Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/OCS5ZsgkfgGFHyjvRDGX3il90s0.roa
File: OCS5ZsgkfgGFHyjvRDGX3il90s0.roa (raw, json)
Hash identifier: ztfgD2E4GSIn7F6Xbp0anZ7W4HiY4Pvdc6GtCskveFs=
Subject key identifier: 38:24:B9:66:C8:24:7E:01:85:1F:28:EF:44:31:97:DE:29:7D:D2:CD
Certificate issuer: /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial: 0197CA461EE9ADC0958AFB277C2CB86BCB49
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/OCS5ZsgkfgGFHyjvRDGX3il90s0.roa
Signing time: Wed 02 Jul 2025 08:34:42 +0000
ROA not before: Wed 02 Jul 2025 08:34:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 86.105.104.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
89.37.128.0/24 maxlen: 24
89.37.188.0/22 maxlen: 24
89.40.43.0/24 maxlen: 24
89.184.208.0/20 maxlen: 32
91.232.136.0/22 maxlen: 24
93.114.169.0/24 maxlen: 24
93.115.155.0/24 maxlen: 24
94.177.65.0/24 maxlen: 24
94.190.248.0/22 maxlen: 24
176.223.190.0/24 maxlen: 24
185.64.100.0/22 maxlen: 24
185.172.20.0/22 maxlen: 24
185.210.40.0/22 maxlen: 24
185.215.220.0/22 maxlen: 24
185.217.24.0/22 maxlen: 24
185.223.40.0/22 maxlen: 24
185.224.140.0/22 maxlen: 24
185.249.236.0/22 maxlen: 24
185.252.168.0/22 maxlen: 24
188.211.252.0/22 maxlen: 24
188.212.104.0/22 maxlen: 24
193.46.204.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Jul 2025 20:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ca:46:1e:e9:ad:c0:95:8a:fb:27:7c:2c:b8:6b:cb:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
Validity
Not Before: Jul 2 08:34:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3824b966c8247e01851f28ef443197de297dd2cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:d2:75:b9:6d:9e:87:2a:7a:0a:04:f3:62:f1:
ee:c2:e5:e1:78:68:21:ce:63:34:b1:a1:f0:45:11:
5d:46:89:de:63:c1:d9:b8:37:05:dc:c6:a0:fe:c9:
6e:28:70:ae:98:7e:bb:91:9a:39:0d:6c:64:d4:8e:
5f:09:ca:ff:a1:6e:5b:cf:96:66:2e:70:f0:c9:98:
e5:ca:7a:15:9c:85:31:77:ec:65:70:84:73:6b:ff:
21:08:5f:7d:5b:78:3a:40:05:fe:dc:2a:14:82:3f:
6a:f5:1b:f5:a5:10:2a:ab:79:25:c2:95:04:a1:17:
a1:0c:7c:c1:00:a8:43:2f:2b:1d:64:d9:60:2b:1a:
db:6e:56:ca:0f:ce:97:a0:13:49:ef:3d:63:47:4d:
0a:8c:02:60:7c:09:c2:51:87:42:64:82:d8:80:e2:
e3:4a:57:67:24:33:0a:de:7f:38:7d:9d:bf:d7:2b:
09:f2:26:d6:1a:94:19:d4:52:e9:a0:0b:c6:5c:c5:
7f:66:42:0c:35:9d:c6:5d:a2:95:ae:ae:c7:5c:bc:
dd:f5:9b:27:3f:40:8e:a7:5e:9b:b5:23:08:9c:91:
09:79:2f:6c:23:bd:5c:f9:73:9b:3d:11:92:fc:cf:
89:90:fd:c5:8f:5a:fb:4f:9c:ba:8b:86:c5:96:a8:
a8:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:24:B9:66:C8:24:7E:01:85:1F:28:EF:44:31:97:DE:29:7D:D2:CD
X509v3 Authority Key Identifier:
keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/OCS5ZsgkfgGFHyjvRDGX3il90s0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.105.104.0/22
89.36.236.0/22
89.37.128.0/24
89.37.188.0/22
89.40.43.0/24
89.184.208.0/20
91.232.136.0/22
93.114.169.0/24
93.115.155.0/24
94.177.65.0/24
94.190.248.0/22
176.223.190.0/24
185.64.100.0/22
185.172.20.0/22
185.210.40.0/22
185.215.220.0/22
185.217.24.0/22
185.223.40.0/22
185.224.140.0/22
185.249.236.0/22
185.252.168.0/22
188.211.252.0/22
188.212.104.0/22
193.46.204.0/24
193.46.211.0/24
194.213.10.0/24
194.242.28.0/23
Signature Algorithm: sha256WithRSAEncryption
aa:ca:c0:65:a4:88:67:39:7c:48:69:be:1b:be:5b:f9:76:20:
14:ac:b7:2d:c8:d2:d3:8f:02:cc:d2:5c:e0:20:d5:e5:d0:a1:
1a:9d:d4:1d:f2:0e:72:30:19:1b:95:fe:fc:35:1d:4d:df:c6:
af:91:88:61:3d:bc:43:13:e1:7c:6c:ad:3d:f1:0b:03:17:65:
d6:f1:57:b7:59:89:32:03:9f:bc:c8:7d:f0:c6:4b:0a:5a:ed:
ac:9c:7e:46:db:19:20:4f:2d:be:2b:ca:b7:82:a5:7b:d8:15:
6d:7f:48:16:41:ff:a1:a0:e7:e9:a8:d6:ed:73:d6:54:5e:a8:
b8:83:27:4c:a5:fd:34:08:9a:32:5f:5b:de:82:55:fc:32:6c:
9f:52:ea:a8:4e:92:d9:a5:65:95:8d:e6:d0:d0:a5:a7:84:da:
3f:b9:e8:ca:3d:98:88:d4:dd:86:50:cf:61:99:42:91:0b:77:
17:d0:53:d2:4d:a8:86:39:39:89:82:42:33:6a:8a:d1:32:d7:
e1:5a:31:e6:61:08:c6:b5:f9:f2:7c:5b:f1:e2:92:b5:82:04:
cd:6b:69:9e:c4:c9:28:40:9e:b5:ba:02:07:38:2d:b7:28:b7:
a7:95:68:3b:d1:03:74:e1:e7:23:66:af:39:b4:27:c0:86:4e:
fa:f6:a1:5a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgISAZfKRh7prcCVivsnfCy4a8tJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjUwNzAyMDgzNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI0Yjk2NmM4MjQ3ZTAxODUxZjI4ZWY0NDMxOTdkZTI5N2RkMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9J1uW2ehyp6CgTzYvHuwuXheGgh
zmM0saHwRRFdRoneY8HZuDcF3Mag/sluKHCumH67kZo5DWxk1I5fCcr/oW5bz5Zm
LnDwyZjlynoVnIUxd+xlcIRza/8hCF99W3g6QAX+3CoUgj9q9Rv1pRAqq3klwpUE
oRehDHzBAKhDLysdZNlgKxrbblbKD86XoBNJ7z1jR00KjAJgfAnCUYdCZILYgOLj
SldnJDMK3n84fZ2/1ysJ8ibWGpQZ1FLpoAvGXMV/ZkIMNZ3GXaKVrq7HXLzd9Zsn
P0COp16btSMInJEJeS9sI71c+XObPRGS/M+JkP3Fj1r7T5y6i4bFlqioSwIDAQAB
o4ICqjCCAqYwHQYDVR0OBBYEFDgkuWbIJH4BhR8o70Qxl94pfdLNMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvT0NTNVpzZ2tmZ0dGSHlqdlJER1gzaWw5MHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG/BggrBgEFBQcBBwEB/wSBrzCBrDCBqQQCAAEwgaIDBAJW
aWgDBAJZJOwDBABZJYADBAJZJbwDBABZKCsDBARZuNADBAJb6IgDBABdcqkDBABd
c5sDBABesUEDBAJevvgDBACw374DBAK5QGQDBAK5rBQDBAK50igDBAK519wDBAK5
2RgDBAK53ygDBAK54IwDBAK5+ewDBAK5/KgDBAK80/wDBAK81GgDBADBLswDBADB
LtMDBADC1QoDBAHC8hwwDQYJKoZIhvcNAQELBQADggEBAKrKwGWkiGc5fEhpvhu+
W/l2IBSsty3I0tOPAszSXOAg1eXQoRqd1B3yDnIwGRuV/vw1HU3fxq+RiGE9vEMT
4XxsrT3xCwMXZdbxV7dZiTIDn7zIffDGSwpa7aycfkbbGSBPLb4ryreCpXvYFW1/
SBZB/6Gg5+mo1u1z1lReqLiDJ0yl/TQImjJfW96CVfwybJ9S6qhOktmlZZWN5tDQ
paeE2j+56Mo9mIjU3YZQz2GZQpELdxfQU9JNqIY5OYmCQjNqitEy1+FaMeZhCMa1
+fJ8W/HikrWCBM1raZ7EyShAnrW6Agc4Lbcot6eVaDvRA3Th5yNmrzm0J8CGTvr2
oVo=
-----END CERTIFICATE-----
Generated at Mon Jul 7 04:48:33 2025 by rpki-client