE2ql0lpKEDV4HLto6RC4+Eo3
yvR5HAUAqHU4lAiJoJ8d5VQxxo5FxU6f4/KSzedarVLQmz7gTdUWhSa1nUWDTvqr
13f0+hNaX5Mnj+aGwxVLk+19mtqUou65m4sMM4KrRgCXijN4UC1GU6aZPfhSnJsw
+5shlxljF54yXhaNn1/u8aAgLYDAKFFYiRvieMlO3hmIrhdH+lLSqjf/+4CwBGwI
RrHNE+74Co5Ws5xPzwax0kVora9ggFs+fN72LBgf1Mf0vYq5WqCkSeetLQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFPKwx5C3tE0k8B8eFgw760fv0Z6MMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvOHJESGtMZTBUU1R3SHg0V0REdnJSLV9Sbm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFJXIgAwQC
K/ugAwQDXpowAwQCZ/xYAwQDsGQgAwQCuQ5cMA0EAgACMAcDBQMqAMzAMA0GCSqG
SIb3DQEBCwUAA4IBAQBCUUEvFPEfHixWRgp2bfxfZJ8MzAODadrWWL6IIobVTh+f
bVQjNcrX0ilFJ+Z5DnuVx/5V75+Kk5tAFz0/Gr/yJ6erdzeht2a9pSINYrWx55zB
sWCkL/DawI9xlK25UvBOipP8YwIlWUuD+8zU60Ajo0fzZsVf7x7TItUAIcFbWhWn
F6op61SSM3lKKO1leCAWqDhjncddMZLv6M4VOliZJ95IG/AclVoe6aEfZmr59mwd
dvjFoCCntwyVBymVRqPfPxeayjXAi7tXlj5rJIl59KNgMZcfj7bSm6an7nbvgLV7
h3rFfL5/kpns/vQ63SRmerDKRAINW+l2z2EuqvEu
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:18:45 2025 by rpki-client