Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/fgpWo5bRNd_u-9uhWBqF-6b8JS4.roa
File: fgpWo5bRNd_u-9uhWBqF-6b8JS4.roa (raw, json)
Hash identifier: zssS/uYSxZEqyhiagVH3Dkwa0DlJVt+NuYcNhUNW40Q=
Subject key identifier: 7E:0A:56:A3:96:D1:35:DF:EE:FB:DB:A1:58:1A:85:FB:A6:FC:25:2E
Certificate issuer: /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial: 0198F5F562897DC9FF2AB425E5D2B4AF0037
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/fgpWo5bRNd_u-9uhWBqF-6b8JS4.roa
Signing time: Fri 29 Aug 2025 13:12:36 +0000
ROA not before: Fri 29 Aug 2025 13:12:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214036
IP address blocks: 31.172.80.0/24 maxlen: 32
31.172.83.0/24 maxlen: 32
31.172.87.0/24 maxlen: 32
79.133.41.0/24 maxlen: 32
79.133.46.0/24 maxlen: 32
79.133.51.0/24 maxlen: 32
79.133.56.0/24 maxlen: 32
79.133.57.0/24 maxlen: 32
84.200.16.0/24 maxlen: 32
84.200.17.0/24 maxlen: 32
84.200.24.0/24 maxlen: 32
84.200.27.0/24 maxlen: 32
84.200.73.0/24 maxlen: 32
84.200.77.0/24 maxlen: 32
84.200.80.0/24 maxlen: 32
84.200.81.0/24 maxlen: 32
84.200.87.0/24 maxlen: 32
84.200.89.0/24 maxlen: 32
84.200.91.0/24 maxlen: 32
84.200.125.0/24 maxlen: 32
84.200.128.0/24 maxlen: 32
84.200.154.0/24 maxlen: 32
84.200.192.0/24 maxlen: 32
84.200.193.0/24 maxlen: 32
84.200.205.0/24 maxlen: 32
84.201.20.0/24 maxlen: 32
159.100.6.0/24 maxlen: 32
159.100.9.0/24 maxlen: 32
159.100.13.0/24 maxlen: 32
159.100.14.0/24 maxlen: 32
159.100.17.0/24 maxlen: 32
159.100.18.0/24 maxlen: 32
159.100.19.0/24 maxlen: 32
159.100.20.0/24 maxlen: 32
159.100.22.0/24 maxlen: 32
159.100.29.0/24 maxlen: 32
159.100.30.0/24 maxlen: 32
212.224.86.0/24 maxlen: 32
212.224.88.0/24 maxlen: 32
212.224.93.0/24 maxlen: 32
212.224.107.0/24 maxlen: 32
212.224.125.0/24 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 08:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f5:f5:62:89:7d:c9:ff:2a:b4:25:e5:d2:b4:af:00:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Validity
Not Before: Aug 29 13:12:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e0a56a396d135dfeefbdba1581a85fba6fc252e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:20:81:a6:46:68:72:8c:2a:f0:09:b1:dd:52:
cb:b3:5b:af:23:48:ae:cc:4e:64:aa:0f:94:f4:bd:
93:b1:25:2e:33:c6:ea:e4:fd:6d:89:78:e0:f9:1f:
ef:e1:3d:26:1b:2d:8c:69:4a:96:d0:b7:8c:96:72:
b3:1d:7d:b6:76:35:b3:10:f2:be:68:3c:a0:32:d4:
5d:63:d1:77:c1:a3:b9:33:dc:c0:65:a6:8b:0e:60:
7d:9a:ac:ee:eb:9e:b9:cf:dc:f8:5a:38:30:14:bc:
55:a4:00:86:6f:2c:5b:43:4e:33:70:73:97:6a:1a:
a5:ba:82:06:bc:54:5b:2d:a7:de:59:be:d8:97:38:
44:9f:af:14:66:7e:3d:99:36:ca:f2:5f:76:01:42:
0c:aa:2c:ba:36:08:b6:f2:52:01:4d:d0:5e:88:94:
97:3d:db:49:1d:72:51:03:05:04:b8:e6:9d:1c:e7:
94:4a:c6:eb:2d:b6:dd:b7:23:c6:37:24:1c:1e:c3:
b4:ca:06:c7:1d:3a:59:f4:79:46:25:3a:a3:54:70:
11:6c:97:08:47:5f:e8:a3:3b:6b:f8:f7:9c:4e:9d:
62:8d:79:73:1e:ff:a9:3f:85:c9:61:a2:54:9f:1e:
1e:3f:ae:fb:d8:f5:93:71:91:d9:28:bc:25:c3:90:
11:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:0A:56:A3:96:D1:35:DF:EE:FB:DB:A1:58:1A:85:FB:A6:FC:25:2E
X509v3 Authority Key Identifier:
keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/fgpWo5bRNd_u-9uhWBqF-6b8JS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.80.0/24
31.172.83.0/24
31.172.87.0/24
79.133.41.0/24
79.133.46.0/24
79.133.51.0/24
79.133.56.0/23
84.200.16.0/23
84.200.24.0/24
84.200.27.0/24
84.200.73.0/24
84.200.77.0/24
84.200.80.0/23
84.200.87.0/24
84.200.89.0/24
84.200.91.0/24
84.200.125.0/24
84.200.128.0/24
84.200.154.0/24
84.200.192.0/23
84.200.205.0/24
84.201.20.0/24
159.100.6.0/24
159.100.9.0/24
159.100.13.0-159.100.14.255
159.100.17.0-159.100.20.255
159.100.22.0/24
159.100.29.0-159.100.30.255
212.224.86.0/24
212.224.88.0/24
212.224.93.0/24
212.224.107.0/24
212.224.125.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:2e:83:1c:d6:23:f3:d2:ce:5b:67:82:f3:00:06:72:c8:9e:
a4:cf:29:e8:64:2c:8c:92:dc:d5:3f:16:1a:1f:98:43:f9:77:
ff:b3:20:c8:29:c3:bb:34:e1:a8:5b:23:a3:f8:18:b6:bf:7f:
23:79:c2:ee:07:50:92:c6:32:87:e2:12:66:5e:e8:15:28:53:
65:00:54:30:94:52:9d:93:76:7d:97:37:27:10:f8:a3:86:2d:
2d:8d:db:2b:6a:d0:c7:45:6e:08:c3:be:48:9d:2f:bc:e1:70:
ef:32:31:d2:bb:2c:36:67:6c:68:9d:e6:ef:77:f9:8d:97:41:
50:35:8d:5e:c7:52:3e:c3:38:f0:16:94:ae:89:1e:3d:f6:b1:
2f:d2:0a:79:3d:8f:e8:bc:a2:ba:47:e0:7c:62:d0:7e:7e:57:
fa:f1:bc:18:97:a5:6e:f6:2e:aa:5f:1c:9b:02:8f:64:2b:13:
9d:0a:93:54:86:d1:e4:4f:34:49:0f:1e:ea:98:10:a5:6e:77:
7b:df:32:c6:d1:05:f0:09:be:1e:68:df:a0:a3:d5:66:73:30:
b0:d2:7c:f4:13:f9:d6:ba:29:c1:a7:44:7f:a2:4a:1d:6d:b7:
05:e9:8e:a6:a9:2d:dc:56:fb:f8:bd:67:70:43:f8:78:22:64:
9b:5e:b3:c1
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgISAZj19WKJfcn/KrQl5dK0rwA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjUwODI5MTMxMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTBhNTZhMzk2ZDEzNWRmZWVmYmRiYTE1ODFhODVmYmE2ZmMyNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiCBpkZocowq8Amx3VLLs1uvI0iu
zE5kqg+U9L2TsSUuM8bq5P1tiXjg+R/v4T0mGy2MaUqW0LeMlnKzHX22djWzEPK+
aDygMtRdY9F3waO5M9zAZaaLDmB9mqzu6565z9z4WjgwFLxVpACGbyxbQ04zcHOX
ahqluoIGvFRbLafeWb7YlzhEn68UZn49mTbK8l92AUIMqiy6Ngi28lIBTdBeiJSX
PdtJHXJRAwUEuOadHOeUSsbrLbbdtyPGNyQcHsO0ygbHHTpZ9HlGJTqjVHARbJcI
R1/ooztr+PecTp1ijXlzHv+pP4XJYaJUnx4eP6772PWTcZHZKLwlw5ARqwIDAQAB
o4IC5jCCAuIwHQYDVR0OBBYEFH4KVqOW0TXf7vvboVgahfum/CUuMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvZmdwV281YlJOZF91LTl1aFdCcUYtNmI4SlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH7BggrBgEFBQcBBwEB/wSB6zCB6DCB5QQCAAEwgd4DBAAf
rFADBAAfrFMDBAAfrFcDBABPhSkDBABPhS4DBABPhTMDBAFPhTgDBAFUyBADBABU
yBgDBABUyBsDBABUyEkDBABUyE0DBAFUyFADBABUyFcDBABUyFkDBABUyFsDBABU
yH0DBABUyIADBABUyJoDBAFUyMADBABUyM0DBABUyRQDBACfZAYDBACfZAkwDAME
AJ9kDQMEAJ9kDjAMAwQAn2QRAwQAn2QUAwQAn2QWMAwDBACfZB0DBACfZB4DBADU
4FYDBADU4FgDBADU4F0DBADU4GsDBADU4H0wDQYJKoZIhvcNAQELBQADggEBABou
gxzWI/PSzltngvMABnLInqTPKehkLIyS3NU/FhofmEP5d/+zIMgpw7s04ahbI6P4
GLa/fyN5wu4HUJLGMofiEmZe6BUoU2UAVDCUUp2Tdn2XNycQ+KOGLS2N2ytq0MdF
bgjDvkidL7zhcO8yMdK7LDZnbGid5u93+Y2XQVA1jV7HUj7DOPAWlK6JHj32sS/S
Cnk9j+i8orpH4Hxi0H5+V/rxvBiXpW72LqpfHJsCj2QrE50Kk1SG0eRPNEkPHuqY
EKVud3vfMsbRBfAJvh5o36Cj1WZzMLDSfPQT+da6KcGnRH+iSh1ttwXpjqapLdxW
+/i9Z3BD+HgiZJtes8E=
-----END CERTIFICATE-----
Generated at Tue Sep 9 12:15:41 2025 by rpki-client