Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/I1XoXbCRQDzU94nytFVYdEpxlsY.roa
File: I1XoXbCRQDzU94nytFVYdEpxlsY.roa (raw, json)
Hash identifier: x9Wg/IuXvM9pdB1fOvM4EOxkcoralT2x+DA/73JOviQ=
Subject key identifier: 23:55:E8:5D:B0:91:40:3C:D4:F7:89:F2:B4:55:58:74:4A:71:96:C6
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0195D1D5B9EA1E96803591F8B05BF4E69E48
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/I1XoXbCRQDzU94nytFVYdEpxlsY.roa
Signing time: Wed 26 Mar 2025 09:43:19 +0000
ROA not before: Wed 26 Mar 2025 09:43:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 21:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:d5:b9:ea:1e:96:80:35:91:f8:b0:5b:f4:e6:9e:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Mar 26 09:43:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2355e85db091403cd4f789f2b45558744a7196c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ea:97:c1:21:b3:d8:9e:05:1a:a2:27:86:c3:
21:28:7a:8b:a1:7c:53:38:47:66:5a:3c:5a:9f:da:
3e:10:0a:6e:fb:23:3d:bc:d9:eb:f5:8b:df:03:bb:
28:bc:e0:23:0f:f3:10:a9:4f:a0:83:ac:47:ed:34:
c7:20:70:2d:29:21:b3:be:97:04:35:f2:9b:83:ce:
7d:94:52:13:e1:89:f8:73:50:c5:47:9d:59:3b:6f:
aa:ca:a4:bc:8b:55:ef:f2:99:65:c7:73:08:e0:73:
60:f1:a8:7e:6c:25:b1:e0:d1:c5:91:94:25:dd:10:
b7:66:1b:c4:24:39:27:d0:c1:44:3c:7f:21:57:ec:
9f:6c:e2:c0:ef:94:5a:43:bc:68:09:1d:da:e4:99:
bf:9c:52:47:c4:98:62:fe:16:4b:86:53:1c:bf:b6:
dc:52:5f:d5:69:85:ae:80:96:27:ef:65:7b:78:2b:
c3:94:b9:5c:7b:37:1f:70:57:d1:ae:21:a5:bb:37:
09:a9:89:32:1d:5b:cc:70:71:6c:82:3a:75:80:88:
94:61:ca:4d:c7:6e:a0:40:71:cc:bb:c3:1f:8e:99:
a6:fd:85:22:40:d2:b3:00:66:f9:38:88:bf:42:ca:
a7:01:46:ec:14:05:cd:f7:e8:0e:ec:12:5f:18:a5:
23:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:55:E8:5D:B0:91:40:3C:D4:F7:89:F2:B4:55:58:74:4A:71:96:C6
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/I1XoXbCRQDzU94nytFVYdEpxlsY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
8f:3f:ec:65:e6:36:81:d5:37:b0:30:c4:9f:2f:f5:a9:c5:af:
cc:76:12:74:c9:44:b9:3a:7d:eb:e4:22:bf:44:71:63:a1:2b:
b5:76:25:2c:81:50:87:42:60:4f:3a:9e:20:77:b0:9d:fb:03:
83:5a:0a:52:b4:75:87:a8:5e:80:cd:3d:e4:47:36:e8:87:7e:
ed:a0:93:c3:45:91:52:58:8e:a0:c8:05:fb:25:93:11:16:46:
bd:e9:b1:2e:1c:87:c4:ad:91:93:e2:c7:ce:84:97:31:46:a2:
b0:5d:13:d1:14:d4:da:76:49:00:4d:56:4e:a9:83:43:21:bc:
9a:86:33:02:ec:f7:e9:09:1d:61:8d:d6:61:01:9f:76:67:88:
46:6e:07:75:3a:33:5a:22:1b:2a:e0:36:bd:0d:07:8e:22:01:
31:21:1d:7a:20:5d:db:0e:81:78:36:ed:72:3c:e2:32:31:d1:
25:4f:ac:fe:0d:4f:ff:2e:33:7a:30:6d:60:3f:fc:f4:3c:c0:
5b:45:24:04:53:30:3e:a7:c8:55:55:98:f0:8d:4a:cb:03:73:
18:a2:93:6e:4e:57:c7:98:48:54:3f:c4:78:75:0f:bb:66:12:
4e:37:46:31:4e:1a:97:d7:f7:dc:bf:b9:18:ca:fd:1b:bc:1e:
95:d0:4f:86
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgISAZXR1bnqHpaANZH4sFv05p5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI2MDk0MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU1ZTg1ZGIwOTE0MDNjZDRmNzg5ZjJiNDU1NTg3NDRhNzE5NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOqXwSGz2J4FGqInhsMhKHqLoXxT
OEdmWjxan9o+EApu+yM9vNnr9YvfA7sovOAjD/MQqU+gg6xH7TTHIHAtKSGzvpcE
NfKbg859lFIT4Yn4c1DFR51ZO2+qyqS8i1Xv8pllx3MI4HNg8ah+bCWx4NHFkZQl
3RC3ZhvEJDkn0MFEPH8hV+yfbOLA75RaQ7xoCR3a5Jm/nFJHxJhi/hZLhlMcv7bc
Ul/VaYWugJYn72V7eCvDlLlcezcfcFfRriGluzcJqYkyHVvMcHFsgjp1gIiUYcpN
x26gQHHMu8Mfjpmm/YUiQNKzAGb5OIi/QsqnAUbsFAXN9+gO7BJfGKUjQQIDAQAB
o4IC9DCCAvAwHQYDVR0OBBYEFCNV6F2wkUA81PeJ8rRVWHRKcZbGMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvSTFYb1hiQ1JRRHpVOTRueXRGVllkRXB4bHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCAYIKwYBBQUHAQcBAf8EgfgwgfUwgdUEAgABMIHOAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQCufj8AwQD
vF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwDBALUC0QD
BALUC0gDBATZkYAwGwQCAAIwFQMFACoA8cADBQMqDXaAAwUDKg6hwDANBgkqhkiG
9w0BAQsFAAOCAQEAjz/sZeY2gdU3sDDEny/1qcWvzHYSdMlEuTp96+Qiv0RxY6Er
tXYlLIFQh0JgTzqeIHewnfsDg1oKUrR1h6hegM095Ec26Id+7aCTw0WRUliOoMgF
+yWTERZGvemxLhyHxK2Rk+LHzoSXMUaisF0T0RTU2nZJAE1WTqmDQyG8moYzAuz3
6QkdYY3WYQGfdmeIRm4HdTozWiIbKuA2vQ0HjiIBMSEdeiBd2w6BeDbtcjziMjHR
JU+s/g1P/y4zejBtYD/89DzAW0UkBFMwPqfIVVWY8I1KywNzGKKTbk5Xx5hIVD/E
eHUPu2YSTjdGMU4al9f33L+5GMr9G7weldBPhg==
-----END CERTIFICATE-----
Generated at Wed Apr 9 06:19:36 2025 by rpki-client