Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/lL65lPAfGESV3pA_MWeJ9kqZYO0.roa
File: lL65lPAfGESV3pA_MWeJ9kqZYO0.roa (raw, json)
Hash identifier: V0dTtQSyADkcZWVxG7jFvC5p0xl0WKclXQDVLvdY10Y=
Subject key identifier: 94:BE:B9:94:F0:1F:18:44:95:DE:90:3F:31:67:89:F6:4A:99:60:ED
Certificate issuer: /CN=cff374657f57078f3ca2c71109d35927c2248681
Certificate serial: 0196F291597F1EAC653DEB62387E58F03666
Authority key identifier: CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/lL65lPAfGESV3pA_MWeJ9kqZYO0.roa
Signing time: Wed 21 May 2025 11:18:53 +0000
ROA not before: Wed 21 May 2025 11:18:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12963
IP address blocks: 94.232.208.0/21 maxlen: 21
94.232.208.0/24 maxlen: 24
94.232.209.0/24 maxlen: 24
94.232.210.0/24 maxlen: 24
94.232.211.0/24 maxlen: 24
94.232.212.0/24 maxlen: 24
94.232.213.0/24 maxlen: 24
94.232.214.0/24 maxlen: 24
94.232.215.0/24 maxlen: 24
176.100.0.0/24 maxlen: 24
176.100.1.0/24 maxlen: 24
176.100.2.0/23 maxlen: 24
176.100.2.0/24 maxlen: 24
176.100.3.0/24 maxlen: 24
176.100.4.0/24 maxlen: 24
176.100.5.0/24 maxlen: 24
176.100.6.0/24 maxlen: 24
176.100.8.0/24 maxlen: 24
176.100.9.0/24 maxlen: 24
176.100.10.0/23 maxlen: 24
176.100.10.0/24 maxlen: 24
176.100.11.0/24 maxlen: 24
176.100.12.0/24 maxlen: 24
176.100.13.0/24 maxlen: 24
176.100.14.0/24 maxlen: 24
176.100.15.0/24 maxlen: 24
176.100.16.0/20 maxlen: 20
176.100.16.0/24 maxlen: 24
176.100.17.0/24 maxlen: 24
176.100.18.0/24 maxlen: 24
176.100.19.0/24 maxlen: 24
176.100.20.0/24 maxlen: 24
176.100.21.0/24 maxlen: 24
176.100.22.0/24 maxlen: 24
176.100.23.0/24 maxlen: 24
176.100.24.0/24 maxlen: 24
176.100.25.0/24 maxlen: 24
176.100.26.0/24 maxlen: 24
176.100.27.0/24 maxlen: 24
176.100.28.0/24 maxlen: 24
176.100.29.0/24 maxlen: 24
176.100.30.0/24 maxlen: 24
176.100.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.mft
rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 08:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f2:91:59:7f:1e:ac:65:3d:eb:62:38:7e:58:f0:36:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cff374657f57078f3ca2c71109d35927c2248681
Validity
Not Before: May 21 11:18:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=94beb994f01f184495de903f316789f64a9960ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fc:cf:e7:55:df:ff:5b:29:16:f6:a6:42:1d:
4a:e4:ec:d5:fa:65:52:ad:a6:86:b3:32:4e:1e:79:
81:b0:17:f7:b4:a4:78:16:bb:1b:cd:d1:c2:ab:4e:
ac:a7:e4:07:9a:df:90:b9:fa:10:88:7d:cf:0b:a2:
97:1c:e0:5c:ac:c4:ce:a4:3c:1f:5a:21:20:e8:12:
fb:56:62:5d:45:1c:77:0b:6f:7a:59:0d:61:17:68:
40:20:92:e1:ea:18:57:ad:4a:a6:03:d4:2c:5c:bb:
c1:62:29:dd:9d:69:f8:8b:d6:64:3b:62:c0:e9:05:
6b:8c:82:aa:45:6c:44:62:42:9c:b5:7d:5d:d5:48:
f2:a4:3c:f1:70:0a:89:44:e5:e6:f9:eb:89:16:8a:
41:0f:14:56:14:ab:ef:53:d0:b3:49:69:6e:21:6d:
c4:40:5f:c4:71:0e:ef:66:0d:53:c8:f7:82:88:ce:
33:47:46:88:0f:50:d7:48:01:c7:84:01:5e:00:a7:
24:5a:c2:58:38:93:09:2c:a3:a1:86:71:76:59:76:
a8:cf:0b:ac:59:f5:cc:ed:79:03:d5:4d:c5:11:44:
aa:37:2d:68:19:00:43:62:63:b8:82:33:79:35:3e:
81:32:4d:b1:e0:11:5b:7a:95:02:fa:28:bb:5f:fc:
f7:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:BE:B9:94:F0:1F:18:44:95:DE:90:3F:31:67:89:F6:4A:99:60:ED
X509v3 Authority Key Identifier:
keyid:CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/lL65lPAfGESV3pA_MWeJ9kqZYO0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.232.208.0/21
176.100.0.0-176.100.6.255
176.100.8.0-176.100.31.255
Signature Algorithm: sha256WithRSAEncryption
6b:e8:6f:9a:22:a2:0a:44:0b:b5:95:e7:76:1b:fd:85:87:52:
39:31:14:15:9b:08:15:ad:93:dc:fb:24:c0:05:c3:20:c6:ee:
29:66:b7:02:e0:ad:2a:94:b6:ad:c9:fb:90:94:17:56:91:fb:
85:2d:3a:6a:c6:57:31:c5:16:36:41:cd:97:cc:43:7f:e8:c2:
06:e8:8a:c6:e8:93:a0:dd:ed:cc:a4:0b:aa:f9:bc:e8:17:c7:
f1:d1:ee:75:aa:d8:d8:76:aa:16:ff:0f:8e:b7:4b:79:52:42:
17:6f:8f:6a:a9:3a:9c:9b:dd:cd:11:b3:12:62:66:08:82:21:
d8:cd:53:3e:48:cb:36:f9:f9:80:bf:4d:b9:07:ed:8d:04:8c:
11:61:d8:20:30:b2:1d:d7:e7:8a:9b:d8:cb:cc:0b:83:98:ca:
8d:a1:68:9a:cf:85:5e:dd:ad:0e:38:34:28:1e:5e:c7:93:3d:
a9:1a:d3:a2:87:e4:23:a9:6d:8c:d8:ac:2e:1e:e0:c8:ea:da:
73:c2:aa:79:7e:ae:46:0f:64:7e:e4:0d:8d:b3:f9:3a:1a:24:
f3:d9:f9:be:96:b5:07:53:e6:0a:6f:06:3f:57:a7:97:38:78:
f2:df:9c:fd:2a:f1:f0:00:78:7f:bb:99:58:24:de:b6:9e:3b:
8c:d0:f6:2b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZbykVl/HqxlPetiOH5Y8DZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZjM3NDY1N2Y1NzA3OGYzY2EyYzcxMTA5ZDM1OTI3YzIy
NDg2ODEwHhcNMjUwNTIxMTExODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGJlYjk5NGYwMWYxODQ0OTVkZTkwM2YzMTY3ODlmNjRhOTk2MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvzP51Xf/1spFvamQh1K5OzV+mVS
raaGszJOHnmBsBf3tKR4FrsbzdHCq06sp+QHmt+QufoQiH3PC6KXHOBcrMTOpDwf
WiEg6BL7VmJdRRx3C296WQ1hF2hAIJLh6hhXrUqmA9QsXLvBYindnWn4i9ZkO2LA
6QVrjIKqRWxEYkKctX1d1UjypDzxcAqJROXm+euJFopBDxRWFKvvU9CzSWluIW3E
QF/EcQ7vZg1TyPeCiM4zR0aID1DXSAHHhAFeAKckWsJYOJMJLKOhhnF2WXaozwus
WfXM7XkD1U3FEUSqNy1oGQBDYmO4gjN5NT6BMk2x4BFbepUC+ii7X/z3iwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJS+uZTwHxhEld6QPzFnifZKmWDtMB8GA1UdIwQY
MBaAFM/zdGV/VwePPKLHEQnTWSfCJIaBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvel9OMFpYOVhCNDg4b3NjUkNkTlpKOElraG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jZDIxNDYtN2ZiZS00ZTVkLTkzYmEt
M2VhMmViZmU4NzA3LzEvbEw2NWxQQWZHRVNWM3BBX01XZUo5a3FaWU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jZDIxNDYtN2ZiZS00ZTVkLTkzYmEtM2VhMmViZmU4NzA3
LzEvel9OMFpYOVhCNDg4b3NjUkNkTlpKOElraG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAATAhAwQDXujQMAsD
AwKwZAMEALBkBjAMAwQDsGQIAwQFsGQAMA0GCSqGSIb3DQEBCwUAA4IBAQBr6G+a
IqIKRAu1led2G/2Fh1I5MRQVmwgVrZPc+yTABcMgxu4pZrcC4K0qlLatyfuQlBdW
kfuFLTpqxlcxxRY2Qc2XzEN/6MIG6IrG6JOg3e3MpAuq+bzoF8fx0e51qtjYdqoW
/w+Ot0t5UkIXb49qqTqcm93NEbMSYmYIgiHYzVM+SMs2+fmAv025B+2NBIwRYdgg
MLId1+eKm9jLzAuDmMqNoWiaz4Ve3a0OODQoHl7Hkz2pGtOih+QjqW2M2KwuHuDI
6tpzwqp5fq5GD2R+5A2Ns/k6GiTz2fm+lrUHU+YKbwY/V6eXOHjy35z9KvHwAHh/
u5lYJN62njuM0PYr
-----END CERTIFICATE-----
Generated at Sat Jun 7 16:10:47 2025 by rpki-client