Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/CAAElPjkDv4fIhh0k3uay3CvTiw.roa
File: CAAElPjkDv4fIhh0k3uay3CvTiw.roa (raw, json)
Hash identifier: j/tlK8OREtHciR60sU9QZumaI4ZSdmMM8bbSOekNS6o=
Subject key identifier: 08:00:04:94:F8:E4:0E:FE:1F:22:18:74:93:7B:9A:CB:70:AF:4E:2C
Certificate issuer: /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial: 0198A83F05D44CD16CA0CC00EBA568E0486F
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/CAAElPjkDv4fIhh0k3uay3CvTiw.roa
Signing time: Thu 14 Aug 2025 11:02:39 +0000
ROA not before: Thu 14 Aug 2025 11:02:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203020
IP address blocks: 37.61.226.0/24 maxlen: 32
37.61.227.0/24 maxlen: 32
37.200.104.0/21 maxlen: 32
43.252.28.0/22 maxlen: 32
45.12.56.0/22 maxlen: 32
45.117.154.0/24 maxlen: 32
45.117.155.0/24 maxlen: 32
45.130.120.0/22 maxlen: 32
46.182.168.0/22 maxlen: 32
78.156.160.0/20 maxlen: 32
78.156.176.0/20 maxlen: 32
85.208.148.0/22 maxlen: 32
89.104.110.0/23 maxlen: 32
89.184.192.0/19 maxlen: 32
89.223.14.0/23 maxlen: 32
89.223.18.0/23 maxlen: 32
92.255.32.0/21 maxlen: 32
92.255.86.0/23 maxlen: 32
94.46.0.0/21 maxlen: 32
94.46.2.0/23 maxlen: 32
94.46.32.0/21 maxlen: 32
103.30.12.0/22 maxlen: 32
103.211.184.0/23 maxlen: 32
103.225.128.0/22 maxlen: 32
103.245.40.0/22 maxlen: 32
103.250.134.0/24 maxlen: 32
103.252.184.0/22 maxlen: 32
109.198.32.0/20 maxlen: 32
109.198.48.0/20 maxlen: 32
116.212.188.0/22 maxlen: 32
163.53.26.0/24 maxlen: 32
163.53.27.0/24 maxlen: 32
176.117.88.0/22 maxlen: 32
176.117.92.0/22 maxlen: 32
180.92.128.0/19 maxlen: 32
180.94.216.0/22 maxlen: 32
185.10.7.0/24 maxlen: 32
185.18.104.0/22 maxlen: 32
185.64.180.0/22 maxlen: 32
193.151.52.0/22 maxlen: 32
194.32.88.0/22 maxlen: 32
202.51.78.0/24 maxlen: 32
202.51.84.0/24 maxlen: 32
202.51.85.0/24 maxlen: 32
202.51.87.0/24 maxlen: 32
202.51.90.0/24 maxlen: 32
202.51.91.0/24 maxlen: 32
203.78.168.0/21 maxlen: 32
206.204.0.0/18 maxlen: 32
213.188.80.0/20 maxlen: 32
216.194.80.0/20 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 11:02:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a8:3f:05:d4:4c:d1:6c:a0:cc:00:eb:a5:68:e0:48:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
Validity
Not Before: Aug 14 11:02:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08000494f8e40efe1f221874937b9acb70af4e2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:aa:2a:a1:49:75:72:c0:91:be:14:ca:02:ee:
d0:83:1a:80:a9:90:15:b6:59:81:6d:92:18:7e:3e:
82:48:38:90:cf:7d:32:d2:90:15:a3:59:d4:e3:da:
28:17:d6:9f:16:98:93:29:e4:4d:ac:57:47:87:f7:
67:4a:47:3c:0c:8d:d0:2a:c0:ed:72:ae:b6:a8:9f:
1d:4f:34:36:7d:25:83:98:aa:2d:a3:e6:cb:b8:c2:
05:69:92:cf:a1:af:e7:27:7d:84:36:a0:be:4e:6c:
e7:d2:63:20:11:ca:a6:28:35:fd:59:e7:ca:92:35:
18:0e:45:0d:f2:8e:c1:70:58:95:6e:0f:b1:c5:78:
02:92:ad:02:d7:8a:aa:b5:75:b7:21:3b:b1:75:12:
f5:59:d9:0c:2c:45:68:94:84:e7:ee:d5:8d:2d:1d:
75:fe:45:95:de:d4:87:13:42:55:cb:2f:fa:b8:2a:
d9:0c:f0:06:2e:fa:74:96:a9:c2:22:35:15:de:9e:
4a:33:b0:16:aa:64:3a:c1:77:60:01:f2:76:6f:8d:
6e:7b:82:da:77:55:18:cd:fc:9e:9b:e8:79:93:1f:
06:f4:08:63:63:a0:df:06:b5:c4:37:6b:11:11:29:
75:1a:9e:b3:d6:f0:b0:2d:62:3c:c5:b6:dd:60:23:
94:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:00:04:94:F8:E4:0E:FE:1F:22:18:74:93:7B:9A:CB:70:AF:4E:2C
X509v3 Authority Key Identifier:
keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/CAAElPjkDv4fIhh0k3uay3CvTiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.226.0/23
37.200.104.0/21
43.252.28.0/22
45.12.56.0/22
45.117.154.0/23
45.130.120.0/22
46.182.168.0/22
78.156.160.0/19
85.208.148.0/22
89.104.110.0/23
89.184.192.0/19
89.223.14.0/23
89.223.18.0/23
92.255.32.0/21
92.255.86.0/23
94.46.0.0/21
94.46.32.0/21
103.30.12.0/22
103.211.184.0/23
103.225.128.0/22
103.245.40.0/22
103.250.134.0/24
103.252.184.0/22
109.198.32.0/19
116.212.188.0/22
163.53.26.0/23
176.117.88.0/21
180.92.128.0/19
180.94.216.0/22
185.10.7.0/24
185.18.104.0/22
185.64.180.0/22
193.151.52.0/22
194.32.88.0/22
202.51.78.0/24
202.51.84.0/23
202.51.87.0/24
202.51.90.0/23
203.78.168.0/21
206.204.0.0/18
213.188.80.0/20
216.194.80.0/20
Signature Algorithm: sha256WithRSAEncryption
1b:f8:89:09:fb:59:8a:0c:bf:b9:9f:c1:96:80:41:32:0a:bd:
55:ab:63:7c:1f:c3:60:2a:33:12:00:6d:a3:8b:13:f6:e0:01:
87:89:42:03:1e:e9:71:c8:77:19:44:d4:98:5c:a4:d2:1a:8b:
12:74:c0:aa:99:b1:99:e3:4c:b6:91:c4:50:a9:1d:71:e7:94:
55:53:69:5f:94:e2:61:41:c0:e6:0d:47:d9:67:62:19:e9:68:
69:f8:c4:3d:fe:40:04:68:62:df:26:07:ac:4a:1c:3c:42:ce:
2c:0a:5b:ce:ab:df:a0:9e:c7:4e:dd:b9:85:d4:0e:48:e7:da:
1e:8f:49:b1:d4:02:11:c3:99:f7:44:3c:47:e1:61:61:a4:ec:
72:0a:ad:ab:cc:1b:05:69:4b:cd:0c:90:e6:3c:3a:3c:3d:24:
b5:89:65:d7:18:92:e0:83:94:4b:b2:f5:35:c0:95:e4:bd:22:
df:d9:d9:8f:c1:8c:f0:f5:42:78:c0:8d:df:89:4c:d4:d5:a9:
34:bc:34:94:9a:1d:45:21:20:9e:43:61:8d:75:1a:31:22:61:
fd:b8:50:f5:c4:df:34:fb:6a:bc:e7:40:dd:25:69:3a:53:ba:
43:e2:26:9f:c0:dc:06:c7:ec:76:42:ae:e2:41:77:ad:f2:78:
e4:d5:36:12
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZioPwXUTNFsoMwA66Vo4EhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjUwODE0MTEwMjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAwMDQ5NGY4ZTQwZWZlMWYyMjE4NzQ5MzdiOWFjYjcwYWY0ZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6oqoUl1csCRvhTKAu7QgxqAqZAV
tlmBbZIYfj6CSDiQz30y0pAVo1nU49ooF9afFpiTKeRNrFdHh/dnSkc8DI3QKsDt
cq62qJ8dTzQ2fSWDmKoto+bLuMIFaZLPoa/nJ32ENqC+Tmzn0mMgEcqmKDX9WefK
kjUYDkUN8o7BcFiVbg+xxXgCkq0C14qqtXW3ITuxdRL1WdkMLEVolITn7tWNLR11
/kWV3tSHE0JVyy/6uCrZDPAGLvp0lqnCIjUV3p5KM7AWqmQ6wXdgAfJ2b41ue4La
d1UYzfyem+h5kx8G9AhjY6DfBrXEN2sRESl1Gp6z1vCwLWI8xbbdYCOUwwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFAgABJT45A7+HyIYdJN7mstwr04sMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvQ0FBRWxQamtEdjRmSWhoMGszdWF5M0N2VGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
AwQBJT3iAwQDJchoAwQCK/wcAwQCLQw4AwQBLXWaAwQCLYJ4AwQCLraoAwQFTpyg
AwQCVdCUAwQBWWhuAwQFWbjAAwQBWd8OAwQBWd8SAwQDXP8gAwQBXP9WAwQDXi4A
AwQDXi4gAwQCZx4MAwQBZ9O4AwQCZ+GAAwQCZ/UoAwQAZ/qGAwQCZ/y4AwQFbcYg
AwQCdNS8AwQBozUaAwQDsHVYAwQFtFyAAwQCtF7YAwQAuQoHAwQCuRJoAwQCuUC0
AwQCwZc0AwQCwiBYAwQAyjNOAwQByjNUAwQAyjNXAwQByjNaAwQDy06oAwQGzswA
AwQE1bxQAwQE2MJQMA0GCSqGSIb3DQEBCwUAA4IBAQAb+IkJ+1mKDL+5n8GWgEEy
Cr1Vq2N8H8NgKjMSAG2jixP24AGHiUIDHulxyHcZRNSYXKTSGosSdMCqmbGZ40y2
kcRQqR1x55RVU2lflOJhQcDmDUfZZ2IZ6Whp+MQ9/kAEaGLfJgesShw8Qs4sClvO
q9+gnsdO3bmF1A5I59oej0mx1AIRw5n3RDxH4WFhpOxyCq2rzBsFaUvNDJDmPDo8
PSS1iWXXGJLgg5RLsvU1wJXkvSLf2dmPwYzw9UJ4wI3fiUzU1ak0vDSUmh1FISCe
Q2GNdRoxImH9uFD1xN80+2q850DdJWk6U7pD4iafwNwGx+x2Qq7iQXet8njk1TYS
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:57:07 2025 by rpki-client