Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/bBRJ88vGGDyD9dLDArY5zAKdNuw.roa
File: bBRJ88vGGDyD9dLDArY5zAKdNuw.roa (raw, json)
Hash identifier: vS28Ry1njW+ZhZmyyNEaInRIqI7X/sIYsEuXLFBqT8w=
Subject key identifier: 6C:14:49:F3:CB:C6:18:3C:83:F5:D2:C3:02:B6:39:CC:02:9D:36:EC
Certificate issuer: /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial: 0198C10D80A45AB5661F12D4D1888145503D
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/bBRJ88vGGDyD9dLDArY5zAKdNuw.roa
Signing time: Tue 19 Aug 2025 06:39:04 +0000
ROA not before: Tue 19 Aug 2025 06:39:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39855
IP address blocks: 168.199.0.0/24 maxlen: 24
168.199.1.0/24 maxlen: 24
168.199.2.0/23 maxlen: 24
168.199.4.0/24 maxlen: 24
168.199.5.0/24 maxlen: 24
168.199.6.0/23 maxlen: 24
168.199.8.0/24 maxlen: 24
168.199.9.0/24 maxlen: 24
168.199.10.0/23 maxlen: 24
168.199.12.0/24 maxlen: 24
168.199.13.0/24 maxlen: 24
168.199.14.0/23 maxlen: 24
168.199.16.0/24 maxlen: 24
168.199.17.0/24 maxlen: 24
168.199.22.0/23 maxlen: 24
168.199.24.0/23 maxlen: 24
168.199.26.0/24 maxlen: 24
168.199.27.0/24 maxlen: 24
168.199.28.0/23 maxlen: 24
168.199.30.0/24 maxlen: 24
168.199.31.0/24 maxlen: 24
168.199.32.0/23 maxlen: 24
168.199.34.0/24 maxlen: 24
168.199.35.0/24 maxlen: 24
168.199.36.0/23 maxlen: 24
168.199.38.0/24 maxlen: 24
168.199.39.0/24 maxlen: 24
168.199.40.0/23 maxlen: 24
168.199.42.0/24 maxlen: 24
168.199.43.0/24 maxlen: 24
168.199.44.0/23 maxlen: 24
168.199.46.0/24 maxlen: 24
168.199.47.0/24 maxlen: 24
168.199.48.0/23 maxlen: 24
168.199.50.0/24 maxlen: 24
168.199.51.0/24 maxlen: 24
168.199.52.0/23 maxlen: 24
168.199.54.0/24 maxlen: 24
168.199.55.0/24 maxlen: 24
168.199.56.0/23 maxlen: 24
168.199.58.0/24 maxlen: 24
168.199.59.0/24 maxlen: 24
168.199.60.0/23 maxlen: 24
168.199.62.0/24 maxlen: 24
168.199.63.0/24 maxlen: 24
168.199.96.0/23 maxlen: 24
168.199.98.0/24 maxlen: 24
168.199.99.0/24 maxlen: 24
168.199.100.0/23 maxlen: 24
168.199.102.0/24 maxlen: 24
168.199.103.0/24 maxlen: 24
168.199.104.0/23 maxlen: 24
168.199.106.0/24 maxlen: 24
168.199.107.0/24 maxlen: 24
168.199.108.0/23 maxlen: 24
168.199.110.0/24 maxlen: 24
168.199.111.0/24 maxlen: 24
168.199.112.0/23 maxlen: 24
168.199.114.0/24 maxlen: 24
168.199.115.0/24 maxlen: 24
168.199.116.0/23 maxlen: 24
168.199.118.0/24 maxlen: 24
168.199.119.0/24 maxlen: 24
168.199.120.0/23 maxlen: 24
168.199.122.0/24 maxlen: 24
168.199.123.0/24 maxlen: 24
168.199.124.0/23 maxlen: 24
168.199.126.0/24 maxlen: 24
168.199.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c1:0d:80:a4:5a:b5:66:1f:12:d4:d1:88:81:45:50:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
Validity
Not Before: Aug 19 06:39:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6c1449f3cbc6183c83f5d2c302b639cc029d36ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:30:c9:67:79:27:1e:22:85:ba:03:5d:61:cd:
db:b2:fa:0a:3f:ff:e4:86:55:65:0b:2b:3f:77:41:
ad:11:77:36:ca:71:b3:cc:2c:38:c8:3b:83:24:a8:
3c:df:00:53:54:11:24:02:e3:34:09:63:0a:5e:ef:
a7:3f:3a:3e:42:8d:80:de:f8:4f:40:06:e9:9f:ee:
72:e4:81:ff:66:08:24:6f:3c:0a:65:92:98:0f:f8:
f9:f9:97:8e:44:84:f5:ae:ac:31:08:6a:5e:32:58:
4b:91:f6:ab:a9:6d:3a:8c:f8:75:6b:df:c5:54:16:
bd:fb:98:9b:34:7a:78:b0:3a:0d:65:f0:91:cc:46:
59:76:4c:56:35:54:00:56:4b:9c:05:7d:e1:95:1a:
af:5c:a6:5d:04:12:31:1e:cc:2b:ae:81:67:e6:08:
88:3d:65:1f:ac:61:44:f9:b1:93:f2:ff:51:9f:2c:
33:a0:80:76:4f:cc:3a:70:57:7f:bf:51:da:23:05:
16:cb:0e:ba:e1:9e:77:6a:9c:9e:d8:d2:92:23:de:
f1:a0:3c:84:cd:18:e3:56:bd:3e:bb:69:ca:f0:ab:
5b:97:2c:bf:28:d1:f7:72:92:b7:c8:0d:81:a4:9f:
d9:c9:cc:a5:71:49:40:3c:fb:12:42:8c:1f:54:83:
36:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:14:49:F3:CB:C6:18:3C:83:F5:D2:C3:02:B6:39:CC:02:9D:36:EC
X509v3 Authority Key Identifier:
keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/bBRJ88vGGDyD9dLDArY5zAKdNuw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
168.199.0.0-168.199.17.255
168.199.22.0-168.199.63.255
168.199.96.0/19
Signature Algorithm: sha256WithRSAEncryption
81:2c:0d:30:b5:61:54:0b:33:cd:f5:7d:06:d7:90:05:5a:3e:
b8:c7:44:fd:13:97:9b:52:5e:73:07:57:21:f8:b2:34:d5:f2:
35:c5:72:0a:f7:63:3d:02:75:c9:b2:5a:af:cd:c0:fc:c2:dd:
60:cc:03:7e:5a:d0:77:08:4f:1c:56:a4:af:2c:ba:fb:4a:4e:
bc:76:12:b4:07:33:8a:d6:0a:a3:f2:68:7c:5f:28:db:c9:c0:
b1:f7:f2:8c:b9:7a:a6:da:2f:5f:8a:7e:92:4d:c5:6f:90:47:
0c:37:29:ae:d7:8c:e9:f8:9f:e0:a0:71:df:f7:2e:5b:98:5a:
96:96:a1:f3:fb:93:75:6c:2b:4b:5e:0e:d1:f2:72:7c:3a:04:
aa:85:f0:7b:09:d9:97:f4:f3:a9:0a:aa:19:99:dd:04:a0:3d:
40:c1:f7:49:04:16:a7:23:37:34:17:34:a4:16:4b:22:5a:ca:
9c:1b:eb:17:23:2b:68:85:78:c7:42:74:67:93:10:0b:b0:26:
b7:d4:18:4d:da:73:58:78:5e:31:b6:2a:06:0a:96:fa:fd:a5:
d1:1a:19:e1:4a:0a:c3:08:af:11:f1:7d:8d:34:d9:b0:eb:b0:
e2:ad:74:66:a4:c4:40:70:83:99:8f:e0:76:b2:51:85:12:79:
dc:70:dd:bf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZjBDYCkWrVmHxLU0YiBRVA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwODE5MDYzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE0NDlmM2NiYzYxODNjODNmNWQyYzMwMmI2MzljYzAyOWQzNmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTDJZ3knHiKFugNdYc3bsvoKP//k
hlVlCys/d0GtEXc2ynGzzCw4yDuDJKg83wBTVBEkAuM0CWMKXu+nPzo+Qo2A3vhP
QAbpn+5y5IH/ZggkbzwKZZKYD/j5+ZeORIT1rqwxCGpeMlhLkfarqW06jPh1a9/F
VBa9+5ibNHp4sDoNZfCRzEZZdkxWNVQAVkucBX3hlRqvXKZdBBIxHswrroFn5giI
PWUfrGFE+bGT8v9RnywzoIB2T8w6cFd/v1HaIwUWyw664Z53apye2NKSI97xoDyE
zRjjVr0+u2nK8Ktblyy/KNH3cpK3yA2BpJ/ZycylcUlAPPsSQowfVIM2sQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGwUSfPLxhg8g/XSwwK2OcwCnTbsMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvYkJSSjg4dkdHRHlEOWRMREFyWTV6QUtkTnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAATAhMAsDAwCoxwME
AajHEDAMAwQBqMcWAwQGqMcAAwQFqMdgMA0GCSqGSIb3DQEBCwUAA4IBAQCBLA0w
tWFUCzPN9X0G15AFWj64x0T9E5ebUl5zB1ch+LI01fI1xXIK92M9AnXJslqvzcD8
wt1gzAN+WtB3CE8cVqSvLLr7Sk68dhK0BzOK1gqj8mh8XyjbycCx9/KMuXqm2i9f
in6STcVvkEcMNymu14zp+J/goHHf9y5bmFqWlqHz+5N1bCtLXg7R8nJ8OgSqhfB7
CdmX9POpCqoZmd0EoD1AwfdJBBanIzc0FzSkFksiWsqcG+sXIytohXjHQnRnkxAL
sCa31BhN2nNYeF4xtioGCpb6/aXRGhnhSgrDCK8R8X2NNNmw67DirXRmpMRAcIOZ
j+B2slGFEnnccN2/
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:22:50 2025 by rpki-client