Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/zLripgfgA2h1PROmUFrV2xnn3qg.roa
File: zLripgfgA2h1PROmUFrV2xnn3qg.roa (raw, json)
Hash identifier: RFD7P9+ANXyKn760nUDc4MZf68DTdcPjH9V+Py4Xd04=
Subject key identifier: CC:BA:E2:A6:07:E0:03:68:75:3D:13:A6:50:5A:D5:DB:19:E7:DE:A8
Certificate issuer: /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial: 0194221FDC44B8B7759A8D6BF9D220181793
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/zLripgfgA2h1PROmUFrV2xnn3qg.roa
Signing time: Wed 01 Jan 2025 13:48:20 +0000
ROA not before: Wed 01 Jan 2025 13:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21277
IP address blocks: 93.91.192.0/20 maxlen: 20
93.91.192.0/24 maxlen: 24
93.91.193.0/24 maxlen: 24
93.91.195.0/24 maxlen: 24
93.91.196.0/24 maxlen: 24
93.91.197.0/24 maxlen: 24
93.91.200.0/24 maxlen: 24
93.91.201.0/24 maxlen: 24
93.91.204.0/24 maxlen: 24
95.170.192.0/19 maxlen: 19
95.170.192.0/24 maxlen: 24
95.170.193.0/24 maxlen: 24
95.170.194.0/24 maxlen: 24
95.170.196.0/24 maxlen: 24
95.170.199.0/24 maxlen: 24
95.170.200.0/24 maxlen: 24
95.170.201.0/24 maxlen: 24
95.170.202.0/24 maxlen: 24
95.170.203.0/24 maxlen: 24
95.170.204.0/24 maxlen: 24
95.170.205.0/24 maxlen: 24
95.170.206.0/24 maxlen: 24
95.170.207.0/24 maxlen: 24
95.170.208.0/24 maxlen: 24
95.170.214.0/24 maxlen: 24
95.170.215.0/24 maxlen: 24
95.170.216.0/24 maxlen: 24
95.170.217.0/24 maxlen: 24
95.170.218.0/24 maxlen: 24
95.170.219.0/24 maxlen: 24
95.170.220.0/24 maxlen: 24
95.170.221.0/24 maxlen: 24
95.170.222.0/24 maxlen: 24
109.127.64.0/18 maxlen: 18
109.127.64.0/20 maxlen: 20
109.127.64.0/21 maxlen: 21
109.127.72.0/21 maxlen: 21
109.127.80.0/24 maxlen: 24
109.127.86.0/24 maxlen: 24
109.127.88.0/24 maxlen: 24
109.127.89.0/24 maxlen: 24
109.127.90.0/24 maxlen: 24
109.127.91.0/24 maxlen: 24
109.127.107.0/24 maxlen: 24
130.193.128.0/17 maxlen: 17
130.193.128.0/19 maxlen: 19
130.193.131.0/24 maxlen: 24
130.193.132.0/22 maxlen: 22
130.193.144.0/24 maxlen: 24
130.193.145.0/24 maxlen: 24
130.193.146.0/24 maxlen: 24
130.193.147.0/24 maxlen: 24
130.193.148.0/24 maxlen: 24
130.193.149.0/24 maxlen: 24
130.193.150.0/23 maxlen: 23
130.193.150.0/24 maxlen: 24
130.193.151.0/24 maxlen: 24
130.193.160.0/20 maxlen: 20
130.193.160.0/24 maxlen: 24
130.193.165.0/24 maxlen: 24
130.193.166.0/24 maxlen: 24
130.193.176.0/20 maxlen: 20
130.193.176.0/21 maxlen: 21
130.193.184.0/21 maxlen: 21
130.193.192.0/20 maxlen: 20
130.193.208.0/20 maxlen: 20
130.193.224.0/20 maxlen: 20
130.193.240.0/20 maxlen: 20
2a04:a040::/29 maxlen: 29
2a04:a040::/32 maxlen: 32
2a04:a041::/32 maxlen: 32
2a04:a042::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:dc:44:b8:b7:75:9a:8d:6b:f9:d2:20:18:17:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Validity
Not Before: Jan 1 13:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ccbae2a607e00368753d13a6505ad5db19e7dea8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:fc:38:d5:22:09:6e:5b:54:75:dd:6e:fe:7e:
ef:76:dc:02:fa:f5:62:a1:15:63:d2:e7:5d:3f:82:
3d:ef:d9:db:10:ae:08:46:31:dd:ca:55:92:1b:be:
4f:c1:53:07:be:c5:b4:ba:94:b2:f0:70:48:57:d6:
74:d3:41:4e:b8:31:53:f7:35:e3:82:f5:ab:e9:d0:
94:87:06:6d:8b:d4:1e:38:0f:07:11:8b:ca:c8:33:
54:78:a9:4a:82:b0:0d:e7:36:6e:69:f0:75:98:a9:
05:03:3f:57:33:db:e2:d9:b9:44:ed:0c:50:66:73:
fc:ee:bb:6d:8e:d2:53:aa:aa:92:e8:f4:bc:ff:44:
e0:be:8a:7c:48:77:f1:ab:b5:a7:6b:8c:84:bc:83:
45:33:4f:7c:db:48:23:be:71:bd:28:ac:f5:71:5d:
ff:43:da:fb:c9:57:b4:70:83:59:85:04:4a:09:cc:
7f:9b:b6:73:e7:e3:c5:3d:8b:09:a0:0f:b4:97:df:
02:09:69:b5:47:82:4f:6d:2d:61:af:4c:53:82:45:
09:07:20:f1:ef:9e:da:bb:36:c6:f7:35:85:ec:8d:
39:72:60:ba:3a:23:6b:a4:8c:d3:ae:3d:dd:91:37:
c0:46:11:5c:a7:34:c7:aa:97:93:ea:50:02:88:d8:
e0:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:BA:E2:A6:07:E0:03:68:75:3D:13:A6:50:5A:D5:DB:19:E7:DE:A8
X509v3 Authority Key Identifier:
keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/zLripgfgA2h1PROmUFrV2xnn3qg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.91.192.0/20
95.170.192.0/19
109.127.64.0/18
130.193.128.0/17
IPv6:
2a04:a040::/29
Signature Algorithm: sha256WithRSAEncryption
5e:08:16:76:e4:35:aa:9e:6d:96:fd:aa:ae:48:8f:23:1a:60:
0f:f5:0d:64:f3:4e:e2:cb:3c:f7:96:68:0b:91:23:08:cb:5f:
50:20:e4:b9:8a:ac:80:0f:9d:a2:67:2b:1e:15:01:1a:2a:f1:
03:6c:2a:93:61:a5:c0:c4:8c:64:1b:ee:f5:29:57:09:9a:67:
32:aa:85:bd:94:4c:b6:8e:b9:5b:51:7a:fe:56:8b:5d:50:5a:
11:cc:b0:ca:22:27:99:66:6e:d2:4d:ea:01:46:23:16:07:fe:
5c:6e:ea:d9:fe:77:45:d4:c4:33:df:42:d3:2f:3e:35:5f:df:
15:08:a2:ca:01:c3:f4:80:3b:18:59:f8:9b:79:ef:6b:70:f5:
34:a3:13:5b:65:b7:54:97:42:36:36:24:07:89:c0:b4:d3:ff:
6d:c9:41:24:81:83:e2:6c:3c:e2:e2:16:a4:58:88:4f:d7:7d:
36:f2:4f:89:e0:b6:ca:fc:1f:f2:81:e9:10:0d:de:16:d7:33:
71:7a:30:d3:d5:65:55:9c:13:76:51:6c:3e:f8:19:e0:f9:fd:
be:cf:7f:ef:56:7d:e5:44:fa:bb:1d:42:de:f3:48:95:06:ca:
d6:af:40:31:f8:ba:18:90:20:fb:ff:b0:5d:d3:07:a0:4c:7f:
3e:90:83:b9
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQiH9xEuLd1mo1r+dIgGBeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2JhZTJhNjA3ZTAwMzY4NzUzZDEzYTY1MDVhZDVkYjE5ZTdkZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPw41SIJbltUdd1u/n7vdtwC+vVi
oRVj0uddP4I979nbEK4IRjHdylWSG75PwVMHvsW0upSy8HBIV9Z000FOuDFT9zXj
gvWr6dCUhwZti9QeOA8HEYvKyDNUeKlKgrAN5zZuafB1mKkFAz9XM9vi2blE7QxQ
ZnP87rttjtJTqqqS6PS8/0Tgvop8SHfxq7Wna4yEvINFM09820gjvnG9KKz1cV3/
Q9r7yVe0cINZhQRKCcx/m7Zz5+PFPYsJoA+0l98CCWm1R4JPbS1hr0xTgkUJByDx
757auzbG9zWF7I05cmC6OiNrpIzTrj3dkTfARhFcpzTHqpeT6lACiNjgTQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMy64qYH4ANodT0TplBa1dsZ596oMB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvekxyaXBnZmdBMmgxUFJPbVVGclYyeG5uM3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQBeCBZ25DWqnm2W/aquSI8jGmAP9Q1k807iyzz3lmgLkSMIy19QIOS5iqyAD52i
ZyseFQEaKvEDbCqTYaXAxIxkG+71KVcJmmcyqoW9lEy2jrlbUXr+VotdUFoRzLDK
IieZZm7STeoBRiMWB/5cburZ/ndF1MQz30LTLz41X98VCKLKAcP0gDsYWfibee9r
cPU0oxNbZbdUl0I2NiQHicC00/9tyUEkgYPibDzi4hakWIhP13028k+J4LbK/B/y
gekQDd4W1zNxejDT1WVVnBN2UWw++Bng+f2+z3/vVn3lRPq7HULe80iVBsrWr0Ax
+LoYkCD7/7Bd0wegTH8+kIO5
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:45:37 2025 by rpki-client