Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/wx9ZLfHq6PPLS3pCuhQK4_vKdmU.roa
File: wx9ZLfHq6PPLS3pCuhQK4_vKdmU.roa (raw, json)
Hash identifier: DnxpnoHYAliciPu4AVi4OmZMasKtCCrMr0Wd+JxLlgQ=
Subject key identifier: C3:1F:59:2D:F1:EA:E8:F3:CB:4B:7A:42:BA:14:0A:E3:FB:CA:76:65
Certificate issuer: /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial: 0197CB4DCB00C2CB64BCC5D860C0F8A540A2
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/wx9ZLfHq6PPLS3pCuhQK4_vKdmU.roa
Signing time: Wed 02 Jul 2025 13:22:42 +0000
ROA not before: Wed 02 Jul 2025 13:22:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34343
IP address blocks: 81.171.32.0/20 maxlen: 24
81.171.64.0/20 maxlen: 20
81.171.64.0/23 maxlen: 24
81.171.67.0/24 maxlen: 24
81.171.72.0/24 maxlen: 24
81.171.73.0/24 maxlen: 24
81.171.74.0/24 maxlen: 24
81.171.83.0/24 maxlen: 24
81.171.88.0/21 maxlen: 24
81.171.88.0/22 maxlen: 24
81.171.92.0/23 maxlen: 24
81.171.96.0/24 maxlen: 24
81.171.100.0/22 maxlen: 24
185.90.196.0/22 maxlen: 22
193.108.27.0/24 maxlen: 24
2001:4de0::/32 maxlen: 48
2001:4de0::/46 maxlen: 48
2001:4de0:1::/48 maxlen: 48
2001:4de0:2::/48 maxlen: 48
2001:4de0:3::/48 maxlen: 48
2001:4de0:101::/48 maxlen: 48
2001:4de0:1004::/48 maxlen: 48
2001:4de0:1005::/48 maxlen: 48
2001:4de0:aaa0::/44 maxlen: 48
2001:4de0:aaa2::/48 maxlen: 48
2001:4de0:aaad::/48 maxlen: 48
2001:4de0:aaae::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.mft
rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 05:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:cb:4d:cb:00:c2:cb:64:bc:c5:d8:60:c0:f8:a5:40:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
Validity
Not Before: Jul 2 13:22:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c31f592df1eae8f3cb4b7a42ba140ae3fbca7665
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:93:4a:5c:d2:14:31:38:b9:c8:05:b4:69:4c:
a3:67:d3:de:f5:05:5b:76:00:41:7e:9f:f9:34:56:
9d:96:c5:aa:a5:33:ba:f7:cf:96:86:54:17:66:3d:
87:ed:8b:f9:48:a0:5e:0f:23:5b:db:63:69:ec:21:
21:bc:10:f8:dd:d0:0d:dc:85:6a:53:c1:a2:1b:8d:
1a:82:f2:32:82:81:38:5e:22:65:4e:90:3a:08:48:
a5:53:40:8f:b0:94:1b:37:ac:c6:05:be:c3:a7:5a:
b1:10:39:6c:fc:73:f4:69:4e:ab:53:40:7c:4f:bd:
e8:60:85:3a:8a:9d:a7:fa:37:7b:22:ac:5c:6b:f7:
d6:ae:c0:da:93:96:16:8e:2e:c2:d5:f3:cc:0b:aa:
13:44:32:46:e1:12:f1:0e:53:f7:dc:9b:bc:c1:2e:
50:3b:bf:c5:7f:fa:65:69:48:9c:61:72:67:6f:c8:
c8:24:ab:07:ba:a6:d6:47:eb:00:b7:a3:12:0e:0f:
95:3b:af:af:25:21:8c:a1:33:bc:20:90:79:af:9d:
58:0c:c8:8a:3b:df:04:27:ce:1a:b6:a4:53:7e:1f:
a3:fc:cc:9f:ff:b1:98:b7:d3:c9:97:1b:35:2c:d5:
33:5b:85:ba:49:b8:f1:57:0b:4b:c6:56:8f:71:56:
c2:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:1F:59:2D:F1:EA:E8:F3:CB:4B:7A:42:BA:14:0A:E3:FB:CA:76:65
X509v3 Authority Key Identifier:
keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/wx9ZLfHq6PPLS3pCuhQK4_vKdmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.171.32.0/20
81.171.64.0/20
81.171.83.0/24
81.171.88.0-81.171.96.255
81.171.100.0/22
185.90.196.0/22
193.108.27.0/24
IPv6:
2001:4de0::/32
Signature Algorithm: sha256WithRSAEncryption
8c:6b:a5:37:4d:a3:86:17:51:77:a8:88:22:6b:56:d5:44:78:
9f:07:6a:8e:3b:4c:15:1e:fc:80:5a:ff:90:61:37:80:88:10:
31:37:02:5e:e9:63:b6:28:64:ab:49:64:37:ce:ec:76:9b:00:
f1:b2:a9:a7:8f:47:4d:86:2a:ef:a6:a3:c7:59:58:7b:a1:9d:
7a:12:3c:ca:76:f6:0b:d2:40:e5:af:aa:ac:a8:e9:50:cf:fe:
52:4b:ef:f1:c8:65:af:0e:10:df:f4:57:1e:cf:28:c2:ea:c2:
b3:09:b6:5c:d4:de:97:07:c0:22:61:15:60:47:b5:10:98:9d:
b1:a7:71:bc:45:78:bc:a0:17:cb:1c:aa:84:c8:b6:62:02:d2:
6b:9d:36:cc:ac:07:a3:ba:04:a2:b7:3a:87:8f:28:20:83:9f:
b9:61:77:5e:b1:15:53:c3:2f:ae:6d:8b:5c:d2:5e:60:0f:ac:
66:ca:26:98:40:41:ce:1b:65:6b:6e:25:c0:e5:83:d5:1f:ce:
91:06:ef:37:a0:3c:25:cc:41:07:16:16:6e:37:3c:30:08:7f:
12:46:5e:1c:f7:b7:88:19:ab:1e:70:45:af:56:64:ac:82:ee:
ff:14:b0:f7:36:d1:e6:55:2b:9b:ff:80:cb:61:b4:55:6c:71:
4b:8a:60:bc
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZfLTcsAwstkvMXYYMD4pUCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjUwNzAyMTMyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzFmNTkyZGYxZWFlOGYzY2I0YjdhNDJiYTE0MGFlM2ZiY2E3NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJNKXNIUMTi5yAW0aUyjZ9Pe9QVb
dgBBfp/5NFadlsWqpTO698+WhlQXZj2H7Yv5SKBeDyNb22Np7CEhvBD43dAN3IVq
U8GiG40agvIygoE4XiJlTpA6CEilU0CPsJQbN6zGBb7Dp1qxEDls/HP0aU6rU0B8
T73oYIU6ip2n+jd7Iqxca/fWrsDak5YWji7C1fPMC6oTRDJG4RLxDlP33Ju8wS5Q
O7/Ff/plaUicYXJnb8jIJKsHuqbWR+sAt6MSDg+VO6+vJSGMoTO8IJB5r51YDMiK
O98EJ84atqRTfh+j/Myf/7GYt9PJlxs1LNUzW4W6SbjxVwtLxlaPcVbCPQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFMMfWS3x6ujzy0t6QroUCuP7ynZlMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvd3g5WkxmSHE2UFBMUzNwQ3VoUUs0X3ZLZG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQEUasgAwQE
UatAAwQAUatTMAwDBANRq1gDBABRq2ADBAJRq2QDBAK5WsQDBADBbBswDQQCAAIw
BwMFACABTeAwDQYJKoZIhvcNAQELBQADggEBAIxrpTdNo4YXUXeoiCJrVtVEeJ8H
ao47TBUe/IBa/5BhN4CIEDE3Al7pY7YoZKtJZDfO7HabAPGyqaePR02GKu+mo8dZ
WHuhnXoSPMp29gvSQOWvqqyo6VDP/lJL7/HIZa8OEN/0Vx7PKMLqwrMJtlzU3pcH
wCJhFWBHtRCYnbGncbxFeLygF8scqoTItmIC0mudNsysB6O6BKK3OoePKCCDn7lh
d16xFVPDL65ti1zSXmAPrGbKJphAQc4bZWtuJcDlg9UfzpEG7zegPCXMQQcWFm43
PDAIfxJGXhz3t4gZqx5wRa9WZKyC7v8UsPc20eZVK5v/gMthtFVscUuKYLw=
-----END CERTIFICATE-----
Generated at Sun Jul 27 13:02:15 2025 by rpki-client