Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/UzzaZe2IBnqaAlUC3PzUQU79vek.roa
File: UzzaZe2IBnqaAlUC3PzUQU79vek.roa (raw, json)
Hash identifier: 0lOgrSdqev4Q++AWXwQLula9bZznJKXyC0Jsns6HfWI=
Subject key identifier: 53:3C:DA:65:ED:88:06:7A:9A:02:55:02:DC:FC:D4:41:4E:FD:BD:E9
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 0195DC144129E28733B20464B78E94996CB8
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/UzzaZe2IBnqaAlUC3PzUQU79vek.roa
Signing time: Fri 28 Mar 2025 09:27:49 +0000
ROA not before: Fri 28 Mar 2025 09:27:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
37.97.96.0/20 maxlen: 20
37.139.120.0/21 maxlen: 21
65.39.64.0/19 maxlen: 19
80.251.96.0/20 maxlen: 20
81.93.0.0/19 maxlen: 19
88.213.224.0/19 maxlen: 19
155.2.128.0/19 maxlen: 19
157.143.128.0/17 maxlen: 17
178.174.96.0/20 maxlen: 23
178.255.160.0/21 maxlen: 21
185.6.92.0/22 maxlen: 22
185.8.252.0/22 maxlen: 22
185.24.140.0/22 maxlen: 22
185.32.208.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
185.65.248.0/22 maxlen: 22
185.76.216.0/22 maxlen: 22
185.218.208.0/22 maxlen: 22
185.249.20.0/22 maxlen: 22
195.135.0.0/17 maxlen: 17
195.135.0.0/18 maxlen: 18
195.135.12.0/23 maxlen: 23
195.135.48.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
217.74.96.0/20 maxlen: 20
217.181.128.0/17 maxlen: 17
2a02:6e8::/32 maxlen: 32
2a02:c440::/29 maxlen: 29
2a05:5cc0::/29 maxlen: 29
2a0b:e3c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.mft
rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 08:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:dc:14:41:29:e2:87:33:b2:04:64:b7:8e:94:99:6c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Mar 28 09:27:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=533cda65ed88067a9a025502dcfcd4414efdbde9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:1c:2c:ad:50:d1:67:dd:d0:c0:40:f0:f7:5e:
37:f5:f6:fd:1c:71:bd:cb:cb:76:8d:2c:fe:dc:8d:
69:ad:b9:ee:fc:16:11:8d:4c:cf:34:4c:d5:b1:ff:
a6:7d:33:1e:7e:19:92:a6:cf:55:1d:a0:8a:6b:07:
04:4f:da:07:de:73:d9:f2:6b:4d:70:d9:d4:90:ac:
84:a0:f4:dd:9d:da:6f:aa:4d:77:30:a9:72:25:1c:
38:c1:b7:70:27:ec:d5:79:c7:55:af:62:cf:7d:1f:
3d:33:21:0e:f2:36:16:29:a4:7a:55:d4:d9:9d:e9:
5f:be:c5:88:0a:7c:61:ea:29:a5:f1:cf:ca:03:cd:
dc:46:40:85:45:a2:99:09:20:f7:60:e8:72:1b:76:
46:22:c5:f2:62:2b:f1:d5:cb:ae:0e:1d:f5:2d:3e:
38:89:d4:e9:27:89:87:f0:21:04:13:a6:b8:14:fd:
66:c1:39:16:43:ee:9a:33:02:a6:f2:6c:ae:b2:01:
5a:a6:09:9c:2f:a1:ec:bc:66:c2:67:9a:6c:34:04:
2b:9b:18:f8:f8:ad:c8:7e:8a:cd:78:d2:a5:ae:59:
3b:e3:64:9f:e0:eb:60:25:44:c1:ef:d4:0e:4c:be:
ee:7b:bf:d7:a3:52:a6:72:f5:23:3e:98:f2:16:16:
59:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:3C:DA:65:ED:88:06:7A:9A:02:55:02:DC:FC:D4:41:4E:FD:BD:E9
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/UzzaZe2IBnqaAlUC3PzUQU79vek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
37.139.120.0/21
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
155.2.128.0/19
157.143.128.0/17
178.174.96.0/20
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
185.76.216.0/22
185.218.208.0/22
185.249.20.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a05:5cc0::/29
2a0b:e3c0::/29
Signature Algorithm: sha256WithRSAEncryption
46:20:3a:4f:aa:96:e9:5e:c5:25:d8:e2:7d:54:77:4b:7f:64:
b0:1b:0f:ad:89:49:e0:af:ee:a7:20:fe:6f:d3:bb:2a:8f:39:
bf:1d:ec:38:01:c4:4c:cb:15:e1:7b:9a:97:d6:4e:d2:bf:14:
6e:71:07:c3:fd:67:d6:59:e6:25:a9:db:7c:83:2a:64:49:62:
8d:30:0b:9b:79:d1:a0:9d:c3:1b:6c:46:01:0c:4c:de:c3:cc:
4b:84:13:4b:a5:da:82:8e:79:ca:b6:01:4e:a1:fc:f5:8a:2b:
07:dc:0e:f0:e0:16:c5:c4:88:b0:6b:96:05:41:f1:5b:35:80:
22:9d:12:67:5e:0a:12:1e:0f:54:99:02:12:9d:3d:1a:77:c4:
9c:0b:57:05:40:af:b1:cd:79:56:25:a0:19:f2:1e:3a:59:c0:
72:d3:47:0e:19:6a:cf:65:72:fa:ce:ab:82:e6:56:98:85:94:
f6:e7:2d:bb:d9:be:44:14:eb:16:ad:d9:14:65:57:63:18:6d:
af:f7:76:98:9c:fd:df:c0:e5:d1:dd:82:b4:ae:0f:1c:88:24:
6d:c9:db:9f:35:95:a4:0d:7d:ce:ab:0f:03:17:f4:83:bb:bb:
c4:53:0d:75:3c:e9:ae:7c:27:f8:03:ec:28:7f:d9:40:49:f5:
a3:4a:16:89
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZXcFEEp4oczsgRkt46UmWy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMzI4MDkyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzNjZGE2NWVkODgwNjdhOWEwMjU1MDJkY2ZjZDQ0MTRlZmRiZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRwsrVDRZ93QwEDw91439fb9HHG9
y8t2jSz+3I1prbnu/BYRjUzPNEzVsf+mfTMefhmSps9VHaCKawcET9oH3nPZ8mtN
cNnUkKyEoPTdndpvqk13MKlyJRw4wbdwJ+zVecdVr2LPfR89MyEO8jYWKaR6VdTZ
nelfvsWICnxh6iml8c/KA83cRkCFRaKZCSD3YOhyG3ZGIsXyYivx1cuuDh31LT44
idTpJ4mH8CEEE6a4FP1mwTkWQ+6aMwKm8myusgFapgmcL6HsvGbCZ5psNAQrmxj4
+K3IforNeNKlrlk742Sf4OtgJUTB79QOTL7ue7/Xo1KmcvUjPpjyFhZZRwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFFM82mXtiAZ6mgJVAtz81EFO/b3pMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvVXp6YVplMklCbnFhQWxVQzNQelVRVTc5dmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBkwQCAAEwgYwwDAME
BiVhQAMEBCVhYAMEAyWLeAMEBUEnQAMEBFD7YAMEBVFdAAMEBVjV4AMEBZsCgAME
B52PgAMEBLKuYAMEA7L/oAMEArkGXAMEArkI/AMEArkYjAMEArkg0AMEArkqsAME
ArlB+AMEArlM2AMEArna0AMEArn5FAMEB8OHAAMEBNlKYAMEB9m1gDAiBAIAAjAc
AwUAKgIG6AMFAyoCxEADBQMqBVzAAwUDKgvjwDANBgkqhkiG9w0BAQsFAAOCAQEA
RiA6T6qW6V7FJdjifVR3S39ksBsPrYlJ4K/upyD+b9O7Ko85vx3sOAHETMsV4Xua
l9ZO0r8UbnEHw/1n1lnmJanbfIMqZElijTALm3nRoJ3DG2xGAQxM3sPMS4QTS6Xa
go55yrYBTqH89YorB9wO8OAWxcSIsGuWBUHxWzWAIp0SZ14KEh4PVJkCEp09GnfE
nAtXBUCvsc15ViWgGfIeOlnActNHDhlqz2Vy+s6rguZWmIWU9uctu9m+RBTrFq3Z
FGVXYxhtr/d2mJz938Dl0d2CtK4PHIgkbcnbnzWVpA19zqsPAxf0g7u7xFMNdTzp
rnwn+APsKH/ZQEn1o0oWiQ==
-----END CERTIFICATE-----
Generated at Tue Apr 15 12:35:05 2025 by rpki-client