Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/i-TboqvR4QwoJ4ln5MB6Q0lRrLg.roa
File: i-TboqvR4QwoJ4ln5MB6Q0lRrLg.roa (raw, json)
Hash identifier: t8GdeR+oskUDLv8QTLlQVLSxK4jgz1+No6165ZL4RhM=
Subject key identifier: 8B:E4:DB:A2:AB:D1:E1:0C:28:27:89:67:E4:C0:7A:43:49:51:AC:B8
Certificate issuer: /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial: 0198A31FA7ED0479FD947780FECF0C3D15E9
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/i-TboqvR4QwoJ4ln5MB6Q0lRrLg.roa
Signing time: Wed 13 Aug 2025 11:10:17 +0000
ROA not before: Wed 13 Aug 2025 11:10:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401838
IP address blocks: 89.28.200.0/24 maxlen: 24
89.28.201.0/24 maxlen: 24
89.28.203.0/24 maxlen: 24
89.28.204.0/24 maxlen: 24
89.28.206.0/24 maxlen: 24
89.28.207.0/24 maxlen: 24
152.89.193.0/24 maxlen: 24
195.8.200.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a3:1f:a7:ed:04:79:fd:94:77:80:fe:cf:0c:3d:15:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
Validity
Not Before: Aug 13 11:10:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8be4dba2abd1e10c28278967e4c07a434951acb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ad:bd:2a:59:76:49:49:1e:f4:1b:ca:db:fb:
e9:1b:a5:79:f8:ba:20:d7:8e:48:17:32:3e:57:0a:
6e:02:91:ec:3c:5a:20:2a:c1:32:5f:97:b0:62:19:
7e:39:9e:fb:8f:c6:4d:5c:b5:58:3d:50:25:61:c5:
49:0f:44:b6:00:06:7a:a4:5d:4a:14:45:d5:68:90:
09:16:ae:82:98:cf:4a:81:05:f8:d4:ab:74:65:8e:
07:6d:ea:a8:4a:94:39:cf:67:00:31:5f:da:0e:f7:
bd:e2:47:b7:9d:fc:e7:f8:84:1a:49:7a:b9:a6:52:
da:db:2b:8d:64:48:c5:d4:34:08:20:43:7d:f8:b9:
d7:43:3b:eb:a7:de:fb:fc:b2:52:6b:d2:fa:2f:94:
ce:ca:3d:e8:41:85:d0:3b:e6:eb:61:55:0b:92:3e:
16:60:96:81:7d:cd:99:9c:69:6f:9b:0e:65:d5:12:
64:c6:9a:6c:d0:5e:e5:d6:1a:85:f1:63:fb:92:bb:
b7:8e:b1:c9:be:be:76:f1:97:79:73:4b:f8:e9:ad:
f1:b5:79:60:d3:d5:fe:e5:a7:e3:ee:7e:2f:08:31:
4a:56:61:f6:6f:d6:d1:b0:f1:83:78:f2:14:6a:c2:
25:41:45:50:7d:44:b4:24:e3:98:7e:03:1e:3c:86:
ab:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:E4:DB:A2:AB:D1:E1:0C:28:27:89:67:E4:C0:7A:43:49:51:AC:B8
X509v3 Authority Key Identifier:
keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/i-TboqvR4QwoJ4ln5MB6Q0lRrLg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.28.200.0/23
89.28.203.0-89.28.204.255
89.28.206.0/23
152.89.193.0/24
195.8.200.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:0a:65:34:be:ba:d3:01:f7:2c:f6:f1:7b:9a:10:1e:f8:b1:
93:d6:50:18:07:23:b5:cc:9c:c6:c5:07:18:3e:b0:02:97:ec:
b8:62:c4:0b:24:b0:8c:ee:c9:3f:4c:bc:84:d7:bc:0a:b3:79:
33:6b:dd:47:7f:f6:0e:23:2d:3d:9d:99:e3:ef:7f:51:56:3a:
1d:69:ef:8f:fb:0e:fe:bd:81:6b:ce:d2:36:4e:75:64:04:36:
ea:eb:d7:aa:a9:00:c5:15:f2:94:29:db:33:6b:f1:5e:c0:67:
99:44:f9:a1:97:6c:09:ab:0c:4d:67:a9:fb:9d:c7:a6:41:30:
94:89:74:a5:86:5b:17:86:47:5e:ff:4d:28:28:58:47:67:7b:
2d:b4:ca:a4:67:56:90:a3:f7:43:0b:4e:89:f8:4f:d9:3c:44:
c8:b3:32:f9:e4:c8:a0:41:37:12:57:8f:8a:df:f2:86:fb:65:
37:72:51:b9:3d:19:d9:af:d3:8b:26:1f:be:0d:a0:b1:89:d4:
b5:ed:a8:82:8e:b8:cf:3c:58:0f:3e:23:a0:07:90:b0:5b:59:
16:4f:2d:f1:32:19:98:be:8b:7b:18:7f:a4:2a:69:23:69:c7:
7c:89:7e:e9:47:86:32:78:7f:c3:e3:e3:38:22:25:2c:eb:84:
19:ff:93:fd
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZijH6ftBHn9lHeA/s8MPRXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwODEzMTExMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmU0ZGJhMmFiZDFlMTBjMjgyNzg5NjdlNGMwN2E0MzQ5NTFhY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa29Kll2SUke9BvK2/vpG6V5+Log
145IFzI+VwpuApHsPFogKsEyX5ewYhl+OZ77j8ZNXLVYPVAlYcVJD0S2AAZ6pF1K
FEXVaJAJFq6CmM9KgQX41Kt0ZY4HbeqoSpQ5z2cAMV/aDve94ke3nfzn+IQaSXq5
plLa2yuNZEjF1DQIIEN9+LnXQzvrp977/LJSa9L6L5TOyj3oQYXQO+brYVULkj4W
YJaBfc2ZnGlvmw5l1RJkxpps0F7l1hqF8WP7kru3jrHJvr528Zd5c0v46a3xtXlg
09X+5afj7n4vCDFKVmH2b9bRsPGDePIUasIlQUVQfUS0JOOYfgMePIarPwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFIvk26Kr0eEMKCeJZ+TAekNJUay4MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvaS1UYm9xdlI0UXdvSjRsbjVNQjZRMGxSckxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQBWRzIMAwD
BABZHMsDBABZHMwDBAFZHM4DBACYWcEDBADDCMgwDQYJKoZIhvcNAQELBQADggEB
ACsKZTS+utMB9yz28XuaEB74sZPWUBgHI7XMnMbFBxg+sAKX7LhixAsksIzuyT9M
vITXvAqzeTNr3Ud/9g4jLT2dmePvf1FWOh1p74/7Dv69gWvO0jZOdWQENurr16qp
AMUV8pQp2zNr8V7AZ5lE+aGXbAmrDE1nqfudx6ZBMJSJdKWGWxeGR17/TSgoWEdn
ey20yqRnVpCj90MLTon4T9k8RMizMvnkyKBBNxJXj4rf8ob7ZTdyUbk9Gdmv04sm
H74NoLGJ1LXtqIKOuM88WA8+I6AHkLBbWRZPLfEyGZi+i3sYf6QqaSNpx3yJfulH
hjJ4f8Pj4zgiJSzrhBn/k/0=
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:39:32 2025 by rpki-client