Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/QOlMZj7vIZjok8y_zbWoIKFDGA4.roa
File: QOlMZj7vIZjok8y_zbWoIKFDGA4.roa (raw, json)
Hash identifier: 4CfAMqsFuVPfLgIqhqcYqH+T6ntjHVY7atrb+fGvffY=
Subject key identifier: 40:E9:4C:66:3E:EF:21:98:E8:93:CC:BF:CD:B5:A8:20:A1:43:18:0E
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0196F76AD2A0577B39797810C1536B56A621
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/QOlMZj7vIZjok8y_zbWoIKFDGA4.roa
Signing time: Thu 22 May 2025 09:54:55 +0000
ROA not before: Thu 22 May 2025 09:54:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3356
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f7:6a:d2:a0:57:7b:39:79:78:10:c1:53:6b:56:a6:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: May 22 09:54:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=40e94c663eef2198e893ccbfcdb5a820a143180e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:cf:4c:00:0a:bf:76:6a:50:30:8c:0f:6d:8f:
19:65:9e:35:69:ca:83:cc:51:12:8e:ce:66:68:fd:
9f:62:1f:7a:20:0f:4e:a0:b6:8a:54:a5:99:5e:2c:
db:ac:12:23:08:e4:88:4b:26:85:f2:0a:bc:0b:5e:
17:65:16:fe:29:3c:90:9f:76:12:dc:86:b1:14:22:
8c:36:e9:e3:c5:e6:b4:9b:a3:fb:66:a5:32:57:77:
69:95:80:4a:2e:aa:00:29:1c:eb:41:c4:ac:62:16:
06:2a:4a:4b:e3:b7:c5:b9:a3:a7:8c:03:6e:8f:9c:
d6:fc:76:23:99:25:9b:94:69:ad:ae:67:f7:f8:62:
73:09:8b:ec:f1:11:04:2b:ef:b5:30:f6:88:ef:8f:
54:02:d0:48:a2:f0:ff:9c:e1:d7:cd:d5:c1:fb:7a:
aa:9c:29:9b:4a:37:ce:f7:b6:02:80:8a:cc:03:26:
26:df:bf:c9:5f:1b:36:01:73:82:67:fb:2a:92:2b:
1d:c9:10:57:3d:87:c8:b5:84:b7:43:3c:e3:f2:97:
35:95:01:9a:04:40:63:19:9f:dd:88:21:dd:ff:f2:
34:42:2a:05:db:68:99:7f:80:76:98:c7:9f:dc:8b:
91:66:c0:db:11:8b:32:73:65:ef:97:53:39:66:ad:
9e:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:E9:4C:66:3E:EF:21:98:E8:93:CC:BF:CD:B5:A8:20:A1:43:18:0E
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/QOlMZj7vIZjok8y_zbWoIKFDGA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
3a:a2:a5:3c:cd:ca:5c:07:84:ed:46:23:8e:c1:b5:3b:50:cd:
b3:96:d5:5a:b0:23:82:01:07:c9:bd:fb:d0:cd:bf:2b:8c:91:
5f:6e:74:c7:27:46:e9:43:31:44:1e:cb:3f:1d:4e:e9:dc:7d:
14:8d:a4:a0:cb:d1:86:c8:53:e7:d1:0a:ee:ab:74:eb:f9:fa:
81:be:8e:19:83:2d:45:d6:8a:5b:db:ae:7e:c6:e6:c1:82:5e:
85:d6:37:77:95:4b:1c:0f:cc:79:1f:ca:e5:64:8f:0a:87:51:
ce:5b:fe:a0:40:f2:a0:1d:1b:03:0b:cb:35:90:81:90:98:e1:
09:75:a6:75:0c:6d:fc:1c:67:13:9a:6b:04:86:f2:a3:ca:18:
33:4a:9d:b4:eb:6c:71:d9:fa:63:34:35:56:4a:12:93:82:71:
28:9e:ae:01:cd:8e:80:e4:70:b1:d6:b9:03:14:f3:2b:c9:b9:
b8:f3:f4:e3:1e:29:97:f0:93:db:fb:df:64:96:23:df:a3:d3:
a6:1b:f5:66:e6:94:7e:ec:66:e3:19:32:62:1f:fc:04:02:7e:
53:a5:43:41:6b:72:61:75:4d:f1:c7:ff:7d:ce:5e:52:0a:a2:
2b:9f:a1:1b:38:9a:42:3b:94:34:7d:b2:6a:78:b0:5c:76:70:
c2:82:85:d2
-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgISAZb3atKgV3s5eXgQwVNrVqYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwNTIyMDk1NDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU5NGM2NjNlZWYyMTk4ZTg5M2NjYmZjZGI1YTgyMGExNDMxODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzc9MAAq/dmpQMIwPbY8ZZZ41acqD
zFESjs5maP2fYh96IA9OoLaKVKWZXizbrBIjCOSISyaF8gq8C14XZRb+KTyQn3YS
3IaxFCKMNunjxea0m6P7ZqUyV3dplYBKLqoAKRzrQcSsYhYGKkpL47fFuaOnjANu
j5zW/HYjmSWblGmtrmf3+GJzCYvs8REEK++1MPaI749UAtBIovD/nOHXzdXB+3qq
nCmbSjfO97YCgIrMAyYm37/JXxs2AXOCZ/sqkisdyRBXPYfItYS3Qzzj8pc1lQGa
BEBjGZ/diCHd//I0QioF22iZf4B2mMef3IuRZsDbEYsyc2Xvl1M5Zq2eWwIDAQAB
o4IDLjCCAyowHQYDVR0OBBYEFEDpTGY+7yGY6JPMv821qCChQxgOMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvUU9sTVpqN3ZJWmpvazh5X3piV29JS0ZER0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQgYIKwYBBQUHAQcBAf8EggExMIIBLTCCAQwEAgABMIIB
BAMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEAbm2yAMEArnM1AMEArnlBAMEArn2hAMEArn3
yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMaIAMEAcNY
CDAMAwQC1AtEAwQC1AtIAwQE2ZGAMBsEAgACMBUDBQAqAPHAAwUDKg12gAMFAyoO
ocAwDQYJKoZIhvcNAQELBQADggEBADqipTzNylwHhO1GI47BtTtQzbOW1VqwI4IB
B8m9+9DNvyuMkV9udMcnRulDMUQeyz8dTuncfRSNpKDL0YbIU+fRCu6rdOv5+oG+
jhmDLUXWilvbrn7G5sGCXoXWN3eVSxwPzHkfyuVkjwqHUc5b/qBA8qAdGwMLyzWQ
gZCY4Ql1pnUMbfwcZxOaawSG8qPKGDNKnbTrbHHZ+mM0NVZKEpOCcSiergHNjoDk
cLHWuQMU8yvJubjz9OMeKZfwk9v732SWI9+j06Yb9WbmlH7sZuMZMmIf/AQCflOl
Q0FrcmF1TfHH/33OXlIKoiufoRs4mkI7lDR9smp4sFx2cMKChdI=
-----END CERTIFICATE-----
Generated at Fri Jun 6 17:28:07 2025 by rpki-client