Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/O-hSqjsXTarqcmJ8KiwOcTJG-A4.roa
File: O-hSqjsXTarqcmJ8KiwOcTJG-A4.roa (raw, json)
Hash identifier: OpOaNra4853OCd93vs02rnMEHFNUBF/TyETYBdrUWV0=
Subject key identifier: 3B:E8:52:AA:3B:17:4D:AA:EA:72:62:7C:2A:2C:0E:71:32:46:F8:0E
Certificate issuer: /CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Certificate serial: 019739AEF97C84BC9EB8A511BE84BD39010D
Authority key identifier: 7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/O-hSqjsXTarqcmJ8KiwOcTJG-A4.roa
Signing time: Wed 04 Jun 2025 06:44:17 +0000
ROA not before: Wed 04 Jun 2025 06:44:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200521
IP address blocks: 192.148.208.0/24 maxlen: 24
192.148.209.0/24 maxlen: 24
192.148.210.0/24 maxlen: 24
192.148.211.0/24 maxlen: 24
192.148.212.0/24 maxlen: 24
192.148.213.0/24 maxlen: 24
192.148.214.0/24 maxlen: 24
192.148.215.0/24 maxlen: 24
192.187.16.0/24 maxlen: 24
192.187.17.0/24 maxlen: 24
192.187.18.0/24 maxlen: 24
192.187.19.0/24 maxlen: 24
192.187.20.0/24 maxlen: 24
192.187.21.0/24 maxlen: 24
192.187.22.0/24 maxlen: 24
192.187.23.0/24 maxlen: 24
212.128.88.0/24 maxlen: 24
212.128.96.0/22 maxlen: 22
212.128.100.0/24 maxlen: 24
212.128.101.0/24 maxlen: 24
212.128.102.0/24 maxlen: 24
212.128.103.0/24 maxlen: 24
212.128.104.0/24 maxlen: 24
212.128.105.0/24 maxlen: 24
212.128.106.0/24 maxlen: 24
212.128.107.0/24 maxlen: 24
212.128.108.0/24 maxlen: 24
212.128.109.0/24 maxlen: 24
212.128.110.0/24 maxlen: 24
212.128.111.0/24 maxlen: 24
212.128.112.0/22 maxlen: 22
212.128.112.0/24 maxlen: 24
212.128.113.0/24 maxlen: 24
212.128.114.0/24 maxlen: 24
212.128.116.0/23 maxlen: 23
212.128.118.0/24 maxlen: 24
212.128.119.0/24 maxlen: 24
212.128.120.0/24 maxlen: 24
212.128.121.0/24 maxlen: 24
212.128.122.0/24 maxlen: 24
212.128.123.0/24 maxlen: 24
212.128.125.0/24 maxlen: 24
212.128.126.0/24 maxlen: 24
212.128.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.mft
rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:39:ae:f9:7c:84:bc:9e:b8:a5:11:be:84:bd:39:01:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Validity
Not Before: Jun 4 06:44:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3be852aa3b174daaea72627c2a2c0e713246f80e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:2e:f0:8d:53:10:f7:f0:a4:5a:c1:dd:04:f8:
2e:4d:de:6e:38:ac:63:af:87:3d:1d:15:07:25:53:
cb:44:95:74:fe:ac:f4:49:12:cb:ce:36:c6:4f:75:
72:5c:9e:9f:3a:fc:9f:be:cd:70:4d:50:70:22:75:
98:69:4b:4a:a6:41:e8:d2:95:9b:0c:e8:3e:b0:da:
45:ae:4e:10:c0:be:4b:c4:ee:2c:bf:2e:06:fc:41:
58:b7:00:cb:f1:bd:48:6f:33:e7:cb:d5:a4:11:73:
1a:50:78:e2:7b:5a:8c:94:52:e2:5b:85:ad:e2:9f:
90:ed:2b:dc:e8:7d:f9:a0:42:9b:8f:68:82:fe:1c:
ff:7a:b5:c3:95:39:2d:b4:73:ff:6a:95:8a:f6:b2:
6c:1e:f9:0a:b0:aa:55:40:16:23:e3:1b:b2:ab:95:
b1:b9:a2:c7:c1:cf:fb:30:6a:d7:03:f8:c4:0b:55:
8d:69:e8:11:dc:39:57:4f:0a:97:79:bf:2c:0a:60:
dd:71:94:fc:fc:4f:2d:9c:d5:ff:28:56:26:54:fe:
3f:aa:93:9e:0a:d2:7f:72:9b:70:a3:63:c4:51:74:
b7:6d:b4:f2:d2:73:27:c4:73:65:02:23:f7:e0:d4:
ad:90:4d:a8:80:05:49:2a:86:85:e9:8d:31:95:dc:
3d:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:E8:52:AA:3B:17:4D:AA:EA:72:62:7C:2A:2C:0E:71:32:46:F8:0E
X509v3 Authority Key Identifier:
keyid:7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/O-hSqjsXTarqcmJ8KiwOcTJG-A4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.148.208.0/21
192.187.16.0/21
212.128.88.0/24
212.128.96.0-212.128.123.255
212.128.125.0-212.128.127.255
Signature Algorithm: sha256WithRSAEncryption
55:9e:b5:19:29:29:f7:32:76:4c:73:65:59:e6:61:31:62:03:
be:bc:b8:70:0d:10:4d:da:02:cd:d6:d4:a7:68:94:9e:c6:08:
54:b2:95:5c:17:45:20:a3:59:2a:f4:58:f5:08:02:ab:00:a6:
5b:52:ea:6a:be:71:91:9c:59:26:5a:a9:91:b0:16:ae:64:6a:
40:2e:76:18:1c:b6:a2:df:f1:1d:f8:db:66:30:2a:e0:de:81:
66:51:b0:04:ef:90:be:c2:1e:a4:51:db:f7:94:75:e8:64:be:
fd:6b:7a:99:db:39:98:74:bc:d0:6f:ea:d5:4d:e1:9b:8e:2b:
11:40:15:25:91:83:23:f4:9d:fa:44:b9:b6:5f:2a:88:5a:d7:
db:c2:92:c7:18:13:27:cb:f7:cf:57:e6:38:5a:72:9f:9f:47:
db:7c:b2:62:a6:81:4c:0f:1d:8e:f8:ed:54:c0:5b:cd:5e:44:
df:bc:6e:98:25:a9:a4:75:e1:7d:a7:5d:26:0a:94:96:a0:19:
be:2c:ff:f2:b4:b6:46:42:3b:0a:38:25:e2:24:e7:bc:b7:1a:
b3:6c:58:58:90:a6:5d:e4:fd:6b:30:ea:d9:c2:08:42:c6:ef:
e1:5a:86:29:4a:ad:0d:ab:14:a5:12:92:be:eb:bd:8f:2a:cc:
c7:1c:fc:f0
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZc5rvl8hLyeuKURvoS9OQENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTAwNzdkMmRkOGE2N2ExYWU4YjZhYmQ2YmJiMzQ4OTAy
OGE1YmIwHhcNMjUwNjA0MDY0NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU4NTJhYTNiMTc0ZGFhZWE3MjYyN2MyYTJjMGU3MTMyNDZmODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki7wjVMQ9/CkWsHdBPguTd5uOKxj
r4c9HRUHJVPLRJV0/qz0SRLLzjbGT3VyXJ6fOvyfvs1wTVBwInWYaUtKpkHo0pWb
DOg+sNpFrk4QwL5LxO4svy4G/EFYtwDL8b1IbzPny9WkEXMaUHjie1qMlFLiW4Wt
4p+Q7Svc6H35oEKbj2iC/hz/erXDlTkttHP/apWK9rJsHvkKsKpVQBYj4xuyq5Wx
uaLHwc/7MGrXA/jEC1WNaegR3DlXTwqXeb8sCmDdcZT8/E8tnNX/KFYmVP4/qpOe
CtJ/cptwo2PEUXS3bbTy0nMnxHNlAiP34NStkE2ogAVJKoaF6Y0xldw9VQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFDvoUqo7F02q6nJifCosDnEyRvgOMB8GA1UdIwQY
MBaAFH9QB30t2KZ6Gui2q9a7s0iQKKW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2Mt
M2U3Y2FkZDg4YzcwLzEvTy1oU3Fqc1hUYXJxY21KOEtpd09jVEpHLUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2MtM2U3Y2FkZDg4Yzcw
LzEvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQDwJTQAwQD
wLsQAwQA1IBYMAwDBAXUgGADBALUgHgwDAMEANSAfQMEB9SAADANBgkqhkiG9w0B
AQsFAAOCAQEAVZ61GSkp9zJ2THNlWeZhMWIDvry4cA0QTdoCzdbUp2iUnsYIVLKV
XBdFIKNZKvRY9QgCqwCmW1Lqar5xkZxZJlqpkbAWrmRqQC52GBy2ot/xHfjbZjAq
4N6BZlGwBO+QvsIepFHb95R16GS+/Wt6mds5mHS80G/q1U3hm44rEUAVJZGDI/Sd
+kS5tl8qiFrX28KSxxgTJ8v3z1fmOFpyn59H23yyYqaBTA8djvjtVMBbzV5E37xu
mCWppHXhfaddJgqUlqAZviz/8rS2RkI7Cjgl4iTnvLcas2xYWJCmXeT9azDq2cII
Qsbv4VqGKUqtDasUpRKSvuu9jyrMxxz88A==
-----END CERTIFICATE-----
Generated at Sun Jun 8 19:03:58 2025 by rpki-client