Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/u40_CVPRXQU3uk4qPbqc4cI2sHY.roa
File: u40_CVPRXQU3uk4qPbqc4cI2sHY.roa (raw, json)
Hash identifier: gnlLqRtRQL2T8+oJwalCgtWLP3BAY4oa8AUD9M1Xi/U=
Subject key identifier: BB:8D:3F:09:53:D1:5D:05:37:BA:4E:2A:3D:BA:9C:E1:C2:36:B0:76
Certificate issuer: /CN=86afaae2e3e054073a38aab635dc96460eef487e
Certificate serial: 0198BCAEB9C294EA5A0D89489051700DA401
Authority key identifier: 86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/u40_CVPRXQU3uk4qPbqc4cI2sHY.roa
Signing time: Mon 18 Aug 2025 10:17:04 +0000
ROA not before: Mon 18 Aug 2025 10:17:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212216
IP address blocks: 80.249.115.0/24 maxlen: 24
88.135.33.0/24 maxlen: 24
89.42.44.0/24 maxlen: 24
185.73.226.0/24 maxlen: 32
185.106.200.0/24 maxlen: 24
185.106.201.0/24 maxlen: 24
185.223.160.0/24 maxlen: 24
195.28.10.0/24 maxlen: 24
195.28.168.0/24 maxlen: 24
195.28.169.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.mft
rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:bc:ae:b9:c2:94:ea:5a:0d:89:48:90:51:70:0d:a4:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86afaae2e3e054073a38aab635dc96460eef487e
Validity
Not Before: Aug 18 10:17:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bb8d3f0953d15d0537ba4e2a3dba9ce1c236b076
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:1c:15:02:f5:26:c2:99:b8:1b:8f:03:1c:9b:
8b:99:c1:e3:b7:6b:df:b5:80:10:c0:e3:8a:60:a6:
c7:83:c4:01:6d:1b:03:13:7c:7a:61:14:7c:51:cf:
a0:10:9c:8a:3b:b9:45:bb:84:46:3c:11:8c:8d:fb:
92:6b:0c:a1:a8:79:66:36:56:b9:9a:ac:85:d1:53:
cf:cc:4c:33:da:e1:a8:be:34:3e:e6:5f:9e:99:2c:
95:d8:61:ca:af:cc:9f:a5:d6:35:17:4c:43:2f:ea:
7c:5e:99:b7:a2:a5:a8:c3:1d:5c:36:8c:04:05:fe:
03:c6:4f:c8:b3:91:58:03:c9:df:9d:66:dc:e0:14:
b2:a2:b6:9e:78:28:92:df:80:62:5a:a1:4d:e0:4f:
e3:3a:b8:f0:41:02:ec:71:41:1d:0b:d4:69:54:1d:
77:d5:41:14:2b:b4:bc:ec:6e:03:b3:c7:22:fd:c6:
e7:59:a4:b5:c0:c3:8c:04:15:da:2f:91:f3:4b:36:
7e:f6:61:c8:88:b1:df:8f:72:20:97:03:85:41:81:
62:fe:c6:15:e9:4e:ed:6a:89:30:a9:e8:29:ec:c0:
41:38:76:56:d0:20:0e:c9:42:c4:9a:90:b1:57:7e:
cc:04:4d:50:22:17:ef:a9:d1:44:26:65:b0:49:f3:
98:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:8D:3F:09:53:D1:5D:05:37:BA:4E:2A:3D:BA:9C:E1:C2:36:B0:76
X509v3 Authority Key Identifier:
keyid:86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/u40_CVPRXQU3uk4qPbqc4cI2sHY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.249.115.0/24
88.135.33.0/24
89.42.44.0/24
185.73.226.0/24
185.106.200.0/23
185.223.160.0/24
195.28.10.0/24
195.28.168.0/23
Signature Algorithm: sha256WithRSAEncryption
66:6e:e1:18:75:1e:4c:36:40:61:d9:85:a6:c5:16:b0:21:af:
db:06:0b:b9:0d:39:10:5b:cc:9d:4b:c6:68:9e:1c:ce:51:45:
a1:a6:17:19:a2:2e:08:1b:51:78:10:bd:84:1d:5d:a1:ee:54:
0d:4c:06:ab:c5:79:d7:ca:a2:36:25:14:ab:8f:47:2a:73:d0:
4c:8d:dd:7c:bd:08:8f:a9:75:40:df:f0:ca:89:eb:1c:48:32:
c8:41:dd:9e:19:58:55:cd:d6:84:9b:1d:16:ef:69:ef:26:7d:
8c:ca:2b:24:57:2c:f8:26:7a:3f:ce:f9:6c:3d:77:60:08:ff:
9a:df:42:8b:b9:2c:12:e0:df:ab:42:5a:14:80:0a:43:b6:3f:
70:33:7c:93:08:a5:3b:1f:dc:72:3e:74:5a:15:14:8b:a5:ec:
09:5a:39:45:2d:01:b0:e7:5b:00:d9:6d:93:ca:29:c4:57:e6:
68:fc:60:54:90:4f:e6:f1:b2:1c:29:78:30:49:ea:25:6a:9e:
fc:60:fc:e8:e5:6c:32:00:ae:89:eb:1c:f9:8c:00:da:74:6d:
eb:74:ad:bd:7a:0b:fc:03:d5:6a:fa:87:2a:34:04:ab:69:ec:
b6:df:b6:e3:dd:e7:4c:c5:f1:ef:1b:ba:a7:c1:16:3d:57:f8:
09:2e:4f:95
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZi8rrnClOpaDYlIkFFwDaQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWZhYWUyZTNlMDU0MDczYTM4YWFiNjM1ZGM5NjQ2MGVl
ZjQ4N2UwHhcNMjUwODE4MTAxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjhkM2YwOTUzZDE1ZDA1MzdiYTRlMmEzZGJhOWNlMWMyMzZiMDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBwVAvUmwpm4G48DHJuLmcHjt2vf
tYAQwOOKYKbHg8QBbRsDE3x6YRR8Uc+gEJyKO7lFu4RGPBGMjfuSawyhqHlmNla5
mqyF0VPPzEwz2uGovjQ+5l+emSyV2GHKr8yfpdY1F0xDL+p8Xpm3oqWowx1cNowE
Bf4Dxk/Is5FYA8nfnWbc4BSyoraeeCiS34BiWqFN4E/jOrjwQQLscUEdC9RpVB13
1UEUK7S87G4Ds8ci/cbnWaS1wMOMBBXaL5HzSzZ+9mHIiLHfj3IglwOFQYFi/sYV
6U7taokwqegp7MBBOHZW0CAOyULEmpCxV37MBE1QIhfvqdFEJmWwSfOYFQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLuNPwlT0V0FN7pOKj26nOHCNrB2MB8GA1UdIwQY
MBaAFIavquLj4FQHOjiqtjXclkYO70h+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzIt
NDcyMDQwYjI0N2Y2LzEvdTQwX0NWUFJYUVUzdWs0cVBicWM0Y0kyc0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzItNDcyMDQwYjI0N2Y2
LzEvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUPlzAwQA
WIchAwQAWSosAwQAuUniAwQBuWrIAwQAud+gAwQAwxwKAwQBwxyoMA0GCSqGSIb3
DQEBCwUAA4IBAQBmbuEYdR5MNkBh2YWmxRawIa/bBgu5DTkQW8ydS8ZonhzOUUWh
phcZoi4IG1F4EL2EHV2h7lQNTAarxXnXyqI2JRSrj0cqc9BMjd18vQiPqXVA3/DK
iescSDLIQd2eGVhVzdaEmx0W72nvJn2MyiskVyz4Jno/zvlsPXdgCP+a30KLuSwS
4N+rQloUgApDtj9wM3yTCKU7H9xyPnRaFRSLpewJWjlFLQGw51sA2W2TyinEV+Zo
/GBUkE/m8bIcKXgwSeolap78YPzo5WwyAK6J6xz5jADadG3rdK29egv8A9Vq+ocq
NASraey237bj3edMxfHvG7qnwRY9V/gJLk+V
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:10:00 2025 by rpki-client