Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/DKoEFUSOwiDYsTbFqpxYmQcrGtg.roa
File: DKoEFUSOwiDYsTbFqpxYmQcrGtg.roa (raw, json)
Hash identifier: mY1b8G54j8jnPwFPWyZl0Ma7Eh4D8hln949MVF0LznE=
Subject key identifier: 0C:AA:04:15:44:8E:C2:20:D8:B1:36:C5:AA:9C:58:99:07:2B:1A:D8
Certificate issuer: /CN=a74c6706e3fbebdff146a8a14ec2a3284a92ba62
Certificate serial: 0195DD870BCC0FFC702A28FDB0A27B61BC6B
Authority key identifier: A7:4C:67:06:E3:FB:EB:DF:F1:46:A8:A1:4E:C2:A3:28:4A:92:BA:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p0xnBuP769_xRqihTsKjKEqSumI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/DKoEFUSOwiDYsTbFqpxYmQcrGtg.roa
Signing time: Fri 28 Mar 2025 16:12:49 +0000
ROA not before: Fri 28 Mar 2025 16:12:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1836
IP address blocks: 80.86.192.0/20 maxlen: 21
80.86.192.0/24 maxlen: 24
80.86.193.0/24 maxlen: 24
80.253.80.0/21 maxlen: 22
80.254.160.0/19 maxlen: 20
81.6.0.0/19 maxlen: 20
81.6.48.0/20 maxlen: 21
81.221.0.0/16 maxlen: 17
81.221.250.0/24 maxlen: 24
81.221.252.0/24 maxlen: 24
81.221.254.0/24 maxlen: 24
82.195.224.0/19 maxlen: 20
146.228.0.0/16 maxlen: 17
146.228.64.0/24 maxlen: 24
193.72.0.0/18 maxlen: 19
193.72.64.0/21 maxlen: 21
193.72.72.0/22 maxlen: 22
193.72.76.0/23 maxlen: 23
193.72.78.0/24 maxlen: 24
193.72.81.0/24 maxlen: 24
193.72.82.0/23 maxlen: 24
193.72.84.0/22 maxlen: 23
193.72.88.0/21 maxlen: 22
193.72.96.0/19 maxlen: 20
193.72.128.0/20 maxlen: 21
193.72.148.0/22 maxlen: 23
193.72.152.0/21 maxlen: 22
193.72.160.0/22 maxlen: 23
193.72.164.0/23 maxlen: 24
193.72.167.0/24 maxlen: 24
193.72.168.0/21 maxlen: 22
193.72.176.0/21 maxlen: 22
193.72.184.0/23 maxlen: 24
193.72.187.0/24 maxlen: 24
193.72.188.0/22 maxlen: 23
193.72.192.0/20 maxlen: 21
193.72.208.0/21 maxlen: 22
193.72.217.0/24 maxlen: 24
193.72.218.0/23 maxlen: 24
193.72.220.0/22 maxlen: 23
193.72.224.0/19 maxlen: 20
193.73.0.0/18 maxlen: 19
193.73.64.0/19 maxlen: 20
193.73.80.0/20 maxlen: 20
193.73.96.0/21 maxlen: 21
193.73.96.0/22 maxlen: 22
193.73.100.0/22 maxlen: 22
193.73.104.0/23 maxlen: 24
193.73.108.0/22 maxlen: 23
193.73.112.0/24 maxlen: 24
193.73.115.0/24 maxlen: 24
193.73.116.0/22 maxlen: 23
193.73.120.0/23 maxlen: 24
193.73.123.0/24 maxlen: 24
193.73.124.0/24 maxlen: 24
193.73.126.0/23 maxlen: 24
193.73.128.0/18 maxlen: 19
193.73.192.0/20 maxlen: 21
193.73.209.0/24 maxlen: 24
193.73.210.0/24 maxlen: 24
193.73.212.0/22 maxlen: 23
193.73.216.0/21 maxlen: 22
193.73.224.0/21 maxlen: 22
193.73.232.0/22 maxlen: 23
193.73.236.0/23 maxlen: 24
193.73.239.0/24 maxlen: 24
193.73.240.0/23 maxlen: 24
193.73.244.0/22 maxlen: 23
193.73.248.0/23 maxlen: 24
193.73.252.0/22 maxlen: 23
193.193.128.0/19 maxlen: 20
194.191.0.0/16 maxlen: 17
194.191.16.0/24 maxlen: 24
194.191.17.0/24 maxlen: 24
194.191.18.0/24 maxlen: 24
194.191.19.0/24 maxlen: 24
194.191.20.0/24 maxlen: 24
194.191.24.0/24 maxlen: 24
194.191.25.0/24 maxlen: 24
194.191.26.0/24 maxlen: 24
194.191.28.0/24 maxlen: 24
194.191.29.0/24 maxlen: 24
194.191.30.0/24 maxlen: 24
195.48.0.0/16 maxlen: 17
195.48.221.0/24 maxlen: 24
195.49.0.0/17 maxlen: 18
195.49.6.0/24 maxlen: 24
195.49.16.0/24 maxlen: 24
195.49.78.0/24 maxlen: 24
195.49.79.0/24 maxlen: 24
195.130.160.0/19 maxlen: 20
212.59.128.0/18 maxlen: 19
2001:1b50::/29 maxlen: 29
2a01:2a8::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/p0xnBuP769_xRqihTsKjKEqSumI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/p0xnBuP769_xRqihTsKjKEqSumI.mft
rsync://rpki.ripe.net/repository/DEFAULT/p0xnBuP769_xRqihTsKjKEqSumI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:dd:87:0b:cc:0f:fc:70:2a:28:fd:b0:a2:7b:61:bc:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a74c6706e3fbebdff146a8a14ec2a3284a92ba62
Validity
Not Before: Mar 28 16:12:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0caa0415448ec220d8b136c5aa9c5899072b1ad8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:65:4b:d1:d1:fb:50:09:14:4b:57:2b:bc:72:
f9:42:c5:8f:a4:01:24:18:19:7d:26:f7:2d:1b:2f:
54:bc:23:09:16:14:86:a6:71:90:11:f7:4e:3d:0f:
1d:d1:25:e1:43:83:e0:4b:60:d0:88:77:b0:21:06:
a3:2c:4f:47:7f:77:1c:ce:84:53:c5:17:cc:0a:a2:
de:4f:06:73:6b:f6:2d:86:ca:2a:ce:bc:8e:b6:3b:
ca:db:62:f7:dc:bb:2c:89:f8:41:39:53:df:25:0b:
84:08:2c:41:fd:83:61:f6:05:46:a3:54:ef:c3:7d:
16:89:65:81:bd:6a:5d:22:17:fb:42:f3:97:de:bc:
bc:54:7c:9c:6f:ed:8c:1e:ad:98:4e:20:87:5d:67:
5a:bb:c3:25:e1:16:18:1d:c8:f6:07:79:c7:18:1b:
b9:bc:c3:7c:56:33:2e:cb:26:86:29:32:b6:05:18:
b2:28:a0:99:50:b1:20:a3:62:47:02:74:08:b9:32:
c2:45:a1:5f:d2:56:67:42:6f:2c:b8:03:22:fe:05:
df:20:41:af:b8:81:dc:b4:09:dc:fd:b0:8a:a6:bc:
72:ee:11:9e:39:dd:88:a1:b8:8d:0c:10:80:bb:0e:
17:b1:98:92:c5:01:de:f8:54:45:e0:16:f6:53:01:
e9:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:AA:04:15:44:8E:C2:20:D8:B1:36:C5:AA:9C:58:99:07:2B:1A:D8
X509v3 Authority Key Identifier:
keyid:A7:4C:67:06:E3:FB:EB:DF:F1:46:A8:A1:4E:C2:A3:28:4A:92:BA:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p0xnBuP769_xRqihTsKjKEqSumI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/DKoEFUSOwiDYsTbFqpxYmQcrGtg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a0c444-9796-4f06-83f2-aa788a420aec/1/p0xnBuP769_xRqihTsKjKEqSumI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.86.192.0/20
80.253.80.0/21
80.254.160.0/19
81.6.0.0/19
81.6.48.0/20
81.221.0.0/16
82.195.224.0/19
146.228.0.0/16
193.72.0.0-193.72.78.255
193.72.81.0-193.72.143.255
193.72.148.0-193.72.165.255
193.72.167.0-193.72.185.255
193.72.187.0-193.72.215.255
193.72.217.0-193.73.105.255
193.73.108.0-193.73.112.255
193.73.115.0-193.73.121.255
193.73.123.0-193.73.124.255
193.73.126.0-193.73.207.255
193.73.209.0-193.73.210.255
193.73.212.0-193.73.237.255
193.73.239.0-193.73.241.255
193.73.244.0-193.73.249.255
193.73.252.0/22
193.193.128.0/19
194.191.0.0/16
195.48.0.0-195.49.127.255
195.130.160.0/19
212.59.128.0/18
IPv6:
2001:1b50::/29
2a01:2a8::/29
Signature Algorithm: sha256WithRSAEncryption
50:de:0b:cb:59:a1:ad:02:85:e6:5c:60:e1:59:eb:bb:34:b3:
75:e3:1d:97:c5:e4:99:a9:20:d3:cd:70:c5:47:69:f0:6f:35:
5b:f3:09:47:0c:ec:28:f0:38:d1:14:e3:4f:6a:68:19:da:9f:
17:ce:55:bf:10:99:56:da:c6:81:04:90:64:e1:b1:d2:c4:ee:
5e:59:28:a2:50:4f:44:32:22:50:d0:09:8b:2b:4f:af:15:94:
ef:18:c2:91:f9:30:c3:69:8d:34:de:9f:86:df:20:01:e7:ec:
d3:54:55:7c:5a:69:7b:58:4c:68:8a:30:88:de:13:b3:2c:0d:
b2:d9:ff:e7:91:9b:4c:a9:70:0f:33:77:76:76:3e:22:1a:3c:
72:ae:15:d7:64:c7:4c:5c:73:5f:45:c8:ba:1f:2c:be:a0:ff:
ca:27:6e:c3:09:76:54:c6:72:54:ee:f0:96:b2:c4:a2:57:55:
4e:b1:85:25:c9:cc:f4:23:89:15:1d:3c:71:43:55:04:d2:5f:
da:74:9c:ad:41:4d:2c:e6:98:e3:2d:09:87:27:46:1c:a0:a7:
88:b6:38:77:b3:26:32:59:83:6c:c5:de:c9:be:e7:3d:2e:ee:
d6:2b:63:70:6c:2c:92:51:94:bb:95:50:28:75:20:6d:26:b0:
bd:74:a4:4f
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgISAZXdhwvMD/xwKij9sKJ7YbxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NGM2NzA2ZTNmYmViZGZmMTQ2YThhMTRlYzJhMzI4NGE5
MmJhNjIwHhcNMjUwMzI4MTYxMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FhMDQxNTQ0OGVjMjIwZDhiMTM2YzVhYTljNTg5OTA3MmIxYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWVL0dH7UAkUS1crvHL5QsWPpAEk
GBl9JvctGy9UvCMJFhSGpnGQEfdOPQ8d0SXhQ4PgS2DQiHewIQajLE9Hf3cczoRT
xRfMCqLeTwZza/YthsoqzryOtjvK22L33LssifhBOVPfJQuECCxB/YNh9gVGo1Tv
w30WiWWBvWpdIhf7QvOX3ry8VHycb+2MHq2YTiCHXWdau8Ml4RYYHcj2B3nHGBu5
vMN8VjMuyyaGKTK2BRiyKKCZULEgo2JHAnQIuTLCRaFf0lZnQm8suAMi/gXfIEGv
uIHctAnc/bCKprxy7hGeOd2IobiNDBCAuw4XsZiSxQHe+FRF4Bb2UwHp3QIDAQAB
o4IDPjCCAzowHQYDVR0OBBYEFAyqBBVEjsIg2LE2xaqcWJkHKxrYMB8GA1UdIwQY
MBaAFKdMZwbj++vf8UaooU7CoyhKkrpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDB4bkJ1UDc2OV94UnFpaFRzS2pLRXFTdW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hMGM0NDQtOTc5Ni00ZjA2LTgzZjIt
YWE3ODhhNDIwYWVjLzEvREtvRUZVU093aURZc1RiRnFweFltUWNyR3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hMGM0NDQtOTc5Ni00ZjA2LTgzZjItYWE3ODhhNDIwYWVj
LzEvcDB4bkJ1UDc2OV94UnFpaFRzS2pLRXFTdW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUgYIKwYBBQUHAQcBAf8EggFBMIIBPTCCASMEAgABMIIB
GwMEBFBWwAMEA1D9UAMEBVD+oAMEBVEGAAMEBFEGMAMDAFHdAwQFUsPgAwMAkuQw
CwMDA8FIAwQAwUhOMAwDBADBSFEDBATBSIAwDAMEAsFIlAMEAcFIpDAMAwQAwUin
AwQBwUi4MAwDBADBSLsDBAPBSNAwDAMEAMFI2QMEAcFJaDAMAwQCwUlsAwQAwUlw
MAwDBADBSXMDBAHBSXgwDAMEAMFJewMEAMFJfDAMAwQBwUl+AwQEwUnAMAwDBADB
SdEDBADBSdIwDAMEAsFJ1AMEAcFJ7DAMAwQAwUnvAwQBwUnwMAwDBALBSfQDBAHB
SfgDBALBSfwDBAXBwYADAwDCvzALAwMEwzADBAfDMQADBAXDgqADBAbUO4AwFAQC
AAIwDgMFAyABG1ADBQMqAQKoMA0GCSqGSIb3DQEBCwUAA4IBAQBQ3gvLWaGtAoXm
XGDhWeu7NLN14x2XxeSZqSDTzXDFR2nwbzVb8wlHDOwo8DjRFONPamgZ2p8XzlW/
EJlW2saBBJBk4bHSxO5eWSiiUE9EMiJQ0AmLK0+vFZTvGMKR+TDDaY003p+G3yAB
5+zTVFV8Wml7WExoijCI3hOzLA2y2f/nkZtMqXAPM3d2dj4iGjxyrhXXZMdMXHNf
Rci6Hyy+oP/KJ27DCXZUxnJU7vCWssSiV1VOsYUlycz0I4kVHTxxQ1UE0l/adJyt
QU0s5pjjLQmHJ0YcoKeItjh3syYyWYNsxd7Jvuc9Lu7WK2NwbCySUZS7lVAodSBt
JrC9dKRP
-----END CERTIFICATE-----
Generated at Wed Apr 16 21:59:40 2025 by rpki-client