Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/P3vhEU4a-s2qrNZ3LB-q1-3W2hA.roa
File: P3vhEU4a-s2qrNZ3LB-q1-3W2hA.roa (raw, json)
Hash identifier: 26C/5Zy3ZufG6TpaFD+ry7Lu6VfxB8jb6htL9yflioo=
Subject key identifier: 3F:7B:E1:11:4E:1A:FA:CD:AA:AC:D6:77:2C:1F:AA:D7:ED:D6:DA:10
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019A4F7B78DBC59D030341BC1E2ABA0E8D04
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/P3vhEU4a-s2qrNZ3LB-q1-3W2hA.roa
Signing time: Tue 04 Nov 2025 15:28:03 +0000
ROA not before: Tue 04 Nov 2025 15:28:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 212.134.36.0/24 maxlen: 24
212.134.56.0/23 maxlen: 24
212.134.58.0/24 maxlen: 24
212.134.86.0/24 maxlen: 24
212.134.87.0/24 maxlen: 24
212.134.91.0/24 maxlen: 24
212.134.98.0/23 maxlen: 24
212.134.104.0/23 maxlen: 24
212.134.106.0/23 maxlen: 24
212.134.110.0/23 maxlen: 24
212.134.148.0/22 maxlen: 24
212.134.188.0/22 maxlen: 24
212.134.196.0/22 maxlen: 24
212.134.212.0/22 maxlen: 24
212.134.216.0/22 maxlen: 24
212.134.228.0/22 maxlen: 24
212.134.232.0/22 maxlen: 24
212.134.248.0/22 maxlen: 24
212.135.204.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 15:28:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4f:7b:78:db:c5:9d:03:03:41:bc:1e:2a:ba:0e:8d:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Nov 4 15:28:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3f7be1114e1afacdaaacd6772c1faad7edd6da10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:ab:a4:35:32:35:d5:1b:cd:f4:81:ee:9d:79:
18:7d:7f:2e:cf:7d:87:b2:f7:2c:60:c3:57:50:5a:
52:e6:b0:47:74:ce:a2:82:34:91:d1:fc:21:e2:6d:
f0:8e:d2:e6:05:92:f4:c8:6a:05:c5:fa:c5:c4:8e:
f4:6c:04:5f:72:81:a8:0e:82:da:43:d5:fa:16:0d:
18:1d:3f:5e:3d:ee:d7:6a:f7:6d:07:31:f5:71:ac:
97:23:ab:49:4d:4f:b2:e1:46:b9:a4:fc:75:8c:65:
b8:1d:31:24:4f:61:ec:ed:ac:fc:db:19:96:c6:00:
a3:55:e9:ca:43:bc:ed:d1:57:2b:9b:5c:9d:1f:6d:
11:10:85:c7:0d:c5:37:18:87:6b:ec:ca:2d:95:36:
01:ad:02:6b:ec:99:6b:9f:e2:ce:95:be:40:67:87:
b0:08:c5:05:2f:a3:12:88:65:08:a1:f8:97:81:1a:
e6:bd:bf:bc:bf:97:27:6e:c8:68:5a:2e:6d:d6:eb:
53:91:c7:63:8c:d4:53:7f:4a:14:87:96:a4:f9:4e:
00:4f:92:91:18:ff:cb:b9:cc:18:13:a7:d8:10:f7:
dc:7f:b8:17:55:dc:2b:c0:fd:6f:8d:7a:85:80:d0:
8b:06:f3:7b:28:e5:9d:60:a7:f8:b3:7d:9f:ec:61:
c5:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:7B:E1:11:4E:1A:FA:CD:AA:AC:D6:77:2C:1F:AA:D7:ED:D6:DA:10
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/P3vhEU4a-s2qrNZ3LB-q1-3W2hA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.134.36.0/24
212.134.56.0-212.134.58.255
212.134.86.0/23
212.134.91.0/24
212.134.98.0/23
212.134.104.0/22
212.134.110.0/23
212.134.148.0/22
212.134.188.0/22
212.134.196.0/22
212.134.212.0-212.134.219.255
212.134.228.0-212.134.235.255
212.134.248.0/22
212.135.204.0/22
Signature Algorithm: sha256WithRSAEncryption
72:2f:af:29:b7:0f:59:3f:70:ea:84:24:ac:70:d0:c6:97:f2:
8c:ab:eb:96:ea:70:65:a3:39:26:df:c7:be:c7:72:55:3a:c4:
67:04:44:1b:86:09:6d:ee:37:56:a8:7d:d4:ad:61:49:88:3f:
fb:c4:f9:a1:35:65:94:42:51:8a:3d:09:6e:82:d8:90:af:f5:
8d:f2:b7:47:19:62:e8:e3:97:0f:f9:c9:e3:0a:9c:2c:53:1e:
47:12:be:f8:e5:50:8d:2f:78:c0:08:86:0f:23:cf:8f:a1:fb:
df:fb:a6:88:c4:da:c3:7c:12:2e:8c:0b:44:f4:f4:10:85:c3:
2a:73:34:87:7d:1b:16:9b:a0:3c:55:c3:d4:c9:eb:dc:9d:16:
bb:49:02:fd:0e:84:c3:de:75:9f:6b:97:39:aa:51:53:0b:49:
70:b8:3e:f8:54:ea:d8:50:46:06:20:41:7d:12:31:a2:86:03:
83:3b:8c:2f:12:25:1c:52:13:63:a1:62:d2:b0:47:b4:9c:7f:
76:2a:b9:48:2f:39:f2:0a:30:4c:c6:63:17:2b:16:b4:f4:d4:
96:e5:f6:7f:e3:12:71:b3:f3:3c:b5:eb:9d:06:57:36:b1:e6:
85:a3:a4:96:ea:05:86:46:e1:85:40:b4:fa:fd:60:ff:64:33:
5a:d3:04:f8
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZpPe3jbxZ0DA0G8Hiq6Do0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMTA0MTUyODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjdiZTExMTRlMWFmYWNkYWFhY2Q2NzcyYzFmYWFkN2VkZDZkYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qukNTI11RvN9IHunXkYfX8uz32H
svcsYMNXUFpS5rBHdM6igjSR0fwh4m3wjtLmBZL0yGoFxfrFxI70bARfcoGoDoLa
Q9X6Fg0YHT9ePe7XavdtBzH1cayXI6tJTU+y4Ua5pPx1jGW4HTEkT2Hs7az82xmW
xgCjVenKQ7zt0Vcrm1ydH20REIXHDcU3GIdr7MotlTYBrQJr7Jlrn+LOlb5AZ4ew
CMUFL6MSiGUIofiXgRrmvb+8v5cnbshoWi5t1utTkcdjjNRTf0oUh5ak+U4AT5KR
GP/LucwYE6fYEPfcf7gXVdwrwP1vjXqFgNCLBvN7KOWdYKf4s32f7GHFZQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFD974RFOGvrNqqzWdywfqtft1toQMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvUDN2aEVVNGEtczJxck5aM0xCLXExLTNXMmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEANSGJDAM
AwQD1IY4AwQA1IY6AwQB1IZWAwQA1IZbAwQB1IZiAwQC1IZoAwQB1IZuAwQC1IaU
AwQC1Ia8AwQC1IbEMAwDBALUhtQDBALUhtgwDAMEAtSG5AMEAtSG6AMEAtSG+AME
AtSHzDANBgkqhkiG9w0BAQsFAAOCAQEAci+vKbcPWT9w6oQkrHDQxpfyjKvrlupw
ZaM5Jt/HvsdyVTrEZwREG4YJbe43Vqh91K1hSYg/+8T5oTVllEJRij0JboLYkK/1
jfK3Rxli6OOXD/nJ4wqcLFMeRxK++OVQjS94wAiGDyPPj6H73/umiMTaw3wSLowL
RPT0EIXDKnM0h30bFpugPFXD1Mnr3J0Wu0kC/Q6Ew951n2uXOapRUwtJcLg++FTq
2FBGBiBBfRIxooYDgzuMLxIlHFITY6Fi0rBHtJx/diq5SC858gowTMZjFysWtPTU
luX2f+MScbPzPLXrnQZXNrHmhaOkluoFhkbhhUC0+v1g/2QzWtME+A==
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:02:52 2025 by rpki-client