Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/OzXNHG4LtvlFbVU7s9pRDirIBds.roa
File: OzXNHG4LtvlFbVU7s9pRDirIBds.roa (raw, json)
Hash identifier: QE+ieJz3D6uISsfva3kiDLqlfp584KGhR+dFtVz/Wf4=
Subject key identifier: 3B:35:CD:1C:6E:0B:B6:F9:45:6D:55:3B:B3:DA:51:0E:2A:C8:05:DB
Certificate issuer: /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial: 019808F7E0D75F8739B17822CB5F4507499C
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/OzXNHG4LtvlFbVU7s9pRDirIBds.roa
Signing time: Mon 14 Jul 2025 12:45:19 +0000
ROA not before: Mon 14 Jul 2025 12:45:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8391
IP address blocks: 195.138.32.0/22 maxlen: 22
195.138.38.0/24 maxlen: 24
195.138.54.0/24 maxlen: 24
195.138.58.0/24 maxlen: 24
195.138.61.0/24 maxlen: 24
195.138.62.0/24 maxlen: 24
195.253.0.0/17 maxlen: 24
195.253.6.0/24 maxlen: 24
195.253.96.0/19 maxlen: 24
195.253.128.0/18 maxlen: 24
195.253.224.0/19 maxlen: 24
2a01:5b0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.mft
rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Jul 2025 18:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:08:f7:e0:d7:5f:87:39:b1:78:22:cb:5f:45:07:49:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Validity
Not Before: Jul 14 12:45:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b35cd1c6e0bb6f9456d553bb3da510e2ac805db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:95:fa:80:4c:22:6a:14:77:ae:a4:19:d6:e3:
e6:01:bf:39:dc:85:c4:4e:b3:b6:9e:b0:c0:9a:74:
da:7b:55:17:83:1f:ad:c5:0e:63:1e:4c:8d:d9:18:
ba:78:19:32:73:9c:d6:10:ac:e8:a0:01:2f:b9:fc:
ab:c2:38:b2:bb:6b:51:4b:dd:89:9d:c1:bc:83:c9:
5c:f5:af:68:6a:6a:17:59:ea:48:4f:da:b7:48:b5:
f2:65:98:02:16:8c:29:43:78:b3:f6:37:ca:10:e7:
45:8e:5a:78:20:03:a6:fc:97:5d:33:80:08:e2:79:
f8:93:b6:46:bf:38:07:a6:e2:c6:57:9e:35:63:68:
b6:84:02:2d:4b:0a:d9:40:f6:8b:b5:6a:ef:5d:35:
60:9c:18:69:7d:a5:1b:e4:82:27:98:ae:b7:ea:a6:
33:f1:47:9d:09:a5:96:ff:b7:26:0c:ea:d6:fa:3e:
6b:d0:36:ca:10:b4:fd:46:2c:18:f6:c7:fe:24:18:
d0:4e:e5:80:27:70:37:b3:ae:72:13:2d:48:07:0c:
3c:c7:20:b7:58:35:b5:52:3f:4c:72:eb:7d:18:b0:
7f:81:a5:e7:e5:bc:be:f1:27:78:03:21:63:7b:43:
5f:f1:23:41:fa:2f:9a:93:78:47:10:3a:e8:72:e3:
d4:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:35:CD:1C:6E:0B:B6:F9:45:6D:55:3B:B3:DA:51:0E:2A:C8:05:DB
X509v3 Authority Key Identifier:
keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/OzXNHG4LtvlFbVU7s9pRDirIBds.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.138.32.0/22
195.138.38.0/24
195.138.54.0/24
195.138.58.0/24
195.138.61.0-195.138.62.255
195.253.0.0-195.253.191.255
195.253.224.0/19
IPv6:
2a01:5b0::/32
Signature Algorithm: sha256WithRSAEncryption
54:b0:6b:9c:f0:0b:98:02:7e:01:e1:5e:02:7a:87:4f:cd:ca:
a5:07:33:d1:c9:74:a2:89:ce:05:38:e6:8b:e3:fa:0d:6d:3d:
38:c8:ee:09:6c:1f:c9:22:74:2c:85:60:2d:c2:e7:81:a6:93:
f0:8f:e6:6c:e2:e0:73:94:d9:5b:03:58:e6:e4:3a:4c:71:17:
b1:5f:2e:74:a8:7d:f9:e5:56:4b:4a:2c:96:26:e3:c5:1d:f7:
6d:06:7e:05:fa:49:a2:e6:75:87:30:91:9f:29:59:4f:05:be:
83:eb:40:2b:28:4c:33:00:05:17:26:ab:73:30:e7:fe:53:49:
96:58:06:5d:5b:70:e7:0b:27:62:d8:5d:5c:7f:fd:46:b0:2d:
23:02:b4:e0:9c:96:99:c9:cf:42:14:89:f2:c2:5a:69:f5:74:
c7:2e:a8:1d:31:ce:90:61:53:e2:ec:3e:c4:86:2c:bd:49:2b:
bf:2e:1a:d9:5f:d8:b6:05:94:9f:65:29:68:d8:2e:d1:69:24:
18:2c:78:82:d7:fb:cb:e9:bb:bb:74:de:db:99:82:2e:88:8e:
70:44:e4:19:26:81:6d:3f:94:50:cf:3a:e4:ed:6a:32:9e:7f:
30:69:0a:08:f7:89:83:f8:6c:9c:4b:f8:bd:4a:26:20:ff:74:
fe:97:07:8a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZgI9+DXX4c5sXgiy19FB0mcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUwNzE0MTI0NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjM1Y2QxYzZlMGJiNmY5NDU2ZDU1M2JiM2RhNTEwZTJhYzgwNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZX6gEwiahR3rqQZ1uPmAb853IXE
TrO2nrDAmnTae1UXgx+txQ5jHkyN2Ri6eBkyc5zWEKzooAEvufyrwjiyu2tRS92J
ncG8g8lc9a9oamoXWepIT9q3SLXyZZgCFowpQ3iz9jfKEOdFjlp4IAOm/JddM4AI
4nn4k7ZGvzgHpuLGV541Y2i2hAItSwrZQPaLtWrvXTVgnBhpfaUb5IInmK636qYz
8UedCaWW/7cmDOrW+j5r0DbKELT9RiwY9sf+JBjQTuWAJ3A3s65yEy1IBww8xyC3
WDW1Uj9Mcut9GLB/gaXn5by+8Sd4AyFje0Nf8SNB+i+ak3hHEDrocuPUXQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDs1zRxuC7b5RW1VO7PaUQ4qyAXbMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvT3pYTkhHNEx0dmxGYlZVN3M5cFJEaXJJQmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwQCw4ogAwQA
w4omAwQAw4o2AwQAw4o6MAwDBADDij0DBADDij4wCwMDAMP9AwQGw/2AAwQFw/3g
MA0EAgACMAcDBQAqAQWwMA0GCSqGSIb3DQEBCwUAA4IBAQBUsGuc8AuYAn4B4V4C
eodPzcqlBzPRyXSiic4FOOaL4/oNbT04yO4JbB/JInQshWAtwueBppPwj+Zs4uBz
lNlbA1jm5DpMcRexXy50qH355VZLSiyWJuPFHfdtBn4F+kmi5nWHMJGfKVlPBb6D
60ArKEwzAAUXJqtzMOf+U0mWWAZdW3DnCydi2F1cf/1GsC0jArTgnJaZyc9CFIny
wlpp9XTHLqgdMc6QYVPi7D7Ehiy9SSu/LhrZX9i2BZSfZSlo2C7RaSQYLHiC1/vL
6bu7dN7bmYIuiI5wROQZJoFtP5RQzzrk7Woynn8waQoI94mD+GycS/i9SiYg/3T+
lweK
-----END CERTIFICATE-----
Generated at Tue Jul 29 04:07:13 2025 by rpki-client