Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/OC0sSBHJnP4b0J24Htst-_z21z0.roa
File: OC0sSBHJnP4b0J24Htst-_z21z0.roa (raw, json)
Hash identifier: 5sfWgno4pC4HGZPsmImbzu6t/5UjdQSe45jxPoavsl8=
Subject key identifier: 38:2D:2C:48:11:C9:9C:FE:1B:D0:9D:B8:1E:DB:2D:FB:FC:F6:D7:3D
Certificate issuer: /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial: 0197C5B991F9D5C0979650EADDC81B745CD7
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/OC0sSBHJnP4b0J24Htst-_z21z0.roa
Signing time: Tue 01 Jul 2025 11:22:42 +0000
ROA not before: Tue 01 Jul 2025 11:22:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 28787
IP address blocks: 37.61.0.0/17 maxlen: 17
37.61.56.0/21 maxlen: 21
37.61.77.0/24 maxlen: 24
37.61.78.0/24 maxlen: 24
37.61.79.0/24 maxlen: 24
37.61.112.0/22 maxlen: 22
37.61.116.0/22 maxlen: 22
37.61.120.0/22 maxlen: 22
37.61.124.0/22 maxlen: 22
81.17.80.0/20 maxlen: 20
81.17.82.0/24 maxlen: 24
185.30.88.0/22 maxlen: 22
188.253.128.0/19 maxlen: 19
188.253.208.0/22 maxlen: 22
188.253.212.0/22 maxlen: 22
188.253.216.0/22 maxlen: 22
188.253.220.0/22 maxlen: 22
188.253.224.0/21 maxlen: 21
188.253.232.0/21 maxlen: 21
188.253.254.0/24 maxlen: 24
188.253.255.0/24 maxlen: 24
194.135.166.0/23 maxlen: 23
194.135.168.0/23 maxlen: 23
194.135.170.0/24 maxlen: 24
194.135.171.0/24 maxlen: 24
194.135.172.0/24 maxlen: 24
194.135.173.0/24 maxlen: 24
194.135.174.0/24 maxlen: 24
194.135.175.0/24 maxlen: 24
194.135.176.0/24 maxlen: 24
194.135.177.0/24 maxlen: 24
194.135.178.0/24 maxlen: 24
194.135.179.0/24 maxlen: 24
213.154.0.0/19 maxlen: 19
217.64.16.0/20 maxlen: 20
217.64.16.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c5:b9:91:f9:d5:c0:97:96:50:ea:dd:c8:1b:74:5c:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Validity
Not Before: Jul 1 11:22:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=382d2c4811c99cfe1bd09db81edb2dfbfcf6d73d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:4c:6d:05:56:2b:ad:25:fd:21:22:30:30:6e:
ec:53:d7:97:6b:e0:ab:8a:24:bb:bd:d3:d2:85:4c:
32:e1:3a:3d:3b:f9:dc:c9:0a:8f:0b:b2:c3:e0:fe:
27:5c:88:d4:d8:fe:4c:75:47:f0:42:2f:7e:20:47:
c8:3c:4d:6c:75:77:fd:dc:a5:1f:f7:42:f6:c7:53:
ff:48:2a:88:a8:51:c1:44:48:83:f5:16:73:09:73:
d2:0c:58:95:f3:0a:75:e4:56:e2:f0:6e:0b:fa:13:
06:61:17:3a:15:c4:97:da:42:69:23:6e:39:40:b4:
1b:f2:40:57:06:d6:c5:70:6f:06:34:c5:a4:85:cb:
0a:3e:2b:18:8e:1a:e1:b6:ff:39:95:6e:81:c7:e5:
9a:cb:0f:25:7f:c0:ce:9e:cd:33:95:45:7a:97:46:
5b:b1:35:a2:d3:ba:c9:90:34:83:98:bf:84:7d:40:
f9:8d:3d:4c:ad:9f:45:e8:75:86:f0:a3:e2:9b:7c:
68:13:88:4d:8c:b7:b9:d3:23:75:c4:ec:13:f8:39:
55:cf:01:aa:fa:5c:ee:75:61:a1:4d:3e:8e:d3:4c:
24:4e:87:55:c1:9e:c3:c2:05:60:83:9e:3d:bf:6e:
f9:5a:12:66:a2:23:f4:54:4d:15:57:35:da:a1:d4:
ac:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:2D:2C:48:11:C9:9C:FE:1B:D0:9D:B8:1E:DB:2D:FB:FC:F6:D7:3D
X509v3 Authority Key Identifier:
keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/OC0sSBHJnP4b0J24Htst-_z21z0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.0.0/17
81.17.80.0/20
185.30.88.0/22
188.253.128.0/19
188.253.208.0-188.253.239.255
188.253.254.0/23
194.135.166.0-194.135.179.255
213.154.0.0/19
217.64.16.0/20
Signature Algorithm: sha256WithRSAEncryption
ab:df:1a:b8:21:79:d0:5d:c0:ca:32:27:50:fa:46:b7:19:4d:
a1:f9:cb:58:ba:6a:2c:91:3a:04:c0:2a:38:98:01:ab:a1:c8:
43:3f:8c:80:ad:e3:2c:67:3c:44:e7:3e:35:f0:e0:a4:65:3e:
cf:26:13:86:31:cb:de:61:63:10:56:c3:8e:af:db:de:4d:67:
0e:bc:58:2c:25:0b:ad:45:5b:58:64:f1:ac:b9:89:d7:32:0b:
eb:bb:7d:23:e9:b4:8c:75:84:2b:65:96:2e:5f:92:50:61:08:
cc:97:d2:e8:11:33:0a:60:e7:0a:b1:27:05:3a:90:a4:32:0e:
81:f8:3b:ec:d1:50:4f:5c:2a:c6:4b:ac:3f:76:36:4f:ce:ac:
14:88:8d:f4:a6:67:e0:5c:2b:d6:cf:9e:6e:0d:16:fc:55:f3:
68:21:d9:43:2e:f9:81:a0:84:94:e7:33:8e:09:c3:4c:0d:00:
26:a7:7a:0f:9d:a8:a5:2f:80:b5:b3:67:1d:19:88:72:75:a8:
31:22:99:39:d9:65:25:eb:d8:30:4b:ab:0b:13:bc:59:ae:51:
16:68:82:a3:ec:44:a9:7c:c5:12:b5:8c:d0:e9:91:11:3c:89:
4d:e2:24:08:08:d1:d9:21:c7:7f:e4:e6:df:6d:ba:6f:af:17:
d9:46:df:d3
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZfFuZH51cCXllDq3cgbdFzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjUwNzAxMTEyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJkMmM0ODExYzk5Y2ZlMWJkMDlkYjgxZWRiMmRmYmZjZjZkNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kxtBVYrrSX9ISIwMG7sU9eXa+Cr
iiS7vdPShUwy4To9O/ncyQqPC7LD4P4nXIjU2P5MdUfwQi9+IEfIPE1sdXf93KUf
90L2x1P/SCqIqFHBREiD9RZzCXPSDFiV8wp15Fbi8G4L+hMGYRc6FcSX2kJpI245
QLQb8kBXBtbFcG8GNMWkhcsKPisYjhrhtv85lW6Bx+Wayw8lf8DOns0zlUV6l0Zb
sTWi07rJkDSDmL+EfUD5jT1MrZ9F6HWG8KPim3xoE4hNjLe50yN1xOwT+DlVzwGq
+lzudWGhTT6O00wkTodVwZ7DwgVgg549v275WhJmoiP0VE0VVzXaodSsxwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDgtLEgRyZz+G9CduB7bLfv89tc9MB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvT0Mwc1NCSEpuUDRiMEoyNEh0c3QtX3oyMXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTctODFmNTY2MTg1YjA2
LzEvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQHJT0AAwQE
URFQAwQCuR5YAwQFvP2AMAwDBAS8/dADBAS8/eADBAG8/f4wDAMEAcKHpgMEAsKH
sAMEBdWaAAMEBNlAEDANBgkqhkiG9w0BAQsFAAOCAQEAq98auCF50F3AyjInUPpG
txlNofnLWLpqLJE6BMAqOJgBq6HIQz+MgK3jLGc8ROc+NfDgpGU+zyYThjHL3mFj
EFbDjq/b3k1nDrxYLCULrUVbWGTxrLmJ1zIL67t9I+m0jHWEK2WWLl+SUGEIzJfS
6BEzCmDnCrEnBTqQpDIOgfg77NFQT1wqxkusP3Y2T86sFIiN9KZn4Fwr1s+ebg0W
/FXzaCHZQy75gaCElOczjgnDTA0AJqd6D52opS+AtbNnHRmIcnWoMSKZOdllJevY
MEurCxO8Wa5RFmiCo+xEqXzFErWM0OmRETyJTeIkCAjR2SHHf+Tm3226b68X2Ubf
0w==
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:52:51 2025 by rpki-client