Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nFWcPUB8Yu-qC83w47KxHjtdRME.roa
File: nFWcPUB8Yu-qC83w47KxHjtdRME.roa (raw, json)
Hash identifier: VY34vWMWWMGU7AM2IQR21bdut9JE5a8hqnF0EsR1P9Y=
Subject key identifier: 9C:55:9C:3D:40:7C:62:EF:AA:0B:CD:F0:E3:B2:B1:1E:3B:5D:44:C1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019870E86DAD03C1CE3532D2A0FDCB85E2BE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nFWcPUB8Yu-qC83w47KxHjtdRME.roa
Signing time: Sun 03 Aug 2025 17:08:57 +0000
ROA not before: Sun 03 Aug 2025 17:08:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 81.5.189.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.69.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.159.0/24 maxlen: 24
82.153.217.0/24 maxlen: 24
89.213.0.0/22 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.55.0/24 maxlen: 24
89.213.56.0/22 maxlen: 22
89.213.105.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.151.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.183.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.225.0/24 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.14.0/24 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.20.0/24 maxlen: 24
109.176.25.0/24 maxlen: 24
109.176.193.0/24 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
185.101.47.0/24 maxlen: 24
194.105.76.0/22 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.130.132.0/22 maxlen: 22
213.130.134.0/23 maxlen: 24
213.130.154.0/24 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.208.0/24 maxlen: 24
213.218.211.0/24 maxlen: 24
213.218.239.0/24 maxlen: 24
213.218.244.0/22 maxlen: 22
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
217.145.78.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 02:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:70:e8:6d:ad:03:c1:ce:35:32:d2:a0:fd:cb:85:e2:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 3 17:08:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c559c3d407c62efaa0bcdf0e3b2b11e3b5d44c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d7:dc:25:be:83:4f:7f:3a:34:e9:6e:f6:a4:
b1:ed:f7:5f:a1:3d:28:4b:03:fb:48:f9:3a:45:b7:
49:08:e5:cb:fb:fd:a1:f0:42:92:52:6c:6f:fd:b8:
2b:3d:3a:56:24:21:db:d2:87:5f:3d:11:9c:a9:99:
e5:f0:3d:97:ae:65:3e:e8:32:f4:9e:f4:dd:3c:1d:
dc:22:85:d2:f7:25:30:e0:89:34:4c:69:c8:14:f2:
78:f0:ea:06:59:3b:11:82:3a:95:19:f8:eb:86:5e:
c9:34:8e:c8:e2:aa:16:a4:fe:01:2e:29:61:d3:64:
ed:26:d1:be:bd:2d:14:b0:ee:b9:15:89:c3:8e:54:
4f:b1:1f:7e:e5:d4:6a:2b:2e:d4:a4:63:bc:44:9c:
93:dc:a3:1b:9e:48:78:8a:8a:48:3e:17:a7:0f:73:
16:fe:82:4d:02:c5:9f:ee:81:e2:b1:12:2d:2d:bd:
74:b8:49:4d:d6:57:8a:ba:e6:db:07:07:6c:3e:95:
8e:56:c5:16:f5:ea:d6:f7:0f:be:26:e2:c7:0d:b2:
8e:03:bc:5d:d6:df:29:bf:9d:9e:0e:15:a9:a1:84:
ef:18:6e:24:b5:2f:11:81:46:1f:33:b6:c3:7d:10:
af:5e:1d:56:ca:4d:a9:1d:6b:2c:ca:16:3e:87:c7:
08:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:55:9C:3D:40:7C:62:EF:AA:0B:CD:F0:E3:B2:B1:1E:3B:5D:44:C1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nFWcPUB8Yu-qC83w47KxHjtdRME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
82.152.8.0/24
82.152.176.0/23
82.153.69.0/24
82.153.136.0/22
82.153.159.0/24
82.153.217.0/24
89.213.0.0/22
89.213.44.0/23
89.213.50.0/23
89.213.55.0-89.213.59.255
89.213.105.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0/24
89.213.151.0-89.213.159.255
89.213.172.0/22
89.213.183.0/24
89.213.196.0-89.213.207.255
89.213.225.0/24
89.213.228.0-89.213.239.255
109.176.14.0/24
109.176.16.0/21
109.176.25.0/24
109.176.193.0/24
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
185.101.47.0/24
194.105.76.0-194.105.95.255
212.38.79.0/24
212.38.88.0/23
213.130.132.0/22
213.130.154.0/24
213.152.43.0/24
213.210.52.0/22
213.218.208.0/24
213.218.211.0/24
213.218.239.0/24
213.218.244.0/22
217.145.66.0/24
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
05:e0:d3:aa:f3:8c:86:08:8c:1a:0b:1f:fe:60:ae:4b:fa:04:
5a:b6:b0:2e:ec:59:36:5a:93:7f:de:4e:e3:37:ee:93:1d:33:
7b:d1:a7:8d:d7:43:4f:fd:55:6d:d8:32:b1:9f:22:17:67:3a:
66:a1:cf:a6:a1:71:94:dc:92:70:5f:e9:ac:e9:cc:67:ec:6c:
b1:c1:3b:38:78:d7:48:0b:0d:ce:6e:ed:f8:f2:5a:2b:84:83:
fa:cd:87:e3:82:fd:f1:47:31:6e:c1:3d:b7:b8:e4:18:48:e1:
5b:27:1b:77:f6:d1:83:10:95:d4:2e:c7:67:be:1b:70:f1:ba:
08:80:4e:fd:b1:0f:4f:d1:e5:c0:30:52:39:01:42:0c:25:43:
8a:30:d9:fc:5f:08:df:dd:9f:78:7e:84:bd:65:ac:90:2d:cb:
e3:52:fa:68:8a:d1:03:45:fc:07:90:e5:c6:b5:a3:c1:ce:1e:
8f:b0:31:9d:da:84:6f:77:df:d3:05:25:b5:bb:dc:be:30:33:
53:ef:b8:4f:08:1c:10:bd:cf:80:a7:20:6a:9f:57:4e:f3:f6:
7a:ec:03:4a:7e:54:e1:85:dc:98:63:58:7e:15:7a:b4:42:f3:
88:4d:68:b4:49:0f:eb:da:4a:c1:5b:2c:2e:d8:92:e3:ae:55:
22:30:1c:49
-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgISAZhw6G2tA8HONTLSoP3LheK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODAzMTcwODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzU1OWMzZDQwN2M2MmVmYWEwYmNkZjBlM2IyYjExZTNiNWQ0NGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstfcJb6DT386NOlu9qSx7fdfoT0o
SwP7SPk6RbdJCOXL+/2h8EKSUmxv/bgrPTpWJCHb0odfPRGcqZnl8D2XrmU+6DL0
nvTdPB3cIoXS9yUw4Ik0TGnIFPJ48OoGWTsRgjqVGfjrhl7JNI7I4qoWpP4BLilh
02TtJtG+vS0UsO65FYnDjlRPsR9+5dRqKy7UpGO8RJyT3KMbnkh4iopIPhenD3MW
/oJNAsWf7oHisRItLb10uElN1leKuubbBwdsPpWOVsUW9erW9w++JuLHDbKOA7xd
1t8pv52eDhWpoYTvGG4ktS8RgUYfM7bDfRCvXh1Wyk2pHWssyhY+h8cIVQIDAQAB
o4IDMTCCAy0wHQYDVR0OBBYEFJxVnD1AfGLvqgvN8OOysR47XUTBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbkZXY1BVQjhZdS1xQzgzdzQ3S3hIanRkUk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRQYIKwYBBQUHAQcBAf8EggE0MIIBMDCCASwEAgABMIIB
JAMEAFEFvQMEAFKYCAMEAVKYsAMEAFKZRQMEAlKZiAMEAFKZnwMEAFKZ2QMEAlnV
AAMEAVnVLAMEAVnVMjAMAwQAWdU3AwQCWdU4AwQAWdVpAwQAWdWLAwQAWdWPAwQA
WdWRMAwDBABZ1ZcDBAVZ1YADBAJZ1awDBABZ1bcwDAMEAlnVxAMEBFnVwAMEAFnV
4TAMAwQCWdXkAwQEWdXgAwQAbbAOAwQDbbAQAwQAbbAZAwQAbbDBAwQCbbDMAwQB
bbDyAwQBuTF+AwQAuWUvMAwDBALCaUwDBAXCaUADBADUJk8DBAHUJlgDBALVgoQD
BADVgpoDBADVmCsDBALV0jQDBADV2tADBADV2tMDBADV2u8DBALV2vQDBADZkUID
BAPZkUgwDQYJKoZIhvcNAQELBQADggEBAAXg06rzjIYIjBoLH/5grkv6BFq2sC7s
WTZak3/eTuM37pMdM3vRp43XQ0/9VW3YMrGfIhdnOmahz6ahcZTcknBf6azpzGfs
bLHBOzh410gLDc5u7fjyWiuEg/rNh+OC/fFHMW7BPbe45BhI4VsnG3f20YMQldQu
x2e+G3DxugiATv2xD0/R5cAwUjkBQgwlQ4ow2fxfCN/dn3h+hL1lrJAty+NS+miK
0QNF/AeQ5ca1o8HOHo+wMZ3ahG9339MFJbW73L4wM1PvuE8IHBC9z4CnIGqfV07z
9nrsA0p+VOGF3JhjWH4VerRC84hNaLRJD+vaSsFbLC7YkuOuVSIwHEk=
-----END CERTIFICATE-----
Generated at Mon Aug 4 07:38:46 2025 by rpki-client