Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/CgTYr4EhLa24IM21Hqih4Qqwlhs.roa
File: CgTYr4EhLa24IM21Hqih4Qqwlhs.roa (raw, json)
Hash identifier: L3KclJobQeVHsKxlYqzQz1I9Nwx/XkKtDyzqL3uEzCQ=
Subject key identifier: 0A:04:D8:AF:81:21:2D:AD:B8:20:CD:B5:1E:A8:A1:E1:0A:B0:96:1B
Certificate issuer: /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial: 019A337650B3C634D9805432C33B82BC3B57
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/CgTYr4EhLa24IM21Hqih4Qqwlhs.roa
Signing time: Thu 30 Oct 2025 04:53:03 +0000
ROA not before: Thu 30 Oct 2025 04:53:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202940
IP address blocks: 89.208.0.0/21 maxlen: 24
89.208.4.0/22 maxlen: 24
89.208.56.0/21 maxlen: 24
89.208.128.0/21 maxlen: 24
89.208.134.0/23 maxlen: 24
141.226.120.0/22 maxlen: 24
147.234.23.0/24 maxlen: 24
147.236.104.0/21 maxlen: 24
147.236.116.0/23 maxlen: 24
147.236.120.0/21 maxlen: 24
147.236.125.0/24 maxlen: 24
147.236.148.0/22 maxlen: 24
147.236.152.0/22 maxlen: 24
147.236.152.0/23 maxlen: 23
147.236.154.0/23 maxlen: 24
147.236.176.0/20 maxlen: 24
147.236.183.0/24 maxlen: 24
185.108.80.0/22 maxlen: 24
185.149.252.0/22 maxlen: 24
185.167.108.0/22 maxlen: 24
185.175.32.0/22 maxlen: 24
185.180.100.0/22 maxlen: 24
185.180.100.0/24 maxlen: 24
185.180.100.0/27 maxlen: 32
185.180.102.0/24 maxlen: 24
185.180.103.0/24 maxlen: 24
185.182.76.0/22 maxlen: 24
185.184.244.0/22 maxlen: 24
188.191.224.0/21 maxlen: 24
188.191.224.0/22 maxlen: 22
188.191.224.0/24 maxlen: 24
188.191.224.0/27 maxlen: 32
188.191.228.0/22 maxlen: 22
217.175.80.0/20 maxlen: 24
217.175.84.0/22 maxlen: 22
217.175.88.0/21 maxlen: 23
2a00:7c40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 19:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:33:76:50:b3:c6:34:d9:80:54:32:c3:3b:82:bc:3b:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Validity
Not Before: Oct 30 04:53:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a04d8af81212dadb820cdb51ea8a1e10ab0961b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4b:3f:c4:25:15:2d:f2:61:ae:9a:fa:e4:a3:
0f:14:4e:5c:49:af:ea:21:a5:7f:20:6e:0d:7d:7f:
a1:75:a5:cb:b6:72:cc:49:ef:f2:4d:2d:3c:94:1c:
c9:9c:c1:57:7c:b1:07:a3:12:f6:19:5d:cb:8e:c0:
3b:01:e8:76:0e:b1:41:9a:a7:d8:c5:46:1f:e9:08:
c2:79:dd:04:e8:75:84:a2:07:ac:56:07:75:89:4f:
84:c1:ea:0d:e1:05:96:21:58:87:6c:07:7f:f7:4a:
fe:6d:74:86:3f:fe:d7:a7:76:f4:1c:de:7f:0c:83:
29:53:3f:28:31:2b:16:d5:82:f4:c2:1f:9a:41:4f:
d9:92:ff:a4:03:da:44:34:73:53:a2:72:ed:58:d5:
c0:3b:7c:b7:31:b9:30:67:fd:c5:26:ee:d2:4c:3e:
fb:a1:0d:e7:03:0e:c6:8e:7a:8e:8f:e3:fa:e1:62:
6f:77:1b:d1:8d:0b:d4:c1:ed:02:1d:25:b7:6d:7b:
a2:bd:fb:ed:d7:fb:b9:ba:a1:eb:50:31:12:fa:04:
b8:55:b4:95:b8:f4:ea:42:e4:44:c4:8d:5f:23:5a:
7d:35:39:05:f0:42:d2:24:1e:96:fa:9c:fc:77:86:
b8:18:24:4e:73:c3:25:be:b9:3d:ff:ad:5d:b0:af:
44:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:04:D8:AF:81:21:2D:AD:B8:20:CD:B5:1E:A8:A1:E1:0A:B0:96:1B
X509v3 Authority Key Identifier:
keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/CgTYr4EhLa24IM21Hqih4Qqwlhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.208.0.0/21
89.208.56.0/21
89.208.128.0/21
141.226.120.0/22
147.234.23.0/24
147.236.104.0/21
147.236.116.0/23
147.236.120.0/21
147.236.148.0-147.236.155.255
147.236.176.0/20
185.108.80.0/22
185.149.252.0/22
185.167.108.0/22
185.175.32.0/22
185.180.100.0/22
185.182.76.0/22
185.184.244.0/22
188.191.224.0/21
217.175.80.0/20
IPv6:
2a00:7c40::/29
Signature Algorithm: sha256WithRSAEncryption
84:02:f1:cc:98:90:0b:ad:e8:b9:8e:3c:33:9f:4b:57:17:d4:
0b:05:ad:80:bb:c5:1a:6b:b7:54:49:18:37:78:04:19:9b:8a:
98:aa:10:70:65:0d:45:4e:07:e7:31:93:12:d7:d1:e0:30:f1:
32:12:10:2c:8a:5d:ab:b9:b8:f4:42:f4:fa:f3:96:0d:6b:3d:
96:71:c1:d2:1a:ad:08:67:48:78:f1:1c:d6:c9:96:e6:69:16:
3a:af:26:0e:6b:9e:75:12:fc:70:4f:84:7d:ff:89:60:bf:bc:
c0:61:fa:ae:fd:38:ec:b9:83:1a:67:28:d7:ec:d5:f1:30:05:
6f:4b:3c:d0:6b:5e:8a:63:17:1b:b2:cb:3c:7e:e8:52:2e:85:
65:cf:05:56:a5:ec:7e:aa:ab:a6:f0:a6:8c:15:00:b8:7f:41:
82:d8:c4:31:4c:9a:72:f0:74:d8:3d:80:67:8f:ea:06:88:e4:
20:8e:4a:17:cd:27:ca:44:9d:3a:2d:ac:8c:ad:69:c0:1b:a6:
d5:b3:6e:23:d6:47:8c:c7:46:31:f0:4f:00:a3:3e:4f:36:cd:
29:d9:5a:be:60:58:b0:dc:70:9e:5d:17:64:ea:9e:46:47:f3:
c1:02:6a:2c:70:d1:ed:a8:bc:de:25:48:10:30:21:91:4d:69:
af:da:f3:c2
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZozdlCzxjTZgFQywzuCvDtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjUxMDMwMDQ1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTA0ZDhhZjgxMjEyZGFkYjgyMGNkYjUxZWE4YTFlMTBhYjA5NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0s/xCUVLfJhrpr65KMPFE5cSa/q
IaV/IG4NfX+hdaXLtnLMSe/yTS08lBzJnMFXfLEHoxL2GV3LjsA7Aeh2DrFBmqfY
xUYf6QjCed0E6HWEogesVgd1iU+EweoN4QWWIViHbAd/90r+bXSGP/7Xp3b0HN5/
DIMpUz8oMSsW1YL0wh+aQU/Zkv+kA9pENHNTonLtWNXAO3y3MbkwZ/3FJu7STD77
oQ3nAw7GjnqOj+P64WJvdxvRjQvUwe0CHSW3bXuivfvt1/u5uqHrUDES+gS4VbSV
uPTqQuRExI1fI1p9NTkF8ELSJB6W+pz8d4a4GCROc8Mlvrk9/61dsK9EMQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFAoE2K+BIS2tuCDNtR6ooeEKsJYbMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvQ2dUWXI0RWhMYTI0SU0yMUhxaWg0UXF3bGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBgAQCAAEwegMEA1nQ
AAMEA1nQOAMEA1nQgAMEAo3ieAMEAJPqFwMEA5PsaAMEAZPsdAMEA5PseDAMAwQC
k+yUAwQCk+yYAwQEk+ywAwQCuWxQAwQCuZX8AwQCuadsAwQCua8gAwQCubRkAwQC
ubZMAwQCubj0AwQDvL/gAwQE2a9QMA0EAgACMAcDBQMqAHxAMA0GCSqGSIb3DQEB
CwUAA4IBAQCEAvHMmJALrei5jjwzn0tXF9QLBa2Au8Uaa7dUSRg3eAQZm4qYqhBw
ZQ1FTgfnMZMS19HgMPEyEhAsil2rubj0QvT685YNaz2WccHSGq0IZ0h48RzWyZbm
aRY6ryYOa551EvxwT4R9/4lgv7zAYfqu/TjsuYMaZyjX7NXxMAVvSzzQa16KYxcb
sss8fuhSLoVlzwVWpex+qqum8KaMFQC4f0GC2MQxTJpy8HTYPYBnj+oGiOQgjkoX
zSfKRJ06LayMrWnAG6bVs24j1keMx0Yx8E8Aoz5PNs0p2Vq+YFiw3HCeXRdk6p5G
R/PBAmoscNHtqLzeJUgQMCGRTWmv2vPC
-----END CERTIFICATE-----
Generated at Wed Nov 5 05:01:36 2025 by rpki-client