Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/ZtiphDXm1VI4xVSIHkBgweaSr44.roa
File: ZtiphDXm1VI4xVSIHkBgweaSr44.roa (raw, json)
Hash identifier: 5TbPuxxUeQwKHN0YAkTeEL68tLyUrJniALN2BRSbwgo=
Subject key identifier: 66:D8:A9:84:35:E6:D5:52:38:C5:54:88:1E:40:60:C1:E6:92:AF:8E
Certificate issuer: /CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Certificate serial: 0194D33B4D7E0DC9DAD189E21A1A6012E21E
Authority key identifier: 9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/ZtiphDXm1VI4xVSIHkBgweaSr44.roa
Signing time: Tue 04 Feb 2025 23:11:06 +0000
ROA not before: Tue 04 Feb 2025 23:11:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 37.72.168.0/21 maxlen: 32
37.72.170.0/23 maxlen: 23
37.72.170.0/24 maxlen: 24
37.72.171.0/24 maxlen: 24
37.72.172.0/23 maxlen: 23
37.72.174.0/23 maxlen: 23
45.158.36.0/23 maxlen: 32
45.158.38.0/24 maxlen: 24
45.158.39.0/24 maxlen: 24
46.21.144.0/20 maxlen: 32
46.21.144.0/24 maxlen: 24
46.21.145.0/24 maxlen: 24
46.21.146.0/24 maxlen: 24
46.21.147.0/24 maxlen: 24
46.21.148.0/24 maxlen: 24
46.21.150.0/24 maxlen: 24
46.21.151.0/24 maxlen: 24
46.21.152.0/24 maxlen: 24
46.21.153.0/24 maxlen: 24
46.21.156.0/24 maxlen: 24
46.21.157.0/24 maxlen: 24
46.21.158.0/23 maxlen: 23
89.233.104.0/21 maxlen: 24
89.233.104.0/24 maxlen: 24
89.233.105.0/24 maxlen: 24
89.233.106.0/24 maxlen: 24
89.233.107.0/24 maxlen: 24
94.100.16.0/20 maxlen: 32
94.100.16.0/24 maxlen: 24
94.100.17.0/24 maxlen: 24
94.100.18.0/24 maxlen: 24
94.100.19.0/24 maxlen: 24
94.100.20.0/24 maxlen: 24
94.100.21.0/24 maxlen: 24
94.100.22.0/24 maxlen: 24
94.100.23.0/24 maxlen: 24
94.100.24.0/24 maxlen: 24
94.100.25.0/24 maxlen: 24
94.100.26.0/24 maxlen: 24
94.100.27.0/24 maxlen: 24
94.100.28.0/24 maxlen: 24
94.100.29.0/24 maxlen: 24
94.100.30.0/24 maxlen: 24
94.100.31.0/24 maxlen: 24
149.255.32.0/21 maxlen: 32
149.255.35.0/24 maxlen: 24
149.255.36.0/24 maxlen: 32
149.255.37.0/24 maxlen: 24
149.255.38.0/24 maxlen: 24
149.255.39.0/24 maxlen: 24
178.236.176.0/21 maxlen: 24
178.236.181.0/24 maxlen: 24
178.236.182.0/24 maxlen: 24
194.126.172.0/22 maxlen: 24
194.126.172.0/24 maxlen: 24
194.126.173.0/24 maxlen: 24
194.126.175.0/24 maxlen: 24
195.242.152.0/23 maxlen: 24
195.242.153.0/24 maxlen: 24
217.79.240.0/20 maxlen: 24
217.79.240.0/24 maxlen: 24
217.79.242.0/23 maxlen: 24
2a02:748::/32 maxlen: 48
2a02:748::/35 maxlen: 35
2a02:748:6000::/48 maxlen: 48
2a02:748:c000::/35 maxlen: 35
2a02:748:e000::/35 maxlen: 35
2a02:748:f000::/36 maxlen: 36
2a0f:5180::/29 maxlen: 48
2a0f:5180::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 13:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d3:3b:4d:7e:0d:c9:da:d1:89:e2:1a:1a:60:12:e2:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Validity
Not Before: Feb 4 23:11:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=66d8a98435e6d55238c554881e4060c1e692af8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:c1:40:7a:ec:50:03:7d:28:2d:22:ca:7d:a2:
6c:ca:c3:20:4b:2c:a0:bf:22:ac:a4:8c:4a:3b:4e:
8d:b8:c5:5f:f1:c1:08:51:d7:62:88:59:1b:98:f0:
97:df:ba:f1:39:db:95:6f:4b:15:eb:58:97:02:af:
7a:c1:1e:89:bd:77:3b:ae:05:db:ba:db:9d:18:21:
9c:28:b8:9d:6a:a9:8f:a1:a2:01:71:2f:9b:f0:a4:
41:92:fc:a3:c6:b9:15:f0:ed:d2:6d:ff:42:91:0e:
ed:80:a6:21:43:d1:10:e7:c7:c9:b9:36:10:b8:48:
e8:1b:54:f4:74:e4:a1:2f:2e:3f:2f:3c:70:e0:f5:
9f:18:44:95:e9:c5:73:4a:6c:3a:82:7b:5f:c5:51:
84:0a:51:6f:77:e2:38:53:77:a4:b2:cf:22:07:16:
04:94:9b:59:10:55:6e:96:72:40:fb:c6:9b:c8:1c:
08:5b:cd:31:97:f9:27:e3:ea:6a:cc:e9:12:34:7a:
2f:17:ad:03:60:ad:26:c6:6f:18:98:e0:8f:d8:fd:
72:c0:f2:9c:fc:be:ee:fe:10:80:60:8f:3d:aa:3b:
7a:b4:6c:b4:c9:0d:45:dc:83:61:27:b6:51:16:cb:
da:f4:fe:2c:fe:30:81:7f:68:74:13:ed:f5:76:2c:
0b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:D8:A9:84:35:E6:D5:52:38:C5:54:88:1E:40:60:C1:E6:92:AF:8E
X509v3 Authority Key Identifier:
keyid:9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/ZtiphDXm1VI4xVSIHkBgweaSr44.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.72.168.0/21
45.158.36.0/22
46.21.144.0/20
89.233.104.0/21
94.100.16.0/20
149.255.32.0/21
178.236.176.0/21
194.126.172.0/22
195.242.152.0/23
217.79.240.0/20
IPv6:
2a02:748::/32
2a0f:5180::/29
Signature Algorithm: sha256WithRSAEncryption
82:fc:f9:70:0b:2a:96:f5:dc:26:98:11:06:06:7d:7c:ba:06:
22:cd:fc:8d:94:91:53:38:a6:5d:25:ff:bc:6e:2b:0a:45:fb:
2b:dd:2d:af:61:e0:d1:d6:cc:e2:91:fc:e1:3c:ee:91:9f:5b:
89:59:44:90:ef:9b:4b:25:69:96:99:68:98:31:45:61:f1:aa:
40:7d:3c:dd:be:05:a6:19:73:fd:42:5f:7f:b9:4d:14:45:57:
58:9a:5e:3d:c0:1a:18:0e:1c:97:cd:30:b8:2a:ae:0d:db:ad:
38:f3:dc:29:6c:63:86:c9:7c:d9:6a:59:ac:8f:2b:04:f0:89:
24:57:73:40:fa:ef:6b:02:ed:26:b9:f9:a4:53:fe:90:9f:6d:
d9:8a:fa:42:59:d3:45:90:d1:d0:d1:d3:32:2e:3c:11:49:36:
42:99:bb:d7:ef:0c:ca:38:d0:f0:51:8d:d4:72:cf:ab:cf:9a:
2c:49:ca:8f:2e:6d:2b:a6:f4:03:be:ac:74:04:27:21:a3:7a:
87:2a:47:9e:a2:3b:46:5c:01:35:77:2c:98:d5:11:37:7a:83:
a2:31:de:38:bb:b2:38:80:62:56:de:bc:64:0a:f1:fb:73:c5:
cb:a7:e9:2d:9b:00:a1:11:8b:80:c5:c0:18:2c:4b:f1:10:b7:
5c:03:98:c4
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZTTO01+Dcna0YniGhpgEuIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNmNGNiNGJhYjVjMTA4MDFhNzcwNjU4ZGY4OTFjZmI4
YzY4YzYwHhcNMjUwMjA0MjMxMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ4YTk4NDM1ZTZkNTUyMzhjNTU0ODgxZTQwNjBjMWU2OTJhZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMFAeuxQA30oLSLKfaJsysMgSyyg
vyKspIxKO06NuMVf8cEIUddiiFkbmPCX37rxOduVb0sV61iXAq96wR6JvXc7rgXb
utudGCGcKLidaqmPoaIBcS+b8KRBkvyjxrkV8O3Sbf9CkQ7tgKYhQ9EQ58fJuTYQ
uEjoG1T0dOShLy4/Lzxw4PWfGESV6cVzSmw6gntfxVGEClFvd+I4U3ekss8iBxYE
lJtZEFVulnJA+8abyBwIW80xl/kn4+pqzOkSNHovF60DYK0mxm8YmOCP2P1ywPKc
/L7u/hCAYI89qjt6tGy0yQ1F3INhJ7ZRFsva9P4s/jCBf2h0E+31diwLdwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFGbYqYQ15tVSOMVUiB5AYMHmkq+OMB8GA1UdIwQY
MBaAFJ0j9MtLq1wQgBp3BljfiRz7jGjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODkt
MDE1NzdhOTI3ZmE5LzEvWnRpcGhEWG0xVkk0eFZTSUhrQmd3ZWFTcjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODktMDE1NzdhOTI3ZmE5
LzEvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQDJUioAwQC
LZ4kAwQELhWQAwQDWeloAwQEXmQQAwQDlf8gAwQDsuywAwQCwn6sAwQBw/KYAwQE
2U/wMBQEAgACMA4DBQAqAgdIAwUDKg9RgDANBgkqhkiG9w0BAQsFAAOCAQEAgvz5
cAsqlvXcJpgRBgZ9fLoGIs38jZSRUzimXSX/vG4rCkX7K90tr2Hg0dbM4pH84Tzu
kZ9biVlEkO+bSyVplplomDFFYfGqQH083b4Fphlz/UJff7lNFEVXWJpePcAaGA4c
l80wuCquDdutOPPcKWxjhsl82WpZrI8rBPCJJFdzQPrvawLtJrn5pFP+kJ9t2Yr6
QlnTRZDR0NHTMi48EUk2Qpm71+8MyjjQ8FGN1HLPq8+aLEnKjy5tK6b0A76sdAQn
IaN6hypHnqI7RlwBNXcsmNURN3qDojHeOLuyOIBiVt68ZArx+3PFy6fpLZsAoRGL
gMXAGCxL8RC3XAOYxA==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:44:08 2025 by rpki-client