Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMbEMp6YgTuuJD6l3NnS5dWKPqw.roa
File: hMbEMp6YgTuuJD6l3NnS5dWKPqw.roa (raw, json)
Hash identifier: +5eDs7lqzgi1Ho8MuXqITRUpQvwjHSWExWTaESIFllA=
Subject key identifier: 84:C6:C4:32:9E:98:81:3B:AE:24:3E:A5:DC:D9:D2:E5:D5:8A:3E:AC
Certificate issuer: /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial: 019A0670BDBFE29DF393BBF8E9DB7F6D5F37
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMbEMp6YgTuuJD6l3NnS5dWKPqw.roa
Signing time: Tue 21 Oct 2025 11:04:03 +0000
ROA not before: Tue 21 Oct 2025 11:04:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 86.104.215.0/24 maxlen: 24
89.32.200.0/24 maxlen: 24
89.32.204.0/24 maxlen: 24
89.33.83.0/24 maxlen: 24
89.47.34.0/24 maxlen: 24
103.47.52.0/22 maxlen: 22
162.218.158.0/24 maxlen: 24
188.215.5.0/24 maxlen: 24
194.26.149.0/24 maxlen: 24
212.102.116.0/24 maxlen: 24
2a07:4a80::/29 maxlen: 29
2a0a:eb00::/32 maxlen: 32
2a0a:eb01::/32 maxlen: 32
2a0a:eb02::/32 maxlen: 32
2a0a:eb03::/32 maxlen: 32
2a0a:eb04::/32 maxlen: 32
2a0a:eb05::/32 maxlen: 32
2a0a:eb06::/32 maxlen: 32
2a0a:eb07::/32 maxlen: 32
2a0f:c840::/32 maxlen: 32
2a0f:c841::/32 maxlen: 32
2a0f:c842::/32 maxlen: 32
2a0f:c843::/32 maxlen: 32
2a0f:c844::/32 maxlen: 32
2a0f:c845::/32 maxlen: 32
2a0f:c846::/32 maxlen: 32
2a0f:c847::/32 maxlen: 32
2a11:3bc0::/32 maxlen: 32
2a11:3bc1::/32 maxlen: 32
2a11:3bc2::/32 maxlen: 32
2a11:3bc3::/32 maxlen: 32
2a11:3bc4::/32 maxlen: 32
2a11:3bc5::/32 maxlen: 32
2a11:3bc6::/32 maxlen: 32
2a11:3bc7::/32 maxlen: 32
2a12:7700::/32 maxlen: 32
2a12:7701::/32 maxlen: 32
2a12:7702::/32 maxlen: 32
2a12:7703::/32 maxlen: 32
2a12:7704::/32 maxlen: 32
2a12:7705::/32 maxlen: 32
2a12:7706::/32 maxlen: 32
2a12:7707::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 11:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:70:bd:bf:e2:9d:f3:93:bb:f8:e9:db:7f:6d:5f:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Validity
Not Before: Oct 21 11:04:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84c6c4329e98813bae243ea5dcd9d2e5d58a3eac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:8b:ab:aa:28:48:b1:04:cd:3d:0d:10:70:a4:
e8:21:f4:71:fb:28:60:c7:eb:ba:2c:98:73:0a:d9:
87:58:34:82:3d:d6:4d:f6:14:6c:59:37:c3:f4:b5:
bd:90:fb:9c:35:36:b8:b1:91:22:4f:61:93:ff:80:
2d:1f:37:da:d1:a9:1a:7c:79:6e:69:ea:79:5e:8e:
a8:81:71:a6:4a:cc:b1:54:59:cd:92:c9:f9:a7:e9:
d8:f9:45:c7:56:5d:2f:36:f5:ee:46:da:fe:8e:bd:
86:f9:4b:7a:26:df:e0:86:23:28:cb:fe:88:c6:b6:
fa:62:a2:f2:d1:ed:f5:9b:0e:eb:f2:29:9d:1a:ed:
c0:45:3b:bc:1a:4f:13:39:be:b3:ed:81:a8:f3:7a:
12:9a:d2:a2:d7:0e:30:05:ee:f1:d8:89:cd:01:f1:
31:17:2e:d9:1e:e9:cc:d3:1c:ac:09:f2:90:3b:f6:
47:10:3d:6e:8f:83:13:9d:82:20:a2:06:d0:62:8b:
25:39:36:69:f5:b1:36:ef:7f:9e:38:42:5c:fd:7f:
25:27:cc:0f:26:b1:6e:db:e1:2f:bc:70:19:ad:29:
38:9a:ac:04:0c:84:c4:41:db:85:49:78:31:83:01:
ad:7c:eb:57:da:a9:15:47:e2:52:52:05:32:cf:20:
04:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:C6:C4:32:9E:98:81:3B:AE:24:3E:A5:DC:D9:D2:E5:D5:8A:3E:AC
X509v3 Authority Key Identifier:
keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/hMbEMp6YgTuuJD6l3NnS5dWKPqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.215.0/24
89.32.200.0/24
89.32.204.0/24
89.33.83.0/24
89.47.34.0/24
103.47.52.0/22
162.218.158.0/24
188.215.5.0/24
194.26.149.0/24
212.102.116.0/24
IPv6:
2a07:4a80::/29
2a0a:eb00::/29
2a0f:c840::/29
2a11:3bc0::/29
2a12:7700::/29
Signature Algorithm: sha256WithRSAEncryption
8a:f3:d1:2b:10:d2:c4:29:a4:83:67:11:c6:67:4c:79:c5:d8:
33:b2:4c:64:b2:e2:b5:74:e1:cc:4a:97:2e:5a:e6:86:75:09:
78:79:7b:31:be:82:cb:e3:d2:54:8a:00:45:bb:c4:17:c6:b0:
d6:fb:ce:71:1f:0c:76:7d:a5:75:fa:57:85:64:d7:dd:5d:9e:
cd:04:55:f5:6b:64:65:19:1d:19:a8:de:2d:8f:14:d1:d3:6d:
9c:f7:5f:ec:5b:1d:1d:0a:17:59:b7:c8:69:fe:2c:c7:c0:a0:
78:2f:ab:47:3f:55:b2:a4:4b:58:79:95:b1:c9:94:46:ca:d5:
8a:53:b9:17:8b:44:77:1b:3c:7b:77:06:e6:63:08:8e:88:e3:
39:db:e5:67:4d:39:92:67:e3:a4:ac:60:46:18:e8:30:79:67:
d1:69:f9:4b:fc:39:1b:14:e8:81:ea:9d:0b:18:b0:96:c2:be:
a2:4e:0b:97:31:ba:19:c8:b1:ba:09:62:72:66:29:14:14:19:
55:0e:23:82:bc:f1:fe:0b:46:a2:d0:00:a4:54:1f:e9:5b:ec:
fe:52:ee:99:d8:12:1e:4d:4a:e7:ce:7c:c5:80:3a:3a:7c:97:
76:71:6e:6f:82:50:77:d1:a0:31:72:06:c1:53:5b:03:9b:ff:
ef:da:96:68
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAZoGcL2/4p3zk7v46dt/bV83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjUxMDIxMTEwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM2YzQzMjllOTg4MTNiYWUyNDNlYTVkY2Q5ZDJlNWQ1OGEzZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ourqihIsQTNPQ0QcKToIfRx+yhg
x+u6LJhzCtmHWDSCPdZN9hRsWTfD9LW9kPucNTa4sZEiT2GT/4AtHzfa0akafHlu
aep5Xo6ogXGmSsyxVFnNksn5p+nY+UXHVl0vNvXuRtr+jr2G+Ut6Jt/ghiMoy/6I
xrb6YqLy0e31mw7r8imdGu3ARTu8Gk8TOb6z7YGo83oSmtKi1w4wBe7x2InNAfEx
Fy7ZHunM0xysCfKQO/ZHED1uj4MTnYIgogbQYoslOTZp9bE273+eOEJc/X8lJ8wP
JrFu2+EvvHAZrSk4mqwEDITEQduFSXgxgwGtfOtX2qkVR+JSUgUyzyAEFQIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFITGxDKemIE7riQ+pdzZ0uXVij6sMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvaE1iRU1wNllnVHV1SkQ2bDNOblM1ZFdLUHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wQgQCAAEwPAMEAFZo1wME
AFkgyAMEAFkgzAMEAFkhUwMEAFkvIgMEAmcvNAMEAKLangMEALzXBQMEAMIalQME
ANRmdDApBAIAAjAjAwUDKgdKgAMFAyoK6wADBQMqD8hAAwUDKhE7wAMFAyoSdwAw
DQYJKoZIhvcNAQELBQADggEBAIrz0SsQ0sQppINnEcZnTHnF2DOyTGSy4rV04cxK
ly5a5oZ1CXh5ezG+gsvj0lSKAEW7xBfGsNb7znEfDHZ9pXX6V4Vk191dns0EVfVr
ZGUZHRmo3i2PFNHTbZz3X+xbHR0KF1m3yGn+LMfAoHgvq0c/VbKkS1h5lbHJlEbK
1YpTuReLRHcbPHt3BuZjCI6I4znb5WdNOZJn46SsYEYY6DB5Z9Fp+Uv8ORsU6IHq
nQsYsJbCvqJOC5cxuhnIsboJYnJmKRQUGVUOI4K88f4LRqLQAKRUH+lb7P5S7pnY
Eh5NSufOfMWAOjp8l3Zxbm+CUHfRoDFyBsFTWwOb/+/almg=
-----END CERTIFICATE-----
Generated at Wed Nov 5 16:00:07 2025 by rpki-client