Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8iOuvEbFB0ESvMupEqY1gfAxfOk.roa
File: 8iOuvEbFB0ESvMupEqY1gfAxfOk.roa (raw, json)
Hash identifier: rbMtZFpCV363nU5xp0ODWFtdvScQZdyMaWxHFFuiOiI=
Subject key identifier: F2:23:AE:BC:46:C5:07:41:12:BC:CB:A9:12:A6:35:81:F0:31:7C:E9
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0199F34BDC058E52C0AF7909D79A6EF33D47
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8iOuvEbFB0ESvMupEqY1gfAxfOk.roa
Signing time: Fri 17 Oct 2025 17:50:58 +0000
ROA not before: Fri 17 Oct 2025 17:50:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207957
IP address blocks: 64.188.89.0/24 maxlen: 24
64.188.90.0/24 maxlen: 24
64.188.98.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
77.239.107.0/24 maxlen: 24
144.31.188.0/24 maxlen: 24
144.31.189.0/24 maxlen: 24
144.31.213.0/24 maxlen: 24
144.31.214.0/24 maxlen: 24
144.31.215.0/24 maxlen: 24
144.31.216.0/24 maxlen: 24
144.31.217.0/24 maxlen: 24
144.31.218.0/24 maxlen: 24
144.31.219.0/24 maxlen: 24
144.31.222.0/24 maxlen: 24
185.170.153.0/24 maxlen: 24
185.170.154.0/24 maxlen: 24
193.23.200.0/24 maxlen: 24
193.23.201.0/24 maxlen: 24
193.23.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f3:4b:dc:05:8e:52:c0:af:79:09:d7:9a:6e:f3:3d:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Oct 17 17:50:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f223aebc46c5074112bccba912a63581f0317ce9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:f2:d1:20:b8:2d:58:01:ee:f6:29:40:d6:a4:
bc:46:4d:86:f8:14:0e:27:9c:fc:6e:e8:0e:d3:f9:
b6:c3:eb:9b:f4:af:c7:a7:b2:05:bc:30:79:c4:56:
fa:9b:13:ad:dd:b6:b5:86:4a:38:a2:93:de:ed:b6:
f6:4b:5f:28:f2:a3:36:6b:36:5d:ab:46:3b:d6:a8:
ee:b0:05:e9:09:4f:8b:81:bd:c6:62:c6:12:d9:f7:
d8:03:32:ff:23:48:9d:d0:37:56:de:e4:e9:3e:70:
d7:1a:43:0a:6d:31:1a:c1:c2:f4:83:ee:74:24:9f:
90:df:7c:f1:22:f0:e2:44:cd:2d:ea:c0:36:28:16:
00:80:df:77:a7:db:14:90:f2:23:59:0c:b6:99:83:
65:f2:39:87:a2:86:51:44:68:9a:88:2a:91:2f:51:
a3:8b:10:17:60:b7:7c:1e:58:22:07:ff:0b:38:ec:
6b:07:c7:95:af:7e:f7:eb:68:18:77:d7:52:c9:0e:
66:20:04:8f:2d:00:3d:86:63:0c:5e:e4:6e:42:8a:
e5:11:22:c4:96:ee:48:f4:0c:97:de:40:cf:2b:6e:
3e:95:3e:c2:c6:a0:ec:98:f0:af:d9:0a:87:0a:59:
09:a4:54:81:fd:e3:13:3f:9b:b6:ae:53:9e:a1:c1:
03:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:23:AE:BC:46:C5:07:41:12:BC:CB:A9:12:A6:35:81:F0:31:7C:E9
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8iOuvEbFB0ESvMupEqY1gfAxfOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.89.0-64.188.90.255
64.188.98.0/24
64.188.127.0/24
77.239.107.0/24
144.31.188.0/23
144.31.213.0-144.31.219.255
144.31.222.0/24
185.170.153.0-185.170.154.255
193.23.200.0-193.23.202.255
Signature Algorithm: sha256WithRSAEncryption
73:25:68:6e:99:23:19:79:a3:8b:02:6f:b7:ef:7b:56:5d:e9:
cc:69:18:0e:b7:d3:08:0f:f0:f6:cd:a1:bb:6c:0d:c8:5c:a9:
78:04:0f:57:fd:dc:ec:57:41:e9:6f:08:dc:f7:83:54:a9:3c:
e6:b0:5a:59:f4:d1:0c:74:09:40:4f:8e:19:f3:3e:31:3a:37:
20:fb:27:52:52:6e:dc:7d:a5:35:48:e2:32:01:2c:8a:49:e5:
c1:44:8d:76:e2:9d:39:90:a8:32:33:2a:c8:fb:f5:5c:ca:3f:
85:1c:b7:5c:80:57:ed:43:2e:4d:e5:e3:ab:91:3a:c5:c2:de:
ea:f1:d5:38:2c:10:61:db:d4:d7:d2:6b:11:6f:ea:b8:03:77:
92:95:3a:78:89:34:0d:bb:ef:39:b6:8c:01:a1:fd:93:b4:c9:
46:06:f1:33:38:de:95:8e:61:23:fb:b7:ee:8d:02:ec:3c:1d:
47:11:21:08:04:54:f0:39:0b:73:d3:3c:95:37:cf:9f:e8:58:
ff:ab:fe:cd:13:88:c4:31:c7:2d:e0:52:f6:32:31:49:9d:69:
14:93:4c:d4:25:4b:4e:ef:43:d3:05:03:c5:ee:db:49:06:57:
d5:0f:7e:fd:22:33:b9:60:b7:0a:ea:6f:77:85:e9:62:85:68:
0f:6b:1d:08
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZnzS9wFjlLAr3kJ15pu8z1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDE3MTc1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjIzYWViYzQ2YzUwNzQxMTJiY2NiYTkxMmE2MzU4MWYwMzE3Y2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/LRILgtWAHu9ilA1qS8Rk2G+BQO
J5z8bugO0/m2w+ub9K/Hp7IFvDB5xFb6mxOt3ba1hko4opPe7bb2S18o8qM2azZd
q0Y71qjusAXpCU+Lgb3GYsYS2ffYAzL/I0id0DdW3uTpPnDXGkMKbTEawcL0g+50
JJ+Q33zxIvDiRM0t6sA2KBYAgN93p9sUkPIjWQy2mYNl8jmHooZRRGiaiCqRL1Gj
ixAXYLd8HlgiB/8LOOxrB8eVr37362gYd9dSyQ5mIASPLQA9hmMMXuRuQorlESLE
lu5I9AyX3kDPK24+lT7CxqDsmPCv2QqHClkJpFSB/eMTP5u2rlOeocEDUwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPIjrrxGxQdBErzLqRKmNYHwMXzpMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOGlPdXZFYkZCMEVTdk11cEVxWTFnZkF4Zk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBABAvFkD
BABAvFoDBABAvGIDBABAvH8DBABN72sDBAGQH7wwDAMEAJAf1QMEApAf2AMEAJAf
3jAMAwQAuaqZAwQAuaqaMAwDBAPBF8gDBADBF8owDQYJKoZIhvcNAQELBQADggEB
AHMlaG6ZIxl5o4sCb7fve1Zd6cxpGA630wgP8PbNobtsDchcqXgED1f93OxXQelv
CNz3g1SpPOawWln00Qx0CUBPjhnzPjE6NyD7J1JSbtx9pTVI4jIBLIpJ5cFEjXbi
nTmQqDIzKsj79VzKP4Uct1yAV+1DLk3l46uROsXC3urx1TgsEGHb1NfSaxFv6rgD
d5KVOniJNA277zm2jAGh/ZO0yUYG8TM43pWOYSP7t+6NAuw8HUcRIQgEVPA5C3PT
PJU3z5/oWP+r/s0TiMQxxy3gUvYyMUmdaRSTTNQlS07vQ9MFA8Xu20kGV9UPfv0i
M7lgtwrqb3eF6WKFaA9rHQg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:40:05 2025 by rpki-client