Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/Jt7bihKghc7zukL52uY8fgD1W-o.roa
File: Jt7bihKghc7zukL52uY8fgD1W-o.roa (raw, json)
Hash identifier: 2TGz2CMfaxj9aqkazkTK9wOsLvIeBADGDZnq6/Vnqk0=
Subject key identifier: 26:DE:DB:8A:12:A0:85:CE:F3:BA:42:F9:DA:E6:3C:7E:00:F5:5B:EA
Certificate issuer: /CN=f1b15e77af4edde11192c6fecd50b21cd379d421
Certificate serial: 0199296365F92EB5FF8C7B209B2DB6F9A1A9
Authority key identifier: F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/Jt7bihKghc7zukL52uY8fgD1W-o.roa
Signing time: Mon 08 Sep 2025 12:53:23 +0000
ROA not before: Mon 08 Sep 2025 12:53:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198335
IP address blocks: 109.163.200.0/21 maxlen: 24
155.2.160.0/20 maxlen: 20
155.2.160.0/22 maxlen: 22
155.2.164.0/22 maxlen: 22
155.2.168.0/22 maxlen: 22
155.2.172.0/22 maxlen: 22
176.241.248.0/21 maxlen: 24
185.194.184.0/22 maxlen: 22
185.194.186.0/24 maxlen: 24
185.194.187.0/24 maxlen: 24
2a00:5a40::/29 maxlen: 29
2a00:5a40::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.mft
rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 19 Sep 2025 22:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:29:63:65:f9:2e:b5:ff:8c:7b:20:9b:2d:b6:f9:a1:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1b15e77af4edde11192c6fecd50b21cd379d421
Validity
Not Before: Sep 8 12:53:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=26dedb8a12a085cef3ba42f9dae63c7e00f55bea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:52:17:ca:b5:86:fd:ed:28:8d:eb:66:80:85:
98:82:b6:a2:12:c1:4f:d1:f9:d1:7e:39:a5:c0:f2:
d2:0f:f9:35:33:17:de:2a:58:85:b6:26:53:0b:3a:
bf:a6:53:ff:8c:60:d0:e0:91:7a:a1:0e:8c:18:3b:
15:1b:11:2d:9b:ea:c3:61:28:eb:2c:f6:1b:79:30:
02:3e:e7:58:2e:e6:ed:41:d7:71:05:d2:b5:b0:29:
a7:74:d4:a4:1e:86:03:9c:62:3d:e4:f3:3e:65:55:
bd:54:81:84:81:09:d3:9d:79:e0:6f:0e:e8:51:d6:
24:57:aa:6b:c2:70:64:bd:92:6e:f9:0f:85:d4:32:
f3:6a:66:49:1a:f8:85:44:ce:04:22:3d:74:db:52:
38:e6:ec:2e:32:34:d6:07:1c:3c:46:3a:d1:81:bc:
43:ad:0a:cb:5c:ea:36:f1:8f:0b:e8:db:89:c6:23:
28:dd:08:2f:fa:d9:d9:bf:9d:5e:58:0f:09:7c:88:
8b:4c:51:39:ca:d2:e4:35:3c:d7:78:75:28:07:25:
72:1e:20:75:b1:7e:84:17:e0:2d:d6:4c:aa:69:2b:
16:79:fd:1d:d1:f7:88:8f:ca:1b:ec:5b:85:f7:31:
e8:e4:4b:8c:d0:81:73:54:1b:29:3a:20:39:2e:17:
8c:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:DE:DB:8A:12:A0:85:CE:F3:BA:42:F9:DA:E6:3C:7E:00:F5:5B:EA
X509v3 Authority Key Identifier:
keyid:F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/Jt7bihKghc7zukL52uY8fgD1W-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.163.200.0/21
155.2.160.0/20
176.241.248.0/21
185.194.184.0/22
IPv6:
2a00:5a40::/29
Signature Algorithm: sha256WithRSAEncryption
20:ac:c6:14:ef:41:c7:73:e7:a4:8e:7e:88:6d:2c:88:e1:28:
ea:31:59:a0:46:5f:dc:ff:56:5c:7b:c6:72:69:75:57:6b:be:
95:0d:df:2a:73:07:15:12:f6:ff:cf:89:e8:69:1c:2f:8d:9c:
2f:ee:da:75:91:0a:1b:76:6a:15:93:d8:4c:31:15:e0:24:d6:
f7:1a:1c:51:c6:99:d5:02:6d:c9:fb:66:b3:2e:31:50:4b:e5:
8b:9d:db:aa:bd:a1:ba:aa:c5:b7:2b:49:c5:94:07:80:2d:e2:
36:b0:4b:0f:e8:65:22:2f:8e:b4:8b:79:37:46:54:6d:8f:88:
cf:e4:74:dd:d2:ae:27:e8:0a:e3:38:f1:6c:95:fe:70:4b:8f:
6a:2d:a1:54:dd:36:aa:0e:5e:cf:d7:f7:e9:b3:80:22:cd:85:
bb:6a:b9:81:45:24:aa:0b:35:a4:a9:60:fd:4c:56:ca:da:ef:
a5:20:9f:1d:82:32:66:04:ce:18:2c:ba:c3:44:31:08:23:a2:
be:84:80:c4:df:06:3e:e4:51:8f:a1:c0:cc:a8:ce:db:1e:c9:
5b:1c:fb:ca:ed:bd:64:54:55:b5:e7:c7:c0:6b:9c:2e:bc:9e:
78:cc:f8:c2:96:0b:2b:ed:81:ea:0b:fd:16:85:74:ca:f2:0d:
7a:f7:9a:d9
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZkpY2X5LrX/jHsgmy22+aGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjE1ZTc3YWY0ZWRkZTExMTkyYzZmZWNkNTBiMjFjZDM3
OWQ0MjEwHhcNMjUwOTA4MTI1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRlZGI4YTEyYTA4NWNlZjNiYTQyZjlkYWU2M2M3ZTAwZjU1YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1IXyrWG/e0ojetmgIWYgraiEsFP
0fnRfjmlwPLSD/k1MxfeKliFtiZTCzq/plP/jGDQ4JF6oQ6MGDsVGxEtm+rDYSjr
LPYbeTACPudYLubtQddxBdK1sCmndNSkHoYDnGI95PM+ZVW9VIGEgQnTnXngbw7o
UdYkV6prwnBkvZJu+Q+F1DLzamZJGviFRM4EIj1021I45uwuMjTWBxw8RjrRgbxD
rQrLXOo28Y8L6NuJxiMo3Qgv+tnZv51eWA8JfIiLTFE5ytLkNTzXeHUoByVyHiB1
sX6EF+At1kyqaSsWef0d0feIj8ob7FuF9zHo5EuM0IFzVBspOiA5LheMfwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCbe24oSoIXO87pC+drmPH4A9VvqMB8GA1UdIwQY
MBaAFPGxXnevTt3hEZLG/s1QshzTedQhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUt
MTM0MGNjNWIzZDU3LzEvSnQ3YmloS2doYzd6dWtMNTJ1WThmZ0QxVy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUtMTM0MGNjNWIzZDU3
LzEvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDbaPIAwQE
mwKgAwQDsPH4AwQCucK4MA0EAgACMAcDBQMqAFpAMA0GCSqGSIb3DQEBCwUAA4IB
AQAgrMYU70HHc+ekjn6IbSyI4SjqMVmgRl/c/1Zce8ZyaXVXa76VDd8qcwcVEvb/
z4noaRwvjZwv7tp1kQobdmoVk9hMMRXgJNb3GhxRxpnVAm3J+2azLjFQS+WLnduq
vaG6qsW3K0nFlAeALeI2sEsP6GUiL460i3k3RlRtj4jP5HTd0q4n6ArjOPFslf5w
S49qLaFU3TaqDl7P1/fps4AizYW7armBRSSqCzWkqWD9TFbK2u+lIJ8dgjJmBM4Y
LLrDRDEII6K+hIDE3wY+5FGPocDMqM7bHslbHPvK7b1kVFW158fAa5wuvJ54zPjC
lgsr7YHqC/0WhXTK8g1695rZ
-----END CERTIFICATE-----
Generated at Fri Sep 19 06:25:44 2025 by rpki-client