Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/FmAmhG0AvPG6yVB64Qfw6xRip4M.roa
File: FmAmhG0AvPG6yVB64Qfw6xRip4M.roa (raw, json)
Hash identifier: 84/kBc6q38BYMUmioROiS2CF0R9+3DZAaiOiDJ9PSD4=
Subject key identifier: 16:60:26:84:6D:00:BC:F1:BA:C9:50:7A:E1:07:F0:EB:14:62:A7:83
Certificate issuer: /CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
Certificate serial: 01980D8D6B378674BCB0F84EA4878F62B241
Authority key identifier: 0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/FmAmhG0AvPG6yVB64Qfw6xRip4M.roa
Signing time: Tue 15 Jul 2025 10:07:08 +0000
ROA not before: Tue 15 Jul 2025 10:07:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12601
IP address blocks: 64.126.192.0/23 maxlen: 23
64.126.194.0/23 maxlen: 23
64.126.200.0/22 maxlen: 22
64.126.208.0/24 maxlen: 24
64.126.209.0/24 maxlen: 24
64.126.212.0/22 maxlen: 22
64.126.212.0/24 maxlen: 24
80.94.176.0/22 maxlen: 22
80.94.182.0/23 maxlen: 23
80.94.184.0/24 maxlen: 24
80.94.185.0/24 maxlen: 24
80.94.188.0/23 maxlen: 23
185.113.40.0/22 maxlen: 22
185.194.80.0/22 maxlen: 22
185.211.140.0/22 maxlen: 22
194.5.134.0/24 maxlen: 24
194.126.236.0/24 maxlen: 24
213.159.9.0/24 maxlen: 24
2a00:1220:4000::/34 maxlen: 34
2a00:1220:8000::/34 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl
rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.mft
rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 13:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0d:8d:6b:37:86:74:bc:b0:f8:4e:a4:87:8f:62:b2:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
Validity
Not Before: Jul 15 10:07:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=166026846d00bcf1bac9507ae107f0eb1462a783
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7a:c9:63:34:b0:a7:25:d8:7d:6c:fd:b9:e0:
f1:d3:74:b0:e2:8c:4b:7d:39:8f:9a:59:d9:dc:3a:
24:08:17:86:b1:53:7b:8c:7e:78:03:77:6a:33:06:
f9:01:99:eb:c0:27:a1:0e:bc:c7:e5:37:79:72:19:
4b:f2:e2:67:83:d6:52:47:9c:42:fd:6a:57:0a:e8:
04:eb:60:bb:ff:ce:b8:ba:17:25:e3:24:b0:e5:91:
2e:b3:16:80:34:ee:37:36:8b:98:98:cf:52:e7:43:
d6:06:c9:1b:9d:7b:94:7f:e6:6b:8f:4c:c6:e2:b1:
dd:21:68:59:3d:5c:de:78:b4:d3:4c:12:be:ff:34:
b9:20:77:16:02:f5:d9:a4:03:1a:a0:35:de:09:01:
c2:a9:9e:86:bc:70:54:ba:cf:9e:ec:a5:50:5d:ca:
a8:86:b0:ee:d2:5a:c6:fb:9e:77:39:98:c3:3a:06:
ed:c3:ec:11:96:9a:6e:7a:85:5b:7f:fc:e4:11:93:
bc:3c:5f:e9:a8:14:66:c7:8b:e4:bb:83:0f:ba:3f:
11:f2:18:49:f0:23:85:36:f0:21:d7:ba:ae:3b:bd:
88:92:a3:4a:d5:8b:71:db:e9:fb:c1:01:93:fd:b5:
e0:cb:59:98:30:9c:ca:08:f5:90:13:23:e4:70:39:
6d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:60:26:84:6D:00:BC:F1:BA:C9:50:7A:E1:07:F0:EB:14:62:A7:83
X509v3 Authority Key Identifier:
keyid:0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/FmAmhG0AvPG6yVB64Qfw6xRip4M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.126.192.0/22
64.126.200.0/22
64.126.208.0/23
64.126.212.0/22
80.94.176.0/22
80.94.182.0-80.94.185.255
80.94.188.0/23
185.113.40.0/22
185.194.80.0/22
185.211.140.0/22
194.5.134.0/24
194.126.236.0/24
213.159.9.0/24
IPv6:
2a00:1220:4000::-2a00:1220:bfff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
84:25:11:a1:02:86:d6:dc:6e:64:7f:f6:d1:43:8d:e6:df:40:
ee:73:8a:e6:8b:13:b3:17:ad:a8:11:6f:30:bc:e9:72:11:8f:
28:9a:5a:99:d3:9a:c1:19:c2:96:5d:af:eb:9b:55:81:0c:2e:
2b:bf:bc:7d:88:03:5c:0b:55:59:a7:df:cd:c7:05:52:40:b1:
aa:2d:55:4f:a8:ca:d2:b1:56:bc:97:14:4b:21:04:a4:8c:a9:
85:40:87:de:83:b0:cb:75:51:75:69:55:e3:52:c3:33:05:0f:
cd:1a:c6:b1:1f:ac:a5:b5:1f:93:20:43:f3:70:97:76:b9:53:
cd:d4:91:24:47:f7:82:b4:b0:01:72:6e:40:96:ca:ff:54:13:
2e:a5:f1:53:87:fd:f6:93:ec:85:14:eb:02:84:55:2b:f2:b6:
42:23:f3:17:1e:f1:10:82:aa:f5:68:69:53:47:50:04:c2:07:
f0:98:dc:47:35:2c:06:c5:e3:09:34:bc:cb:31:7c:bc:2e:d8:
0a:f4:01:cc:9d:e7:8a:f7:38:ee:bd:ab:4c:2f:dd:0c:88:84:
11:a0:a0:12:cd:e2:1f:92:67:7c:c9:de:1f:af:92:4f:c5:b1:
c1:31:f2:f9:e7:08:d9:a8:29:6f:06:0c:c4:3d:7b:78:d6:7e:
ec:58:82:58
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAZgNjWs3hnS8sPhOpIePYrJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhOTI1ZjhkNjY4NGM4NjEwN2QyNzU2YjRhYTkzODgx
ZjAyYWUwHhcNMjUwNzE1MTAwNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjYwMjY4NDZkMDBiY2YxYmFjOTUwN2FlMTA3ZjBlYjE0NjJhNzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHrJYzSwpyXYfWz9ueDx03Sw4oxL
fTmPmlnZ3DokCBeGsVN7jH54A3dqMwb5AZnrwCehDrzH5Td5chlL8uJng9ZSR5xC
/WpXCugE62C7/864uhcl4ySw5ZEusxaANO43NouYmM9S50PWBskbnXuUf+Zrj0zG
4rHdIWhZPVzeeLTTTBK+/zS5IHcWAvXZpAMaoDXeCQHCqZ6GvHBUus+e7KVQXcqo
hrDu0lrG+553OZjDOgbtw+wRlppueoVbf/zkEZO8PF/pqBRmx4vku4MPuj8R8hhJ
8COFNvAh17quO72IkqNK1Ytx2+n7wQGT/bXgy1mYMJzKCPWQEyPkcDltfwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFBZgJoRtALzxuslQeuEH8OsUYqeDMB8GA1UdIwQY
MBaAFApBqSX41mhMhhB9J1a0qpOIHwKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDkt
MzQyMDY4NGM3ZTQxLzEvRm1BbWhHMEF2UEc2eVZCNjRRZnc2eFJpcDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDktMzQyMDY4NGM3ZTQx
LzEvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwXAQCAAEwVgMEAkB+wAME
AkB+yAMEAUB+0AMEAkB+1AMEAlBesDAMAwQBUF62AwQBUF64AwQBUF68AwQCuXEo
AwQCucJQAwQCudOMAwQAwgWGAwQAwn7sAwQA1Z8JMBgEAgACMBIwEAMGBioAEiBA
AwYGKgASIIAwDQYJKoZIhvcNAQELBQADggEBAIQlEaEChtbcbmR/9tFDjebfQO5z
iuaLE7MXragRbzC86XIRjyiaWpnTmsEZwpZdr+ubVYEMLiu/vH2IA1wLVVmn383H
BVJAsaotVU+oytKxVryXFEshBKSMqYVAh96DsMt1UXVpVeNSwzMFD80axrEfrKW1
H5MgQ/Nwl3a5U83UkSRH94K0sAFybkCWyv9UEy6l8VOH/faT7IUU6wKEVSvytkIj
8xce8RCCqvVoaVNHUATCB/CY3Ec1LAbF4wk0vMsxfLwu2Ar0Acyd54r3OO69q0wv
3QyIhBGgoBLN4h+SZ3zJ3h+vkk/FscEx8vnnCNmoKW8GDMQ9e3jWfuxYglg=
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:46:13 2025 by rpki-client