Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/v8ccsfcClsGmMzK5ErZ40TAGM8E.roa
File: v8ccsfcClsGmMzK5ErZ40TAGM8E.roa (raw, json)
Hash identifier: Q9p1muZAlrW8hgiW0f/ptqTJ13sqmr8gLFOoDcBj9jc=
Subject key identifier: BF:C7:1C:B1:F7:02:96:C1:A6:33:32:B9:12:B6:78:D1:30:06:33:C1
Certificate issuer: /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial: 0198CBF31CB95916264209A34B86AEE43291
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/v8ccsfcClsGmMzK5ErZ40TAGM8E.roa
Signing time: Thu 21 Aug 2025 09:26:04 +0000
ROA not before: Thu 21 Aug 2025 09:26:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213176
IP address blocks: 209.35.224.0/24 maxlen: 24
209.35.225.0/24 maxlen: 24
209.35.226.0/24 maxlen: 24
209.35.227.0/24 maxlen: 24
209.35.228.0/24 maxlen: 24
209.35.229.0/24 maxlen: 24
209.35.230.0/24 maxlen: 24
209.35.231.0/24 maxlen: 24
209.35.233.0/24 maxlen: 24
209.35.234.0/24 maxlen: 24
209.35.235.0/24 maxlen: 24
209.35.236.0/24 maxlen: 24
209.35.237.0/24 maxlen: 24
209.35.238.0/24 maxlen: 24
209.35.239.0/24 maxlen: 24
209.35.240.0/24 maxlen: 24
209.35.241.0/24 maxlen: 24
209.35.242.0/24 maxlen: 24
209.35.243.0/24 maxlen: 24
209.35.244.0/24 maxlen: 24
209.35.245.0/24 maxlen: 24
209.35.246.0/24 maxlen: 24
209.35.247.0/24 maxlen: 24
209.35.248.0/24 maxlen: 24
212.59.64.0/24 maxlen: 24
212.59.65.0/24 maxlen: 24
212.59.66.0/24 maxlen: 24
212.59.67.0/24 maxlen: 24
212.59.68.0/24 maxlen: 24
212.59.69.0/24 maxlen: 24
212.59.70.0/24 maxlen: 24
212.59.71.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cb:f3:1c:b9:59:16:26:42:09:a3:4b:86:ae:e4:32:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Validity
Not Before: Aug 21 09:26:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bfc71cb1f70296c1a63332b912b678d1300633c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:a7:22:e6:29:63:0c:05:2e:2d:20:41:89:90:
9a:03:44:c0:f6:49:66:06:ad:6a:4b:29:b7:22:c4:
0b:38:16:ef:5e:3c:27:e9:ed:90:bc:69:41:86:7f:
29:5e:38:62:86:2b:08:f5:ee:5a:ab:9d:a0:4a:4b:
f0:52:dd:1a:b4:e7:bb:1d:9b:63:72:b5:28:32:5d:
b2:9b:c5:93:e2:c0:2a:6c:bd:86:d9:5b:1c:c0:ef:
22:c7:2e:9d:6f:22:9a:09:43:ba:22:cb:51:af:e7:
31:66:0d:98:b9:fd:a0:f5:ce:a3:ab:6a:07:28:24:
76:b1:7a:ba:39:ee:c2:4c:02:01:a2:97:07:34:9d:
58:b7:38:13:46:2a:ee:46:ec:de:7a:c1:de:91:ff:
9f:dd:e1:2f:7e:9b:8e:00:09:2b:64:ef:dc:92:e1:
5c:72:12:6c:17:80:c1:1e:80:fb:2b:a9:7f:e0:6e:
f0:9e:6f:f7:b7:72:92:1a:fc:a7:00:dd:f4:70:08:
7d:06:9d:26:7b:ff:0d:97:fa:c8:07:c1:ea:1f:fa:
e6:06:3c:1d:c2:4b:1b:7a:78:86:a6:49:f5:8d:ed:
99:b0:bb:6d:f5:98:9b:98:89:41:90:52:d1:7a:53:
35:53:f4:ec:78:40:79:91:2b:99:07:d2:c6:02:71:
65:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:C7:1C:B1:F7:02:96:C1:A6:33:32:B9:12:B6:78:D1:30:06:33:C1
X509v3 Authority Key Identifier:
keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/v8ccsfcClsGmMzK5ErZ40TAGM8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
209.35.224.0/21
209.35.233.0-209.35.248.255
212.59.64.0/21
Signature Algorithm: sha256WithRSAEncryption
aa:02:1b:70:dd:50:4b:fb:5d:70:38:38:d8:6a:8e:1f:d9:a3:
fc:bd:bf:f9:2d:7f:6a:dd:c7:6a:9e:0d:9f:6a:eb:ec:61:92:
9c:2d:2e:de:4a:9c:67:fc:ed:e1:11:e3:e8:19:f2:ea:bc:92:
44:29:09:c8:55:47:04:0c:89:d6:3e:c2:9f:f5:f5:76:1d:5a:
32:bc:fa:85:89:d9:2c:77:80:63:4a:fe:69:28:ca:98:b9:bf:
bc:b4:4a:3a:a2:0b:e9:9c:8e:16:8a:09:a5:61:3b:7f:ec:38:
5e:8e:c5:50:7b:e6:7c:4c:03:2e:e8:2d:7d:7a:95:a7:d2:2b:
75:8a:3e:16:12:e8:d7:e3:d8:df:c9:84:96:df:53:78:f8:01:
2d:13:55:c4:e0:f8:8f:65:c0:2a:f6:9f:6b:7e:ed:99:53:7d:
c0:6d:16:65:9e:85:34:f9:42:34:fa:d2:3d:c4:63:24:6d:de:
2d:8d:42:4b:a6:b2:d4:3a:01:4c:13:cb:7a:3b:a8:bd:62:80:
6e:d6:37:7b:9f:a1:bd:a2:c3:66:99:af:dc:15:c1:3c:85:be:
0e:9d:cc:9d:81:6d:e3:4c:d5:e1:07:c5:71:11:32:d4:a4:1b:
43:30:cd:e6:04:15:dc:d1:75:df:3d:1e:5b:22:db:f8:ac:c9:
71:27:ef:42
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZjL8xy5WRYmQgmjS4au5DKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjUwODIxMDkyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmM3MWNiMWY3MDI5NmMxYTYzMzMyYjkxMmI2NzhkMTMwMDYzM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqci5iljDAUuLSBBiZCaA0TA9klm
Bq1qSym3IsQLOBbvXjwn6e2QvGlBhn8pXjhihisI9e5aq52gSkvwUt0atOe7HZtj
crUoMl2ym8WT4sAqbL2G2VscwO8ixy6dbyKaCUO6IstRr+cxZg2Yuf2g9c6jq2oH
KCR2sXq6Oe7CTAIBopcHNJ1YtzgTRiruRuzeesHekf+f3eEvfpuOAAkrZO/ckuFc
chJsF4DBHoD7K6l/4G7wnm/3t3KSGvynAN30cAh9Bp0me/8Nl/rIB8HqH/rmBjwd
wksbeniGpkn1je2ZsLtt9ZibmIlBkFLRelM1U/TseEB5kSuZB9LGAnFlhwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFL/HHLH3ApbBpjMyuRK2eNEwBjPBMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvdjhjY3NmY0Nsc0dtTXpLNUVyWjQwVEFHTThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQD0SPgMAwD
BADRI+kDBADRI/gDBAPUO0AwDQYJKoZIhvcNAQELBQADggEBAKoCG3DdUEv7XXA4
ONhqjh/Zo/y9v/ktf2rdx2qeDZ9q6+xhkpwtLt5KnGf87eER4+gZ8uq8kkQpCchV
RwQMidY+wp/19XYdWjK8+oWJ2Sx3gGNK/mkoypi5v7y0SjqiC+mcjhaKCaVhO3/s
OF6OxVB75nxMAy7oLX16lafSK3WKPhYS6Nfj2N/JhJbfU3j4AS0TVcTg+I9lwCr2
n2t+7ZlTfcBtFmWehTT5QjT60j3EYyRt3i2NQkumstQ6AUwTy3o7qL1igG7WN3uf
ob2iw2aZr9wVwTyFvg6dzJ2BbeNM1eEHxXERMtSkG0MwzeYEFdzRdd89Hlsi2/is
yXEn70I=
-----END CERTIFICATE-----
Generated at Thu Aug 21 15:24:31 2025 by rpki-client