Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Ua-OzysUdguXwiDuoM7X5MXwVrQ.roa
File: Ua-OzysUdguXwiDuoM7X5MXwVrQ.roa (raw, json)
Hash identifier: dbmeJas/U+JBIrXkJS0C2tPfPutnaVXnW3EKfgBEMN0=
Subject key identifier: 51:AF:8E:CF:2B:14:76:0B:97:C2:20:EE:A0:CE:D7:E4:C5:F0:56:B4
Certificate issuer: /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial: 019421B1A895D8256D579D0BB6A8E3831BB7
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Ua-OzysUdguXwiDuoM7X5MXwVrQ.roa
Signing time: Wed 01 Jan 2025 11:47:58 +0000
ROA not before: Wed 01 Jan 2025 11:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50670
IP address blocks: 81.21.8.0/24 maxlen: 24
81.21.14.0/24 maxlen: 24
109.237.192.0/20 maxlen: 24
109.237.192.0/24 maxlen: 24
109.237.193.0/24 maxlen: 24
109.237.194.0/24 maxlen: 24
109.237.195.0/24 maxlen: 24
109.237.196.0/24 maxlen: 24
109.237.197.0/24 maxlen: 24
109.237.198.0/24 maxlen: 24
109.237.199.0/24 maxlen: 24
109.237.200.0/24 maxlen: 24
109.237.201.0/24 maxlen: 24
109.237.202.0/24 maxlen: 24
109.237.203.0/24 maxlen: 24
109.237.204.0/24 maxlen: 24
109.237.205.0/24 maxlen: 24
109.237.206.0/24 maxlen: 24
109.237.207.0/24 maxlen: 24
176.241.64.0/21 maxlen: 24
176.241.64.0/24 maxlen: 24
176.241.65.0/24 maxlen: 24
176.241.66.0/24 maxlen: 24
176.241.67.0/24 maxlen: 24
176.241.68.0/24 maxlen: 24
176.241.69.0/24 maxlen: 24
176.241.70.0/24 maxlen: 24
176.241.71.0/24 maxlen: 24
178.20.184.0/21 maxlen: 24
178.20.184.0/24 maxlen: 24
178.20.185.0/24 maxlen: 24
178.20.186.0/24 maxlen: 24
178.20.187.0/24 maxlen: 24
178.20.188.0/24 maxlen: 24
178.20.189.0/24 maxlen: 24
178.20.190.0/24 maxlen: 24
178.20.191.0/24 maxlen: 24
185.51.212.0/22 maxlen: 22
185.51.212.0/24 maxlen: 24
185.51.213.0/24 maxlen: 24
185.51.214.0/24 maxlen: 24
185.51.215.0/24 maxlen: 24
185.193.176.0/22 maxlen: 22
185.193.176.0/24 maxlen: 24
185.193.177.0/24 maxlen: 24
185.193.178.0/24 maxlen: 24
185.193.179.0/24 maxlen: 24
2a01:1d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:a8:95:d8:25:6d:57:9d:0b:b6:a8:e3:83:1b:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
Validity
Not Before: Jan 1 11:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=51af8ecf2b14760b97c220eea0ced7e4c5f056b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:02:f8:15:40:00:37:c6:3d:94:38:26:d7:7c:
f1:a2:a8:9a:b7:f8:5d:91:67:64:e0:c3:ca:45:05:
50:0e:ba:51:3e:d9:88:f0:ec:0d:86:34:39:ba:3b:
ce:4d:fa:7c:34:57:c9:20:86:1b:d0:ce:80:74:e1:
14:0f:ed:f0:8e:cc:a1:f7:2a:d1:6e:81:00:46:f0:
63:ec:6b:f9:45:b4:34:5e:ea:4a:cc:a2:ec:fb:34:
bc:91:ec:15:4d:4a:92:67:de:3a:98:f3:d2:e6:03:
db:ac:91:ee:e1:43:f0:5c:d0:cb:26:5c:90:b5:e5:
f9:81:82:8d:1a:48:53:b3:91:ed:73:41:b6:bd:9f:
d9:28:80:d2:78:bb:27:56:ac:81:1b:75:2f:31:55:
81:f3:aa:8b:08:d4:df:e6:f6:bc:ef:db:bd:28:43:
db:ca:aa:66:3c:2f:0d:ee:25:96:04:3b:ac:44:f0:
ee:40:49:5e:8b:ac:e4:d8:b0:e1:7f:8c:c9:88:3d:
a8:05:02:04:c2:58:ff:61:73:cc:a5:65:51:6e:97:
a5:66:de:7c:16:c9:01:54:39:f9:ae:47:56:39:a8:
fc:95:a5:8d:ef:09:f4:ad:60:e1:bb:b6:02:34:dc:
89:74:48:53:92:60:3f:59:a1:18:75:36:b1:ae:fe:
75:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:AF:8E:CF:2B:14:76:0B:97:C2:20:EE:A0:CE:D7:E4:C5:F0:56:B4
X509v3 Authority Key Identifier:
keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Ua-OzysUdguXwiDuoM7X5MXwVrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.8.0/24
81.21.14.0/24
109.237.192.0/20
176.241.64.0/21
178.20.184.0/21
185.51.212.0/22
185.193.176.0/22
IPv6:
2a01:1d0::/32
Signature Algorithm: sha256WithRSAEncryption
0a:c0:00:e0:06:2e:a8:f0:99:9d:c0:47:54:71:27:20:3b:34:
be:00:b2:e1:42:74:d1:4f:ed:c8:a3:dc:79:27:7d:fb:bf:58:
ab:e0:0b:1a:7a:4a:c4:68:7b:c7:34:c6:85:fd:56:d5:10:7d:
0b:af:93:41:f7:42:a5:d1:3a:0f:bc:d0:a6:79:94:4a:55:61:
f5:62:15:86:7c:6a:eb:6d:3e:d7:38:54:d8:84:1b:9d:ca:86:
ae:35:33:6d:0f:51:00:c0:a6:cf:78:e7:a7:39:5f:15:73:e6:
6e:c7:fd:c2:32:70:39:b4:8a:19:02:8e:c1:a4:3a:ad:51:16:
b8:99:83:d3:3e:d1:2a:2d:2c:62:75:88:10:10:79:d8:02:fe:
0e:be:a2:8b:43:2c:09:ed:7d:82:7b:1e:dd:7f:5f:59:7f:f4:
3f:05:ee:0e:ae:b9:d3:49:53:23:f7:72:68:2d:5e:1a:7d:88:
94:a1:c7:9e:bb:55:69:38:ce:ff:f7:c3:0e:32:6c:74:ec:05:
62:d3:51:5d:5d:65:d4:eb:ae:44:e4:df:d0:52:a6:10:c6:59:
84:79:6d:12:2a:1c:ef:8e:40:68:30:9c:3d:1b:a9:73:61:a7:
12:57:cd:6e:f9:b4:52:c1:dc:53:f3:7b:07:9c:09:ef:87:30:
e4:f8:c6:1a
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQhsaiV2CVtV50Ltqjjgxu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWFmOGVjZjJiMTQ3NjBiOTdjMjIwZWVhMGNlZDdlNGM1ZjA1NmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AL4FUAAN8Y9lDgm13zxoqiat/hd
kWdk4MPKRQVQDrpRPtmI8OwNhjQ5ujvOTfp8NFfJIIYb0M6AdOEUD+3wjsyh9yrR
boEARvBj7Gv5RbQ0XupKzKLs+zS8kewVTUqSZ946mPPS5gPbrJHu4UPwXNDLJlyQ
teX5gYKNGkhTs5Htc0G2vZ/ZKIDSeLsnVqyBG3UvMVWB86qLCNTf5va879u9KEPb
yqpmPC8N7iWWBDusRPDuQElei6zk2LDhf4zJiD2oBQIEwlj/YXPMpWVRbpelZt58
FskBVDn5rkdWOaj8laWN7wn0rWDhu7YCNNyJdEhTkmA/WaEYdTaxrv51WQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFFGvjs8rFHYLl8Ig7qDO1+TF8Fa0MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvVWEtT3p5c1VkZ3VYd2lEdW9NN1g1TVh3VnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAURUIAwQA
URUOAwQEbe3AAwQDsPFAAwQDshS4AwQCuTPUAwQCucGwMA0EAgACMAcDBQAqAQHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAKwADgBi6o8JmdwEdUcScgOzS+ALLhQnTRT+3I
o9x5J337v1ir4AsaekrEaHvHNMaF/VbVEH0Lr5NB90Kl0ToPvNCmeZRKVWH1YhWG
fGrrbT7XOFTYhBudyoauNTNtD1EAwKbPeOenOV8Vc+Zux/3CMnA5tIoZAo7BpDqt
URa4mYPTPtEqLSxidYgQEHnYAv4OvqKLQywJ7X2Cex7df19Zf/Q/Be4OrrnTSVMj
93JoLV4afYiUoceeu1VpOM7/98MOMmx07AVi01FdXWXU665E5N/QUqYQxlmEeW0S
KhzvjkBoMJw9G6lzYacSV81u+bRSwdxT83sHnAnvhzDk+MYa
-----END CERTIFICATE-----
Generated at Wed Feb 5 09:57:15 2025 by rpki-client