Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/sHCMS0oJ2DBmSBt5fLAgPpnKcXE.roa
File: sHCMS0oJ2DBmSBt5fLAgPpnKcXE.roa (raw, json)
Hash identifier: x5bXQoIxg3oYhDL2OLT4GYBfK+xR6iJjuSaHAUUTC2k=
Subject key identifier: B0:70:8C:4B:4A:09:D8:30:66:48:1B:79:7C:B0:20:3E:99:CA:71:71
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 0199C07D8F28A35DD2FDC51A7A428AD1FD5B
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/sHCMS0oJ2DBmSBt5fLAgPpnKcXE.roa
Signing time: Tue 07 Oct 2025 21:04:38 +0000
ROA not before: Tue 07 Oct 2025 21:04:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48031
IP address blocks: 130.49.4.0/24 maxlen: 24
130.49.7.0/24 maxlen: 24
130.49.13.0/24 maxlen: 24
130.49.18.0/24 maxlen: 24
130.49.19.0/24 maxlen: 24
130.49.23.0/24 maxlen: 24
130.49.26.0/24 maxlen: 24
130.49.28.0/24 maxlen: 24
130.49.33.0/24 maxlen: 24
130.49.34.0/24 maxlen: 24
130.49.38.0/24 maxlen: 24
130.49.41.0/24 maxlen: 24
130.49.43.0/24 maxlen: 24
130.49.48.0/24 maxlen: 24
130.49.49.0/24 maxlen: 24
130.49.54.0/24 maxlen: 24
130.49.56.0/24 maxlen: 24
130.49.59.0/24 maxlen: 24
130.49.63.0/24 maxlen: 24
130.49.64.0/24 maxlen: 24
130.49.69.0/24 maxlen: 24
130.49.71.0/24 maxlen: 24
130.49.74.0/24 maxlen: 24
130.49.82.0/24 maxlen: 24
130.49.83.0/24 maxlen: 24
130.49.88.0/24 maxlen: 24
130.49.90.0/24 maxlen: 24
130.49.93.0/24 maxlen: 24
130.49.97.0/24 maxlen: 24
130.49.98.0/24 maxlen: 24
130.49.103.0/24 maxlen: 24
130.49.105.0/24 maxlen: 24
130.49.109.0/24 maxlen: 24
130.49.116.0/24 maxlen: 24
130.49.118.0/24 maxlen: 24
130.49.123.0/24 maxlen: 24
130.49.124.0/24 maxlen: 24
155.212.33.0/24 maxlen: 24
155.212.40.0/24 maxlen: 24
155.212.42.0/24 maxlen: 24
155.212.47.0/24 maxlen: 24
155.212.48.0/24 maxlen: 24
155.212.52.0/24 maxlen: 24
155.212.54.0/24 maxlen: 24
155.212.57.0/24 maxlen: 24
155.212.61.0/24 maxlen: 24
155.212.62.0/24 maxlen: 24
155.212.68.0/24 maxlen: 24
155.212.69.0/24 maxlen: 24
155.212.73.0/24 maxlen: 24
155.212.76.0/24 maxlen: 24
155.212.78.0/24 maxlen: 24
155.212.83.0/24 maxlen: 24
155.212.84.0/24 maxlen: 24
155.212.88.0/24 maxlen: 24
155.212.90.0/24 maxlen: 24
155.212.93.0/24 maxlen: 24
155.212.97.0/24 maxlen: 24
155.212.98.0/24 maxlen: 24
155.212.103.0/24 maxlen: 24
155.212.105.0/24 maxlen: 24
155.212.112.0/24 maxlen: 24
155.212.116.0/24 maxlen: 24
155.212.118.0/24 maxlen: 24
155.212.123.0/24 maxlen: 24
155.212.124.0/24 maxlen: 24
170.168.205.0/24 maxlen: 24
170.168.213.0/24 maxlen: 24
170.168.214.0/24 maxlen: 24
170.168.222.0/24 maxlen: 24
170.168.229.0/24 maxlen: 24
170.168.231.0/24 maxlen: 24
170.168.239.0/24 maxlen: 24
170.168.249.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 19:02:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c0:7d:8f:28:a3:5d:d2:fd:c5:1a:7a:42:8a:d1:fd:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Oct 7 21:04:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b0708c4b4a09d83066481b797cb0203e99ca7171
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:ec:28:e7:5c:49:07:c7:7c:99:24:d7:ce:f7:
ce:1d:ef:16:52:71:2d:7f:e9:48:64:e7:15:36:8f:
d7:06:71:4c:dc:60:8e:fe:9a:27:90:29:fb:7e:99:
98:99:c5:b4:88:3f:9a:f0:d8:2f:35:08:56:fc:fa:
36:76:f4:9f:ee:6d:85:97:85:85:99:a2:a6:3b:9b:
fb:79:86:f4:7a:83:a8:38:56:40:2b:17:53:f9:b0:
3c:e7:4a:96:3d:45:bc:26:67:6e:15:49:53:98:60:
a3:ac:cf:94:30:9c:04:cf:d3:1f:93:33:fc:89:a1:
17:35:f5:fd:37:25:4e:dd:98:70:69:8d:15:6c:e7:
09:18:4a:1d:f9:77:73:45:ac:ed:2c:1a:65:53:10:
ec:7a:66:26:fb:6f:c2:27:21:75:7e:aa:5e:fa:f9:
8a:a0:5b:0a:1c:87:86:b3:25:54:b3:1e:11:26:19:
66:1e:c3:96:6c:ab:42:ed:a4:7b:47:57:c5:e4:3f:
22:71:6a:1e:4f:89:04:82:83:60:0d:ef:57:9a:5c:
f7:65:3b:56:91:1c:cd:86:cf:73:b6:0b:15:3f:76:
5d:77:6c:6d:d7:76:a1:8d:69:60:e5:a8:ca:dd:7a:
36:de:20:61:18:39:1a:75:15:8a:09:16:79:67:d2:
b6:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:70:8C:4B:4A:09:D8:30:66:48:1B:79:7C:B0:20:3E:99:CA:71:71
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/sHCMS0oJ2DBmSBt5fLAgPpnKcXE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.49.4.0/24
130.49.7.0/24
130.49.13.0/24
130.49.18.0/23
130.49.23.0/24
130.49.26.0/24
130.49.28.0/24
130.49.33.0-130.49.34.255
130.49.38.0/24
130.49.41.0/24
130.49.43.0/24
130.49.48.0/23
130.49.54.0/24
130.49.56.0/24
130.49.59.0/24
130.49.63.0-130.49.64.255
130.49.69.0/24
130.49.71.0/24
130.49.74.0/24
130.49.82.0/23
130.49.88.0/24
130.49.90.0/24
130.49.93.0/24
130.49.97.0-130.49.98.255
130.49.103.0/24
130.49.105.0/24
130.49.109.0/24
130.49.116.0/24
130.49.118.0/24
130.49.123.0-130.49.124.255
155.212.33.0/24
155.212.40.0/24
155.212.42.0/24
155.212.47.0-155.212.48.255
155.212.52.0/24
155.212.54.0/24
155.212.57.0/24
155.212.61.0-155.212.62.255
155.212.68.0/23
155.212.73.0/24
155.212.76.0/24
155.212.78.0/24
155.212.83.0-155.212.84.255
155.212.88.0/24
155.212.90.0/24
155.212.93.0/24
155.212.97.0-155.212.98.255
155.212.103.0/24
155.212.105.0/24
155.212.112.0/24
155.212.116.0/24
155.212.118.0/24
155.212.123.0-155.212.124.255
170.168.205.0/24
170.168.213.0-170.168.214.255
170.168.222.0/24
170.168.229.0/24
170.168.231.0/24
170.168.239.0/24
170.168.249.0/24
Signature Algorithm: sha256WithRSAEncryption
72:11:81:0b:a6:9f:50:d4:f8:ba:90:63:a1:25:b2:5f:aa:26:
e9:59:7f:13:88:3d:7c:90:59:ff:1d:1d:16:d2:47:57:cb:6c:
85:33:52:6c:8a:18:b7:a3:db:e7:04:bc:be:2d:bb:f7:1c:3b:
4c:51:6c:78:fd:fe:d7:96:64:9d:1f:bf:06:d7:7b:cb:e6:1a:
7c:44:98:18:13:0a:d5:bb:b0:13:fc:18:8b:9e:e9:ac:9a:34:
10:58:58:a0:9b:79:aa:9e:53:ae:c6:13:9f:05:4e:d0:11:c4:
14:fa:35:d8:34:d8:e0:7f:26:ea:6f:79:0e:26:cc:16:b6:f4:
76:e6:2f:55:19:c4:4e:11:bc:c4:6f:d2:91:08:f5:c6:3c:c3:
b7:1d:2e:ed:de:93:4f:a6:1a:63:27:a3:cf:b1:15:30:6c:ca:
b5:79:d7:22:00:a6:2f:b6:39:af:02:7c:e7:f0:a7:12:da:a3:
ef:2f:2c:e3:4a:92:60:8b:15:34:10:61:2a:c1:23:e5:7e:53:
be:6a:c8:83:46:d9:29:d2:d4:8a:30:fc:11:3b:c5:14:4b:48:
d6:83:c2:06:54:d6:79:69:66:65:0d:ce:db:55:3c:2d:7e:9f:
c6:db:fa:d9:82:19:70:1a:99:c5:66:f5:79:52:d1:38:e7:be:
3a:ae:8c:5a
-----BEGIN CERTIFICATE-----
MIIGuTCCBaGgAwIBAgISAZnAfY8oo13S/cUaekKK0f1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDA3MjEwNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDcwOGM0YjRhMDlkODMwNjY0ODFiNzk3Y2IwMjAzZTk5Y2E3MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmewo51xJB8d8mSTXzvfOHe8WUnEt
f+lIZOcVNo/XBnFM3GCO/ponkCn7fpmYmcW0iD+a8NgvNQhW/Po2dvSf7m2Fl4WF
maKmO5v7eYb0eoOoOFZAKxdT+bA850qWPUW8JmduFUlTmGCjrM+UMJwEz9MfkzP8
iaEXNfX9NyVO3ZhwaY0VbOcJGEod+XdzRaztLBplUxDsemYm+2/CJyF1fqpe+vmK
oFsKHIeGsyVUsx4RJhlmHsOWbKtC7aR7R1fF5D8icWoeT4kEgoNgDe9Xmlz3ZTtW
kRzNhs9ztgsVP3Zdd2xt13ahjWlg5ajK3Xo23iBhGDkadRWKCRZ5Z9K22wIDAQAB
o4IDxTCCA8EwHQYDVR0OBBYEFLBwjEtKCdgwZkgbeXywID6ZynFxMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvc0hDTVMwb0oyREJtU0J0NWZMQWdQcG5LY1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB2QYIKwYBBQUHAQcBAf8EggHIMIIBxDCCAcAEAgABMIIB
uAMEAIIxBAMEAIIxBwMEAIIxDQMEAYIxEgMEAIIxFwMEAIIxGgMEAIIxHDAMAwQA
gjEhAwQAgjEiAwQAgjEmAwQAgjEpAwQAgjErAwQBgjEwAwQAgjE2AwQAgjE4AwQA
gjE7MAwDBACCMT8DBACCMUADBACCMUUDBACCMUcDBACCMUoDBAGCMVIDBACCMVgD
BACCMVoDBACCMV0wDAMEAIIxYQMEAIIxYgMEAIIxZwMEAIIxaQMEAIIxbQMEAIIx
dAMEAIIxdjAMAwQAgjF7AwQAgjF8AwQAm9QhAwQAm9QoAwQAm9QqMAwDBACb1C8D
BACb1DADBACb1DQDBACb1DYDBACb1DkwDAMEAJvUPQMEAJvUPgMEAZvURAMEAJvU
SQMEAJvUTAMEAJvUTjAMAwQAm9RTAwQAm9RUAwQAm9RYAwQAm9RaAwQAm9RdMAwD
BACb1GEDBACb1GIDBACb1GcDBACb1GkDBACb1HADBACb1HQDBACb1HYwDAMEAJvU
ewMEAJvUfAMEAKqozTAMAwQAqqjVAwQAqqjWAwQAqqjeAwQAqqjlAwQAqqjnAwQA
qqjvAwQAqqj5MA0GCSqGSIb3DQEBCwUAA4IBAQByEYELpp9Q1Pi6kGOhJbJfqibp
WX8TiD18kFn/HR0W0kdXy2yFM1Jsihi3o9vnBLy+Lbv3HDtMUWx4/f7XlmSdH78G
13vL5hp8RJgYEwrVu7AT/BiLnumsmjQQWFigm3mqnlOuxhOfBU7QEcQU+jXYNNjg
fybqb3kOJswWtvR25i9VGcROEbzEb9KRCPXGPMO3HS7t3pNPphpjJ6PPsRUwbMq1
edciAKYvtjmvAnzn8KcS2qPvLyzjSpJgixU0EGEqwSPlflO+asiDRtkp0tSKMPwR
O8UUS0jWg8IGVNZ5aWZlDc7bVTwtfp/G2/rZghlwGpnFZvV5UtE45746roxa
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:06:01 2025 by rpki-client