Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Cd7cyChZhy9mMNvd0Nth-NseLV4.roa
File: Cd7cyChZhy9mMNvd0Nth-NseLV4.roa (raw, json)
Hash identifier: TLZJfbst8zmWkSuiSURO6a7dmcirf5v9QS7cBAmoefs=
Subject key identifier: 09:DE:DC:C8:28:59:87:2F:66:30:DB:DD:D0:DB:61:F8:DB:1E:2D:5E
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0195D1D5B9880D36F9471633C62E641FA13F
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Cd7cyChZhy9mMNvd0Nth-NseLV4.roa
Signing time: Wed 26 Mar 2025 09:43:19 +0000
ROA not before: Wed 26 Mar 2025 09:43:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 21:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:d5:b9:88:0d:36:f9:47:16:33:c6:2e:64:1f:a1:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Mar 26 09:43:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09dedcc82859872f6630dbddd0db61f8db1e2d5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:28:e2:25:ab:e0:33:50:8c:96:cc:c5:30:39:
b5:c6:97:ae:71:ec:5e:6b:40:5b:a6:4b:d3:4c:52:
42:92:f1:e5:3e:42:ec:6e:ea:0d:67:e5:d3:3f:ee:
b8:29:36:78:84:99:06:27:2b:c7:2e:64:ad:a7:fb:
53:f0:6a:cc:1c:d3:a7:ff:20:28:ff:fb:3f:59:51:
e8:91:8a:b6:6d:2b:ed:8f:77:13:a4:07:98:fd:bb:
b4:c7:d7:5b:54:c1:9d:f9:4e:8b:88:0a:6a:22:9f:
e3:b4:65:5d:17:74:db:f1:d1:3f:72:88:25:bc:1e:
d8:6b:85:43:c2:12:ae:79:8d:a8:d1:b6:18:c1:52:
79:e5:14:fb:c8:6f:e2:4d:b0:0a:6b:13:f3:e9:6b:
79:4a:4f:ca:8d:67:eb:72:4b:a0:8a:1e:e6:22:5c:
73:d1:78:ce:1f:24:be:d6:43:e1:ec:2c:2e:38:e5:
30:22:ef:28:0e:08:34:44:6d:d2:19:71:fa:70:f8:
9e:43:30:47:22:33:50:b1:b4:25:74:80:6a:e6:9d:
30:6f:42:80:1b:14:9b:ea:36:fa:9c:b3:89:89:ad:
98:f8:3e:29:69:a4:dc:89:9b:6e:46:22:34:1b:93:
d7:9d:77:7c:a7:bc:83:69:d1:5d:34:9c:c4:b9:63:
71:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:DE:DC:C8:28:59:87:2F:66:30:DB:DD:D0:DB:61:F8:DB:1E:2D:5E
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Cd7cyChZhy9mMNvd0Nth-NseLV4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
6a:4a:1b:c7:b5:c8:40:1f:9f:48:8a:95:52:00:90:9a:9a:5d:
40:2c:da:e5:5c:51:49:a3:6a:5a:47:04:24:25:00:f7:ba:f2:
2a:7a:ff:b4:a5:65:e8:d1:33:4e:e2:ee:64:dd:ff:d9:59:06:
1f:ad:35:ae:5a:9d:51:24:c0:58:f1:30:98:c0:a9:1e:7b:1a:
25:22:29:a5:19:a1:8b:aa:61:9a:ab:53:bd:6c:c4:15:ff:af:
8c:b2:90:32:77:8b:48:4a:c5:a1:db:a7:b8:22:23:ff:ed:ae:
68:a8:ef:0b:e2:24:8d:47:b8:b7:e9:59:aa:a4:4a:f8:24:e6:
7c:19:ab:76:fc:60:d8:f2:60:51:2c:de:17:65:0f:79:d3:db:
33:2d:8a:b4:dd:13:c2:7b:ce:f0:7b:f0:91:0f:50:6c:1d:e2:
02:3d:43:43:07:ed:3b:a6:18:89:03:38:70:e9:5e:43:01:c1:
90:6c:a5:d5:4d:57:ab:3c:08:3c:b8:aa:8a:c3:21:0d:99:28:
16:29:0f:50:07:55:24:7b:98:c7:b6:07:09:93:90:36:e0:93:
99:e2:2d:11:6f:a7:c1:31:4a:84:6e:6f:0a:6e:ed:1d:b4:d1:
40:68:5a:90:cb:61:60:dc:dd:9f:fc:c4:70:9b:4b:84:df:a3:
2f:2c:fb:e5
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgISAZXR1bmIDTb5RxYzxi5kH6E/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI2MDk0MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWRlZGNjODI4NTk4NzJmNjYzMGRiZGRkMGRiNjFmOGRiMWUyZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCjiJavgM1CMlszFMDm1xpeucexe
a0BbpkvTTFJCkvHlPkLsbuoNZ+XTP+64KTZ4hJkGJyvHLmStp/tT8GrMHNOn/yAo
//s/WVHokYq2bSvtj3cTpAeY/bu0x9dbVMGd+U6LiApqIp/jtGVdF3Tb8dE/cogl
vB7Ya4VDwhKueY2o0bYYwVJ55RT7yG/iTbAKaxPz6Wt5Sk/KjWfrckugih7mIlxz
0XjOHyS+1kPh7CwuOOUwIu8oDgg0RG3SGXH6cPieQzBHIjNQsbQldIBq5p0wb0KA
GxSb6jb6nLOJia2Y+D4paaTciZtuRiI0G5PXnXd8p7yDadFdNJzEuWNxCwIDAQAB
o4IC9DCCAvAwHQYDVR0OBBYEFAne3MgoWYcvZjDb3dDbYfjbHi1eMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvQ2Q3Y3lDaFpoeTltTU52ZDBOdGgtTnNlTFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCAYIKwYBBQUHAQcBAf8EgfgwgfUwgdUEAgABMIHOAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQCufj8AwQD
vF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwDBALUC0QD
BALUC0gDBATZkYAwGwQCAAIwFQMFACoA8cADBQMqDXaAAwUDKg6hwDANBgkqhkiG
9w0BAQsFAAOCAQEAakobx7XIQB+fSIqVUgCQmppdQCza5VxRSaNqWkcEJCUA97ry
Knr/tKVl6NEzTuLuZN3/2VkGH601rlqdUSTAWPEwmMCpHnsaJSIppRmhi6phmqtT
vWzEFf+vjLKQMneLSErFodunuCIj/+2uaKjvC+IkjUe4t+lZqqRK+CTmfBmrdvxg
2PJgUSzeF2UPedPbMy2KtN0TwnvO8HvwkQ9QbB3iAj1DQwftO6YYiQM4cOleQwHB
kGyl1U1XqzwIPLiqisMhDZkoFikPUAdVJHuYx7YHCZOQNuCTmeItEW+nwTFKhG5v
Cm7tHbTRQGhakMthYNzdn/zEcJtLhN+jLyz75Q==
-----END CERTIFICATE-----
Generated at Sun Apr 6 06:24:12 2025 by rpki-client