Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/fcvKERERQZNn6V8xkWFBGNVtQEI.roa
File: fcvKERERQZNn6V8xkWFBGNVtQEI.roa (raw, json)
Hash identifier: ZYmpRwAPIJhFA25uVJy0Dchmbob90u8kUS0f+gTnbP0=
Subject key identifier: 7D:CB:CA:11:11:11:41:93:67:E9:5F:31:91:61:41:18:D5:6D:40:42
Certificate issuer: /CN=2f7a464b894841b3b940e0b357b865e393b1dd46
Certificate serial: 019CBE7D45CAB0A5F8A1ECEADA5965224517
Authority key identifier: 2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/fcvKERERQZNn6V8xkWFBGNVtQEI.roa
Signing time: Thu 05 Mar 2026 14:53:26 +0000
ROA not before: Thu 05 Mar 2026 14:53:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210619
IP address blocks: 185.137.221.0/24 maxlen: 24
185.137.222.0/24 maxlen: 24
185.137.223.0/24 maxlen: 24
2a0a:a501::/32 maxlen: 32
2a0a:a501::/48 maxlen: 48
2a0a:a502::/32 maxlen: 32
2a0a:a502::/48 maxlen: 48
2a0a:a503::/32 maxlen: 32
2a0a:a504::/32 maxlen: 32
2a0a:a505::/32 maxlen: 32
2a0a:a507::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.mft
rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:be:7d:45:ca:b0:a5:f8:a1:ec:ea:da:59:65:22:45:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f7a464b894841b3b940e0b357b865e393b1dd46
Validity
Not Before: Mar 5 14:53:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7dcbca111111419367e95f3191614118d56d4042
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b3:47:4b:26:f9:f0:43:52:ab:7b:e3:0e:fa:
39:5f:cf:ba:cc:ad:dd:73:04:f0:30:b1:09:1d:c3:
95:f5:63:04:4d:57:af:8c:3d:ef:09:ec:ab:63:1f:
f4:d8:86:97:89:32:d9:97:4b:52:31:db:2a:09:c2:
1c:bd:e6:b8:0e:56:d1:0d:d1:13:cb:4e:b2:d3:be:
8f:4d:30:8c:a8:aa:49:c4:f5:39:98:88:d0:b3:1b:
e0:10:3f:d3:f2:86:8a:43:ef:33:88:f2:ce:b0:a0:
5a:bb:a5:cd:56:7a:55:9e:2b:32:d9:ba:d4:39:78:
97:bf:91:cd:31:35:7e:d0:7c:61:f9:83:68:93:f8:
99:ff:64:7c:41:48:20:b5:05:da:48:5a:a9:b2:46:
44:c0:df:98:0f:a5:33:79:f9:f7:33:0c:68:de:fb:
4e:07:c7:af:44:1f:22:50:de:70:86:55:27:b4:f3:
d7:04:46:84:a2:65:b4:b7:64:38:c6:c7:80:48:c6:
dc:d9:1e:81:f7:3e:0e:c2:41:b5:f1:06:b7:8c:b8:
b7:c8:d3:43:1c:c5:9a:74:0b:19:e8:51:30:ea:62:
50:ea:2e:66:ef:e0:18:15:2f:e8:00:90:f0:1d:ef:
4d:eb:a3:5a:1f:b8:30:ae:a2:ac:32:87:d6:02:83:
34:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:CB:CA:11:11:11:41:93:67:E9:5F:31:91:61:41:18:D5:6D:40:42
X509v3 Authority Key Identifier:
keyid:2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/fcvKERERQZNn6V8xkWFBGNVtQEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.137.221.0-185.137.223.255
IPv6:
2a0a:a501::-2a0a:a505:ffff:ffff:ffff:ffff:ffff:ffff
2a0a:a507::/32
Signature Algorithm: sha256WithRSAEncryption
26:f8:6c:d4:81:74:05:04:1f:03:d3:36:d8:5d:3b:0d:2f:64:
77:a1:ea:4e:7d:68:9c:77:03:47:c6:6a:0f:8f:fc:27:bd:07:
cc:72:72:cb:f7:08:e2:28:7d:67:2f:78:5a:63:33:4e:a9:03:
45:9c:21:bf:1c:be:c2:88:6b:c9:bb:73:8e:ce:63:fd:d6:c9:
83:85:41:d4:2b:30:78:30:ef:e5:a7:12:97:c7:7a:6e:ce:a0:
41:82:10:0c:4b:ff:da:9d:1a:a0:04:62:7b:11:8a:ea:82:80:
c0:52:c9:b9:06:26:5c:29:6a:fb:d0:34:98:7d:e9:bd:f0:fc:
68:6e:42:c4:fd:55:25:92:3a:06:89:bd:b5:b3:c9:91:66:d3:
c7:93:3c:ba:d3:fd:d1:43:3a:8f:1b:45:15:70:6b:ab:36:97:
0d:4d:fc:4d:57:20:46:1a:96:3a:05:c9:36:a2:e8:80:8a:52:
4f:49:6e:ab:d2:12:6d:26:37:19:d6:13:f0:34:c8:ed:86:02:
0c:30:8f:4d:01:3a:7c:84:7c:d6:3d:01:16:9e:1d:3b:72:6d:
93:48:01:84:d3:96:fc:4c:8d:a7:33:62:75:ff:9f:69:32:b1:
49:ba:e7:79:d3:87:64:10:bf:20:e4:93:ac:29:fa:0b:88:84:
37:73:3c:ae
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZy+fUXKsKX4oezq2lllIkUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmN2E0NjRiODk0ODQxYjNiOTQwZTBiMzU3Yjg2NWUzOTNi
MWRkNDYwHhcNMjYwMzA1MTQ1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNiY2ExMTExMTE0MTkzNjdlOTVmMzE5MTYxNDExOGQ1NmQ0MDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7NHSyb58ENSq3vjDvo5X8+6zK3d
cwTwMLEJHcOV9WMETVevjD3vCeyrYx/02IaXiTLZl0tSMdsqCcIcvea4DlbRDdET
y06y076PTTCMqKpJxPU5mIjQsxvgED/T8oaKQ+8ziPLOsKBau6XNVnpVnisy2brU
OXiXv5HNMTV+0Hxh+YNok/iZ/2R8QUggtQXaSFqpskZEwN+YD6Uzefn3Mwxo3vtO
B8evRB8iUN5whlUntPPXBEaEomW0t2Q4xseASMbc2R6B9z4OwkG18Qa3jLi3yNND
HMWadAsZ6FEw6mJQ6i5m7+AYFS/oAJDwHe9N66NaH7gwrqKsMofWAoM0pwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFH3LyhEREUGTZ+lfMZFhQRjVbUBCMB8GA1UdIwQY
MBaAFC96RkuJSEGzuUDgs1e4ZeOTsd1GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEt
MTAxNDRjMWJjYWZjLzEvZmN2S0VSRVJRWk5uNlY4eGtXRkJHTlZ0UUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEtMTAxNDRjMWJjYWZj
LzEvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAUBAIAATAOMAwDBAC5id0D
BAW5icAwHQQCAAIwFzAOAwUAKgqlAQMFASoKpQQDBQAqCqUHMA0GCSqGSIb3DQEB
CwUAA4IBAQAm+GzUgXQFBB8D0zbYXTsNL2R3oepOfWicdwNHxmoPj/wnvQfMcnLL
9wjiKH1nL3haYzNOqQNFnCG/HL7CiGvJu3OOzmP91smDhUHUKzB4MO/lpxKXx3pu
zqBBghAMS//anRqgBGJ7EYrqgoDAUsm5BiZcKWr70DSYfem98PxobkLE/VUlkjoG
ib21s8mRZtPHkzy60/3RQzqPG0UVcGurNpcNTfxNVyBGGpY6Bck2ouiAilJPSW6r
0hJtJjcZ1hPwNMjthgIMMI9NATp8hHzWPQEWnh07cm2TSAGE05b8TI2nM2J1/59p
MrFJuud504dkEL8g5JOsKfoLiIQ3czyu
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:47:10 2026 by rpki-client