Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Xx1JKCEzK5ylWAERePTUNaG4vxA.roa
File: Xx1JKCEzK5ylWAERePTUNaG4vxA.roa (raw, json)
Hash identifier: VN34GB6PTJHGyOzcLDW/ID6l88H+88oQhvJCocFCDm8=
Subject key identifier: 5F:1D:49:28:21:33:2B:9C:A5:58:01:11:78:F4:D4:35:A1:B8:BF:10
Certificate issuer: /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial: 01982C2086139848F85965A3F72758BC11F1
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Xx1JKCEzK5ylWAERePTUNaG4vxA.roa
Signing time: Mon 21 Jul 2025 08:36:25 +0000
ROA not before: Mon 21 Jul 2025 08:36:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50670
IP address blocks: 81.21.8.0/22 maxlen: 22
81.21.8.0/24 maxlen: 24
81.21.9.0/24 maxlen: 24
81.21.10.0/24 maxlen: 24
81.21.11.0/24 maxlen: 24
81.21.12.0/24 maxlen: 24
81.21.13.0/24 maxlen: 24
81.21.14.0/24 maxlen: 24
81.21.15.0/24 maxlen: 24
109.237.192.0/20 maxlen: 24
109.237.192.0/24 maxlen: 24
109.237.193.0/24 maxlen: 24
109.237.194.0/24 maxlen: 24
109.237.195.0/24 maxlen: 24
109.237.196.0/24 maxlen: 24
109.237.197.0/24 maxlen: 24
109.237.198.0/24 maxlen: 24
109.237.199.0/24 maxlen: 24
109.237.200.0/24 maxlen: 24
109.237.201.0/24 maxlen: 24
109.237.202.0/24 maxlen: 24
109.237.203.0/24 maxlen: 24
109.237.204.0/24 maxlen: 24
109.237.205.0/24 maxlen: 24
109.237.206.0/24 maxlen: 24
109.237.207.0/24 maxlen: 24
176.241.64.0/21 maxlen: 24
176.241.64.0/24 maxlen: 24
176.241.65.0/24 maxlen: 24
176.241.66.0/24 maxlen: 24
176.241.67.0/24 maxlen: 24
176.241.68.0/24 maxlen: 24
176.241.69.0/24 maxlen: 24
176.241.70.0/24 maxlen: 24
176.241.71.0/24 maxlen: 24
178.20.184.0/21 maxlen: 24
178.20.184.0/24 maxlen: 24
178.20.185.0/24 maxlen: 24
178.20.186.0/24 maxlen: 24
178.20.187.0/24 maxlen: 24
178.20.188.0/24 maxlen: 24
178.20.189.0/24 maxlen: 24
178.20.190.0/24 maxlen: 24
178.20.191.0/24 maxlen: 24
185.51.212.0/22 maxlen: 22
185.51.212.0/24 maxlen: 24
185.51.213.0/24 maxlen: 24
185.51.214.0/24 maxlen: 24
185.51.215.0/24 maxlen: 24
185.193.176.0/22 maxlen: 22
185.193.176.0/24 maxlen: 24
185.193.177.0/24 maxlen: 24
185.193.178.0/24 maxlen: 24
185.193.179.0/24 maxlen: 24
2a01:1d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2c:20:86:13:98:48:f8:59:65:a3:f7:27:58:bc:11:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
Validity
Not Before: Jul 21 08:36:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f1d492821332b9ca558011178f4d435a1b8bf10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:86:2e:45:eb:6d:d1:08:09:d0:7b:55:40:22:
69:11:a0:7e:ca:47:df:d1:48:c2:e9:73:e3:e9:28:
21:bb:5b:e6:46:bf:ef:d6:23:53:31:3c:7d:2a:a0:
1f:03:31:81:ed:76:7a:b7:65:5d:6a:28:e3:49:3f:
84:9b:da:06:cd:d0:9e:0f:95:66:3d:43:d7:17:5e:
41:3e:53:76:c5:dc:d0:9a:9c:cc:b5:2a:9c:81:b4:
7b:7d:ca:32:25:8a:b2:1b:91:be:8f:48:d1:f5:b8:
e7:d4:59:90:aa:2c:cb:5f:68:b9:f0:82:6e:c5:de:
b9:eb:9e:87:61:6a:4a:c8:dc:b0:15:08:7b:95:8e:
87:ee:58:42:c9:e3:9e:99:d4:1b:05:e5:f5:80:7d:
76:a9:7f:32:aa:ed:ff:51:70:1b:f5:81:e0:ad:8e:
8a:de:94:9f:85:14:7d:c1:a7:09:cf:4f:f3:72:82:
0f:99:e2:17:a8:a8:e0:e6:53:af:62:22:1e:4e:3e:
2d:25:dc:a6:e2:64:16:55:85:64:2b:eb:09:89:73:
28:be:88:9b:76:47:26:f2:16:1e:1e:b6:6c:9e:d4:
e7:cc:94:5e:b6:99:c4:27:37:5e:71:8b:e7:74:ee:
e2:cb:50:c5:c2:53:9a:16:b5:f8:41:6d:0e:b7:6d:
a7:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:1D:49:28:21:33:2B:9C:A5:58:01:11:78:F4:D4:35:A1:B8:BF:10
X509v3 Authority Key Identifier:
keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Xx1JKCEzK5ylWAERePTUNaG4vxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.8.0/21
109.237.192.0/20
176.241.64.0/21
178.20.184.0/21
185.51.212.0/22
185.193.176.0/22
IPv6:
2a01:1d0::/32
Signature Algorithm: sha256WithRSAEncryption
84:26:66:0b:a4:36:d0:e3:43:08:ff:df:e2:a3:ae:1f:d2:f8:
d2:7b:39:88:08:04:2c:4d:e3:c5:fe:aa:27:c7:62:af:45:35:
39:a1:56:d9:45:2a:19:44:69:81:ec:63:0d:f2:9f:c9:d5:42:
0f:cf:ee:4f:20:e4:08:f8:3d:78:9c:7e:32:ef:8f:83:38:3f:
8c:8f:a1:dc:fe:31:54:84:70:cc:9a:70:16:41:80:55:e4:50:
f5:b8:9a:6a:b4:0d:ec:6f:33:fd:94:f0:54:e0:79:c4:4e:0d:
6d:21:c9:7c:30:fa:a5:00:b6:d9:ec:0d:48:27:5e:ff:cb:bc:
13:c7:d7:fc:3b:10:8f:c7:23:84:c4:8e:87:5a:78:9b:7f:fe:
92:03:2c:f5:d2:70:14:51:a2:9f:b9:64:d8:91:b0:56:4a:78:
c5:dd:b8:85:09:b9:40:6c:b3:ed:18:1e:9c:2f:92:63:80:ed:
4a:82:60:ba:25:5a:a6:1d:47:24:f8:42:e7:d4:c9:83:fd:24:
15:eb:91:59:30:cb:23:bf:01:40:47:c7:60:75:8c:55:b3:82:
4d:07:6d:b2:39:e2:07:b4:1b:2d:2c:3f:5e:85:b8:6d:0b:6a:
e3:18:2e:cf:f9:59:bb:ef:38:a2:48:cd:fb:8a:38:f2:d4:cc:
9f:0e:33:62
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZgsIIYTmEj4WWWj9ydYvBHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNzIxMDgzNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFkNDkyODIxMzMyYjljYTU1ODAxMTE3OGY0ZDQzNWExYjhiZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoYuRett0QgJ0HtVQCJpEaB+ykff
0UjC6XPj6Sghu1vmRr/v1iNTMTx9KqAfAzGB7XZ6t2VdaijjST+Em9oGzdCeD5Vm
PUPXF15BPlN2xdzQmpzMtSqcgbR7fcoyJYqyG5G+j0jR9bjn1FmQqizLX2i58IJu
xd65656HYWpKyNywFQh7lY6H7lhCyeOemdQbBeX1gH12qX8yqu3/UXAb9YHgrY6K
3pSfhRR9wacJz0/zcoIPmeIXqKjg5lOvYiIeTj4tJdym4mQWVYVkK+sJiXMovoib
dkcm8hYeHrZsntTnzJRetpnEJzdecYvndO7iy1DFwlOaFrX4QW0Ot22nkQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFF8dSSghMyucpVgBEXj01DWhuL8QMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvWHgxSktDRXpLNXlsV0FFUmVQVFVOYUc0dnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDURUIAwQE
be3AAwQDsPFAAwQDshS4AwQCuTPUAwQCucGwMA0EAgACMAcDBQAqAQHQMA0GCSqG
SIb3DQEBCwUAA4IBAQCEJmYLpDbQ40MI/9/io64f0vjSezmICAQsTePF/qonx2Kv
RTU5oVbZRSoZRGmB7GMN8p/J1UIPz+5PIOQI+D14nH4y74+DOD+Mj6Hc/jFUhHDM
mnAWQYBV5FD1uJpqtA3sbzP9lPBU4HnETg1tIcl8MPqlALbZ7A1IJ17/y7wTx9f8
OxCPxyOExI6HWnibf/6SAyz10nAUUaKfuWTYkbBWSnjF3biFCblAbLPtGB6cL5Jj
gO1KgmC6JVqmHUck+ELn1MmD/SQV65FZMMsjvwFAR8dgdYxVs4JNB22yOeIHtBst
LD9ehbhtC2rjGC7P+Vm77ziiSM37ijjy1MyfDjNi
-----END CERTIFICATE-----
Generated at Sun Jul 27 09:54:05 2025 by rpki-client