Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zoi4DMWO7Qz5QSeQjICanEfJcUU.roa
File: Zoi4DMWO7Qz5QSeQjICanEfJcUU.roa (raw, json)
Hash identifier: hEx2ULa1YcRD3YhHPfAAY6vpSHQAy8ijV7FmyXSLm/g=
Subject key identifier: 66:88:B8:0C:C5:8E:ED:0C:F9:41:27:90:8C:80:9A:9C:47:C9:71:45
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 0196DA9F3A87FA940304F1429132557719D2
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zoi4DMWO7Qz5QSeQjICanEfJcUU.roa
Signing time: Fri 16 May 2025 19:43:10 +0000
ROA not before: Fri 16 May 2025 19:43:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9123
IP address blocks: 147.45.101.0/24 maxlen: 24
147.45.102.0/24 maxlen: 24
147.45.103.0/24 maxlen: 24
147.45.104.0/24 maxlen: 24
147.45.105.0/24 maxlen: 24
147.45.106.0/24 maxlen: 24
147.45.107.0/24 maxlen: 24
147.45.108.0/24 maxlen: 24
147.45.109.0/24 maxlen: 24
147.45.110.0/24 maxlen: 24
147.45.111.0/24 maxlen: 24
147.45.132.0/24 maxlen: 24
147.45.133.0/24 maxlen: 24
147.45.134.0/24 maxlen: 24
147.45.135.0/24 maxlen: 24
147.45.136.0/24 maxlen: 24
147.45.137.0/24 maxlen: 24
147.45.138.0/24 maxlen: 24
147.45.139.0/24 maxlen: 24
147.45.140.0/24 maxlen: 24
147.45.141.0/24 maxlen: 24
147.45.142.0/24 maxlen: 24
147.45.143.0/24 maxlen: 24
147.45.144.0/20 maxlen: 24
147.45.160.0/20 maxlen: 24
147.45.180.0/24 maxlen: 24
147.45.181.0/24 maxlen: 24
147.45.182.0/24 maxlen: 24
147.45.183.0/24 maxlen: 24
147.45.184.0/24 maxlen: 24
147.45.185.0/24 maxlen: 24
147.45.186.0/24 maxlen: 24
147.45.187.0/24 maxlen: 24
147.45.189.0/24 maxlen: 24
147.45.190.0/24 maxlen: 24
147.45.191.0/24 maxlen: 24
147.45.212.0/24 maxlen: 24
147.45.213.0/24 maxlen: 24
147.45.214.0/24 maxlen: 24
147.45.215.0/24 maxlen: 24
147.45.224.0/19 maxlen: 24
193.233.102.0/24 maxlen: 24
193.233.103.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 15:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:da:9f:3a:87:fa:94:03:04:f1:42:91:32:55:77:19:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: May 16 19:43:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6688b80cc58eed0cf94127908c809a9c47c97145
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:62:7f:59:6d:14:f8:38:11:3f:8f:5e:c5:b0:
02:13:5a:d9:f9:4e:03:e5:9e:53:27:4f:8f:5f:be:
a8:9a:f1:24:6f:82:4b:16:97:73:5a:e0:83:2e:24:
65:f6:79:d6:1a:c9:fd:33:04:c3:f8:83:69:6a:eb:
bf:07:27:fa:3b:f0:d4:11:33:43:51:28:a5:00:19:
fb:af:e1:85:2c:4c:d5:6f:b4:79:3d:55:99:dd:dd:
d2:30:00:9c:a9:f6:87:d3:0d:c4:f6:73:81:e6:a6:
ae:e1:75:46:77:6b:81:d3:ff:88:57:04:fc:be:9b:
4a:ad:57:bf:7f:09:16:c2:ec:86:ec:ec:c2:57:19:
ef:b3:ea:b4:0f:fd:b1:0d:02:38:54:d4:04:69:16:
a1:27:19:79:59:62:eb:d3:7f:d4:15:71:f0:ce:b9:
94:30:70:ea:5b:0a:fb:6c:e1:ca:0e:02:3b:7e:85:
60:fa:b6:75:f9:02:71:b0:d2:ad:a6:af:97:ea:24:
de:ab:f2:d9:62:09:34:7c:b9:d8:05:33:11:b6:13:
1a:12:78:ca:e0:f1:5d:60:89:0a:9e:ed:19:94:ba:
05:95:de:0c:13:0f:69:32:ac:ce:04:d0:35:1b:1e:
41:60:98:cf:e6:dc:68:cd:81:55:7a:fb:a9:7e:cf:
a0:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:88:B8:0C:C5:8E:ED:0C:F9:41:27:90:8C:80:9A:9C:47:C9:71:45
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zoi4DMWO7Qz5QSeQjICanEfJcUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.45.101.0-147.45.111.255
147.45.132.0-147.45.175.255
147.45.180.0-147.45.187.255
147.45.189.0-147.45.191.255
147.45.212.0/22
147.45.224.0/19
193.233.102.0/23
Signature Algorithm: sha256WithRSAEncryption
7d:3b:b4:83:dd:ce:e8:1d:53:aa:3e:93:bf:5d:88:1e:94:83:
fc:be:cd:a0:51:2f:1b:da:73:f5:5e:4c:ae:23:26:fd:f2:b2:
fd:c1:5d:6c:64:77:2b:0a:25:89:91:1d:a0:b2:be:3c:f5:73:
71:ce:f6:f3:0a:eb:81:8f:18:6a:72:e7:52:30:ce:30:1c:a1:
da:e9:ec:7d:af:0d:36:2f:7b:b9:cb:83:d0:05:98:e1:48:8b:
93:9d:f3:00:7c:ee:17:17:fc:a4:45:bf:cd:e2:d5:64:34:8e:
f8:36:ed:67:c0:c4:2a:59:77:cb:cf:1b:47:13:a2:ee:c7:7c:
85:39:71:22:6d:81:84:7b:59:6f:ef:89:95:e6:93:90:61:bb:
ae:2e:17:3c:28:16:80:79:b5:16:0c:24:21:8a:a7:ad:08:58:
87:e1:a7:df:89:3f:0c:e5:e8:4d:99:42:92:f9:a3:f8:0e:a7:
8b:90:49:b7:f5:f8:bc:b8:a1:8e:b1:b6:e7:cd:b2:57:56:07:
52:1d:b8:74:7c:42:da:49:3c:54:0e:22:10:c0:99:b9:28:4c:
50:23:55:f5:bd:5c:67:22:5a:22:da:b8:37:c5:2e:7c:4d:9f:
bd:82:e4:2a:e6:bf:06:1f:aa:c3:31:7e:f6:18:c5:60:e7:5a:
d9:51:a8:6e
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZbanzqH+pQDBPFCkTJVdxnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNTE2MTk0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njg4YjgwY2M1OGVlZDBjZjk0MTI3OTA4YzgwOWE5YzQ3Yzk3MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WJ/WW0U+DgRP49exbACE1rZ+U4D
5Z5TJ0+PX76omvEkb4JLFpdzWuCDLiRl9nnWGsn9MwTD+INpauu/Byf6O/DUETND
USilABn7r+GFLEzVb7R5PVWZ3d3SMACcqfaH0w3E9nOB5qau4XVGd2uB0/+IVwT8
vptKrVe/fwkWwuyG7OzCVxnvs+q0D/2xDQI4VNQEaRahJxl5WWLr03/UFXHwzrmU
MHDqWwr7bOHKDgI7foVg+rZ1+QJxsNKtpq+X6iTeq/LZYgk0fLnYBTMRthMaEnjK
4PFdYIkKnu0ZlLoFld4MEw9pMqzOBNA1Gx5BYJjP5txozYFVevupfs+gaQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFGaIuAzFju0M+UEnkIyAmpxHyXFFMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWm9pNERNV083UXo1UVNlUWpJQ2FuRWZKY1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBACTLWUD
BASTLWAwDAMEApMthAMEBJMtoDAMAwQCky20AwQCky24MAwDBACTLb0DBAaTLYAD
BAKTLdQDBAWTLeADBAHB6WYwDQYJKoZIhvcNAQELBQADggEBAH07tIPdzugdU6o+
k79diB6Ug/y+zaBRLxvac/VeTK4jJv3ysv3BXWxkdysKJYmRHaCyvjz1c3HO9vMK
64GPGGpy51IwzjAcodrp7H2vDTYve7nLg9AFmOFIi5Od8wB87hcX/KRFv83i1WQ0
jvg27WfAxCpZd8vPG0cTou7HfIU5cSJtgYR7WW/viZXmk5Bhu64uFzwoFoB5tRYM
JCGKp60IWIfhp9+JPwzl6E2ZQpL5o/gOp4uQSbf1+Ly4oY6xtufNsldWB1IduHR8
QtpJPFQOIhDAmbkoTFAjVfW9XGciWiLauDfFLnxNn72C5CrmvwYfqsMxfvYYxWDn
WtlRqG4=
-----END CERTIFICATE-----
Generated at Fri Jun 6 19:40:47 2025 by rpki-client