Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/n-W5m8Lx-i-ynu-cgERA98e1TOA.roa
File: n-W5m8Lx-i-ynu-cgERA98e1TOA.roa (raw, json)
Hash identifier: 4MuuW1m/TV8O5IZ0i/ayNAC7gzR7V1teSLC1JE5/iDs=
Subject key identifier: 9F:E5:B9:9B:C2:F1:FA:2F:B2:9E:EF:9C:80:44:40:F7:C7:B5:4C:E0
Certificate issuer: /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial: 01978CC1898D1C39E66BEA99715E18FDBF1B
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/n-W5m8Lx-i-ynu-cgERA98e1TOA.roa
Signing time: Fri 20 Jun 2025 09:53:03 +0000
ROA not before: Fri 20 Jun 2025 09:53:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 378
IP address blocks: 128.139.0.0/16 maxlen: 16
128.139.0.0/17 maxlen: 17
128.139.4.0/24 maxlen: 24
128.139.6.0/24 maxlen: 24
128.139.7.0/24 maxlen: 24
128.139.128.0/17 maxlen: 17
128.139.199.0/24 maxlen: 24
128.139.200.0/24 maxlen: 24
132.78.0.0/16 maxlen: 16
185.115.212.0/22 maxlen: 22
192.114.0.0/21 maxlen: 21
192.114.16.0/21 maxlen: 21
192.114.48.0/21 maxlen: 21
192.114.56.0/22 maxlen: 22
192.114.60.0/23 maxlen: 23
192.114.92.0/22 maxlen: 22
192.114.96.0/20 maxlen: 20
192.114.100.0/24 maxlen: 24
192.114.101.0/24 maxlen: 24
192.114.102.0/24 maxlen: 24
192.114.124.0/22 maxlen: 22
192.114.128.0/20 maxlen: 20
192.114.192.0/18 maxlen: 18
192.115.32.0/20 maxlen: 20
192.115.46.0/24 maxlen: 24
192.115.64.0/22 maxlen: 22
192.115.164.0/22 maxlen: 22
192.115.168.0/21 maxlen: 21
192.115.192.0/21 maxlen: 21
192.117.80.0/20 maxlen: 20
2001:bf8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:8c:c1:89:8d:1c:39:e6:6b:ea:99:71:5e:18:fd:bf:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
Validity
Not Before: Jun 20 09:53:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9fe5b99bc2f1fa2fb29eef9c804440f7c7b54ce0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:84:eb:a7:3e:78:ee:73:79:0c:67:d8:90:3e:
ef:2c:b8:6a:c4:65:f2:25:f2:b1:ec:ca:ca:34:ba:
79:5f:4c:0b:e5:2d:9f:4e:0e:db:f8:31:58:cb:70:
e5:0b:27:ec:5d:08:e9:b6:aa:fa:d9:84:a9:a5:26:
22:1b:13:c1:18:e8:3e:69:2e:82:ee:02:5e:67:06:
5d:e8:c8:69:b1:59:a3:e7:ec:72:f5:a5:b7:b2:3e:
7d:63:17:3a:79:7b:fe:bd:6d:e2:fa:9c:76:0a:f2:
c6:21:47:4c:97:79:d6:ff:27:1d:fa:fe:73:bb:06:
2b:75:fd:3d:70:2e:9b:a7:ab:5b:1a:2f:05:a3:9d:
c1:04:7c:02:91:0e:e7:2d:a0:16:3a:23:42:8c:aa:
d4:12:50:93:2d:e8:40:74:ad:7d:32:e2:d5:5b:2a:
ab:b2:be:6b:d2:2e:ef:df:e2:bb:33:f0:41:4a:21:
00:62:02:3d:31:47:42:39:fd:fe:19:ad:d1:25:78:
50:06:00:24:0b:4d:7d:49:0a:a4:42:bf:43:03:b8:
6d:dc:d4:de:89:70:a1:24:76:e8:21:ab:2e:a1:9a:
af:61:3c:91:e5:f1:f9:82:b9:39:d1:bc:e3:d3:60:
6d:27:27:ae:4d:59:72:7d:36:da:ce:f7:6b:d7:8c:
6d:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:E5:B9:9B:C2:F1:FA:2F:B2:9E:EF:9C:80:44:40:F7:C7:B5:4C:E0
X509v3 Authority Key Identifier:
keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/n-W5m8Lx-i-ynu-cgERA98e1TOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.139.0.0/16
132.78.0.0/16
185.115.212.0/22
192.114.0.0/21
192.114.16.0/21
192.114.48.0-192.114.61.255
192.114.92.0-192.114.111.255
192.114.124.0-192.114.143.255
192.114.192.0/18
192.115.32.0/20
192.115.64.0/22
192.115.164.0-192.115.175.255
192.115.192.0/21
192.117.80.0/20
IPv6:
2001:bf8::/32
Signature Algorithm: sha256WithRSAEncryption
68:95:55:20:31:25:b5:f7:b6:01:5f:ec:cf:00:e4:ba:51:3b:
79:a8:b3:d5:d8:f0:3a:ff:e1:68:62:e0:fc:8c:59:40:51:32:
01:63:8d:9c:08:76:37:7f:32:b9:7b:01:57:13:17:ae:41:05:
09:5d:99:4a:21:e1:96:24:5e:27:2b:ef:57:ec:7b:ba:7f:49:
d1:36:4e:7e:40:45:54:fb:da:0e:d2:6d:74:4e:5d:bc:e9:d3:
70:33:38:2d:9e:10:7a:5a:07:0c:21:b7:f8:c2:df:00:ef:17:
ac:e8:81:b7:7f:3c:ad:c4:33:75:44:00:af:66:98:d5:1d:c9:
74:00:9f:66:05:41:26:fc:93:55:ed:eb:b4:d1:02:20:02:0d:
29:45:e4:0d:c6:6c:a1:1a:6f:92:d6:7f:f7:78:ba:e4:a2:e9:
11:84:a6:43:af:3e:b5:fd:44:16:32:a0:00:e5:c9:ee:b0:e5:
e7:b1:d8:bd:0c:ba:53:a5:ba:44:ed:9c:24:73:33:49:91:b2:
b4:ae:f8:ed:46:90:a5:eb:4b:98:95:90:b1:75:16:47:58:d2:
1c:ab:01:57:ff:9a:ec:58:e4:34:f6:a2:f6:ce:b2:a6:94:b3:
03:7c:5c:4f:2f:b9:ef:14:4b:ee:3f:5c:9f:08:d5:d5:24:15:
37:4a:e5:4c
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZeMwYmNHDnma+qZcV4Y/b8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjUwNjIwMDk1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmU1Yjk5YmMyZjFmYTJmYjI5ZWVmOWM4MDQ0NDBmN2M3YjU0Y2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4Trpz547nN5DGfYkD7vLLhqxGXy
JfKx7MrKNLp5X0wL5S2fTg7b+DFYy3DlCyfsXQjptqr62YSppSYiGxPBGOg+aS6C
7gJeZwZd6MhpsVmj5+xy9aW3sj59Yxc6eXv+vW3i+px2CvLGIUdMl3nW/ycd+v5z
uwYrdf09cC6bp6tbGi8Fo53BBHwCkQ7nLaAWOiNCjKrUElCTLehAdK19MuLVWyqr
sr5r0i7v3+K7M/BBSiEAYgI9MUdCOf3+Ga3RJXhQBgAkC019SQqkQr9DA7ht3NTe
iXChJHboIasuoZqvYTyR5fH5grk50bzj02BtJyeuTVlyfTbazvdr14xthwIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFJ/luZvC8fovsp7vnIBEQPfHtUzgMB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvbi1XNW04THgtaS15bnUtY2dFUkE5OGUxVE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByAwMAgIsD
AwCETgMEArlz1AMEA8ByAAMEA8ByEDAMAwQEwHIwAwQBwHI8MAwDBALAclwDBATA
cmAwDAMEAsByfAMEBMBygAMEBsBywAMEBMBzIAMEAsBzQDAMAwQCwHOkAwQEwHOg
AwQDwHPAAwQEwHVQMA0EAgACMAcDBQAgAQv4MA0GCSqGSIb3DQEBCwUAA4IBAQBo
lVUgMSW197YBX+zPAOS6UTt5qLPV2PA6/+FoYuD8jFlAUTIBY42cCHY3fzK5ewFX
ExeuQQUJXZlKIeGWJF4nK+9X7Hu6f0nRNk5+QEVU+9oO0m10Tl286dNwMzgtnhB6
WgcMIbf4wt8A7xes6IG3fzytxDN1RACvZpjVHcl0AJ9mBUEm/JNV7eu00QIgAg0p
ReQNxmyhGm+S1n/3eLrkoukRhKZDrz61/UQWMqAA5cnusOXnsdi9DLpTpbpE7Zwk
czNJkbK0rvjtRpCl60uYlZCxdRZHWNIcqwFX/5rsWOQ09qL2zrKmlLMDfFxPL7nv
FEvuP1yfCNXVJBU3SuVM
-----END CERTIFICATE-----
Generated at Sun Jun 29 09:10:50 2025 by rpki-client