Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/2ZUzsztGLs1AepOptufdB89sdek.roa
File: 2ZUzsztGLs1AepOptufdB89sdek.roa (raw, json)
Hash identifier: LNgsbydQi4ynqo9sV39jTuJIhn8MYj2U1PcyRA5MePw=
Subject key identifier: D9:95:33:B3:3B:46:2E:CD:40:7A:93:A9:B6:E7:DD:07:CF:6C:75:E9
Certificate issuer: /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial: 01972A6951FC6E999882845E5D3CC18ACA1A
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/2ZUzsztGLs1AepOptufdB89sdek.roa
Signing time: Sun 01 Jun 2025 07:33:54 +0000
ROA not before: Sun 01 Jun 2025 07:33:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39501
IP address blocks: 45.140.28.0/22 maxlen: 22
85.204.30.0/23 maxlen: 23
85.204.76.0/23 maxlen: 23
85.204.104.0/23 maxlen: 23
86.104.232.0/21 maxlen: 21
89.32.196.0/23 maxlen: 23
89.33.18.0/23 maxlen: 23
89.33.204.0/23 maxlen: 23
89.33.234.0/23 maxlen: 23
89.33.240.0/23 maxlen: 23
89.34.20.0/23 maxlen: 23
89.34.88.0/23 maxlen: 23
89.34.94.0/23 maxlen: 23
89.34.168.0/23 maxlen: 23
89.34.176.0/23 maxlen: 23
89.34.200.0/23 maxlen: 23
89.35.58.0/23 maxlen: 23
89.35.132.0/23 maxlen: 23
89.35.156.0/23 maxlen: 23
89.35.176.0/23 maxlen: 23
89.35.194.0/23 maxlen: 23
89.36.16.0/23 maxlen: 23
89.36.194.0/23 maxlen: 23
89.36.226.0/23 maxlen: 23
89.36.252.0/23 maxlen: 23
89.37.30.0/23 maxlen: 23
89.37.42.0/23 maxlen: 23
89.37.102.0/23 maxlen: 23
89.37.198.0/23 maxlen: 23
89.37.218.0/23 maxlen: 23
89.38.24.0/23 maxlen: 23
89.38.102.0/23 maxlen: 23
89.38.242.0/23 maxlen: 23
89.39.186.0/23 maxlen: 23
89.40.38.0/23 maxlen: 23
89.40.78.0/23 maxlen: 23
89.40.90.0/23 maxlen: 23
89.40.106.0/23 maxlen: 23
89.40.110.0/23 maxlen: 23
89.40.128.0/23 maxlen: 23
89.41.8.0/21 maxlen: 21
89.41.16.0/21 maxlen: 22
89.41.16.0/22 maxlen: 23
89.41.20.0/22 maxlen: 23
89.41.32.0/23 maxlen: 23
89.41.58.0/23 maxlen: 23
89.41.240.0/21 maxlen: 21
89.42.32.0/23 maxlen: 23
89.42.56.0/23 maxlen: 23
89.42.68.0/23 maxlen: 23
89.42.150.0/23 maxlen: 23
89.42.228.0/23 maxlen: 23
89.43.36.0/23 maxlen: 23
89.43.70.0/23 maxlen: 23
89.43.88.0/21 maxlen: 21
89.43.96.0/21 maxlen: 21
89.43.182.0/23 maxlen: 23
89.43.188.0/23 maxlen: 23
89.43.204.0/23 maxlen: 23
89.44.112.0/23 maxlen: 23
89.44.118.0/23 maxlen: 23
89.44.146.0/23 maxlen: 23
89.44.190.0/23 maxlen: 23
89.44.202.0/23 maxlen: 23
89.45.68.0/23 maxlen: 23
89.45.80.0/23 maxlen: 23
89.45.126.0/23 maxlen: 23
89.45.230.0/23 maxlen: 23
89.46.44.0/23 maxlen: 23
89.46.60.0/23 maxlen: 23
89.46.94.0/23 maxlen: 23
89.165.0.0/17 maxlen: 17
89.165.0.0/18 maxlen: 18
89.165.8.0/21 maxlen: 21
89.165.16.0/21 maxlen: 21
89.165.56.0/21 maxlen: 21
89.165.64.0/18 maxlen: 18
89.165.80.0/21 maxlen: 21
89.165.105.0/24 maxlen: 24
94.176.32.0/21 maxlen: 21
94.177.72.0/21 maxlen: 21
185.46.0.0/22 maxlen: 22
188.158.0.0/16 maxlen: 16
188.158.0.0/18 maxlen: 18
188.158.0.0/19 maxlen: 19
188.158.16.0/20 maxlen: 20
188.158.32.0/19 maxlen: 19
188.158.32.0/20 maxlen: 20
188.158.64.0/19 maxlen: 19
188.158.96.0/19 maxlen: 19
188.158.96.0/20 maxlen: 20
188.158.96.0/21 maxlen: 21
188.158.128.0/18 maxlen: 18
188.158.128.0/19 maxlen: 19
188.158.160.0/19 maxlen: 19
188.158.160.0/20 maxlen: 20
188.158.160.0/21 maxlen: 21
188.158.192.0/19 maxlen: 19
188.158.224.0/19 maxlen: 19
188.159.0.0/18 maxlen: 18
188.159.0.0/19 maxlen: 19
188.159.32.0/19 maxlen: 19
188.159.64.0/19 maxlen: 19
188.159.96.0/19 maxlen: 19
188.159.128.0/18 maxlen: 18
188.159.128.0/19 maxlen: 19
188.159.192.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.mft
rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 07:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2a:69:51:fc:6e:99:98:82:84:5e:5d:3c:c1:8a:ca:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Validity
Not Before: Jun 1 07:33:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d99533b33b462ecd407a93a9b6e7dd07cf6c75e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:f1:ad:38:09:5d:96:8a:32:3b:58:35:76:e2:
54:0f:ca:7f:0f:65:b5:bd:e2:29:3b:14:70:dc:18:
53:d5:ea:ec:04:30:6d:ec:d7:b7:16:14:6d:1d:f3:
bb:fd:2b:41:79:89:6d:88:1b:b9:a8:87:da:7b:98:
99:ef:14:52:c7:40:1d:b8:fe:64:e7:0d:bf:3a:da:
0e:da:8d:80:24:f4:f2:49:74:57:5e:d3:d1:22:6d:
5b:f5:e8:9a:4e:d8:16:d2:76:68:53:da:4d:b9:96:
bb:08:5b:d1:2b:5c:c7:8a:94:ab:bf:27:d3:66:8c:
4e:e7:28:a4:73:38:ef:1a:fc:f0:a3:d6:fb:6a:6e:
b4:73:ad:d0:f2:00:c9:99:a5:92:6c:55:0d:36:96:
25:74:98:a1:29:07:3c:f8:17:0f:87:51:c4:48:a6:
bb:80:ae:bf:2d:6f:18:d9:05:c2:d0:67:72:7b:95:
42:a0:32:24:25:1a:a2:41:5d:37:0e:9d:2b:bc:2b:
ff:02:3c:96:9f:79:fd:7c:70:16:71:98:0e:83:d2:
d0:d4:96:3e:ea:e4:5f:ce:1b:cd:69:6c:15:39:ab:
8f:d3:e3:54:71:8f:98:79:64:79:bd:e0:53:f6:26:
25:cf:78:18:5d:d5:21:8a:ba:40:8d:d3:5a:02:3b:
ee:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:95:33:B3:3B:46:2E:CD:40:7A:93:A9:B6:E7:DD:07:CF:6C:75:E9
X509v3 Authority Key Identifier:
keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/2ZUzsztGLs1AepOptufdB89sdek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.28.0/22
85.204.30.0/23
85.204.76.0/23
85.204.104.0/23
86.104.232.0/21
89.32.196.0/23
89.33.18.0/23
89.33.204.0/23
89.33.234.0/23
89.33.240.0/23
89.34.20.0/23
89.34.88.0/23
89.34.94.0/23
89.34.168.0/23
89.34.176.0/23
89.34.200.0/23
89.35.58.0/23
89.35.132.0/23
89.35.156.0/23
89.35.176.0/23
89.35.194.0/23
89.36.16.0/23
89.36.194.0/23
89.36.226.0/23
89.36.252.0/23
89.37.30.0/23
89.37.42.0/23
89.37.102.0/23
89.37.198.0/23
89.37.218.0/23
89.38.24.0/23
89.38.102.0/23
89.38.242.0/23
89.39.186.0/23
89.40.38.0/23
89.40.78.0/23
89.40.90.0/23
89.40.106.0/23
89.40.110.0/23
89.40.128.0/23
89.41.8.0-89.41.23.255
89.41.32.0/23
89.41.58.0/23
89.41.240.0/21
89.42.32.0/23
89.42.56.0/23
89.42.68.0/23
89.42.150.0/23
89.42.228.0/23
89.43.36.0/23
89.43.70.0/23
89.43.88.0-89.43.103.255
89.43.182.0/23
89.43.188.0/23
89.43.204.0/23
89.44.112.0/23
89.44.118.0/23
89.44.146.0/23
89.44.190.0/23
89.44.202.0/23
89.45.68.0/23
89.45.80.0/23
89.45.126.0/23
89.45.230.0/23
89.46.44.0/23
89.46.60.0/23
89.46.94.0/23
89.165.0.0/17
94.176.32.0/21
94.177.72.0/21
185.46.0.0/22
188.158.0.0-188.159.223.255
Signature Algorithm: sha256WithRSAEncryption
c4:d8:2d:57:29:92:16:90:2c:73:b0:e0:ad:fa:f5:cf:d7:7a:
30:a7:51:46:df:a2:53:dd:37:19:6c:56:25:be:a7:f9:82:55:
54:20:f3:a5:6f:4e:fe:24:ef:c6:2f:a1:37:d8:1a:32:94:86:
4c:b9:ae:71:42:fa:63:ea:fb:d0:6f:ef:3e:75:87:ed:4f:4c:
02:05:04:a5:f9:e5:61:b5:84:fb:ee:f1:2b:3f:06:a3:66:52:
67:ca:fc:73:9d:a4:a2:1b:69:99:8d:fa:0c:7e:70:75:ad:2f:
4d:9a:1e:f5:c3:bd:74:99:e6:5c:4f:97:6d:d7:d8:47:9b:fe:
9e:86:3d:db:18:e6:8d:7b:3e:ea:e3:0b:9e:8f:33:ca:97:fc:
7b:87:82:95:95:d7:61:d3:7d:86:c1:0e:f2:b2:3f:50:97:d2:
d3:34:eb:11:f8:f0:44:8c:1a:b2:21:2f:75:4f:a8:7a:30:3b:
bb:b4:ab:8f:1b:be:a9:cd:83:a8:06:68:2c:73:46:42:96:d7:
18:a5:d9:9e:38:5a:74:c0:a1:ec:a0:83:96:59:47:3d:33:1a:
92:00:3d:1d:22:32:34:9a:3b:a9:fa:df:21:53:3f:57:a1:ca:
f2:08:01:92:90:10:9b:cc:6f:86:d4:e1:0e:cd:fc:ee:10:74:
a6:05:1a:c1
-----BEGIN CERTIFICATE-----
MIIGyDCCBbCgAwIBAgISAZcqaVH8bpmYgoReXTzBisoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmVkNGU3NzgyMDljM2NhZTkzZDRiNzZkMzUwNzA0NDYy
YzNhYWIwHhcNMjUwNjAxMDczMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk1MzNiMzNiNDYyZWNkNDA3YTkzYTliNmU3ZGQwN2NmNmM3NWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/GtOAldlooyO1g1duJUD8p/D2W1
veIpOxRw3BhT1ersBDBt7Ne3FhRtHfO7/StBeYltiBu5qIfae5iZ7xRSx0AduP5k
5w2/OtoO2o2AJPTySXRXXtPRIm1b9eiaTtgW0nZoU9pNuZa7CFvRK1zHipSrvyfT
ZoxO5yikczjvGvzwo9b7am60c63Q8gDJmaWSbFUNNpYldJihKQc8+BcPh1HESKa7
gK6/LW8Y2QXC0Gdye5VCoDIkJRqiQV03Dp0rvCv/AjyWn3n9fHAWcZgOg9LQ1JY+
6uRfzhvNaWwVOauP0+NUcY+YeWR5veBT9iYlz3gYXdUhirpAjdNaAjvu4wIDAQAB
o4ID1DCCA9AwHQYDVR0OBBYEFNmVM7M7Ri7NQHqTqbbn3QfPbHXpMB8GA1UdIwQY
MBaAFOf+1Od4IJw8rpPUt201BwRGLDqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQt
OGJiODAxNTJhYjM0LzEvMlpVenN6dEdMczFBZXBPcHR1ZmRCODlzZGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yMmEzYzctNmZlNS00OWUxLTkzNWQtOGJiODAxNTJhYjM0
LzEvNV83VTUzZ2duRHl1azlTM2JUVUhCRVlzT3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB6AYIKwYBBQUHAQcBAf8EggHXMIIB0zCCAc8EAgABMIIB
xwMEAi2MHAMEAVXMHgMEAVXMTAMEAVXMaAMEA1Zo6AMEAVkgxAMEAVkhEgMEAVkh
zAMEAVkh6gMEAVkh8AMEAVkiFAMEAVkiWAMEAVkiXgMEAVkiqAMEAVkisAMEAVki
yAMEAVkjOgMEAVkjhAMEAVkjnAMEAVkjsAMEAVkjwgMEAVkkEAMEAVkkwgMEAVkk
4gMEAVkk/AMEAVklHgMEAVklKgMEAVklZgMEAVklxgMEAVkl2gMEAVkmGAMEAVkm
ZgMEAVkm8gMEAVknugMEAVkoJgMEAVkoTgMEAVkoWgMEAVkoagMEAVkobgMEAVko
gDAMAwQDWSkIAwQDWSkQAwQBWSkgAwQBWSk6AwQDWSnwAwQBWSogAwQBWSo4AwQB
WSpEAwQBWSqWAwQBWSrkAwQBWSskAwQBWStGMAwDBANZK1gDBANZK2ADBAFZK7YD
BAFZK7wDBAFZK8wDBAFZLHADBAFZLHYDBAFZLJIDBAFZLL4DBAFZLMoDBAFZLUQD
BAFZLVADBAFZLX4DBAFZLeYDBAFZLiwDBAFZLjwDBAFZLl4DBAdZpQADBANesCAD
BANesUgDBAK5LgAwCwMDAbyeAwQFvJ/AMA0GCSqGSIb3DQEBCwUAA4IBAQDE2C1X
KZIWkCxzsOCt+vXP13owp1FG36JT3TcZbFYlvqf5glVUIPOlb07+JO/GL6E32Boy
lIZMua5xQvpj6vvQb+8+dYftT0wCBQSl+eVhtYT77vErPwajZlJnyvxznaSiG2mZ
jfoMfnB1rS9Nmh71w710meZcT5dt19hHm/6ehj3bGOaNez7q4wuejzPKl/x7h4KV
lddh032GwQ7ysj9Ql9LTNOsR+PBEjBqyIS91T6h6MDu7tKuPG76pzYOoBmgsc0ZC
ltcYpdmeOFp0wKHsoIOWWUc9MxqSAD0dIjI0mjup+t8hUz9XocryCAGSkBCbzG+G
1OEOzfzuEHSmBRrB
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:41:46 2025 by rpki-client