Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4cF_2QHC-rzbO9KgfdamDA8ToLs.roa
File: 4cF_2QHC-rzbO9KgfdamDA8ToLs.roa (raw, json)
Hash identifier: 1U65pJVUYCV8kBvuyl2sH1q0i0oH6fqF8wSv1pfUPio=
Subject key identifier: E1:C1:7F:D9:01:C2:FA:BC:DB:3B:D2:A0:7D:D6:A6:0C:0F:13:A0:BB
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019D97780F36E5BB2FFF56627A3AC93DD34B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4cF_2QHC-rzbO9KgfdamDA8ToLs.roa
Signing time: Thu 16 Apr 2026 18:05:20 +0000
ROA not before: Thu 16 Apr 2026 18:05:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198250
IP address blocks: 212.134.23.0/24 maxlen: 24
212.134.37.0/24 maxlen: 24
212.134.50.0/24 maxlen: 24
212.134.152.0/24 maxlen: 24
212.135.23.0/24 maxlen: 24
212.135.167.0/24 maxlen: 24
212.135.171.0/24 maxlen: 24
212.135.172.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 01:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:97:78:0f:36:e5:bb:2f:ff:56:62:7a:3a:c9:3d:d3:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Apr 16 18:05:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e1c17fd901c2fabcdb3bd2a07dd6a60c0f13a0bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f2:a9:83:3b:67:70:3c:ca:cd:1f:db:17:1f:
5a:5b:f5:0c:b9:75:ea:17:6c:61:9e:fe:a7:66:d6:
70:5f:dc:f2:67:7f:a3:60:34:80:eb:97:57:f6:9c:
f0:76:9f:a0:41:0e:26:1b:8c:b9:c8:8f:ef:23:1c:
d0:23:57:4e:f4:8c:13:c9:c8:fa:6e:2e:72:46:28:
35:1a:48:33:b1:43:ef:4b:65:d5:82:9f:c1:69:01:
1d:08:ac:3d:0f:3f:6c:95:3f:f6:9d:ef:f4:cf:51:
94:d0:b3:03:ea:09:e0:cd:6a:6a:52:97:bd:01:fa:
21:c2:d8:3d:7f:82:b1:e0:87:01:fb:52:f4:02:87:
82:87:67:11:17:41:32:f3:b0:94:36:44:62:a4:e9:
3f:4e:14:95:94:f4:3c:7b:3d:76:32:31:89:8c:75:
76:c1:8f:35:94:32:66:6b:58:e6:98:7e:a7:ed:13:
6e:5a:ab:ce:a5:7d:0e:75:b8:74:e9:82:09:b6:a4:
24:35:7a:9d:b3:ac:7c:4a:2f:64:39:41:7d:75:e9:
03:76:f3:33:7c:42:38:65:b0:68:4d:93:2f:1b:b8:
0f:a0:dd:1b:2a:aa:b6:3f:ab:17:8a:c9:32:0f:23:
b4:dd:1e:c2:5e:f0:38:f4:5c:6e:ef:4c:32:c3:67:
3d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:C1:7F:D9:01:C2:FA:BC:DB:3B:D2:A0:7D:D6:A6:0C:0F:13:A0:BB
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/4cF_2QHC-rzbO9KgfdamDA8ToLs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.134.23.0/24
212.134.37.0/24
212.134.50.0/24
212.134.152.0/24
212.135.23.0/24
212.135.167.0/24
212.135.171.0-212.135.172.255
Signature Algorithm: sha256WithRSAEncryption
6a:79:39:7a:f8:32:45:67:47:c7:83:5a:c1:66:72:4c:d0:f2:
26:4a:64:ab:6a:68:df:17:da:b5:e5:d6:b6:fe:3f:97:7b:77:
59:ec:28:73:11:b8:53:87:9b:1f:d9:2b:ff:17:ff:14:bc:c6:
d7:aa:cb:87:c7:f2:72:34:d6:57:8a:5a:53:31:65:b6:16:bc:
16:a3:11:5c:c8:72:ee:bb:03:50:03:78:c0:82:b6:fa:fb:ca:
4e:84:bd:b0:c0:b8:c6:55:93:40:00:de:93:c8:36:5c:d5:c5:
8e:af:f1:13:86:28:d9:52:c0:e6:05:cb:bc:de:82:47:3b:18:
ed:3c:ab:18:50:66:a0:c6:3d:22:9d:26:ae:9f:df:18:13:53:
06:44:b5:68:c8:73:72:27:fa:d8:34:1a:cd:75:34:87:a9:32:
16:b5:e9:56:6d:c2:fe:8c:ca:44:b8:8c:cd:73:fc:2a:d7:e4:
64:f3:20:8c:91:41:a6:54:b5:66:06:7a:cf:0c:b9:e2:00:c0:
9f:e7:49:37:89:c9:ba:09:f6:4c:1e:4a:50:44:0b:7b:b7:83:
d3:50:21:25:0b:78:87:4f:c0:d3:4e:b3:ad:71:f4:d3:cf:09:
4c:5c:31:e9:7a:66:05:3b:62:8a:43:73:47:40:fd:cc:99:e3:
0f:cd:7d:e8
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZ2XeA825bsv/1ZiejrJPdNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDE2MTgwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMxN2ZkOTAxYzJmYWJjZGIzYmQyYTA3ZGQ2YTYwYzBmMTNhMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfKpgztncDzKzR/bFx9aW/UMuXXq
F2xhnv6nZtZwX9zyZ3+jYDSA65dX9pzwdp+gQQ4mG4y5yI/vIxzQI1dO9IwTycj6
bi5yRig1GkgzsUPvS2XVgp/BaQEdCKw9Dz9slT/2ne/0z1GU0LMD6gngzWpqUpe9
Afohwtg9f4Kx4IcB+1L0AoeCh2cRF0Ey87CUNkRipOk/ThSVlPQ8ez12MjGJjHV2
wY81lDJma1jmmH6n7RNuWqvOpX0Odbh06YIJtqQkNXqds6x8Si9kOUF9dekDdvMz
fEI4ZbBoTZMvG7gPoN0bKqq2P6sXiskyDyO03R7CXvA49Fxu70wyw2c9TQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOHBf9kBwvq82zvSoH3WpgwPE6C7MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNGNGXzJRSEMtcnpiTzlLZ2ZkYW1EQThUb0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQA1IYXAwQA
1IYlAwQA1IYyAwQA1IaYAwQA1IcXAwQA1IenMAwDBADUh6sDBADUh6wwDQYJKoZI
hvcNAQELBQADggEBAGp5OXr4MkVnR8eDWsFmckzQ8iZKZKtqaN8X2rXl1rb+P5d7
d1nsKHMRuFOHmx/ZK/8X/xS8xteqy4fH8nI01leKWlMxZbYWvBajEVzIcu67A1AD
eMCCtvr7yk6EvbDAuMZVk0AA3pPINlzVxY6v8ROGKNlSwOYFy7zegkc7GO08qxhQ
ZqDGPSKdJq6f3xgTUwZEtWjIc3In+tg0Gs11NIepMha16VZtwv6MykS4jM1z/CrX
5GTzIIyRQaZUtWYGes8MueIAwJ/nSTeJyboJ9kweSlBEC3u3g9NQISULeIdPwNNO
s61x9NPPCUxcMel6ZgU7YopDc0dA/cyZ4w/Nfeg=
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:50:20 2026 by rpki-client