Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/JzP7e_-IzWbRBsyrki_po14NIZs.roa
File: JzP7e_-IzWbRBsyrki_po14NIZs.roa (raw, json)
Hash identifier: 2xaFuIKLrgS1M1OrFYGfnFmo0uzFtyDCt4fM8dRZejI=
Subject key identifier: 27:33:FB:7B:FF:88:CD:66:D1:06:CC:AB:92:2F:E9:A3:5E:0D:21:9B
Certificate issuer: /CN=b011022187e3395a1524fa1a7541ea793285afc2
Certificate serial: 0197F36540918AC03F9FEBE6A4EE4B87F3D2
Authority key identifier: B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/JzP7e_-IzWbRBsyrki_po14NIZs.roa
Signing time: Thu 10 Jul 2025 08:13:08 +0000
ROA not before: Thu 10 Jul 2025 08:13:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39308
IP address blocks: 46.21.80.0/20 maxlen: 20
89.144.128.0/18 maxlen: 24
89.144.130.0/24 maxlen: 24
109.109.32.0/19 maxlen: 19
109.109.48.0/24 maxlen: 24
159.20.96.0/20 maxlen: 20
176.12.64.0/20 maxlen: 24
185.56.96.0/22 maxlen: 24
2a00:1570::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/sBECIYfjOVoVJPoadUHqeTKFr8I.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/sBECIYfjOVoVJPoadUHqeTKFr8I.mft
rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f3:65:40:91:8a:c0:3f:9f:eb:e6:a4:ee:4b:87:f3:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b011022187e3395a1524fa1a7541ea793285afc2
Validity
Not Before: Jul 10 08:13:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2733fb7bff88cd66d106ccab922fe9a35e0d219b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b3:95:0b:3c:b8:a7:29:fa:29:68:72:3a:f6:
b1:21:46:54:d7:78:88:53:0b:46:d4:07:74:73:7a:
aa:ed:d4:60:79:e7:00:c6:8f:61:27:16:d7:dd:38:
69:81:8f:dc:82:c7:66:59:7c:96:aa:a4:bd:b4:d2:
19:db:78:fb:c0:f9:b3:37:4b:21:c4:fb:ec:76:23:
30:bd:45:3c:0e:77:b8:09:25:90:ca:14:dc:ca:5f:
a1:b3:4b:dd:83:04:73:d0:25:29:4c:5a:6b:3a:60:
da:53:fa:5d:75:bd:2d:b1:24:bf:69:07:ea:da:3f:
18:e1:36:60:36:7d:ef:f1:63:09:3a:c1:7a:61:26:
56:17:0f:de:40:51:c9:87:b1:97:b3:c2:78:5d:65:
3b:2a:f9:12:b1:0b:64:6f:b0:d3:98:1d:5a:1f:12:
8b:f9:1c:7a:36:02:88:8c:9f:1e:8f:14:a3:f3:fa:
da:ff:5b:8d:1f:a2:58:d7:39:12:f1:6e:52:3d:8f:
00:16:5b:99:a8:3e:6a:f7:ff:25:11:f4:c2:45:7d:
fc:9d:95:52:97:6f:10:c5:90:af:f8:d1:00:64:60:
d7:f4:2e:07:26:5f:e2:fc:21:54:34:0e:be:d3:c6:
8b:0f:6a:26:d9:05:de:02:d0:3b:ef:33:2f:ec:5d:
5f:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:33:FB:7B:FF:88:CD:66:D1:06:CC:AB:92:2F:E9:A3:5E:0D:21:9B
X509v3 Authority Key Identifier:
keyid:B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/JzP7e_-IzWbRBsyrki_po14NIZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/sBECIYfjOVoVJPoadUHqeTKFr8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.80.0/20
89.144.128.0/18
109.109.32.0/19
159.20.96.0/20
176.12.64.0/20
185.56.96.0/22
IPv6:
2a00:1570::/32
Signature Algorithm: sha256WithRSAEncryption
d9:3d:5b:f9:fb:b4:80:c1:f5:d8:d0:6d:33:ee:99:e4:14:e8:
20:4d:0d:81:68:83:04:c6:72:fb:10:cf:2e:17:28:e2:a9:54:
d1:30:5b:ac:64:d7:3e:84:55:dc:e6:38:94:47:ee:71:69:fc:
04:d0:80:42:7c:10:8f:fd:73:9e:f2:28:8b:5c:99:bb:f1:ed:
d1:2b:80:bc:d8:6e:93:0b:52:4a:e5:51:65:f4:31:5b:77:db:
a7:8f:0d:0b:94:37:22:6b:f2:ad:8f:05:b2:0e:ab:7d:fa:9b:
a3:fb:91:98:83:9a:f0:7c:a1:70:7f:3b:b4:19:04:c7:96:b4:
5f:22:d1:4c:04:df:02:cc:cc:34:37:67:32:24:de:c2:36:dc:
d1:50:6b:52:c0:82:e7:bb:b5:fd:10:5a:8a:7a:ca:60:b1:38:
09:7c:2d:f3:a8:48:c8:a1:c5:d9:be:c3:07:14:0b:8c:e0:49:
87:9a:98:10:fb:e6:32:2d:35:28:e8:7d:23:3d:37:eb:c5:fe:
ae:3a:cc:4e:c1:45:f3:20:59:62:1c:23:33:14:46:8f:33:c9:
13:c2:ce:f1:38:fd:c5:02:f9:64:c8:f1:5c:25:de:c7:15:64:
b2:9c:f0:4e:74:49:b1:ad:4b:bf:cb:49:29:65:92:1d:76:5f:
6e:94:32:38
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZfzZUCRisA/n+vmpO5Lh/PSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMTEwMjIxODdlMzM5NWExNTI0ZmExYTc1NDFlYTc5MzI4
NWFmYzIwHhcNMjUwNzEwMDgxMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMzZmI3YmZmODhjZDY2ZDEwNmNjYWI5MjJmZTlhMzVlMGQyMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbOVCzy4pyn6KWhyOvaxIUZU13iI
UwtG1Ad0c3qq7dRgeecAxo9hJxbX3ThpgY/cgsdmWXyWqqS9tNIZ23j7wPmzN0sh
xPvsdiMwvUU8Dne4CSWQyhTcyl+hs0vdgwRz0CUpTFprOmDaU/pddb0tsSS/aQfq
2j8Y4TZgNn3v8WMJOsF6YSZWFw/eQFHJh7GXs8J4XWU7KvkSsQtkb7DTmB1aHxKL
+Rx6NgKIjJ8ejxSj8/ra/1uNH6JY1zkS8W5SPY8AFluZqD5q9/8lEfTCRX38nZVS
l28QxZCv+NEAZGDX9C4HJl/i/CFUNA6+08aLD2om2QXeAtA77zMv7F1flQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCcz+3v/iM1m0QbMq5Iv6aNeDSGbMB8GA1UdIwQY
MBaAFLARAiGH4zlaFST6GnVB6nkyha/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAt
NTMzNGU2YjhjNWZlLzEvSnpQN2VfLUl6V2JSQnN5cmtpX3BvMTROSVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAtNTMzNGU2YjhjNWZl
LzEvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQELhVQAwQG
WZCAAwQFbW0gAwQEnxRgAwQEsAxAAwQCuThgMA0EAgACMAcDBQAqABVwMA0GCSqG
SIb3DQEBCwUAA4IBAQDZPVv5+7SAwfXY0G0z7pnkFOggTQ2BaIMExnL7EM8uFyji
qVTRMFusZNc+hFXc5jiUR+5xafwE0IBCfBCP/XOe8iiLXJm78e3RK4C82G6TC1JK
5VFl9DFbd9unjw0LlDcia/KtjwWyDqt9+puj+5GYg5rwfKFwfzu0GQTHlrRfItFM
BN8CzMw0N2cyJN7CNtzRUGtSwILnu7X9EFqKespgsTgJfC3zqEjIocXZvsMHFAuM
4EmHmpgQ++YyLTUo6H0jPTfrxf6uOsxOwUXzIFliHCMzFEaPM8kTws7xOP3FAvlk
yPFcJd7HFWSynPBOdEmxrUu/y0kpZZIddl9ulDI4
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:23:37 2025 by rpki-client