Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hfiWsoXjgyP6mK97KnVdapNEuPs.roa
File: hfiWsoXjgyP6mK97KnVdapNEuPs.roa (raw, json)
Hash identifier: JLwmn2VtQRwjK2zoef0wz4sghGSQwaqi6qkIMGuPLbo=
Subject key identifier: 85:F8:96:B2:85:E3:83:23:FA:98:AF:7B:2A:75:5D:6A:93:44:B8:FB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0198793E1887879622494F2878BE0F2632DA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hfiWsoXjgyP6mK97KnVdapNEuPs.roa
Signing time: Tue 05 Aug 2025 07:59:29 +0000
ROA not before: Tue 05 Aug 2025 07:59:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 2.58.148.0/22 maxlen: 24
37.46.149.0/24 maxlen: 24
45.91.149.0/24 maxlen: 24
45.129.132.0/24 maxlen: 24
45.129.133.0/24 maxlen: 24
45.135.184.0/24 maxlen: 24
45.135.187.0/24 maxlen: 24
45.143.53.0/24 maxlen: 24
45.145.44.0/23 maxlen: 24
45.145.47.0/24 maxlen: 24
62.197.144.0/24 maxlen: 24
62.197.147.0/24 maxlen: 24
62.197.148.0/24 maxlen: 24
62.197.150.0/24 maxlen: 24
62.197.151.0/24 maxlen: 24
62.197.152.0/24 maxlen: 24
62.197.159.0/24 maxlen: 24
84.247.25.0/24 maxlen: 24
84.247.26.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
89.36.22.0/24 maxlen: 24
89.37.62.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
92.62.121.0/24 maxlen: 24
93.115.254.0/24 maxlen: 24
93.115.255.0/24 maxlen: 24
94.103.249.0/24 maxlen: 24
94.103.250.0/24 maxlen: 24
185.121.121.0/24 maxlen: 24
185.121.122.0/24 maxlen: 24
185.121.123.0/24 maxlen: 24
185.184.134.0/24 maxlen: 24
185.205.190.0/24 maxlen: 24
185.239.241.0/24 maxlen: 24
185.239.243.0/24 maxlen: 24
185.244.137.0/24 maxlen: 24
185.245.5.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.240.68.0/24 maxlen: 24
188.240.74.0/24 maxlen: 24
193.19.108.0/24 maxlen: 24
193.218.32.0/24 maxlen: 24
193.239.164.0/23 maxlen: 24
194.169.169.0/24 maxlen: 24
212.119.34.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 14:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:3e:18:87:87:96:22:49:4f:28:78:be:0f:26:32:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Aug 5 07:59:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85f896b285e38323fa98af7b2a755d6a9344b8fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:99:35:94:2f:48:b1:cc:f0:d6:79:db:3b:59:
7a:c6:bf:e8:4e:a8:8b:6f:0b:84:24:1f:0b:99:dd:
18:04:f5:90:0d:37:8a:54:29:f1:8e:21:c1:96:69:
8d:5a:e0:11:97:86:e8:0c:3d:57:6b:07:ac:d7:41:
1f:55:20:6c:97:de:2a:ac:b4:72:b3:be:f0:3f:a6:
66:d7:05:e6:5a:b6:b1:97:91:74:b4:6d:96:ab:5d:
0e:d6:e9:6f:33:e2:58:a1:ca:f1:e5:99:47:b0:ca:
06:f3:37:2b:1f:f7:75:f2:d8:cc:89:68:1c:9e:c8:
cb:81:4f:04:04:ed:c3:5e:1b:fc:66:67:2b:41:70:
59:3b:ff:73:fd:66:db:f7:ba:f1:2f:12:d0:bc:dd:
14:9f:75:b5:12:e1:0e:0c:ac:1e:3a:e3:95:d6:db:
08:37:d5:b1:57:7d:09:14:b4:2d:f2:4a:e8:1d:9d:
4f:99:1c:3f:92:bf:58:62:6e:54:ea:a8:88:27:c2:
12:73:7b:bc:ae:02:40:71:b9:40:f7:97:7e:e0:c5:
ca:ea:c4:c9:ba:fc:82:ca:87:8f:10:3a:a9:a8:88:
4c:47:9e:8a:15:79:44:dc:78:f1:4e:33:cc:51:b0:
a8:b4:ce:db:5a:5e:67:55:39:e5:b3:de:d1:f3:3c:
29:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:F8:96:B2:85:E3:83:23:FA:98:AF:7B:2A:75:5D:6A:93:44:B8:FB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hfiWsoXjgyP6mK97KnVdapNEuPs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.148.0/22
37.46.149.0/24
45.91.149.0/24
45.129.132.0/23
45.135.184.0/24
45.135.187.0/24
45.143.53.0/24
45.145.44.0/23
45.145.47.0/24
62.197.144.0/24
62.197.147.0-62.197.148.255
62.197.150.0-62.197.152.255
62.197.159.0/24
84.247.25.0-84.247.26.255
89.33.84.0/24
89.36.22.0/24
89.37.62.0/23
89.43.199.0/24
89.46.92.0/24
92.62.121.0/24
93.115.254.0/23
94.103.249.0-94.103.250.255
185.121.121.0-185.121.123.255
185.184.134.0/24
185.205.190.0/24
185.239.241.0/24
185.239.243.0/24
185.244.137.0/24
185.245.5.0/24
188.212.132.0/24
188.240.68.0/24
188.240.74.0/24
193.19.108.0/24
193.218.32.0/24
193.239.164.0/23
194.169.169.0/24
212.119.34.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:37:95:22:e5:20:0b:f6:bc:42:db:89:23:43:7a:1a:7a:dc:
4c:0b:ad:93:ba:ad:37:da:68:cc:fa:ec:0e:e8:85:8b:81:0f:
b7:62:2e:b7:c0:84:d6:6d:32:4e:d9:7b:01:d1:24:8d:cd:a6:
7a:26:a9:08:83:63:55:cc:cd:57:7f:aa:6c:97:f4:ae:eb:b2:
cf:37:d9:1f:c8:54:fa:12:e3:71:f2:a3:7e:82:bf:99:20:22:
af:42:c9:dc:e7:3b:ba:08:bf:bc:48:e4:bb:61:85:2b:88:8c:
c3:ef:ec:80:16:f0:d4:a8:4e:14:1c:5d:83:a7:e6:1d:04:ff:
18:68:29:a4:19:a1:ae:19:43:44:64:d0:1f:28:9c:64:91:ee:
63:1c:31:b8:3b:1f:bb:a4:d9:77:5e:45:bb:d1:67:e8:e0:82:
40:5c:06:95:e1:17:4e:e2:85:be:57:6b:e2:ce:7c:3d:19:0d:
06:f1:9b:a5:00:13:80:2f:4e:cd:6b:83:d1:a3:b5:ad:c9:cc:
5d:9d:25:42:2b:15:82:c7:69:d5:b3:10:60:85:90:29:0b:e3:
10:2c:75:34:30:72:66:33:46:f0:5e:e2:b4:06:1d:33:79:de:
7b:28:36:c7:77:f2:82:dc:9e:22:27:57:90:6e:40:f3:e9:15:
a8:4e:fc:bc
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAZh5PhiHh5YiSU8oeL4PJjLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwODA1MDc1OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY4OTZiMjg1ZTM4MzIzZmE5OGFmN2IyYTc1NWQ2YTkzNDRiOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJk1lC9Isczw1nnbO1l6xr/oTqiL
bwuEJB8Lmd0YBPWQDTeKVCnxjiHBlmmNWuARl4boDD1Xawes10EfVSBsl94qrLRy
s77wP6Zm1wXmWraxl5F0tG2Wq10O1ulvM+JYocrx5ZlHsMoG8zcrH/d18tjMiWgc
nsjLgU8EBO3DXhv8ZmcrQXBZO/9z/Wbb97rxLxLQvN0Un3W1EuEODKweOuOV1tsI
N9WxV30JFLQt8kroHZ1PmRw/kr9YYm5U6qiIJ8ISc3u8rgJAcblA95d+4MXK6sTJ
uvyCyoePEDqpqIhMR56KFXlE3HjxTjPMUbCotM7bWl5nVTnls97R8zwp/wIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFIX4lrKF44Mj+piveyp1XWqTRLj7MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaGZpV3NvWGpneVA2bUs5N0tuVmRhcE5FdVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEAgI6lAMEACUulQMEAC1blQMEAS2BhAMEAC2HuAMEAC2HuwMEAC2PNQMEAS2R
LAMEAC2RLwMEAD7FkDAMAwQAPsWTAwQAPsWUMAwDBAE+xZYDBAA+xZgDBAA+xZ8w
DAMEAFT3GQMEAFT3GgMEAFkhVAMEAFkkFgMEAVklPgMEAFkrxwMEAFkuXAMEAFw+
eQMEAV1z/jAMAwQAXmf5AwQAXmf6MAwDBAC5eXkDBAK5eXgDBAC5uIYDBAC5zb4D
BAC57/EDBAC57/MDBAC59IkDBAC59QUDBAC81IQDBAC88EQDBAC88EoDBADBE2wD
BADB2iADBAHB76QDBADCqakDBADUdyIwDQYJKoZIhvcNAQELBQADggEBADo3lSLl
IAv2vELbiSNDehp63EwLrZO6rTfaaMz67A7ohYuBD7diLrfAhNZtMk7ZewHRJI3N
pnomqQiDY1XMzVd/qmyX9K7rss832R/IVPoS43Hyo36Cv5kgIq9CydznO7oIv7xI
5LthhSuIjMPv7IAW8NSoThQcXYOn5h0E/xhoKaQZoa4ZQ0Rk0B8onGSR7mMcMbg7
H7uk2XdeRbvRZ+jggkBcBpXhF07ihb5Xa+LOfD0ZDQbxm6UAE4AvTs1rg9Gjta3J
zF2dJUIrFYLHadWzEGCFkCkL4xAsdTQwcmYzRvBe4rQGHTN53nsoNsd38oLcniIn
V5BuQPPpFahO/Lw=
-----END CERTIFICATE-----
Generated at Sat Aug 9 20:48:38 2025 by rpki-client