Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8p9q4LvmNtCXuaLXWQe0QXKT28U.roa
File: 8p9q4LvmNtCXuaLXWQe0QXKT28U.roa (raw, json)
Hash identifier: ega+GXJalAIDEwiCLXowo4ZLTDM935n+AD3yJwxsIZg=
Subject key identifier: F2:9F:6A:E0:BB:E6:36:D0:97:B9:A2:D7:59:07:B4:41:72:93:DB:C5
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0198C15E14F6A883F4E5A2A10D903F92E5E0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8p9q4LvmNtCXuaLXWQe0QXKT28U.roa
Signing time: Tue 19 Aug 2025 08:07:05 +0000
ROA not before: Tue 19 Aug 2025 08:07:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 81.5.189.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.69.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.217.0/24 maxlen: 24
89.213.0.0/22 maxlen: 24
89.213.6.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.45.0/24 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.55.0/24 maxlen: 24
89.213.56.0/22 maxlen: 22
89.213.105.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.151.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.160.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.225.0/24 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
185.101.47.0/24 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.130.132.0/22 maxlen: 22
213.130.134.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.28.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
213.218.216.0/24 maxlen: 24
213.218.236.0/24 maxlen: 24
213.218.239.0/24 maxlen: 24
213.218.244.0/22 maxlen: 22
217.144.145.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c1:5e:14:f6:a8:83:f4:e5:a2:a1:0d:90:3f:92:e5:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 19 08:07:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f29f6ae0bbe636d097b9a2d75907b4417293dbc5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:71:6c:44:2b:7f:41:9c:ee:58:ed:24:8b:4a:
99:41:e2:1b:f1:cc:99:f2:49:6a:a7:08:fc:b1:1b:
7c:6e:56:09:f4:40:22:a5:8f:45:53:1d:b9:00:c0:
e9:35:67:19:e2:60:c9:77:2e:3b:05:f2:64:2e:15:
ef:f2:91:6f:35:50:03:31:36:ef:81:79:15:e0:72:
74:8b:a0:ce:1c:a5:01:35:dd:72:e2:a3:13:1f:1a:
7b:91:2a:6c:8a:58:12:20:e0:9f:60:5b:cc:4b:be:
5a:af:0d:46:f9:ad:43:0e:16:21:4c:7d:0a:d3:8f:
45:ac:9e:58:b1:b5:46:0c:07:b3:43:2a:3e:65:f7:
44:f8:e4:ed:ea:cc:04:1b:47:10:dc:4b:21:ce:9f:
eb:cd:62:33:6b:29:2a:7b:f7:1b:94:cd:ae:40:fd:
5e:86:90:c9:4c:73:5d:46:38:67:3c:de:86:17:e2:
ce:fe:bc:da:07:9a:0f:1d:80:52:9d:29:80:61:44:
b0:5d:93:7c:dd:0d:48:a2:9a:04:85:48:d4:df:a4:
f2:ec:2e:28:66:17:83:09:fb:c9:03:62:d7:8a:03:
42:03:d9:11:4e:e6:97:a9:27:58:77:f1:c1:0e:0d:
0c:5c:20:a7:35:67:44:61:6b:c8:f4:4b:a1:23:94:
e9:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:9F:6A:E0:BB:E6:36:D0:97:B9:A2:D7:59:07:B4:41:72:93:DB:C5
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8p9q4LvmNtCXuaLXWQe0QXKT28U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
82.152.8.0/24
82.152.176.0/23
82.153.69.0/24
82.153.136.0/22
82.153.217.0/24
89.213.0.0/22
89.213.6.0/24
89.213.44.0/23
89.213.50.0/23
89.213.55.0-89.213.59.255
89.213.105.0/24
89.213.143.0/24
89.213.145.0/24
89.213.151.0-89.213.160.255
89.213.172.0/22
89.213.196.0-89.213.207.255
89.213.225.0/24
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
185.101.47.0/24
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.130.132.0/22
213.152.43.0/24
213.210.28.0/24
213.210.52.0/22
213.218.211.0/24
213.218.216.0/24
213.218.236.0/24
213.218.239.0/24
213.218.244.0/22
217.144.145.0/24
217.145.66.0/24
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
65:81:18:16:9e:34:96:99:09:43:80:b3:ab:fd:0e:9e:b9:7a:
f7:3f:0b:f3:d5:05:e1:71:11:65:38:d8:8c:9c:3d:e9:e2:70:
58:25:e9:f4:ed:2f:4d:96:5c:bf:ba:00:5a:4d:56:3d:a5:b2:
2f:aa:35:36:59:f7:b8:b4:15:e0:a1:58:55:6e:3e:6d:3d:b3:
a2:c0:b4:d5:9c:c4:40:c1:dd:2e:4a:93:c5:f2:f2:66:f0:30:
75:6a:40:eb:3f:14:d6:f8:95:b3:c0:c7:ac:09:ed:1f:ce:da:
d1:16:d2:f4:36:68:0a:cb:4b:7a:c8:d7:68:df:de:b4:8b:eb:
bd:46:db:f1:93:33:93:24:31:46:44:c9:c8:c2:5f:5e:0c:99:
ef:53:a4:94:1e:74:f9:b0:d8:61:8c:bd:30:6f:af:ea:b7:84:
d2:02:8e:87:6c:00:e2:af:09:ad:9e:77:c5:a6:03:d4:b2:e4:
a7:7f:e9:69:c4:78:66:d1:26:a0:33:aa:44:8f:97:0b:ce:c8:
73:38:48:85:78:88:1a:f0:ce:10:55:14:10:0b:90:58:84:6a:
63:82:43:7a:55:32:e6:47:6d:12:37:dc:93:38:40:8b:a5:93:
bf:56:04:85:56:94:2c:10:7b:11:fa:65:88:dd:7b:42:47:1b:
d3:ea:59:2f
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAZjBXhT2qIP05aKhDZA/kuXgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE5MDgwNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjlmNmFlMGJiZTYzNmQwOTdiOWEyZDc1OTA3YjQ0MTcyOTNkYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HFsRCt/QZzuWO0ki0qZQeIb8cyZ
8klqpwj8sRt8blYJ9EAipY9FUx25AMDpNWcZ4mDJdy47BfJkLhXv8pFvNVADMTbv
gXkV4HJ0i6DOHKUBNd1y4qMTHxp7kSpsilgSIOCfYFvMS75arw1G+a1DDhYhTH0K
049FrJ5YsbVGDAezQyo+ZfdE+OTt6swEG0cQ3Eshzp/rzWIzaykqe/cblM2uQP1e
hpDJTHNdRjhnPN6GF+LO/rzaB5oPHYBSnSmAYUSwXZN83Q1IopoEhUjU36Ty7C4o
ZheDCfvJA2LXigNCA9kRTuaXqSdYd/HBDg0MXCCnNWdEYWvI9EuhI5TpGwIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFPKfauC75jbQl7mi11kHtEFyk9vFMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOHA5cTRMdm1OdENYdWFMWFdRZTBRWEtUMjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEAFEFvQMEAFKYCAMEAVKYsAMEAFKZRQMEAlKZiAMEAFKZ2QMEAlnVAAMEAFnV
BgMEAVnVLAMEAVnVMjAMAwQAWdU3AwQCWdU4AwQAWdVpAwQAWdWPAwQAWdWRMAwD
BABZ1ZcDBABZ1aADBAJZ1awwDAMEAlnVxAMEBFnVwAMEAFnV4TAMAwQCWdXkAwQE
WdXgAwQDbbAQAwQCbbDMAwQBbbDyAwQBuTF+AwQAuWUvAwQEwmlQAwQA1CZPAwQB
1CZYAwQC1YKEAwQA1ZgrAwQA1dIcAwQC1dI0AwQA1drTAwQA1drYAwQA1drsAwQA
1drvAwQC1dr0AwQA2ZCRAwQA2ZFCAwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQBl
gRgWnjSWmQlDgLOr/Q6euXr3Pwvz1QXhcRFlONiMnD3p4nBYJen07S9Nlly/ugBa
TVY9pbIvqjU2Wfe4tBXgoVhVbj5tPbOiwLTVnMRAwd0uSpPF8vJm8DB1akDrPxTW
+JWzwMesCe0fztrRFtL0NmgKy0t6yNdo3960i+u9RtvxkzOTJDFGRMnIwl9eDJnv
U6SUHnT5sNhhjL0wb6/qt4TSAo6HbADirwmtnnfFpgPUsuSnf+lpxHhm0SagM6pE
j5cLzshzOEiFeIga8M4QVRQQC5BYhGpjgkN6VTLmR20SN9yTOECLpZO/VgSFVpQs
EHsR+mWI3XtCRxvT6lkv
-----END CERTIFICATE-----
Generated at Sat Aug 23 07:04:42 2025 by rpki-client