Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/2CLMNYaFFxdMlkCD2C-4LAKowc4.roa
File: 2CLMNYaFFxdMlkCD2C-4LAKowc4.roa (raw, json)
Hash identifier: rORowuUVqmapyj+tj8jkfTNPmFfU0qWJxHHCvsdWt0Q=
Subject key identifier: D8:22:CC:35:86:85:17:17:4C:96:40:83:D8:2F:B8:2C:02:A8:C1:CE
Certificate issuer: /CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Certificate serial: 0197B094F900B78CD77014C3FF872F08DDDF
Authority key identifier: 7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/2CLMNYaFFxdMlkCD2C-4LAKowc4.roa
Signing time: Fri 27 Jun 2025 08:50:42 +0000
ROA not before: Fri 27 Jun 2025 08:50:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200521
IP address blocks: 192.148.208.0/24 maxlen: 24
192.148.209.0/24 maxlen: 24
192.148.210.0/24 maxlen: 24
192.148.211.0/24 maxlen: 24
192.148.212.0/24 maxlen: 24
192.148.213.0/24 maxlen: 24
192.148.214.0/24 maxlen: 24
192.148.215.0/24 maxlen: 24
192.187.16.0/24 maxlen: 24
192.187.17.0/24 maxlen: 24
192.187.18.0/24 maxlen: 24
192.187.19.0/24 maxlen: 24
192.187.20.0/24 maxlen: 24
192.187.21.0/24 maxlen: 24
192.187.22.0/24 maxlen: 24
192.187.23.0/24 maxlen: 24
212.128.88.0/24 maxlen: 24
212.128.89.0/24 maxlen: 24
212.128.96.0/22 maxlen: 22
212.128.100.0/24 maxlen: 24
212.128.101.0/24 maxlen: 24
212.128.102.0/24 maxlen: 24
212.128.103.0/24 maxlen: 24
212.128.104.0/24 maxlen: 24
212.128.105.0/24 maxlen: 24
212.128.106.0/24 maxlen: 24
212.128.107.0/24 maxlen: 24
212.128.108.0/24 maxlen: 24
212.128.109.0/24 maxlen: 24
212.128.110.0/24 maxlen: 24
212.128.111.0/24 maxlen: 24
212.128.112.0/22 maxlen: 22
212.128.112.0/24 maxlen: 24
212.128.113.0/24 maxlen: 24
212.128.114.0/24 maxlen: 24
212.128.116.0/23 maxlen: 23
212.128.118.0/24 maxlen: 24
212.128.119.0/24 maxlen: 24
212.128.120.0/24 maxlen: 24
212.128.121.0/24 maxlen: 24
212.128.122.0/24 maxlen: 24
212.128.123.0/24 maxlen: 24
212.128.125.0/24 maxlen: 24
212.128.126.0/24 maxlen: 24
212.128.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.mft
rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 14:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:b0:94:f9:00:b7:8c:d7:70:14:c3:ff:87:2f:08:dd:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7f50077d2dd8a67a1ae8b6abd6bbb3489028a5bb
Validity
Not Before: Jun 27 08:50:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d822cc35868517174c964083d82fb82c02a8c1ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:85:e1:96:43:13:d8:4d:6d:6e:2d:16:b8:22:
81:74:08:79:36:e0:2e:44:98:7b:22:48:f9:d3:06:
b6:ab:2a:b6:ab:23:06:3b:93:fc:66:24:a3:fa:7b:
6c:e2:8f:52:59:83:45:66:e6:3b:23:fd:9b:78:ac:
45:8e:9c:e7:64:76:c6:73:a1:07:ef:02:02:f7:98:
26:d6:a2:f8:75:95:b5:62:bb:45:a7:2c:89:b5:b6:
e4:ec:f6:a8:85:a4:b5:53:9a:0a:23:bc:a1:dd:05:
a0:e4:84:65:78:5f:5b:69:37:a4:e3:4f:f5:94:77:
8f:c9:0a:93:7c:83:98:07:6b:88:5d:78:bb:7a:4c:
4b:e2:2e:5e:6c:c3:64:82:3c:a3:aa:b9:09:d6:81:
d6:54:38:e2:0f:0b:ef:08:da:94:9d:8b:7c:5c:a2:
99:56:93:54:6c:d7:f2:26:43:8c:51:2f:a3:12:08:
79:00:61:1a:24:c6:74:b3:54:94:81:e0:b8:ce:4d:
3a:5b:06:7e:f6:26:23:b6:4a:52:37:ef:93:89:95:
50:9b:1d:4c:a8:62:ee:7e:57:c3:6f:49:75:44:2f:
3a:9f:77:3f:50:ca:27:4f:4d:86:db:93:28:95:f2:
1e:20:c6:e9:a0:a6:4e:17:66:02:b7:4b:3b:9f:99:
2a:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:22:CC:35:86:85:17:17:4C:96:40:83:D8:2F:B8:2C:02:A8:C1:CE
X509v3 Authority Key Identifier:
keyid:7F:50:07:7D:2D:D8:A6:7A:1A:E8:B6:AB:D6:BB:B3:48:90:28:A5:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1AHfS3Ypnoa6Lar1ruzSJAopbs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/2CLMNYaFFxdMlkCD2C-4LAKowc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c1c1ce-ea59-4dcf-bccc-3e7cadd88c70/1/f1AHfS3Ypnoa6Lar1ruzSJAopbs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.148.208.0/21
192.187.16.0/21
212.128.88.0/23
212.128.96.0-212.128.123.255
212.128.125.0-212.128.127.255
Signature Algorithm: sha256WithRSAEncryption
07:57:16:00:9a:3b:04:9e:45:15:4f:f0:b6:44:81:35:bd:93:
c9:86:9b:12:b5:47:2a:97:73:9b:2d:f4:f3:ce:9e:3f:4b:1d:
43:67:0d:f2:ea:e1:bb:ac:e0:39:46:e8:20:89:34:fe:4b:30:
d5:48:6b:eb:f2:50:4e:1b:23:18:e3:8a:f1:a2:4e:cf:68:91:
81:ec:9b:57:33:f5:fc:67:5a:be:90:e6:ed:2c:3f:10:0f:28:
f6:c4:84:8b:c4:bb:a0:48:b8:82:df:95:e9:47:3a:47:86:3f:
7f:27:b6:d6:a3:02:b1:8c:09:50:15:f3:c5:c3:88:ec:1a:34:
5f:3e:6c:e0:ba:c5:47:0e:da:00:5b:ea:b1:89:8d:63:c9:65:
62:01:3c:14:15:d8:93:2a:56:ef:05:a6:42:88:f0:da:64:b5:
af:f8:ee:61:41:91:06:d8:1a:89:9d:1b:91:df:56:92:62:01:
cb:a9:d8:07:81:37:e7:32:c5:4d:35:db:8e:54:a8:bb:89:52:
69:1c:e9:1a:61:2e:64:4e:7d:99:76:66:b3:4c:72:7d:27:0e:
18:ac:5a:1e:b5:2a:69:1a:b4:04:4b:2b:fa:62:4e:49:3d:9c:
bd:23:85:14:2d:e9:dd:a7:3c:ce:8a:b2:38:41:12:d9:2c:cb:
05:18:19:f4
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZewlPkAt4zXcBTD/4cvCN3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTAwNzdkMmRkOGE2N2ExYWU4YjZhYmQ2YmJiMzQ4OTAy
OGE1YmIwHhcNMjUwNjI3MDg1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODIyY2MzNTg2ODUxNzE3NGM5NjQwODNkODJmYjgyYzAyYThjMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YXhlkMT2E1tbi0WuCKBdAh5NuAu
RJh7Ikj50wa2qyq2qyMGO5P8ZiSj+nts4o9SWYNFZuY7I/2beKxFjpznZHbGc6EH
7wIC95gm1qL4dZW1YrtFpyyJtbbk7PaohaS1U5oKI7yh3QWg5IRleF9baTek40/1
lHePyQqTfIOYB2uIXXi7ekxL4i5ebMNkgjyjqrkJ1oHWVDjiDwvvCNqUnYt8XKKZ
VpNUbNfyJkOMUS+jEgh5AGEaJMZ0s1SUgeC4zk06WwZ+9iYjtkpSN++TiZVQmx1M
qGLuflfDb0l1RC86n3c/UMonT02G25MolfIeIMbpoKZOF2YCt0s7n5kqjQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNgizDWGhRcXTJZAg9gvuCwCqMHOMB8GA1UdIwQY
MBaAFH9QB30t2KZ6Gui2q9a7s0iQKKW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2Mt
M2U3Y2FkZDg4YzcwLzEvMkNMTU5ZYUZGeGRNbGtDRDJDLTRMQUtvd2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jMWMxY2UtZWE1OS00ZGNmLWJjY2MtM2U3Y2FkZDg4Yzcw
LzEvZjFBSGZTM1lwbm9hNkxhcjFydXpTSkFvcGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQDwJTQAwQD
wLsQAwQB1IBYMAwDBAXUgGADBALUgHgwDAMEANSAfQMEB9SAADANBgkqhkiG9w0B
AQsFAAOCAQEAB1cWAJo7BJ5FFU/wtkSBNb2TyYabErVHKpdzmy30886eP0sdQ2cN
8urhu6zgOUboIIk0/ksw1Uhr6/JQThsjGOOK8aJOz2iRgeybVzP1/GdavpDm7Sw/
EA8o9sSEi8S7oEi4gt+V6Uc6R4Y/fye21qMCsYwJUBXzxcOI7Bo0Xz5s4LrFRw7a
AFvqsYmNY8llYgE8FBXYkypW7wWmQojw2mS1r/juYUGRBtgaiZ0bkd9WkmIBy6nY
B4E35zLFTTXbjlSou4lSaRzpGmEuZE59mXZms0xyfScOGKxaHrUqaRq0BEsr+mJO
ST2cvSOFFC3p3ac8zoqyOEES2SzLBRgZ9A==
-----END CERTIFICATE-----
Generated at Mon Jun 30 00:29:57 2025 by rpki-client