Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/r8Kgnsf2CFDkciuWjszh92cUKms.roa
File: r8Kgnsf2CFDkciuWjszh92cUKms.roa (raw, json)
Hash identifier: t9GQ5puvq72qcB/c1cjyIxkd1J8pBBNOk+0fmKdIfac=
Subject key identifier: AF:C2:A0:9E:C7:F6:08:50:E4:72:2B:96:8E:CC:E1:F7:67:14:2A:6B
Certificate issuer: /CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Certificate serial: 01998F493192C44F8D0E7276F707D2638BCF
Authority key identifier: 89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/r8Kgnsf2CFDkciuWjszh92cUKms.roa
Signing time: Sun 28 Sep 2025 07:46:02 +0000
ROA not before: Sun 28 Sep 2025 07:46:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203214
IP address blocks: 109.224.0.0/18 maxlen: 18
109.224.0.0/21 maxlen: 21
109.224.0.0/22 maxlen: 22
109.224.0.0/24 maxlen: 24
109.224.1.0/24 maxlen: 24
109.224.2.0/23 maxlen: 23
109.224.2.0/24 maxlen: 24
109.224.3.0/24 maxlen: 24
109.224.4.0/22 maxlen: 22
109.224.5.0/24 maxlen: 24
109.224.8.0/21 maxlen: 21
109.224.8.0/22 maxlen: 22
109.224.12.0/23 maxlen: 23
109.224.12.0/24 maxlen: 24
109.224.13.0/24 maxlen: 24
109.224.14.0/23 maxlen: 23
109.224.14.0/24 maxlen: 24
109.224.15.0/24 maxlen: 24
109.224.16.0/22 maxlen: 22
109.224.20.0/22 maxlen: 22
109.224.24.0/22 maxlen: 22
109.224.28.0/24 maxlen: 24
109.224.29.0/24 maxlen: 24
109.224.30.0/23 maxlen: 23
109.224.32.0/22 maxlen: 22
109.224.32.0/24 maxlen: 24
109.224.36.0/22 maxlen: 22
109.224.40.0/21 maxlen: 21
109.224.40.0/24 maxlen: 24
109.224.41.0/24 maxlen: 24
109.224.42.0/23 maxlen: 23
109.224.42.0/24 maxlen: 24
109.224.43.0/24 maxlen: 24
109.224.44.0/22 maxlen: 22
109.224.44.0/24 maxlen: 24
109.224.45.0/24 maxlen: 24
109.224.46.0/24 maxlen: 24
109.224.47.0/24 maxlen: 24
109.224.48.0/21 maxlen: 21
109.224.48.0/22 maxlen: 22
109.224.52.0/22 maxlen: 22
109.224.56.0/21 maxlen: 21
109.224.56.0/22 maxlen: 22
109.224.60.0/22 maxlen: 22
109.224.63.0/24 maxlen: 24
185.118.96.0/22 maxlen: 22
185.118.96.0/24 maxlen: 24
185.141.8.0/24 maxlen: 24
185.141.9.0/24 maxlen: 24
185.141.10.0/24 maxlen: 24
185.141.11.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:8f:49:31:92:c4:4f:8d:0e:72:76:f7:07:d2:63:8b:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Validity
Not Before: Sep 28 07:46:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afc2a09ec7f60850e4722b968ecce1f767142a6b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6c:87:95:a6:b8:6d:5f:69:75:d2:4b:06:a0:
a2:57:f8:64:ab:28:c2:23:df:f7:91:83:f9:46:b0:
c0:26:08:fb:13:94:43:a1:a2:f1:4e:a5:de:77:53:
dc:c9:91:d0:c4:02:d7:9c:11:3f:28:d6:49:5c:45:
b6:2f:6f:2d:49:5c:4d:91:4b:0c:6d:cc:96:6a:94:
f1:a7:7b:48:77:f3:70:1b:76:e8:66:a8:e9:8b:d8:
4e:48:01:37:61:24:49:35:e3:67:ee:dc:84:c0:67:
82:e3:9f:c1:0a:0d:d3:a1:e8:76:a5:04:9b:c9:3c:
98:5b:62:36:02:b3:72:da:a3:ee:10:09:1c:26:61:
2e:0f:a8:3d:0d:45:97:a3:cb:11:cf:3d:df:31:73:
7e:a7:ea:f7:1d:3f:66:b7:7b:c4:f3:d4:80:33:dd:
04:07:09:01:1e:38:60:84:89:1c:35:1d:b5:8d:eb:
b2:9a:22:ef:fc:29:79:69:3b:8c:a9:91:25:58:a1:
67:51:27:8e:b2:37:5f:29:d4:c3:dc:ab:e2:2c:dc:
ea:c3:64:4e:80:26:cb:5e:c8:45:4d:9c:a0:9b:f9:
0f:7c:74:18:0e:06:37:59:ae:86:61:6e:3c:97:72:
d9:bf:8e:8c:e3:47:97:fd:80:df:79:6e:a0:da:a6:
60:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:C2:A0:9E:C7:F6:08:50:E4:72:2B:96:8E:CC:E1:F7:67:14:2A:6B
X509v3 Authority Key Identifier:
keyid:89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/r8Kgnsf2CFDkciuWjszh92cUKms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.0.0/18
185.118.96.0/22
185.141.8.0/22
Signature Algorithm: sha256WithRSAEncryption
e1:cb:0b:5f:0b:1f:c3:ee:34:a0:d5:77:8d:11:7c:27:b9:42:
81:69:09:bd:16:46:1b:13:9d:86:4e:00:0b:4b:fc:fb:27:0d:
d5:9e:0a:68:4f:39:13:45:de:6b:94:1a:72:b4:87:df:e8:bf:
39:36:d2:b4:fd:42:8f:30:98:69:f2:d4:56:54:d4:82:57:0f:
bb:00:d7:50:42:0a:d3:ee:9b:8f:94:f7:5a:6c:de:a4:b6:b4:
2b:f7:90:79:1d:4e:70:9f:21:b6:e5:1f:c9:c7:c2:07:94:28:
0a:4f:02:f4:3a:9f:8f:21:73:97:d8:b1:b4:68:32:e5:9d:0e:
0e:bb:9a:6e:a0:29:29:66:b8:3e:37:af:cb:0b:35:85:03:4a:
74:6d:b7:68:98:1e:84:41:c3:f4:10:d8:20:f6:ed:b2:51:34:
6c:06:7a:3c:1c:65:6f:ac:56:71:f4:24:f3:bf:3d:2b:65:fa:
a5:b4:8b:6a:ec:54:be:8f:55:d7:8e:76:f5:57:d1:83:8f:65:
6a:d9:65:ba:dc:62:c4:92:75:2c:dc:69:cb:f4:22:07:ba:0a:
2f:4f:8a:68:b8:03:d0:79:3f:6e:51:e7:2e:c7:22:1d:b8:17:
d6:09:e6:17:0f:b8:f9:47:18:08:a6:5e:44:bf:a0:ed:fc:87:
c2:65:26:6d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmPSTGSxE+NDnJ29wfSY4vPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmVkNmU0YjVjN2MxOWRiOThjNTc0MzJhZjRkY2Y2MzBi
ZjYwYWUwHhcNMjUwOTI4MDc0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmMyYTA5ZWM3ZjYwODUwZTQ3MjJiOTY4ZWNjZTFmNzY3MTQyYTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2yHlaa4bV9pddJLBqCiV/hkqyjC
I9/3kYP5RrDAJgj7E5RDoaLxTqXed1PcyZHQxALXnBE/KNZJXEW2L28tSVxNkUsM
bcyWapTxp3tId/NwG3boZqjpi9hOSAE3YSRJNeNn7tyEwGeC45/BCg3Toeh2pQSb
yTyYW2I2ArNy2qPuEAkcJmEuD6g9DUWXo8sRzz3fMXN+p+r3HT9mt3vE89SAM90E
BwkBHjhghIkcNR21jeuymiLv/Cl5aTuMqZElWKFnUSeOsjdfKdTD3KviLNzqw2RO
gCbLXshFTZygm/kPfHQYDgY3Wa6GYW48l3LZv46M40eX/YDfeW6g2qZgSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK/CoJ7H9ghQ5HIrlo7M4fdnFCprMB8GA1UdIwQY
MBaAFIlu1uS1x8GduYxXQyr03PYwv2CuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYt
ZGMxZmY2NzQ2ZDJlLzEvcjhLZ25zZjJDRkRrY2l1V2pzemg5MmNVS21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYtZGMxZmY2NzQ2ZDJl
LzEvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGbeAAAwQC
uXZgAwQCuY0IMA0GCSqGSIb3DQEBCwUAA4IBAQDhywtfCx/D7jSg1XeNEXwnuUKB
aQm9FkYbE52GTgALS/z7Jw3VngpoTzkTRd5rlBpytIff6L85NtK0/UKPMJhp8tRW
VNSCVw+7ANdQQgrT7puPlPdabN6ktrQr95B5HU5wnyG25R/Jx8IHlCgKTwL0Op+P
IXOX2LG0aDLlnQ4Ou5puoCkpZrg+N6/LCzWFA0p0bbdomB6EQcP0ENgg9u2yUTRs
Bno8HGVvrFZx9CTzvz0rZfqltItq7FS+j1XXjnb1V9GDj2Vq2WW63GLEknUs3GnL
9CIHugovT4pouAPQeT9uUecuxyIduBfWCeYXD7j5RxgIpl5Ev6Dt/IfCZSZt
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:57:56 2025 by rpki-client