Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/H_XRmIddIdPBZC4McGFtZFb7xLI.roa
File: H_XRmIddIdPBZC4McGFtZFb7xLI.roa (raw, json)
Hash identifier: URusFpEY9p6Rr7dRogLTLrCEXbfHuzjHeSeeheoUdt4=
Subject key identifier: 1F:F5:D1:98:87:5D:21:D3:C1:64:2E:0C:70:61:6D:64:56:FB:C4:B2
Certificate issuer: /CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
Certificate serial: 019A268330A0CA5EBE140D3EE5049325F50F
Authority key identifier: 2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/H_XRmIddIdPBZC4McGFtZFb7xLI.roa
Signing time: Mon 27 Oct 2025 16:32:03 +0000
ROA not before: Mon 27 Oct 2025 16:32:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 185.212.160.0/24 maxlen: 24
185.212.161.0/24 maxlen: 24
185.212.162.0/24 maxlen: 24
185.212.163.0/24 maxlen: 24
185.245.24.0/24 maxlen: 24
185.245.25.0/24 maxlen: 24
185.245.26.0/24 maxlen: 24
185.245.27.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.mft
rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:26:83:30:a0:ca:5e:be:14:0d:3e:e5:04:93:25:f5:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
Validity
Not Before: Oct 27 16:32:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1ff5d198875d21d3c1642e0c70616d6456fbc4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:dd:be:c8:7d:6d:93:88:86:80:cc:00:a4:4d:
7e:69:6f:35:b2:77:60:e4:80:c9:e6:c5:86:d8:e8:
58:ee:73:bb:2b:33:65:78:83:d1:01:63:8e:b6:43:
48:af:dc:64:54:0e:79:b6:fb:2a:28:9d:90:38:bc:
a6:af:71:89:7e:96:70:f2:ec:9a:96:1c:50:83:3a:
1b:df:5d:16:41:92:3b:1c:ca:bc:d3:f4:00:f4:27:
80:1f:a7:35:7b:48:1a:43:a7:4f:f5:29:b0:cf:30:
46:a3:68:60:50:69:32:26:35:4f:86:74:a4:44:b0:
05:cc:8a:a2:2f:99:b1:20:d2:25:22:a3:e1:a7:20:
e0:d7:ee:cb:e3:21:25:3f:f2:c7:ce:00:78:5d:6c:
77:8e:97:ea:4b:52:08:45:8c:40:98:fc:21:4b:28:
ab:ac:7c:24:62:64:3c:10:07:8d:f0:51:a1:a8:3f:
af:ae:53:67:c6:b0:8a:28:bc:16:89:16:3e:51:70:
ac:84:8a:1e:13:a0:93:05:48:3f:63:7d:98:57:e1:
fe:94:0f:c3:b8:14:f3:42:29:3a:ab:59:00:39:d3:
e8:5e:a6:b5:89:bd:2f:55:c4:96:c6:68:10:be:dc:
31:29:a4:39:2b:77:89:8b:9d:29:b8:ec:05:7c:15:
aa:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:F5:D1:98:87:5D:21:D3:C1:64:2E:0C:70:61:6D:64:56:FB:C4:B2
X509v3 Authority Key Identifier:
keyid:2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/H_XRmIddIdPBZC4McGFtZFb7xLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.212.160.0/22
185.245.24.0/22
Signature Algorithm: sha256WithRSAEncryption
93:7d:91:d3:6a:57:88:50:28:17:d8:36:da:a6:65:ef:62:0f:
04:45:60:3c:4c:3a:e3:1f:d4:44:30:5e:c5:00:1c:02:a9:c2:
c4:ba:06:e9:13:05:a9:28:b0:55:11:66:ce:0e:03:b1:70:8e:
97:25:8a:ab:b4:1d:ef:8f:cb:4c:b2:51:e4:9e:ae:c6:71:4e:
25:63:a1:fb:61:48:e9:1b:66:28:c4:10:a3:9a:f8:a4:ac:fb:
da:5b:bd:05:c5:0e:9a:06:10:60:ef:ca:53:9d:7c:51:2b:d8:
de:fd:76:c8:bb:13:a0:1c:57:23:39:85:85:d3:7f:b0:65:92:
39:8b:3d:e1:6f:2b:4b:a2:18:8d:51:f5:f1:58:0b:57:a6:d4:
10:7a:e2:ae:8c:82:e5:4e:fc:5c:da:ba:cb:d9:ef:1a:a8:fa:
7f:7b:9b:cd:72:c7:01:4a:d0:34:a2:2f:fe:f7:ea:fe:8b:e1:
b4:07:1e:90:3b:c4:3e:13:87:55:2e:7c:ce:d2:90:ce:1e:27:
c6:2d:e8:ce:3d:fe:ef:8c:80:64:5d:c2:c5:7c:69:fa:b0:fc:
6f:2e:31:73:21:9e:40:b8:2a:d3:e6:89:2b:b5:2c:d8:49:01:
28:f8:e8:90:5d:68:36:07:ec:7b:3a:a5:38:b6:f6:32:bb:7b:
64:d4:57:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZomgzCgyl6+FA0+5QSTJfUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYmNjNWM2NjRhNGE4MjMwNTg5MmE4YzQzM2U5NGZmZTMy
ZGFkYjcwHhcNMjUxMDI3MTYzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmY1ZDE5ODg3NWQyMWQzYzE2NDJlMGM3MDYxNmQ2NDU2ZmJjNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvt2+yH1tk4iGgMwApE1+aW81sndg
5IDJ5sWG2OhY7nO7KzNleIPRAWOOtkNIr9xkVA55tvsqKJ2QOLymr3GJfpZw8uya
lhxQgzob310WQZI7HMq80/QA9CeAH6c1e0gaQ6dP9SmwzzBGo2hgUGkyJjVPhnSk
RLAFzIqiL5mxINIlIqPhpyDg1+7L4yElP/LHzgB4XWx3jpfqS1IIRYxAmPwhSyir
rHwkYmQ8EAeN8FGhqD+vrlNnxrCKKLwWiRY+UXCshIoeE6CTBUg/Y32YV+H+lA/D
uBTzQik6q1kAOdPoXqa1ib0vVcSWxmgQvtwxKaQ5K3eJi50puOwFfBWqcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB/10ZiHXSHTwWQuDHBhbWRW+8SyMB8GA1UdIwQY
MBaAFCq8xcZkpKgjBYkqjEM+lP/jLa23MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAt
NjVmYjEwYTA2ZTg5LzEvSF9YUm1JZGRJZFBCWkM0TWNHRnRaRmI3eExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAtNjVmYjEwYTA2ZTg5
LzEvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCudSgAwQC
ufUYMA0GCSqGSIb3DQEBCwUAA4IBAQCTfZHTaleIUCgX2DbapmXvYg8ERWA8TDrj
H9REMF7FABwCqcLEugbpEwWpKLBVEWbODgOxcI6XJYqrtB3vj8tMslHknq7GcU4l
Y6H7YUjpG2YoxBCjmvikrPvaW70FxQ6aBhBg78pTnXxRK9je/XbIuxOgHFcjOYWF
03+wZZI5iz3hbytLohiNUfXxWAtXptQQeuKujILlTvxc2rrL2e8aqPp/e5vNcscB
StA0oi/+9+r+i+G0Bx6QO8Q+E4dVLnzO0pDOHifGLejOPf7vjIBkXcLFfGn6sPxv
LjFzIZ5AuCrT5okrtSzYSQEo+OiQXWg2B+x7OqU4tvYyu3tk1FeR
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:03:06 2025 by rpki-client