Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MM0dD-Cnl2lqyWLvCK1-oHYBFlY.roa
File: MM0dD-Cnl2lqyWLvCK1-oHYBFlY.roa (raw, json)
Hash identifier: 0xgeIhk2pLPXnWlj2EeT8c9DNkODQXdxgnvF/AKwP4k=
Subject key identifier: 30:CD:1D:0F:E0:A7:97:69:6A:C9:62:EF:08:AD:7E:A0:76:01:16:56
Certificate issuer: /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial: 01987E6581F70521E8FBAF0432A25D95C305
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MM0dD-Cnl2lqyWLvCK1-oHYBFlY.roa
Signing time: Wed 06 Aug 2025 08:00:38 +0000
ROA not before: Wed 06 Aug 2025 08:00:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202940
IP address blocks: 89.208.0.0/21 maxlen: 24
89.208.4.0/22 maxlen: 24
89.208.56.0/21 maxlen: 22
89.208.128.0/21 maxlen: 21
89.208.134.0/23 maxlen: 24
141.226.120.0/22 maxlen: 24
147.234.23.0/24 maxlen: 24
147.236.104.0/21 maxlen: 23
147.236.116.0/23 maxlen: 24
147.236.120.0/21 maxlen: 21
147.236.125.0/24 maxlen: 24
147.236.144.0/20 maxlen: 24
147.236.176.0/20 maxlen: 24
147.236.183.0/24 maxlen: 24
185.108.80.0/22 maxlen: 24
185.149.252.0/22 maxlen: 24
185.167.108.0/22 maxlen: 24
185.175.32.0/22 maxlen: 23
185.180.100.0/22 maxlen: 24
185.180.100.0/24 maxlen: 24
185.180.100.0/27 maxlen: 32
185.180.102.0/24 maxlen: 24
185.180.103.0/24 maxlen: 24
185.182.76.0/22 maxlen: 24
185.184.244.0/22 maxlen: 23
188.191.224.0/21 maxlen: 21
188.191.224.0/22 maxlen: 22
188.191.224.0/24 maxlen: 24
188.191.224.0/27 maxlen: 32
188.191.228.0/22 maxlen: 22
217.175.80.0/20 maxlen: 20
217.175.84.0/22 maxlen: 22
217.175.88.0/21 maxlen: 23
2a00:7c40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 11:00:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:7e:65:81:f7:05:21:e8:fb:af:04:32:a2:5d:95:c3:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Validity
Not Before: Aug 6 08:00:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30cd1d0fe0a797696ac962ef08ad7ea076011656
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:5e:5d:02:69:ae:f8:53:19:0e:9f:4e:d6:59:
b8:ea:e7:d0:7e:d0:36:73:79:a1:c5:dd:8c:a0:16:
76:3a:26:b4:03:b3:57:9a:9d:3e:4a:d4:a1:0f:0a:
61:ad:39:7b:08:c4:03:0a:3c:ee:d0:b6:ab:49:18:
78:9c:d3:41:35:45:36:71:07:cf:25:4e:77:d9:5c:
e2:1f:57:e4:8e:22:4c:ba:fc:51:0a:fa:a7:0c:69:
c1:7a:cf:ce:e7:92:61:29:c2:81:da:53:10:33:ba:
5e:7a:8a:ab:20:d5:41:3e:e0:6a:c1:77:c0:8e:b9:
cd:b4:85:d0:81:79:83:b7:30:e8:00:7e:cb:9e:6d:
84:bb:01:7e:6b:54:4a:b7:ae:55:52:ec:d5:cc:3d:
14:f5:1c:a8:eb:ec:c3:3c:3e:4d:a4:b5:e8:8e:af:
eb:bb:43:45:ca:0f:e1:bb:1b:97:74:fc:f0:dd:f0:
f6:9b:5b:2d:11:44:36:a7:12:3d:1a:b2:fb:03:96:
be:7a:7a:c1:cf:e7:aa:1d:bf:2b:08:84:8a:eb:38:
b4:ce:16:85:7a:7f:63:f2:4c:ce:d9:50:99:38:73:
dc:b5:56:c2:80:e0:b7:06:5d:0f:07:9c:2e:65:8b:
f4:2d:14:e5:ed:27:db:de:5a:7f:25:ae:a5:6c:41:
36:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:CD:1D:0F:E0:A7:97:69:6A:C9:62:EF:08:AD:7E:A0:76:01:16:56
X509v3 Authority Key Identifier:
keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MM0dD-Cnl2lqyWLvCK1-oHYBFlY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.208.0.0/21
89.208.56.0/21
89.208.128.0/21
141.226.120.0/22
147.234.23.0/24
147.236.104.0/21
147.236.116.0/23
147.236.120.0/21
147.236.144.0/20
147.236.176.0/20
185.108.80.0/22
185.149.252.0/22
185.167.108.0/22
185.175.32.0/22
185.180.100.0/22
185.182.76.0/22
185.184.244.0/22
188.191.224.0/21
217.175.80.0/20
IPv6:
2a00:7c40::/29
Signature Algorithm: sha256WithRSAEncryption
31:78:74:f3:75:0c:eb:35:e7:7b:e7:0d:80:cb:cd:2b:95:82:
9d:ad:01:93:c3:ca:79:30:15:ed:51:8e:7c:d6:e7:e9:c1:fe:
73:ba:fd:08:a4:83:ec:97:2c:52:2e:b5:da:80:2b:80:02:ec:
1a:86:12:3f:06:af:ed:90:f6:2d:43:1c:9d:a7:c5:2e:64:3f:
df:9d:5c:f5:2e:f9:78:1e:45:0a:2b:4d:4e:4c:c3:83:d8:34:
32:d9:8f:d0:9b:0c:4e:f1:d0:a0:6a:d1:31:8c:76:89:f7:81:
d6:5e:03:e2:14:98:1e:ea:f5:f0:42:7f:51:56:79:2b:ec:8e:
df:da:80:18:80:52:8c:42:f4:ee:e3:e3:98:c8:56:6e:bf:5d:
ee:f8:16:5f:18:a4:6c:6a:0f:63:2d:8e:7b:ba:5e:7a:c8:79:
70:79:51:0e:ec:3d:4a:aa:bb:c7:82:b6:ab:ff:6e:81:5f:23:
6b:a7:e5:3f:be:c5:fa:20:73:11:f2:30:38:0e:fa:3b:d8:61:
3f:7d:ff:fe:13:de:a7:a6:cc:4a:59:18:57:ad:52:96:ce:77:
2b:b7:a8:ec:a8:8b:e2:b3:e3:71:8d:f0:6f:05:b1:78:e1:01:
52:ca:94:2e:a9:e6:90:33:ea:93:62:f6:12:d3:84:cc:af:88:
9c:36:5d:74
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZh+ZYH3BSHo+68EMqJdlcMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjUwODA2MDgwMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGNkMWQwZmUwYTc5NzY5NmFjOTYyZWYwOGFkN2VhMDc2MDExNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi15dAmmu+FMZDp9O1lm46ufQftA2
c3mhxd2MoBZ2Oia0A7NXmp0+StShDwphrTl7CMQDCjzu0LarSRh4nNNBNUU2cQfP
JU532VziH1fkjiJMuvxRCvqnDGnBes/O55JhKcKB2lMQM7peeoqrINVBPuBqwXfA
jrnNtIXQgXmDtzDoAH7Lnm2EuwF+a1RKt65VUuzVzD0U9Ryo6+zDPD5NpLXojq/r
u0NFyg/huxuXdPzw3fD2m1stEUQ2pxI9GrL7A5a+enrBz+eqHb8rCISK6zi0zhaF
en9j8kzO2VCZOHPctVbCgOC3Bl0PB5wuZYv0LRTl7Sfb3lp/Ja6lbEE2rwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFDDNHQ/gp5dpasli7witfqB2ARZWMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvTU0wZEQtQ25sMmxxeVdMdkNLMS1vSFlCRmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByAwQDWdAA
AwQDWdA4AwQDWdCAAwQCjeJ4AwQAk+oXAwQDk+xoAwQBk+x0AwQDk+x4AwQEk+yQ
AwQEk+ywAwQCuWxQAwQCuZX8AwQCuadsAwQCua8gAwQCubRkAwQCubZMAwQCubj0
AwQDvL/gAwQE2a9QMA0EAgACMAcDBQMqAHxAMA0GCSqGSIb3DQEBCwUAA4IBAQAx
eHTzdQzrNed75w2Ay80rlYKdrQGTw8p5MBXtUY581ufpwf5zuv0IpIPslyxSLrXa
gCuAAuwahhI/Bq/tkPYtQxydp8UuZD/fnVz1Lvl4HkUKK01OTMOD2DQy2Y/QmwxO
8dCgatExjHaJ94HWXgPiFJge6vXwQn9RVnkr7I7f2oAYgFKMQvTu4+OYyFZuv13u
+BZfGKRsag9jLY57ul56yHlweVEO7D1KqrvHgrar/26BXyNrp+U/vsX6IHMR8jA4
Dvo72GE/ff/+E96npsxKWRhXrVKWzncrt6jsqIvis+NxjfBvBbF44QFSypQuqeaQ
M+qTYvYS04TMr4icNl10
-----END CERTIFICATE-----
Generated at Sun Aug 10 18:51:24 2025 by rpki-client