Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/oon8tofXSL0bstXb0QiNHaSo5e0.roa
File: oon8tofXSL0bstXb0QiNHaSo5e0.roa (raw, json)
Hash identifier: q95x2W1H6So6PI+GrFNwBmF4x3vMZH20z4fA4E6gLBk=
Subject key identifier: A2:89:FC:B6:87:D7:48:BD:1B:B2:D5:DB:D1:08:8D:1D:A4:A8:E5:ED
Certificate issuer: /CN=4da4d6199aec828f6989e2e84cec17765bac5cd5
Certificate serial: 0195241DBA3EFF70A694E3C75AE08A474A1E
Authority key identifier: 4D:A4:D6:19:9A:EC:82:8F:69:89:E2:E8:4C:EC:17:76:5B:AC:5C:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/oon8tofXSL0bstXb0QiNHaSo5e0.roa
Signing time: Thu 20 Feb 2025 16:08:02 +0000
ROA not before: Thu 20 Feb 2025 16:08:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20776
IP address blocks: 80.243.240.0/20 maxlen: 20
80.243.240.0/21 maxlen: 21
80.243.248.0/21 maxlen: 21
82.197.96.0/19 maxlen: 23
82.197.112.0/20 maxlen: 20
82.197.126.0/24 maxlen: 24
89.16.0.0/19 maxlen: 19
89.16.0.0/20 maxlen: 20
89.16.0.0/21 maxlen: 21
89.16.8.0/21 maxlen: 21
89.16.16.0/20 maxlen: 20
89.16.16.0/21 maxlen: 21
89.16.24.0/21 maxlen: 21
92.49.64.0/19 maxlen: 19
92.49.64.0/20 maxlen: 20
92.49.64.0/21 maxlen: 21
92.49.72.0/21 maxlen: 21
92.49.80.0/20 maxlen: 20
92.49.96.0/19 maxlen: 21
92.49.96.0/20 maxlen: 21
92.49.96.0/21 maxlen: 21
92.49.104.0/24 maxlen: 24
92.49.105.0/24 maxlen: 24
92.49.106.0/24 maxlen: 24
92.49.107.0/24 maxlen: 24
92.49.108.0/22 maxlen: 22
92.49.112.0/20 maxlen: 20
92.49.112.0/21 maxlen: 21
92.49.120.0/21 maxlen: 21
92.49.125.0/24 maxlen: 24
93.176.0.0/19 maxlen: 19
93.176.0.0/20 maxlen: 20
93.176.16.0/20 maxlen: 20
93.176.32.0/20 maxlen: 20
93.176.48.0/20 maxlen: 20
109.62.0.0/17 maxlen: 24
109.62.0.0/19 maxlen: 19
109.62.0.0/21 maxlen: 21
109.62.4.0/22 maxlen: 22
109.62.8.0/24 maxlen: 24
109.62.9.0/24 maxlen: 24
109.62.10.0/23 maxlen: 23
109.62.12.0/23 maxlen: 23
109.62.14.0/24 maxlen: 24
109.62.15.0/24 maxlen: 24
109.62.16.0/21 maxlen: 21
109.62.24.0/23 maxlen: 23
109.62.26.0/24 maxlen: 24
109.62.27.0/24 maxlen: 24
109.62.28.0/22 maxlen: 22
109.62.56.0/21 maxlen: 21
109.62.56.0/22 maxlen: 22
109.62.60.0/22 maxlen: 22
109.62.64.0/24 maxlen: 24
109.62.66.0/24 maxlen: 24
109.62.67.0/24 maxlen: 24
109.62.68.0/22 maxlen: 23
109.62.68.0/23 maxlen: 23
109.62.70.0/23 maxlen: 23
109.62.72.0/21 maxlen: 21
109.62.72.0/22 maxlen: 22
109.62.76.0/22 maxlen: 22
109.62.80.0/20 maxlen: 20
109.62.80.0/21 maxlen: 21
109.62.88.0/21 maxlen: 21
109.62.96.0/20 maxlen: 20
185.13.218.0/23 maxlen: 23
188.115.64.0/18 maxlen: 18
188.115.64.0/19 maxlen: 19
188.115.64.0/20 maxlen: 20
188.115.80.0/20 maxlen: 20
188.115.96.0/19 maxlen: 19
188.115.96.0/21 maxlen: 21
188.115.104.0/21 maxlen: 21
188.115.112.0/22 maxlen: 22
188.115.116.0/22 maxlen: 22
188.115.120.0/21 maxlen: 21
217.175.160.0/19 maxlen: 24
217.175.168.0/21 maxlen: 21
217.175.168.0/24 maxlen: 24
217.175.169.0/24 maxlen: 24
217.175.170.0/24 maxlen: 24
217.175.171.0/24 maxlen: 24
217.175.172.0/24 maxlen: 24
217.175.174.0/23 maxlen: 23
217.175.176.0/21 maxlen: 21
217.175.176.0/22 maxlen: 22
217.175.180.0/22 maxlen: 22
217.175.184.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.crl
rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 16:01:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:24:1d:ba:3e:ff:70:a6:94:e3:c7:5a:e0:8a:47:4a:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4da4d6199aec828f6989e2e84cec17765bac5cd5
Validity
Not Before: Feb 20 16:08:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a289fcb687d748bd1bb2d5dbd1088d1da4a8e5ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f1:65:59:26:3c:22:a6:b1:cc:49:a1:ad:46:
f8:e2:bb:c9:c2:35:37:31:57:cc:23:cc:c3:54:0c:
e5:fe:87:97:4d:49:aa:cf:0d:ab:c3:dc:17:17:8a:
71:94:70:42:e3:f8:3f:e4:51:98:52:6f:94:90:27:
25:71:46:ad:0f:bd:5b:e7:45:7a:29:f8:eb:d0:df:
02:2f:ca:a5:84:60:ad:ba:63:de:ed:03:4c:6d:c7:
b0:22:78:81:d5:69:36:a5:94:24:b1:c1:b0:af:c7:
0a:72:55:0d:61:72:34:2b:de:a5:1b:0e:62:ad:2f:
f6:19:7d:02:a7:58:75:18:3c:a9:71:d7:65:78:17:
cb:43:52:f6:dc:57:25:b2:00:d5:ae:92:44:58:76:
c4:fd:43:02:59:be:1c:37:b3:1d:05:bf:d6:9b:c4:
b7:7d:52:91:29:e4:ff:33:96:b4:fe:24:8d:67:93:
f2:af:3c:1d:5e:9f:73:b9:4a:6b:4e:d2:a4:dd:ab:
f5:a0:f6:9b:8c:78:1b:01:ed:b3:7a:b0:e6:b9:bc:
ea:56:d1:c8:34:19:52:aa:63:0d:f1:ff:71:e2:1d:
55:67:df:98:ec:66:7a:50:9a:42:dd:48:07:bf:45:
9f:f2:a5:79:50:05:bc:f0:a4:e6:15:4b:dc:c7:60:
9e:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:89:FC:B6:87:D7:48:BD:1B:B2:D5:DB:D1:08:8D:1D:A4:A8:E5:ED
X509v3 Authority Key Identifier:
keyid:4D:A4:D6:19:9A:EC:82:8F:69:89:E2:E8:4C:EC:17:76:5B:AC:5C:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/oon8tofXSL0bstXb0QiNHaSo5e0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.243.240.0/20
82.197.96.0/19
89.16.0.0/19
92.49.64.0/18
93.176.0.0/18
109.62.0.0/17
185.13.218.0/23
188.115.64.0/18
217.175.160.0/19
Signature Algorithm: sha256WithRSAEncryption
a3:d5:7e:d7:c7:eb:32:fc:1b:7b:04:b5:77:e7:99:36:75:e7:
c9:bb:45:74:8d:64:e7:8f:7e:2f:9e:0d:dd:58:50:22:e0:e9:
12:88:5d:df:54:a6:9a:c9:ed:6c:fa:3d:82:70:10:c9:0a:90:
bb:0f:23:53:d3:ba:2a:20:4e:d6:05:9b:68:2d:55:fd:26:a6:
ca:4a:01:19:f6:58:12:ad:5e:f7:2d:6c:1a:58:1a:ce:83:38:
5b:65:60:b4:5f:0b:a6:c8:39:65:35:78:f1:03:d5:e4:63:82:
22:82:87:8b:61:b5:db:10:62:dc:8c:32:12:67:0f:d5:57:d3:
10:1e:b8:c2:0e:d8:cd:27:64:6d:9c:45:28:92:76:0a:4b:97:
50:55:ad:8a:3e:28:85:5c:97:d4:9b:ab:38:75:0c:8a:a3:55:
ed:26:94:6a:49:a0:e9:e2:15:ea:d3:45:f1:7a:f0:d5:a0:4d:
a0:d6:c4:22:08:b4:cf:d7:c9:18:bb:60:fe:bb:12:77:ca:61:
71:bd:ff:93:d7:2a:87:ea:13:ce:1f:ff:69:7b:5e:df:0b:aa:
a8:8d:da:15:46:4f:cc:b5:a0:e8:c8:dd:65:8f:81:a4:c6:bd:
84:b1:1f:c8:ec:6e:73:a9:6b:40:df:bf:85:a2:d7:5c:ab:14:
f3:f8:ae:2e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZUkHbo+/3CmlOPHWuCKR0oeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTRkNjE5OWFlYzgyOGY2OTg5ZTJlODRjZWMxNzc2NWJh
YzVjZDUwHhcNMjUwMjIwMTYwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg5ZmNiNjg3ZDc0OGJkMWJiMmQ1ZGJkMTA4OGQxZGE0YThlNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPFlWSY8IqaxzEmhrUb44rvJwjU3
MVfMI8zDVAzl/oeXTUmqzw2rw9wXF4pxlHBC4/g/5FGYUm+UkCclcUatD71b50V6
Kfjr0N8CL8qlhGCtumPe7QNMbcewIniB1Wk2pZQkscGwr8cKclUNYXI0K96lGw5i
rS/2GX0Cp1h1GDypcddleBfLQ1L23FclsgDVrpJEWHbE/UMCWb4cN7MdBb/Wm8S3
fVKRKeT/M5a0/iSNZ5PyrzwdXp9zuUprTtKk3av1oPabjHgbAe2zerDmubzqVtHI
NBlSqmMN8f9x4h1VZ9+Y7GZ6UJpC3UgHv0Wf8qV5UAW88KTmFUvcx2CePQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKKJ/LaH10i9G7LV29EIjR2kqOXtMB8GA1UdIwQY
MBaAFE2k1hma7IKPaYni6EzsF3ZbrFzVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFUV0dacnNnbzlwaWVMb1RPd1hkbHVzWE5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yYzg0ODItNTMzMS00ZTU3LTk5NzQt
NDA4MzdkNDg0NzNkLzEvb29uOHRvZlhTTDBic3RYYjBRaU5IYVNvNWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yYzg0ODItNTMzMS00ZTU3LTk5NzQtNDA4MzdkNDg0NzNk
LzEvVGFUV0dacnNnbzlwaWVMb1RPd1hkbHVzWE5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQEUPPwAwQF
UsVgAwQFWRAAAwQGXDFAAwQGXbAAAwQHbT4AAwQBuQ3aAwQGvHNAAwQF2a+gMA0G
CSqGSIb3DQEBCwUAA4IBAQCj1X7Xx+sy/Bt7BLV355k2defJu0V0jWTnj34vng3d
WFAi4OkSiF3fVKaaye1s+j2CcBDJCpC7DyNT07oqIE7WBZtoLVX9JqbKSgEZ9lgS
rV73LWwaWBrOgzhbZWC0XwumyDllNXjxA9XkY4IigoeLYbXbEGLcjDISZw/VV9MQ
HrjCDtjNJ2RtnEUoknYKS5dQVa2KPiiFXJfUm6s4dQyKo1XtJpRqSaDp4hXq00Xx
evDVoE2g1sQiCLTP18kYu2D+uxJ3ymFxvf+T1yqH6hPOH/9pe17fC6qojdoVRk/M
taDoyN1lj4Gkxr2EsR/I7G5zqWtA37+FotdcqxTz+K4u
-----END CERTIFICATE-----
Generated at Thu Apr 10 02:06:47 2025 by rpki-client