Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/fhcv9zVEJVXyHJ1eaDiH9RUmSQE.roa
File: fhcv9zVEJVXyHJ1eaDiH9RUmSQE.roa (raw, json)
Hash identifier: NL+aNAoNbkMGbCukVk9uNzqMGkBi6UK6eYdC2KpDM5s=
Subject key identifier: 7E:17:2F:F7:35:44:25:55:F2:1C:9D:5E:68:38:87:F5:15:26:49:01
Certificate issuer: /CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Certificate serial: 0197BFDDF076F440E23EF8F184CF88335721
Authority key identifier: 7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/fhcv9zVEJVXyHJ1eaDiH9RUmSQE.roa
Signing time: Mon 30 Jun 2025 08:04:42 +0000
ROA not before: Mon 30 Jun 2025 08:04:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200521
IP address blocks: 192.148.208.0/24 maxlen: 24
192.148.209.0/24 maxlen: 24
192.148.210.0/24 maxlen: 24
192.148.211.0/24 maxlen: 24
192.148.212.0/24 maxlen: 24
192.148.213.0/24 maxlen: 24
192.148.214.0/24 maxlen: 24
192.148.215.0/24 maxlen: 24
192.187.16.0/24 maxlen: 24
192.187.17.0/24 maxlen: 24
192.187.18.0/24 maxlen: 24
192.187.19.0/24 maxlen: 24
192.187.20.0/24 maxlen: 24
192.187.21.0/24 maxlen: 24
192.187.22.0/24 maxlen: 24
192.187.23.0/24 maxlen: 24
212.128.88.0/24 maxlen: 24
212.128.89.0/24 maxlen: 24
212.128.96.0/22 maxlen: 22
212.128.100.0/24 maxlen: 24
212.128.101.0/24 maxlen: 24
212.128.102.0/24 maxlen: 24
212.128.103.0/24 maxlen: 24
212.128.104.0/24 maxlen: 24
212.128.105.0/24 maxlen: 24
212.128.106.0/24 maxlen: 24
212.128.107.0/24 maxlen: 24
212.128.108.0/24 maxlen: 24
212.128.109.0/24 maxlen: 24
212.128.110.0/24 maxlen: 24
212.128.111.0/24 maxlen: 24
212.128.112.0/24 maxlen: 24
212.128.113.0/24 maxlen: 24
212.128.114.0/24 maxlen: 24
212.128.116.0/23 maxlen: 23
212.128.118.0/24 maxlen: 24
212.128.119.0/24 maxlen: 24
212.128.120.0/24 maxlen: 24
212.128.121.0/24 maxlen: 24
212.128.122.0/24 maxlen: 24
212.128.123.0/24 maxlen: 24
212.128.125.0/24 maxlen: 24
212.128.126.0/24 maxlen: 24
212.128.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.mft
rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:bf:dd:f0:76:f4:40:e2:3e:f8:f1:84:cf:88:33:57:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Validity
Not Before: Jun 30 08:04:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e172ff735442555f21c9d5e683887f515264901
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:07:fd:ab:0b:6d:ba:a1:cd:7c:5c:1f:ec:db:
88:a1:a9:ba:3a:ef:65:77:5c:47:b8:f6:58:bc:cc:
3b:b7:e0:d7:fc:14:8f:76:1c:4a:07:7b:77:a5:73:
7d:21:33:d2:ab:22:72:46:e0:54:3f:e2:4e:b2:14:
27:d2:35:69:72:ca:43:7f:c1:4e:73:3c:7b:bf:9e:
ea:ad:08:8a:82:24:94:ed:77:d9:0a:c1:d4:97:ac:
74:db:f5:cd:ef:18:7f:a7:e7:27:97:fb:39:46:8e:
54:1f:87:59:07:10:a6:9e:67:48:72:56:e0:67:c2:
e3:54:f7:04:7b:e5:59:e9:c7:bc:d3:67:63:69:91:
9a:cd:f1:d2:8f:39:c8:b5:52:de:2a:24:8b:51:ca:
56:f3:28:5d:1e:fd:13:65:5f:25:da:b0:9c:c9:6d:
07:a6:ad:8e:d0:46:90:51:07:a7:c2:b8:62:12:43:
cb:38:c9:e3:24:a1:c7:e4:8e:2a:61:b0:79:ea:ca:
52:20:bc:47:0c:29:05:9f:19:d6:ed:93:02:fc:62:
9e:48:d2:59:7e:30:b6:19:1b:52:9c:07:d7:f4:a1:
cb:5f:39:e3:e6:71:d3:76:fd:20:0b:37:1d:c9:2f:
9d:22:13:26:c9:1f:a9:3d:92:a5:c0:a4:09:db:13:
b5:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:17:2F:F7:35:44:25:55:F2:1C:9D:5E:68:38:87:F5:15:26:49:01
X509v3 Authority Key Identifier:
keyid:7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/fhcv9zVEJVXyHJ1eaDiH9RUmSQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.148.208.0/21
192.187.16.0/21
212.128.88.0/23
212.128.96.0-212.128.114.255
212.128.116.0-212.128.123.255
212.128.125.0-212.128.127.255
Signature Algorithm: sha256WithRSAEncryption
8c:0a:26:a5:56:40:1c:00:46:92:be:37:c9:8c:87:da:f7:5a:
f5:d0:16:35:77:ba:08:2e:51:1e:fb:8d:8d:df:e2:7e:82:76:
0b:1a:31:d5:db:71:fb:96:a3:aa:b5:c9:05:00:7f:61:fa:ee:
ba:bb:31:46:5c:b8:cf:66:7e:fc:9e:d5:aa:80:02:2a:4b:62:
2e:49:48:d3:14:bd:a8:6b:0a:d6:f6:f6:56:7e:09:bd:ef:ca:
d2:33:7c:7b:61:e9:06:e3:dd:da:f0:13:b4:ab:9e:79:33:ea:
38:5d:18:23:8a:82:b2:99:81:83:dd:14:63:8d:06:9b:8c:79:
41:7f:52:6c:6a:a3:39:1b:52:94:6e:e7:f3:f7:34:07:a1:2f:
64:73:64:2c:f9:42:99:80:ab:6e:f2:34:db:d1:48:49:f8:7b:
1b:4f:a1:95:c5:dd:c6:4f:58:51:08:92:d4:7d:39:e2:8f:6f:
66:b4:6c:e2:3d:62:7f:92:8d:8b:1d:b4:b2:43:af:92:ef:9d:
6f:d9:87:b1:02:a1:92:b0:1e:22:c5:ae:1b:64:5b:ae:a0:51:
f8:2f:79:59:d4:05:01:48:27:93:d6:29:d9:b4:2c:47:55:fb:
a8:b8:d6:7d:af:ed:a1:78:10:19:88:d2:44:3b:89:32:6c:62:
5c:5b:ec:da
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZe/3fB29EDiPvjxhM+IM1chMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTAwNzdkMmRkOGE2N2ExYWU4YjZhYmQ2YmJiMzQ4OTAy
OGE1YmIwHhcNMjUwNjMwMDgwNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE3MmZmNzM1NDQyNTU1ZjIxYzlkNWU2ODM4ODdmNTE1MjY0OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwf9qwttuqHNfFwf7NuIoam6Ou9l
d1xHuPZYvMw7t+DX/BSPdhxKB3t3pXN9ITPSqyJyRuBUP+JOshQn0jVpcspDf8FO
czx7v57qrQiKgiSU7XfZCsHUl6x02/XN7xh/p+cnl/s5Ro5UH4dZBxCmnmdIclbg
Z8LjVPcEe+VZ6ce802djaZGazfHSjznItVLeKiSLUcpW8yhdHv0TZV8l2rCcyW0H
pq2O0EaQUQenwrhiEkPLOMnjJKHH5I4qYbB56spSILxHDCkFnxnW7ZMC/GKeSNJZ
fjC2GRtSnAfX9KHLXznj5nHTdv0gCzcdyS+dIhMmyR+pPZKlwKQJ2xO1hwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFH4XL/c1RCVV8hydXmg4h/UVJkkBMB8GA1UdIwQY
MBaAFH9QB30t2KZ6Gui2q9a7s0iQKKW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2Mt
M2U3Y2FkZDg4YzcwLzEvZmhjdjl6VkVKVlh5SEoxZWFEaUg5UlVtU1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2MtM2U3Y2FkZDg4Yzcw
LzEvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDwJTQAwQD
wLsQAwQB1IBYMAwDBAXUgGADBADUgHIwDAMEAtSAdAMEAtSAeDAMAwQA1IB9AwQH
1IAAMA0GCSqGSIb3DQEBCwUAA4IBAQCMCialVkAcAEaSvjfJjIfa91r10BY1d7oI
LlEe+42N3+J+gnYLGjHV23H7lqOqtckFAH9h+u66uzFGXLjPZn78ntWqgAIqS2Iu
SUjTFL2oawrW9vZWfgm978rSM3x7YekG493a8BO0q555M+o4XRgjioKymYGD3RRj
jQabjHlBf1JsaqM5G1KUbufz9zQHoS9kc2Qs+UKZgKtu8jTb0UhJ+HsbT6GVxd3G
T1hRCJLUfTnij29mtGziPWJ/ko2LHbSyQ6+S751v2YexAqGSsB4ixa4bZFuuoFH4
L3lZ1AUBSCeT1inZtCxHVfuouNZ9r+2heBAZiNJEO4kybGJcW+za
-----END CERTIFICATE-----
Generated at Sun Jul 27 09:33:41 2025 by rpki-client