Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/HbYDEFlZH7LD42OnPOAQQmKHUfc.roa
File: HbYDEFlZH7LD42OnPOAQQmKHUfc.roa (raw, json)
Hash identifier: vBdu0OdgmlTRXVZa12/HttnkqdKOT5zC8OuTp+UGqvA=
Subject key identifier: 1D:B6:03:10:59:59:1F:B2:C3:E3:63:A7:3C:E0:10:42:62:87:51:F7
Certificate issuer: /CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Certificate serial: 0198C76A3A7864483D1D42DC7023AD36FDEC
Authority key identifier: 5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/HbYDEFlZH7LD42OnPOAQQmKHUfc.roa
Signing time: Wed 20 Aug 2025 12:18:04 +0000
ROA not before: Wed 20 Aug 2025 12:18:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41368
IP address blocks: 89.29.128.0/20 maxlen: 20
89.29.129.0/24 maxlen: 24
89.29.132.0/24 maxlen: 24
89.29.133.0/24 maxlen: 24
89.29.135.0/24 maxlen: 24
89.29.144.0/21 maxlen: 21
89.29.149.0/24 maxlen: 24
89.29.150.0/24 maxlen: 24
89.29.151.0/24 maxlen: 24
89.29.152.0/22 maxlen: 22
89.29.155.0/24 maxlen: 24
89.29.156.0/24 maxlen: 24
89.29.157.0/24 maxlen: 24
89.29.158.0/24 maxlen: 24
89.29.159.0/24 maxlen: 24
89.29.232.0/22 maxlen: 22
89.29.233.0/24 maxlen: 24
89.29.234.0/24 maxlen: 24
89.29.236.0/22 maxlen: 22
89.29.254.0/24 maxlen: 24
176.57.104.0/22 maxlen: 22
176.57.108.0/22 maxlen: 22
176.57.108.0/24 maxlen: 24
176.57.110.0/23 maxlen: 23
185.40.37.0/24 maxlen: 24
185.40.38.0/23 maxlen: 23
185.40.38.0/24 maxlen: 24
185.40.39.0/24 maxlen: 24
185.64.243.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.mft
rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 14:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c7:6a:3a:78:64:48:3d:1d:42:dc:70:23:ad:36:fd:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Validity
Not Before: Aug 20 12:18:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1db6031059591fb2c3e363a73ce01042628751f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:84:17:c5:d9:84:91:77:ec:fd:95:51:4b:9f:
f5:94:30:17:e7:b3:28:e8:4e:71:21:32:ca:26:1c:
e0:68:be:19:79:94:54:7b:66:41:e3:a9:75:58:ad:
d5:ca:76:6e:3c:03:bd:f6:0b:82:bd:67:12:1d:13:
96:b8:9d:79:b2:87:d1:6f:a9:33:f6:71:b0:ad:6d:
47:8e:30:fc:fa:ae:34:d7:85:38:4f:2a:27:79:3f:
bf:70:26:89:42:ea:ae:14:78:32:54:67:b2:73:91:
2f:b8:2e:fb:3a:ca:94:15:19:af:53:70:80:2d:73:
c2:1b:e3:c7:ee:c3:1c:f4:d3:61:4e:11:01:e7:a4:
5f:05:cd:d5:2f:55:96:f0:7c:08:4c:05:82:0b:1d:
dc:7d:07:60:11:18:10:ab:4d:3b:f1:b3:49:43:94:
fb:0f:b8:80:e6:53:d3:ba:7a:2f:48:df:50:66:f7:
0f:cd:3b:41:a4:cb:da:67:4f:10:82:97:54:63:0b:
b8:3e:21:c6:47:ea:a6:d1:cc:98:ce:16:1a:4b:df:
56:25:14:25:9b:6b:98:05:6e:1f:ed:8f:ba:41:68:
81:36:57:d8:1d:a4:75:8f:39:47:19:7d:20:f0:47:
e3:b4:8e:7b:cd:21:b2:c5:a0:7a:e6:64:48:2f:aa:
52:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:B6:03:10:59:59:1F:B2:C3:E3:63:A7:3C:E0:10:42:62:87:51:F7
X509v3 Authority Key Identifier:
keyid:5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/HbYDEFlZH7LD42OnPOAQQmKHUfc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.29.128.0/19
89.29.232.0/21
89.29.254.0/24
176.57.104.0/21
185.40.37.0-185.40.39.255
185.64.243.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:d1:8f:7f:b5:73:51:3c:74:0d:03:95:35:0c:d6:52:ae:ee:
27:44:b9:b3:8b:f0:20:5c:1b:d9:e9:c1:fa:16:32:bc:1e:16:
91:bf:9d:c8:42:5b:e4:fa:7f:d5:d9:27:c2:42:8b:bb:c8:53:
f2:73:1e:37:ef:7f:51:ed:6e:e5:e0:33:9f:79:1a:0e:13:32:
48:2a:1b:09:f3:50:9b:15:da:4f:75:5a:de:93:5a:28:57:01:
ce:0c:3a:e3:96:f0:18:77:df:65:69:9e:8a:c2:07:1c:cf:b8:
7b:e8:e6:be:f3:52:7f:f9:b0:a6:9f:25:b8:8a:08:12:2d:a7:
34:eb:a7:df:e2:d8:bc:63:6b:02:aa:6c:db:2a:8b:cc:05:d9:
c3:e6:aa:12:3c:d5:0e:91:69:aa:3a:57:14:e9:f1:39:48:e5:
8b:1b:b1:87:ce:a4:bd:8a:46:1e:46:3f:9c:b0:ab:83:b5:a3:
f9:ee:ad:24:7e:e5:84:97:93:11:58:bb:95:a8:a4:29:b0:6e:
23:2d:24:bb:fc:17:ad:0f:32:81:2e:72:b9:dd:46:40:a1:e2:
cf:45:3d:c1:d7:f6:b6:a6:38:3d:5f:6b:d7:26:9b:f7:a2:4d:
08:03:af:cd:b6:d6:2a:f2:fe:78:a7:1e:a0:e6:1e:ce:f6:25:
a8:02:fa:56
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZjHajp4ZEg9HULccCOtNv3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTM5YjBjZWQzOGQ3NWNjNjNlZDUwZDZlNWNlNzJiYmI1
YjRiMTAwHhcNMjUwODIwMTIxODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI2MDMxMDU5NTkxZmIyYzNlMzYzYTczY2UwMTA0MjYyODc1MWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4QXxdmEkXfs/ZVRS5/1lDAX57Mo
6E5xITLKJhzgaL4ZeZRUe2ZB46l1WK3VynZuPAO99guCvWcSHROWuJ15sofRb6kz
9nGwrW1HjjD8+q4014U4TyoneT+/cCaJQuquFHgyVGeyc5EvuC77OsqUFRmvU3CA
LXPCG+PH7sMc9NNhThEB56RfBc3VL1WW8HwITAWCCx3cfQdgERgQq0078bNJQ5T7
D7iA5lPTunovSN9QZvcPzTtBpMvaZ08QgpdUYwu4PiHGR+qm0cyYzhYaS99WJRQl
m2uYBW4f7Y+6QWiBNlfYHaR1jzlHGX0g8EfjtI57zSGyxaB65mRIL6pSHQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFB22AxBZWR+yw+NjpzzgEEJih1H3MB8GA1UdIwQY
MBaAFFqTmwztONdcxj7VDW5c5yu7W0sQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgt
ZDYwYjNiNmNjYTZlLzEvSGJZREVGbFpIN0xENDJPblBPQVFRbUtIVWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgtZDYwYjNiNmNjYTZl
LzEvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQFWR2AAwQD
WR3oAwQAWR3+AwQDsDloMAwDBAC5KCUDBAO5KCADBAC5QPMwDQYJKoZIhvcNAQEL
BQADggEBAGrRj3+1c1E8dA0DlTUM1lKu7idEubOL8CBcG9npwfoWMrweFpG/nchC
W+T6f9XZJ8JCi7vIU/JzHjfvf1HtbuXgM595Gg4TMkgqGwnzUJsV2k91Wt6TWihX
Ac4MOuOW8Bh332VpnorCBxzPuHvo5r7zUn/5sKafJbiKCBItpzTrp9/i2LxjawKq
bNsqi8wF2cPmqhI81Q6Raao6VxTp8TlI5YsbsYfOpL2KRh5GP5ywq4O1o/nurSR+
5YSXkxFYu5WopCmwbiMtJLv8F60PMoEucrndRkCh4s9FPcHX9ramOD1fa9cmm/ei
TQgDr8221iry/ninHqDmHs72JagC+lY=
-----END CERTIFICATE-----
Generated at Sun Aug 24 00:33:11 2025 by rpki-client