Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/Aj2rrW4FZK0RLp7ijlwRcBGnmjk.roa
File: Aj2rrW4FZK0RLp7ijlwRcBGnmjk.roa (raw, json)
Hash identifier: eHBzjeIspzBgFyylIbpkt8jQHfok+Ou4W1bdzs7LSxY=
Subject key identifier: 02:3D:AB:AD:6E:05:64:AD:11:2E:9E:E2:8E:5C:11:70:11:A7:9A:39
Certificate issuer: /CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Certificate serial: 0197213117B0B4AA8C4C7735136EFDF5954B
Authority key identifier: 10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/Aj2rrW4FZK0RLp7ijlwRcBGnmjk.roa
Signing time: Fri 30 May 2025 12:35:54 +0000
ROA not before: Fri 30 May 2025 12:35:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8685
IP address blocks: 81.21.160.0/20 maxlen: 24
81.21.160.0/21 maxlen: 21
81.21.161.0/24 maxlen: 24
81.21.164.0/22 maxlen: 22
81.21.166.0/24 maxlen: 24
81.21.167.0/24 maxlen: 24
81.21.168.0/21 maxlen: 24
81.21.169.0/24 maxlen: 24
81.21.170.0/23 maxlen: 23
81.21.170.0/24 maxlen: 24
81.21.174.0/24 maxlen: 24
82.151.128.0/19 maxlen: 24
82.151.128.0/20 maxlen: 20
82.151.131.0/24 maxlen: 24
82.151.132.0/24 maxlen: 24
82.151.133.0/24 maxlen: 24
82.151.134.0/24 maxlen: 24
82.151.138.0/24 maxlen: 24
82.151.140.0/24 maxlen: 24
82.151.142.0/24 maxlen: 24
82.151.143.0/24 maxlen: 24
82.151.144.0/20 maxlen: 20
82.151.144.0/24 maxlen: 24
82.151.154.0/23 maxlen: 24
94.102.64.0/20 maxlen: 24
94.102.64.0/21 maxlen: 21
94.102.70.0/23 maxlen: 24
94.102.72.0/21 maxlen: 24
94.102.76.0/24 maxlen: 24
185.58.244.0/22 maxlen: 24
212.2.192.0/19 maxlen: 24
212.2.192.0/21 maxlen: 21
212.2.192.0/24 maxlen: 24
212.2.193.0/24 maxlen: 24
212.2.194.0/24 maxlen: 24
212.2.195.0/24 maxlen: 24
212.2.196.0/24 maxlen: 24
212.2.197.0/24 maxlen: 24
212.2.198.0/24 maxlen: 24
212.2.199.0/24 maxlen: 24
212.2.204.0/22 maxlen: 22
212.2.204.0/23 maxlen: 23
212.2.204.0/24 maxlen: 24
212.2.205.0/24 maxlen: 24
212.2.206.0/24 maxlen: 24
212.2.208.0/24 maxlen: 24
212.2.209.0/24 maxlen: 24
212.2.210.0/24 maxlen: 24
212.2.211.0/24 maxlen: 24
212.2.212.0/23 maxlen: 23
212.2.212.0/24 maxlen: 24
212.2.213.0/24 maxlen: 24
212.2.215.0/24 maxlen: 24
212.2.216.0/21 maxlen: 21
212.2.216.0/24 maxlen: 24
212.2.217.0/24 maxlen: 24
212.2.222.0/24 maxlen: 24
212.58.0.0/19 maxlen: 24
212.58.0.0/21 maxlen: 21
212.58.0.0/24 maxlen: 24
212.58.8.0/21 maxlen: 24
212.58.13.0/24 maxlen: 24
212.58.16.0/21 maxlen: 24
212.58.16.0/24 maxlen: 24
212.58.18.0/24 maxlen: 24
212.58.24.0/21 maxlen: 24
212.58.28.0/24 maxlen: 24
212.58.31.0/24 maxlen: 24
213.155.96.0/19 maxlen: 19
213.155.96.0/21 maxlen: 21
213.155.99.0/24 maxlen: 24
213.155.102.0/24 maxlen: 24
213.155.103.0/24 maxlen: 24
213.155.104.0/21 maxlen: 24
213.155.112.0/21 maxlen: 24
213.155.120.0/23 maxlen: 24
213.155.121.0/24 maxlen: 24
213.155.122.0/23 maxlen: 24
213.155.124.0/22 maxlen: 24
2a02:480::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.mft
rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 15:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:21:31:17:b0:b4:aa:8c:4c:77:35:13:6e:fd:f5:95:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Validity
Not Before: May 30 12:35:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=023dabad6e0564ad112e9ee28e5c117011a79a39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:92:61:4b:86:be:2e:1c:ef:8d:c4:10:39:e7:
2f:b0:cb:4c:18:6b:b0:d6:be:d8:e9:f6:ee:1b:db:
9c:ac:6c:78:71:35:ad:f5:49:10:1e:f2:14:af:07:
96:f3:47:a4:cf:44:e7:99:42:2d:61:a4:91:d3:ed:
4c:b6:c1:ac:5f:85:ff:bc:b0:39:ff:6a:92:c3:f5:
27:43:96:f4:b7:f9:c2:d9:7a:a5:61:29:4e:02:61:
f4:75:d8:5f:66:25:de:50:8e:f1:2c:60:46:52:c2:
79:d1:26:c8:b6:1e:76:e2:4e:01:d4:c4:8b:2a:55:
db:a8:88:f8:d9:f1:83:5d:fe:cd:2f:ad:ea:eb:f6:
12:71:ad:e0:86:7d:20:6f:41:06:71:91:bb:5b:d9:
55:3a:c0:d6:ec:b8:87:51:b2:d4:fa:70:71:85:15:
cb:4f:c8:a4:d1:79:e5:05:eb:fb:5f:ad:22:88:7b:
6f:5a:b7:c5:4e:b0:49:13:dc:0c:1f:78:a3:11:bc:
96:af:59:23:5a:b3:d5:51:3a:0d:b0:21:e6:fd:19:
b1:a8:4a:15:3b:ca:bf:b7:ad:95:63:6c:3d:aa:76:
af:4d:e1:ca:1b:12:43:1f:6b:a9:38:38:4e:b7:72:
f6:49:76:28:8a:53:ce:51:92:52:d0:bb:52:09:e7:
02:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:3D:AB:AD:6E:05:64:AD:11:2E:9E:E2:8E:5C:11:70:11:A7:9A:39
X509v3 Authority Key Identifier:
keyid:10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/Aj2rrW4FZK0RLp7ijlwRcBGnmjk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.160.0/20
82.151.128.0/19
94.102.64.0/20
185.58.244.0/22
212.2.192.0/19
212.58.0.0/19
213.155.96.0/19
IPv6:
2a02:480::/32
Signature Algorithm: sha256WithRSAEncryption
83:ee:44:35:4e:94:16:f6:60:40:06:eb:ed:8b:6a:24:a2:35:
56:12:cd:a8:08:f3:31:3d:7c:9b:61:74:76:fb:5a:8f:9a:39:
bc:bd:56:0c:30:0e:d1:b9:2b:5a:3d:6b:d6:e0:2f:58:17:f2:
c5:71:5d:75:69:09:19:41:18:6f:b1:1b:40:3f:83:43:36:d0:
41:0e:20:ac:65:73:41:02:bb:09:a2:fe:b0:e3:99:97:7f:79:
3f:de:ab:a2:0f:09:4c:83:b3:c6:8b:84:ed:1e:45:01:33:b8:
14:90:ef:05:52:db:dc:c6:ef:db:16:1f:81:07:be:81:12:f7:
3a:52:d2:ed:0a:61:36:78:96:97:1a:61:9c:97:a3:e5:20:7c:
03:ed:2a:4b:90:92:27:5b:5d:21:af:6e:8d:41:0a:56:44:55:
f0:21:b4:95:6a:bb:fb:88:28:7b:c5:66:93:4f:13:d7:8f:bc:
6a:9a:61:d9:39:1d:f8:20:e8:a7:d5:7e:cb:25:78:2f:7c:ce:
a5:58:75:af:fc:b3:e3:5f:fd:75:11:ae:33:78:1d:51:c1:26:
06:d7:b8:52:fe:be:b8:20:53:4c:24:0f:f0:eb:39:ab:c9:4d:
49:94:e2:09:9f:10:6e:16:c5:d1:4d:8b:0a:e6:8b:c5:4e:22:
71:64:ca:37
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZchMRewtKqMTHc1E2799ZVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzRkYjk2NDAyZmY1Y2YxODc1NjQ1NjBlYThmMTNlZWVi
NWZmZWIwHhcNMjUwNTMwMTIzNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNkYWJhZDZlMDU2NGFkMTEyZTllZTI4ZTVjMTE3MDExYTc5YTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpJhS4a+LhzvjcQQOecvsMtMGGuw
1r7Y6fbuG9ucrGx4cTWt9UkQHvIUrweW80ekz0TnmUItYaSR0+1MtsGsX4X/vLA5
/2qSw/UnQ5b0t/nC2XqlYSlOAmH0ddhfZiXeUI7xLGBGUsJ50SbIth524k4B1MSL
KlXbqIj42fGDXf7NL63q6/YSca3ghn0gb0EGcZG7W9lVOsDW7LiHUbLU+nBxhRXL
T8ik0XnlBev7X60iiHtvWrfFTrBJE9wMH3ijEbyWr1kjWrPVUToNsCHm/RmxqEoV
O8q/t62VY2w9qnavTeHKGxJDH2upODhOt3L2SXYoilPOUZJS0LtSCecCjQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAI9q61uBWStES6e4o5cEXARp5o5MB8GA1UdIwQY
MBaAFBB025ZAL/XPGHVkVg6o8T7utf/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEt
YWI0MGI1OGEyODkyLzEvQWoycnJXNEZaSzBSTHA3aWpsd1JjQkdubWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEtYWI0MGI1OGEyODky
LzEvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEURWgAwQF
UpeAAwQEXmZAAwQCuTr0AwQF1ALAAwQF1DoAAwQF1ZtgMA0EAgACMAcDBQAqAgSA
MA0GCSqGSIb3DQEBCwUAA4IBAQCD7kQ1TpQW9mBABuvti2okojVWEs2oCPMxPXyb
YXR2+1qPmjm8vVYMMA7RuStaPWvW4C9YF/LFcV11aQkZQRhvsRtAP4NDNtBBDiCs
ZXNBArsJov6w45mXf3k/3quiDwlMg7PGi4TtHkUBM7gUkO8FUtvcxu/bFh+BB76B
Evc6UtLtCmE2eJaXGmGcl6PlIHwD7SpLkJInW10hr26NQQpWRFXwIbSVarv7iCh7
xWaTTxPXj7xqmmHZOR34IOin1X7LJXgvfM6lWHWv/LPjX/11Ea4zeB1RwSYG17hS
/r64IFNMJA/w6zmryU1JlOIJnxBuFsXRTYsK5ovFTiJxZMo3
-----END CERTIFICATE-----
Generated at Fri Jun 6 20:31:15 2025 by rpki-client