Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/sZhd0PoWKQb_t3dDn3jTQ-3HgM0.roa
File: sZhd0PoWKQb_t3dDn3jTQ-3HgM0.roa (raw, json)
Hash identifier: U9YTpBnSvYsfK4xAqu4ZCzzOhEdFcLlSb9+Ct8I8V4E=
Subject key identifier: B1:98:5D:D0:FA:16:29:06:FF:B7:77:43:9F:78:D3:43:ED:C7:80:CD
Certificate issuer: /CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Certificate serial: 0198F52CE38BAD180764A2374690ED8730E7
Authority key identifier: 83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/sZhd0PoWKQb_t3dDn3jTQ-3HgM0.roa
Signing time: Fri 29 Aug 2025 09:33:36 +0000
ROA not before: Fri 29 Aug 2025 09:33:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13030
IP address blocks: 37.17.232.0/21 maxlen: 21
45.80.136.0/22 maxlen: 24
77.74.80.0/21 maxlen: 21
77.109.128.0/18 maxlen: 18
77.109.128.0/19 maxlen: 19
77.109.160.0/19 maxlen: 19
80.253.88.0/21 maxlen: 21
81.6.32.0/20 maxlen: 20
82.197.160.0/19 maxlen: 19
82.197.160.0/20 maxlen: 20
82.197.176.0/20 maxlen: 20
85.195.192.0/18 maxlen: 18
85.195.192.0/20 maxlen: 20
85.195.208.0/20 maxlen: 20
85.195.224.0/19 maxlen: 19
85.195.224.0/20 maxlen: 20
85.195.240.0/20 maxlen: 20
109.202.192.0/19 maxlen: 19
141.195.80.0/20 maxlen: 20
185.72.64.0/22 maxlen: 22
185.137.172.0/22 maxlen: 22
185.183.192.0/22 maxlen: 22
185.201.248.0/22 maxlen: 22
185.246.104.0/22 maxlen: 22
193.47.153.0/24 maxlen: 24
193.223.80.0/20 maxlen: 20
195.134.128.0/19 maxlen: 19
212.51.128.0/19 maxlen: 19
212.51.128.0/20 maxlen: 20
212.51.144.0/20 maxlen: 20
213.144.128.0/19 maxlen: 19
213.144.128.0/20 maxlen: 20
213.144.144.0/20 maxlen: 20
217.118.192.0/21 maxlen: 21
217.118.200.0/22 maxlen: 22
2001:1620::/32 maxlen: 32
2a02:168::/30 maxlen: 30
2a02:168::/32 maxlen: 32
2a02:169::/32 maxlen: 32
2a07:600::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 02:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f5:2c:e3:8b:ad:18:07:64:a2:37:46:90:ed:87:30:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Validity
Not Before: Aug 29 09:33:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b1985dd0fa162906ffb777439f78d343edc780cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:d3:31:50:62:97:5f:4a:5c:ff:95:ae:56:4a:
35:da:9e:5a:fa:b2:48:11:cb:0b:4e:b2:be:a8:61:
da:64:08:02:66:ef:a3:35:a4:3a:e3:67:19:e3:47:
f5:d1:76:f1:f1:8c:61:c8:59:25:d0:3f:e2:11:48:
1e:95:ca:09:86:62:4a:48:4f:11:72:14:c6:6b:3e:
4f:41:84:28:bd:e3:18:1c:2c:41:f6:70:62:ec:92:
23:da:a1:14:73:a3:ae:95:72:6e:33:96:6c:5a:e1:
a3:bd:2a:04:04:3c:00:ec:ee:02:13:e1:55:7d:b9:
c3:c8:ee:6c:02:9d:92:e7:ee:87:db:55:29:f6:07:
0e:8a:10:f2:8a:71:69:59:4b:d5:80:32:81:e9:59:
43:86:38:f9:9b:2b:5e:68:81:aa:9d:68:67:96:9d:
00:ab:32:8e:ef:52:bd:7d:f1:6e:8e:46:22:4d:80:
97:ba:af:80:78:cf:55:3e:fc:39:9a:60:8c:36:dd:
ec:26:46:6c:3b:b2:08:55:61:30:47:68:11:b1:c4:
07:0f:77:b4:1f:d0:79:b7:b3:85:c2:20:d0:78:d2:
6c:1f:59:57:cb:e9:d1:02:8c:fc:02:9a:92:3b:3d:
21:9b:18:e7:b2:2e:55:2d:d9:e4:fe:f4:05:63:93:
04:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:98:5D:D0:FA:16:29:06:FF:B7:77:43:9F:78:D3:43:ED:C7:80:CD
X509v3 Authority Key Identifier:
keyid:83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/sZhd0PoWKQb_t3dDn3jTQ-3HgM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.17.232.0/21
45.80.136.0/22
77.74.80.0/21
77.109.128.0/18
80.253.88.0/21
81.6.32.0/20
82.197.160.0/19
85.195.192.0/18
109.202.192.0/19
141.195.80.0/20
185.72.64.0/22
185.137.172.0/22
185.183.192.0/22
185.201.248.0/22
185.246.104.0/22
193.47.153.0/24
193.223.80.0/20
195.134.128.0/19
212.51.128.0/19
213.144.128.0/19
217.118.192.0-217.118.203.255
IPv6:
2001:1620::/32
2a02:168::/30
2a07:600::/29
Signature Algorithm: sha256WithRSAEncryption
0e:8f:5c:68:1a:f2:a8:a2:11:42:25:a0:9a:73:68:a0:72:64:
20:4d:0c:7f:ac:a4:86:0c:9a:3c:80:51:4e:35:cd:aa:fa:d1:
31:c3:dc:51:e4:64:95:0b:b3:ba:cd:21:e2:9c:02:7e:25:27:
84:8b:a3:92:60:6e:59:c6:98:11:e0:16:02:31:3a:11:43:05:
10:eb:64:b4:3b:ad:9d:22:a9:4b:6f:3b:bd:15:34:6f:ed:95:
28:e0:f7:2d:57:47:1b:29:56:e0:e1:6a:a8:a2:a9:a9:4e:6a:
cb:2b:ec:8d:d8:47:b5:48:45:bd:a5:2a:67:96:41:67:db:2d:
2a:1c:4b:82:ed:a9:7d:ee:e7:b6:b6:33:d1:19:af:e6:c8:2d:
71:c6:3d:47:e6:10:08:9f:6c:e9:b5:e0:fa:ee:f7:a7:e3:0a:
cc:ce:3b:06:69:a8:12:3f:99:f6:28:aa:17:22:30:6c:e4:15:
35:c4:e6:3d:b1:e8:e7:ad:8f:ac:b2:69:c1:3c:d8:b1:08:03:
49:1e:7d:23:67:2e:12:9d:f7:0a:07:49:58:58:28:7c:59:fe:
88:c3:3d:56:f5:c5:22:93:da:88:9b:78:14:f0:ba:d1:14:6c:
d4:a0:0a:b9:4b:bb:bc:8f:23:0a:c0:81:dc:b2:83:35:ab:85:
1f:9a:ee:d8
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZj1LOOLrRgHZKI3RpDthzDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDc5NTE0OTU5Mzk3YzVlM2ZhNzZlMWVhNDk1ZThlMWY2
YzMxOWIwHhcNMjUwODI5MDkzMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTk4NWRkMGZhMTYyOTA2ZmZiNzc3NDM5Zjc4ZDM0M2VkYzc4MGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNMxUGKXX0pc/5WuVko12p5a+rJI
EcsLTrK+qGHaZAgCZu+jNaQ642cZ40f10Xbx8YxhyFkl0D/iEUgelcoJhmJKSE8R
chTGaz5PQYQoveMYHCxB9nBi7JIj2qEUc6OulXJuM5ZsWuGjvSoEBDwA7O4CE+FV
fbnDyO5sAp2S5+6H21Up9gcOihDyinFpWUvVgDKB6VlDhjj5myteaIGqnWhnlp0A
qzKO71K9ffFujkYiTYCXuq+AeM9VPvw5mmCMNt3sJkZsO7IIVWEwR2gRscQHD3e0
H9B5t7OFwiDQeNJsH1lXy+nRAoz8ApqSOz0hmxjnsi5VLdnk/vQFY5MEyQIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFLGYXdD6FikG/7d3Q59400Ptx4DNMB8GA1UdIwQY
MBaAFINHlRSVk5fF4/p24epJXo4fbDGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUt
MWU1ZTQzMGRkNzExLzEvc1poZDBQb1dLUWJfdDNkRG4zalRRLTNIZ00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUtMWU1ZTQzMGRkNzEx
LzEvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBjQQCAAEwgYYDBAMl
EegDBAItUIgDBANNSlADBAZNbYADBANQ/VgDBARRBiADBAVSxaADBAZVw8ADBAVt
ysADBASNw1ADBAK5SEADBAK5iawDBAK5t8ADBAK5yfgDBAK59mgDBADBL5kDBATB
31ADBAXDhoADBAXUM4ADBAXVkIAwDAMEBtl2wAMEAtl2yDAbBAIAAjAVAwUAIAEW
IAMFAioCAWgDBQMqBwYAMA0GCSqGSIb3DQEBCwUAA4IBAQAOj1xoGvKoohFCJaCa
c2igcmQgTQx/rKSGDJo8gFFONc2q+tExw9xR5GSVC7O6zSHinAJ+JSeEi6OSYG5Z
xpgR4BYCMToRQwUQ62S0O62dIqlLbzu9FTRv7ZUo4PctV0cbKVbg4WqooqmpTmrL
K+yN2Ee1SEW9pSpnlkFn2y0qHEuC7al97ue2tjPRGa/myC1xxj1H5hAIn2zpteD6
7ven4wrMzjsGaagSP5n2KKoXIjBs5BU1xOY9sejnrY+ssmnBPNixCANJHn0jZy4S
nfcKB0lYWCh8Wf6Iwz1W9cUik9qIm3gU8LrRFGzUoAq5S7u8jyMKwIHcsoM1q4Uf
mu7Y
-----END CERTIFICATE-----
Generated at Wed Sep 10 10:14:07 2025 by rpki-client