Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/zaXN6WztlQ7-D4a_TlJdnPjwyY0.roa
File: zaXN6WztlQ7-D4a_TlJdnPjwyY0.roa (raw, json)
Hash identifier: n1tJ3tHrql4pUVvKhcwVaze60JN11w69tyolec1wuf4=
Subject key identifier: CD:A5:CD:E9:6C:ED:95:0E:FE:0F:86:BF:4E:52:5D:9C:F8:F0:C9:8D
Certificate issuer: /CN=574cca899ef5bf4237f0f6bdd1779221b20052f3
Certificate serial: 0195A237068DE1AF7C60993EADFBF7ED19A4
Authority key identifier: 57:4C:CA:89:9E:F5:BF:42:37:F0:F6:BD:D1:77:92:21:B2:00:52:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V0zKiZ71v0I38Pa90XeSIbIAUvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/zaXN6WztlQ7-D4a_TlJdnPjwyY0.roa
Signing time: Mon 17 Mar 2025 03:47:49 +0000
ROA not before: Mon 17 Mar 2025 03:47:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12365
IP address blocks: 81.95.224.0/20 maxlen: 20
81.95.224.96/27 maxlen: 27
81.95.224.192/26 maxlen: 26
81.95.234.192/26 maxlen: 26
82.215.66.0/23 maxlen: 23
82.215.68.0/23 maxlen: 23
82.215.72.0/22 maxlen: 22
82.215.77.0/24 maxlen: 24
82.215.78.0/23 maxlen: 23
82.215.80.0/22 maxlen: 22
82.215.85.0/24 maxlen: 24
82.215.86.0/23 maxlen: 23
82.215.88.0/21 maxlen: 21
82.215.88.0/22 maxlen: 22
82.215.92.0/22 maxlen: 22
82.215.112.0/22 maxlen: 22
82.215.116.0/22 maxlen: 22
82.215.120.0/22 maxlen: 22
82.215.124.0/22 maxlen: 22
89.146.64.0/18 maxlen: 18
89.146.64.0/22 maxlen: 22
89.146.68.0/22 maxlen: 22
89.146.72.0/22 maxlen: 22
89.146.76.0/22 maxlen: 22
89.146.80.0/22 maxlen: 22
89.146.84.0/22 maxlen: 22
89.146.88.0/22 maxlen: 22
89.146.92.0/22 maxlen: 22
89.146.96.0/22 maxlen: 22
89.146.100.0/22 maxlen: 22
89.146.104.0/22 maxlen: 22
89.146.108.0/22 maxlen: 22
89.146.112.0/22 maxlen: 22
89.146.116.0/22 maxlen: 22
89.146.120.0/22 maxlen: 22
89.146.124.0/22 maxlen: 22
185.78.136.0/22 maxlen: 22
2a00:8840::/32 maxlen: 32
2a00:8840:c000::/36 maxlen: 36
2a00:8840:d000::/36 maxlen: 36
2a00:8840:e000::/36 maxlen: 36
2a00:8840:f000::/36 maxlen: 36
2a00:8841::/32 maxlen: 32
2a00:8842::/32 maxlen: 32
2a00:8843::/32 maxlen: 32
2a00:8844::/32 maxlen: 32
2a00:8845::/32 maxlen: 32
2a00:8846::/32 maxlen: 32
2a00:8847::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/V0zKiZ71v0I38Pa90XeSIbIAUvM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/V0zKiZ71v0I38Pa90XeSIbIAUvM.mft
rsync://rpki.ripe.net/repository/DEFAULT/V0zKiZ71v0I38Pa90XeSIbIAUvM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 19 Apr 2025 09:01:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a2:37:06:8d:e1:af:7c:60:99:3e:ad:fb:f7:ed:19:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=574cca899ef5bf4237f0f6bdd1779221b20052f3
Validity
Not Before: Mar 17 03:47:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cda5cde96ced950efe0f86bf4e525d9cf8f0c98d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:dd:27:47:9d:26:64:74:78:e9:dc:6f:0f:f0:
aa:86:da:78:9d:05:61:51:9e:8a:a3:5c:14:49:94:
df:0c:d6:bb:d4:7c:bf:91:82:05:61:10:4b:ee:c9:
52:6f:7d:a7:29:55:9e:0d:1e:e6:49:5e:fa:c2:7a:
cb:f7:f5:6d:20:6a:8e:e1:a6:03:14:4c:a5:98:bf:
d2:d6:60:f2:9b:59:8f:73:9b:b2:c2:c2:41:a4:0f:
63:23:b9:0a:f1:15:34:7c:1a:c1:1a:d7:72:30:26:
c8:5a:fb:77:2f:08:62:ab:15:6f:77:37:20:77:ca:
00:57:e7:4d:78:b6:9c:1e:fd:e1:ba:38:6e:34:26:
89:7c:b8:76:d0:f0:b2:ac:72:a9:00:f9:10:07:be:
e0:26:8c:9d:b1:c0:1c:33:bd:64:df:86:e8:0e:a8:
e3:81:98:30:eb:85:87:f7:f5:cb:e5:22:91:08:de:
5c:32:00:39:a0:05:ad:fc:a6:0c:23:79:21:46:ad:
0b:89:4c:cd:b6:6c:f9:4b:81:b6:4b:96:c8:15:ed:
6d:bb:fc:3d:f8:e4:3a:23:d3:e9:90:7e:fd:ad:82:
e7:f3:09:33:ef:4d:6d:8b:0c:25:f0:13:0e:79:66:
fb:20:1c:f7:97:e9:21:23:dc:c1:1c:12:60:fb:21:
b4:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:A5:CD:E9:6C:ED:95:0E:FE:0F:86:BF:4E:52:5D:9C:F8:F0:C9:8D
X509v3 Authority Key Identifier:
keyid:57:4C:CA:89:9E:F5:BF:42:37:F0:F6:BD:D1:77:92:21:B2:00:52:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0zKiZ71v0I38Pa90XeSIbIAUvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/zaXN6WztlQ7-D4a_TlJdnPjwyY0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/938abd-1019-4e7a-aa82-ee1126a28195/1/V0zKiZ71v0I38Pa90XeSIbIAUvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.95.224.0/20
82.215.66.0-82.215.69.255
82.215.72.0/22
82.215.77.0-82.215.83.255
82.215.85.0-82.215.95.255
82.215.112.0/20
89.146.64.0/18
185.78.136.0/22
IPv6:
2a00:8840::/29
Signature Algorithm: sha256WithRSAEncryption
01:a1:34:52:6c:8e:7d:c3:7d:57:ca:16:8b:e4:3e:5a:28:e2:
43:61:e7:50:5c:16:fd:ec:6e:27:15:04:43:01:a6:86:7c:bb:
50:54:c3:1d:61:1e:07:ff:e7:08:ae:55:b6:d1:46:fd:8c:46:
3f:25:48:f8:11:1b:b2:47:17:40:d9:2f:16:b7:34:f6:c1:2c:
8d:fe:62:e9:ca:58:4d:98:d8:0d:ae:73:56:ed:e1:c8:f2:0c:
5e:55:a7:0b:2b:1c:bd:b0:cb:05:2f:c6:b4:33:13:da:9e:a4:
2b:96:15:d2:f6:b5:b8:53:78:bd:2d:a4:ca:d9:58:06:b4:d5:
63:c5:87:a1:e2:54:46:7f:f1:fb:91:df:80:10:05:b8:06:ea:
e9:94:40:11:1f:86:e1:b1:99:ab:7b:e5:8d:e0:8a:c6:c7:aa:
b8:be:31:06:8e:f7:36:bb:22:b8:08:5e:0c:34:71:36:a3:87:
44:4f:c6:06:4f:70:1e:ce:81:8e:83:a2:e1:26:a7:56:9a:03:
ab:53:31:77:bd:42:60:08:13:c3:8b:be:72:e6:24:2e:29:66:
82:4f:79:5b:18:16:95:06:cd:71:78:8a:e0:6f:4f:7e:73:cd:
5e:95:ad:b5:2e:06:07:07:eb:52:3b:03:cb:26:2c:69:1b:90:
de:19:c5:7c
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZWiNwaN4a98YJk+rfv37RmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NGNjYTg5OWVmNWJmNDIzN2YwZjZiZGQxNzc5MjIxYjIw
MDUyZjMwHhcNMjUwMzE3MDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGE1Y2RlOTZjZWQ5NTBlZmUwZjg2YmY0ZTUyNWQ5Y2Y4ZjBjOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt0nR50mZHR46dxvD/Cqhtp4nQVh
UZ6Ko1wUSZTfDNa71Hy/kYIFYRBL7slSb32nKVWeDR7mSV76wnrL9/VtIGqO4aYD
FEylmL/S1mDym1mPc5uywsJBpA9jI7kK8RU0fBrBGtdyMCbIWvt3LwhiqxVvdzcg
d8oAV+dNeLacHv3hujhuNCaJfLh20PCyrHKpAPkQB77gJoydscAcM71k34boDqjj
gZgw64WH9/XL5SKRCN5cMgA5oAWt/KYMI3khRq0LiUzNtmz5S4G2S5bIFe1tu/w9
+OQ6I9PpkH79rYLn8wkz701tiwwl8BMOeWb7IBz3l+khI9zBHBJg+yG06QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFM2lzels7ZUO/g+Gv05SXZz48MmNMB8GA1UdIwQY
MBaAFFdMyome9b9CN/D2vdF3kiGyAFLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjB6S2laNzF2MEkzOFBhOTBYZVNJYklBVXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC85MzhhYmQtMTAxOS00ZTdhLWFhODIt
ZWUxMTI2YTI4MTk1LzEvemFYTjZXenRsUTctRDRhX1RsSmRuUGp3eVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC85MzhhYmQtMTAxOS00ZTdhLWFhODItZWUxMTI2YTI4MTk1
LzEvVjB6S2laNzF2MEkzOFBhOTBYZVNJYklBVXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQEUV/gMAwD
BAFS10IDBAFS10QDBAJS10gwDAMEAFLXTQMEAlLXUDAMAwQAUtdVAwQFUtdAAwQE
UtdwAwQGWZJAAwQCuU6IMA0EAgACMAcDBQMqAIhAMA0GCSqGSIb3DQEBCwUAA4IB
AQABoTRSbI59w31XyhaL5D5aKOJDYedQXBb97G4nFQRDAaaGfLtQVMMdYR4H/+cI
rlW20Ub9jEY/JUj4ERuyRxdA2S8WtzT2wSyN/mLpylhNmNgNrnNW7eHI8gxeVacL
Kxy9sMsFL8a0MxPanqQrlhXS9rW4U3i9LaTK2VgGtNVjxYeh4lRGf/H7kd+AEAW4
BurplEARH4bhsZmre+WN4IrGx6q4vjEGjvc2uyK4CF4MNHE2o4dET8YGT3AezoGO
g6LhJqdWmgOrUzF3vUJgCBPDi75y5iQuKWaCT3lbGBaVBs1xeIrgb09+c81ela21
LgYHB+tSOwPLJixpG5DeGcV8
-----END CERTIFICATE-----
Generated at Fri Apr 18 16:15:48 2025 by rpki-client