Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/rzZ2dodzg1ULvLs09AQZFb1J-gY.roa
File: rzZ2dodzg1ULvLs09AQZFb1J-gY.roa (raw, json)
Hash identifier: CBLPmW0xnIBTwi/2qF3h65PrgZJ/jq7QWYxy2DKaWSU=
Subject key identifier: AF:36:76:76:87:73:83:55:0B:BC:BB:34:F4:04:19:15:BD:49:FA:06
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0197D5857499A6F9C9CE6ABDAF883491C166
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/rzZ2dodzg1ULvLs09AQZFb1J-gY.roa
Signing time: Fri 04 Jul 2025 12:59:42 +0000
ROA not before: Fri 04 Jul 2025 12:59:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6453
IP address blocks: 31.44.192.0/20 maxlen: 24
46.34.64.0/24 maxlen: 24
46.34.90.0/23 maxlen: 24
84.51.0.0/18 maxlen: 24
85.153.128.0/17 maxlen: 24
91.93.0.0/16 maxlen: 24
176.88.0.0/16 maxlen: 24
176.232.0.0/14 maxlen: 24
176.236.0.0/16 maxlen: 24
195.33.192.0/18 maxlen: 24
195.142.4.0/22 maxlen: 24
195.142.8.0/21 maxlen: 24
195.142.16.0/20 maxlen: 24
195.142.32.0/19 maxlen: 24
195.142.64.0/19 maxlen: 24
195.142.96.0/21 maxlen: 24
195.142.112.0/20 maxlen: 24
195.142.128.0/22 maxlen: 24
195.142.136.0/21 maxlen: 24
195.142.138.0/24 maxlen: 24
195.142.144.0/21 maxlen: 24
195.142.160.0/20 maxlen: 24
195.142.176.0/21 maxlen: 24
195.142.188.0/22 maxlen: 24
195.142.196.0/22 maxlen: 24
195.142.204.0/22 maxlen: 24
195.142.208.0/22 maxlen: 24
195.142.216.0/21 maxlen: 24
195.142.224.0/20 maxlen: 24
195.142.240.0/22 maxlen: 24
195.142.248.0/21 maxlen: 24
195.155.100.0/22 maxlen: 24
195.155.104.0/21 maxlen: 24
195.155.112.0/20 maxlen: 24
195.155.160.0/19 maxlen: 24
195.155.192.0/18 maxlen: 24
212.252.0.0/15 maxlen: 24
213.14.0.0/16 maxlen: 24
213.14.207.0/24 maxlen: 24
213.74.0.0/16 maxlen: 24
213.254.128.0/19 maxlen: 24
217.131.0.0/16 maxlen: 24
2a01:188::/32 maxlen: 48
2a01:730::/32 maxlen: 48
2a03:3c0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 04:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d5:85:74:99:a6:f9:c9:ce:6a:bd:af:88:34:91:c1:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jul 4 12:59:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=af367676877383550bbcbb34f4041915bd49fa06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:9f:db:ac:6c:6e:63:ed:63:c3:15:0c:52:e3:
f7:51:b7:37:4c:b3:f9:65:f8:dc:ed:16:40:85:dd:
2b:af:ec:11:39:05:93:92:da:78:cb:e8:17:e4:45:
b3:3d:4e:e0:20:7f:60:90:84:dd:17:48:97:e5:00:
29:3b:b2:04:e8:8d:d1:68:a6:83:d7:63:a8:bb:3e:
86:7a:e1:f5:e8:d1:cd:50:fc:b1:66:4c:8f:c0:f1:
a6:a4:d0:34:f8:b8:b7:63:c1:bc:46:5e:f4:d6:05:
a1:4f:03:fe:bf:08:e8:3e:ce:c9:7e:90:1d:70:dc:
d8:04:76:45:c7:d5:27:9c:8b:75:06:12:1e:1c:35:
bf:93:77:80:92:bc:ef:f0:f5:f2:82:24:95:9e:26:
0a:60:db:05:b5:70:72:a8:85:8e:49:f8:d9:fa:6c:
74:15:f5:ac:aa:23:4d:2b:bd:e4:ed:57:bf:2f:9f:
85:54:1c:55:09:34:a2:56:96:dd:91:32:09:6a:1d:
4a:a2:53:56:cf:23:cb:19:15:bb:bd:7f:1f:eb:c3:
f9:d6:4b:d9:39:75:7b:48:9e:16:ac:76:11:7b:0a:
11:d3:23:95:cf:8f:b5:9f:98:c6:4b:f9:dc:10:f3:
4d:e8:36:32:75:ff:cc:72:41:95:b8:ac:d6:35:ea:
03:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:36:76:76:87:73:83:55:0B:BC:BB:34:F4:04:19:15:BD:49:FA:06
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/rzZ2dodzg1ULvLs09AQZFb1J-gY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.192.0/20
46.34.64.0/24
46.34.90.0/23
84.51.0.0/18
85.153.128.0/17
91.93.0.0/16
176.88.0.0/16
176.232.0.0-176.236.255.255
195.33.192.0/18
195.142.4.0-195.142.103.255
195.142.112.0-195.142.131.255
195.142.136.0-195.142.151.255
195.142.160.0-195.142.183.255
195.142.188.0/22
195.142.196.0/22
195.142.204.0-195.142.211.255
195.142.216.0-195.142.243.255
195.142.248.0/21
195.155.100.0-195.155.127.255
195.155.160.0-195.155.255.255
212.252.0.0/15
213.14.0.0/16
213.74.0.0/16
213.254.128.0/19
217.131.0.0/16
IPv6:
2a01:188::/32
2a01:730::/32
2a03:3c0::/32
Signature Algorithm: sha256WithRSAEncryption
5b:e5:7a:31:ba:86:7b:87:e8:c2:df:be:82:46:fc:5f:3b:af:
c9:cf:60:e6:47:cd:a4:a5:3a:24:b6:06:05:15:76:c5:75:0a:
ed:75:e9:ba:e2:87:e8:7f:df:0e:60:26:14:92:8a:15:76:54:
2c:b3:67:d9:74:fe:f0:5d:de:3b:31:5b:24:68:0c:de:4c:ca:
d0:61:02:f5:6e:9d:21:58:2e:46:7c:82:6c:e6:56:62:d4:2e:
3a:85:ba:8e:e5:40:c2:8a:c5:f8:60:ee:cb:fe:cd:61:a4:26:
2f:f1:fc:6a:01:62:96:56:65:72:81:1c:28:ed:25:75:75:9a:
67:92:e1:29:a5:15:fb:0d:fa:cd:0d:43:78:30:4f:e8:73:fb:
e3:5e:76:33:7e:73:ca:46:1c:8b:48:34:20:3a:d5:40:12:61:
d0:b2:89:9d:51:86:a7:72:c1:5b:2d:23:ff:20:40:52:2c:8d:
50:45:47:8c:57:24:04:ec:c3:9a:a8:61:72:8a:d6:ca:2b:9a:
76:a5:af:8a:f1:8d:0a:32:88:cd:dc:30:2c:5b:eb:2a:e4:90:
0e:1b:e6:a7:fd:de:e1:a2:08:db:8c:01:60:70:a5:c8:2c:8b:
97:a7:90:b5:03:da:65:62:83:92:12:fa:38:fb:dd:b6:8d:c6:
8c:c2:c1:33
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgISAZfVhXSZpvnJzmq9r4g0kcFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwNzA0MTI1OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM2NzY3Njg3NzM4MzU1MGJiY2JiMzRmNDA0MTkxNWJkNDlmYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5/brGxuY+1jwxUMUuP3Ubc3TLP5
Zfjc7RZAhd0rr+wROQWTktp4y+gX5EWzPU7gIH9gkITdF0iX5QApO7IE6I3RaKaD
12Oouz6GeuH16NHNUPyxZkyPwPGmpNA0+Li3Y8G8Rl701gWhTwP+vwjoPs7JfpAd
cNzYBHZFx9UnnIt1BhIeHDW/k3eAkrzv8PXygiSVniYKYNsFtXByqIWOSfjZ+mx0
FfWsqiNNK73k7Ve/L5+FVBxVCTSiVpbdkTIJah1KolNWzyPLGRW7vX8f68P51kvZ
OXV7SJ4WrHYRewoR0yOVz4+1n5jGS/ncEPNN6DYydf/MckGVuKzWNeoDQwIDAQAB
o4IC+zCCAvcwHQYDVR0OBBYEFK82dnaHc4NVC7y7NPQEGRW9SfoGMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvcnpaMmRvZHpnMVVMdkxzMDlBUVpGYjFKLWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDwYIKwYBBQUHAQcBAf8Egf8wgfwwgdwEAgABMIHVAwQE
HyzAAwQALiJAAwQBLiJaAwQGVDMAAwQHVZmAAwMAW10DAwCwWDAKAwMDsOgDAwCw
7AMEBsMhwDAMAwQCw44EAwQDw45gMAwDBATDjnADBALDjoAwDAMEA8OOiAMEA8OO
kDAMAwQFw46gAwQDw46wAwQCw468AwQCw47EMAwDBALDjswDBALDjtAwDAMEA8OO
2AMEAsOO8AMEA8OO+DAMAwQCw5tkAwQHw5sAMAsDBAXDm6ADAwLDmAMDAdT8AwMA
1Q4DAwDVSgMEBdX+gAMDANmDMBsEAgACMBUDBQAqAQGIAwUAKgEHMAMFACoDA8Aw
DQYJKoZIhvcNAQELBQADggEBAFvlejG6hnuH6MLfvoJG/F87r8nPYOZHzaSlOiS2
BgUVdsV1Cu116brih+h/3w5gJhSSihV2VCyzZ9l0/vBd3jsxWyRoDN5MytBhAvVu
nSFYLkZ8gmzmVmLULjqFuo7lQMKKxfhg7sv+zWGkJi/x/GoBYpZWZXKBHCjtJXV1
mmeS4SmlFfsN+s0NQ3gwT+hz++NedjN+c8pGHItINCA61UASYdCyiZ1RhqdywVst
I/8gQFIsjVBFR4xXJATsw5qoYXKK1sormnalr4rxjQoyiM3cMCxb6yrkkA4b5qf9
3uGiCNuMAWBwpcgsi5enkLUD2mVig5IS+jj73baNxozCwTM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:21:30 2025 by rpki-client