Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hN3VLst09YDmLZL13fMUaDvaQs8.roa
File: hN3VLst09YDmLZL13fMUaDvaQs8.roa (raw, json)
Hash identifier: e7tT/ZrVhZKHcoCYfAOzec0rHr91pViqVyx1EXX1NnY=
Subject key identifier: 84:DD:D5:2E:CB:74:F5:80:E6:2D:92:F5:DD:F3:14:68:3B:DA:42:CF
Certificate issuer: /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial: 0198503C4B13378BC36C196B01F9001C0C60
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hN3VLst09YDmLZL13fMUaDvaQs8.roa
Signing time: Mon 28 Jul 2025 08:53:05 +0000
ROA not before: Mon 28 Jul 2025 08:53:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213541
IP address blocks: 89.19.56.0/24 maxlen: 24
89.19.57.0/24 maxlen: 24
89.19.58.0/24 maxlen: 24
89.19.59.0/24 maxlen: 24
185.68.245.0/24 maxlen: 24
185.81.184.0/23 maxlen: 23
185.81.186.0/23 maxlen: 23
185.89.104.0/22 maxlen: 22
185.89.108.0/22 maxlen: 22
185.98.43.0/24 maxlen: 24
185.101.203.0/24 maxlen: 24
185.104.151.0/24 maxlen: 24
185.175.224.0/23 maxlen: 23
213.170.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 11:52:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:50:3c:4b:13:37:8b:c3:6c:19:6b:01:f9:00:1c:0c:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
Validity
Not Before: Jul 28 08:53:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84ddd52ecb74f580e62d92f5ddf314683bda42cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:33:37:e4:b4:e2:0a:2e:2a:ee:59:c9:b0:b2:
0f:4e:3a:16:a4:65:a2:db:3f:ac:e6:7c:67:6c:a2:
7d:44:1f:a3:c6:07:41:5a:6a:75:35:07:93:91:58:
15:99:e9:33:ac:ce:6b:e2:a8:a3:7e:a3:27:9a:80:
5b:b9:d4:5b:ef:ac:0f:60:6c:9c:f2:b0:e2:70:9d:
51:9b:45:5a:41:6c:5e:6f:8c:d8:4a:83:5b:22:d2:
49:e5:10:03:9d:6b:32:ec:f9:38:5e:64:84:94:6f:
d6:a9:1a:08:dc:ff:04:f8:03:f6:0b:2e:47:c4:23:
69:cd:4a:04:cd:9c:ec:4b:42:f1:00:75:fd:fa:c8:
8e:4a:1b:c3:2b:7f:a7:82:c6:f3:ed:70:81:e7:f4:
78:80:52:90:5c:d9:ad:e0:54:47:2a:c9:6e:cc:f5:
6d:ca:b3:05:e5:1d:bf:b7:81:a6:f8:b6:23:79:56:
b4:40:fb:1e:e8:12:ef:09:7f:22:28:0d:0b:58:09:
72:aa:67:11:0c:c2:28:bd:ae:14:45:19:aa:59:5a:
26:d2:52:1b:b5:ca:9e:71:99:4e:bb:6c:0e:cd:06:
a4:fc:c8:a8:5f:66:bd:56:13:95:cb:46:33:5e:91:
f2:c2:a6:f2:e3:ab:fd:26:b8:b2:b6:73:8f:c7:04:
72:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:DD:D5:2E:CB:74:F5:80:E6:2D:92:F5:DD:F3:14:68:3B:DA:42:CF
X509v3 Authority Key Identifier:
keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hN3VLst09YDmLZL13fMUaDvaQs8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.56.0/22
185.68.245.0/24
185.81.184.0/22
185.89.104.0/21
185.98.43.0/24
185.101.203.0/24
185.104.151.0/24
185.175.224.0/23
213.170.223.0/24
Signature Algorithm: sha256WithRSAEncryption
17:a4:dd:02:69:38:b9:6f:87:ea:84:13:c7:e8:55:5c:f1:49:
25:36:e6:46:6f:a6:d9:cf:31:df:2a:da:80:1f:f7:5a:82:25:
c5:7c:65:e4:e6:d7:b2:f1:2c:6f:ed:2c:ac:c7:29:55:b4:4c:
ba:92:04:d3:af:7f:0c:5f:c3:6b:5d:6a:4e:06:49:d6:3a:6b:
a3:05:83:80:5f:16:f3:05:c9:c7:26:65:46:c2:6a:98:ba:c8:
ba:f3:6c:5d:56:76:a1:52:36:59:f9:30:d6:a5:06:38:d5:bd:
99:97:9e:e0:f4:cc:11:6f:f0:5e:f4:04:1a:83:ab:0b:7b:4d:
cc:e3:33:f1:67:63:e5:31:9a:63:5c:97:02:6c:8c:fc:31:7a:
b0:e3:69:88:3b:2a:96:54:24:ff:0c:38:e1:69:79:57:32:f3:
fe:ee:81:9e:9a:61:ef:5a:ae:86:b2:07:a9:41:c4:1f:df:05:
f0:26:4e:e9:57:d7:de:d6:00:bc:4f:fc:0b:0b:d4:16:cc:08:
1c:17:f9:6c:4e:3f:c7:3d:0f:fc:41:21:59:17:fe:1b:f3:9e:
25:dd:be:2b:48:d8:9e:f7:23:8a:b3:84:4c:c5:3e:c2:4b:bf:
22:90:14:81:e5:7d:48:d4:02:0a:26:07:85:ca:d4:bc:0d:7f:
3d:09:e8:f0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZhQPEsTN4vDbBlrAfkAHAxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwNzI4MDg1MzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGRkZDUyZWNiNzRmNTgwZTYyZDkyZjVkZGYzMTQ2ODNiZGE0MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozM35LTiCi4q7lnJsLIPTjoWpGWi
2z+s5nxnbKJ9RB+jxgdBWmp1NQeTkVgVmekzrM5r4qijfqMnmoBbudRb76wPYGyc
8rDicJ1Rm0VaQWxeb4zYSoNbItJJ5RADnWsy7Pk4XmSElG/WqRoI3P8E+AP2Cy5H
xCNpzUoEzZzsS0LxAHX9+siOShvDK3+ngsbz7XCB5/R4gFKQXNmt4FRHKsluzPVt
yrMF5R2/t4Gm+LYjeVa0QPse6BLvCX8iKA0LWAlyqmcRDMIova4URRmqWVom0lIb
tcqecZlOu2wOzQak/MioX2a9VhOVy0YzXpHywqby46v9JriytnOPxwRyhQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFITd1S7LdPWA5i2S9d3zFGg72kLPMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvaE4zVkxzdDA5WURtTFpMMTNmTVVhRHZhUXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCWRM4AwQA
uUT1AwQCuVG4AwQDuVloAwQAuWIrAwQAuWXLAwQAuWiXAwQBua/gAwQA1arfMA0G
CSqGSIb3DQEBCwUAA4IBAQAXpN0CaTi5b4fqhBPH6FVc8UklNuZGb6bZzzHfKtqA
H/dagiXFfGXk5tey8Sxv7SysxylVtEy6kgTTr38MX8NrXWpOBknWOmujBYOAXxbz
BcnHJmVGwmqYusi682xdVnahUjZZ+TDWpQY41b2Zl57g9MwRb/Be9AQag6sLe03M
4zPxZ2PlMZpjXJcCbIz8MXqw42mIOyqWVCT/DDjhaXlXMvP+7oGemmHvWq6Gsgep
QcQf3wXwJk7pV9fe1gC8T/wLC9QWzAgcF/lsTj/HPQ/8QSFZF/4b854l3b4rSNie
9yOKs4RMxT7CS78ikBSB5X1I1AIKJgeFytS8DX89Cejw
-----END CERTIFICATE-----
Generated at Mon Aug 4 14:21:43 2025 by rpki-client