
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/oUQWVvQxjUEP4r2-FkARFneKZMU.roa
File: oUQWVvQxjUEP4r2-FkARFneKZMU.roa (raw, json)
Hash identifier: UsraHeQYnVuGM8BWVj+JJobHfPofc10SVXUPyIrrYmE=
Subject key identifier: A1:44:16:56:F4:31:8D:41:0F:E2:BD:BE:16:40:11:16:77:8A:64:C5
Certificate issuer: /CN=1a2a4bfd2c0c69765a8299ef74965f862a7148b7
Certificate serial: 0196CD601CF78682B01F8FDF15EF1AAB186C
Authority key identifier: 1A:2A:4B:FD:2C:0C:69:76:5A:82:99:EF:74:96:5F:86:2A:71:48:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GipL_SwMaXZagpnvdJZfhipxSLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/oUQWVvQxjUEP4r2-FkARFneKZMU.roa
Signing time: Wed 14 May 2025 05:59:10 +0000
ROA not before: Wed 14 May 2025 05:59:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41176
IP address blocks: 89.108.0.0/18 maxlen: 18
89.108.26.0/23 maxlen: 23
89.108.26.0/24 maxlen: 24
89.108.27.0/24 maxlen: 24
89.108.28.0/24 maxlen: 24
89.108.29.0/24 maxlen: 24
89.108.30.0/24 maxlen: 24
89.108.60.0/22 maxlen: 22
185.20.152.0/22 maxlen: 22
185.20.152.0/24 maxlen: 24
188.117.64.0/18 maxlen: 18
188.117.72.0/22 maxlen: 22
188.117.76.0/22 maxlen: 22
188.117.76.0/24 maxlen: 24
188.117.77.0/24 maxlen: 24
188.117.78.0/24 maxlen: 24
188.117.80.0/23 maxlen: 23
188.117.80.0/24 maxlen: 24
188.117.81.0/24 maxlen: 24
188.117.82.0/24 maxlen: 24
188.117.84.0/22 maxlen: 22
188.117.84.0/24 maxlen: 24
188.117.85.0/24 maxlen: 24
188.117.86.0/24 maxlen: 24
188.117.87.0/24 maxlen: 24
188.117.93.0/24 maxlen: 24
188.117.96.0/21 maxlen: 21
188.117.100.0/23 maxlen: 23
188.117.104.0/24 maxlen: 24
188.117.107.0/24 maxlen: 24
188.117.108.0/24 maxlen: 24
188.117.109.0/24 maxlen: 24
188.117.117.0/24 maxlen: 24
188.117.124.0/24 maxlen: 24
212.76.64.0/19 maxlen: 19
212.76.64.0/24 maxlen: 24
212.76.68.0/24 maxlen: 24
212.76.69.0/24 maxlen: 24
212.76.70.0/24 maxlen: 24
212.76.73.0/24 maxlen: 24
212.76.83.0/24 maxlen: 24
212.76.85.0/24 maxlen: 24
212.76.88.0/24 maxlen: 24
212.76.95.0/24 maxlen: 24
213.236.32.0/19 maxlen: 19
213.236.35.0/24 maxlen: 24
213.236.36.0/24 maxlen: 24
213.236.37.0/24 maxlen: 24
213.236.38.0/24 maxlen: 24
213.236.39.0/24 maxlen: 24
213.236.41.0/24 maxlen: 24
213.236.48.0/24 maxlen: 24
213.236.53.0/24 maxlen: 24
213.236.56.0/21 maxlen: 21
213.236.56.0/22 maxlen: 22
213.236.59.0/24 maxlen: 24
213.236.60.0/22 maxlen: 22
213.236.60.0/24 maxlen: 24
213.236.62.0/24 maxlen: 24
2a02:d70::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/GipL_SwMaXZagpnvdJZfhipxSLc.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/GipL_SwMaXZagpnvdJZfhipxSLc.mft
rsync://rpki.ripe.net/repository/DEFAULT/GipL_SwMaXZagpnvdJZfhipxSLc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 02:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:cd:60:1c:f7:86:82:b0:1f:8f:df:15:ef:1a:ab:18:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a2a4bfd2c0c69765a8299ef74965f862a7148b7
Validity
Not Before: May 14 05:59:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1441656f4318d410fe2bdbe16401116778a64c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:54:4b:fc:f1:bb:e2:a7:0c:05:3c:89:5a:b1:
31:c7:42:36:59:85:5a:45:d4:c4:65:f7:f0:fc:cf:
26:d5:4c:60:7f:1d:36:e2:2c:03:ab:52:da:d9:c1:
0c:88:a3:ba:19:29:98:11:6c:be:49:b1:d6:b3:52:
d2:5a:a2:31:a5:c9:7c:60:b7:b1:a8:83:28:20:75:
d3:f6:21:99:bb:3d:00:80:db:d1:a6:8e:f8:29:c6:
65:18:fa:c5:a7:a2:ef:4c:31:2c:a8:71:24:cf:ef:
a7:a1:58:61:e5:9b:de:2b:f7:df:a2:b7:b2:fe:09:
6c:98:5d:ea:bc:b6:ae:36:61:2f:3b:3d:00:30:db:
11:af:2e:af:bc:20:dd:be:dd:b3:04:95:41:b8:8f:
cb:ff:97:cd:a6:bb:48:c6:bf:e8:54:1a:28:ed:4a:
53:9b:3b:b1:2d:9b:b1:2d:2b:8f:48:d5:68:a1:4d:
6a:11:17:b0:b4:18:07:cd:14:1f:71:50:2c:8d:59:
b1:03:56:63:50:09:71:99:71:4b:19:a5:88:12:c9:
38:cd:7a:a7:a0:0c:55:f8:bf:84:28:7b:dd:1d:88:
b5:da:84:6b:9e:dc:4e:42:1a:65:7d:b9:c8:56:ca:
d0:ae:72:79:66:ff:10:69:e5:c3:e5:2c:d4:06:89:
06:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:44:16:56:F4:31:8D:41:0F:E2:BD:BE:16:40:11:16:77:8A:64:C5
X509v3 Authority Key Identifier:
keyid:1A:2A:4B:FD:2C:0C:69:76:5A:82:99:EF:74:96:5F:86:2A:71:48:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GipL_SwMaXZagpnvdJZfhipxSLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/oUQWVvQxjUEP4r2-FkARFneKZMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/677af8-853e-493b-8b85-bb70800c2a65/1/GipL_SwMaXZagpnvdJZfhipxSLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.108.0.0/18
185.20.152.0/22
188.117.64.0/18
212.76.64.0/19
213.236.32.0/19
IPv6:
2a02:d70::/32
Signature Algorithm: sha256WithRSAEncryption
2c:e5:f6:d4:37:36:b1:d0:87:ee:16:96:60:31:63:0b:86:5a:
b0:6e:87:c6:0d:91:59:52:7b:62:9b:73:90:9f:6c:3f:53:a8:
ee:ee:de:9f:d6:d7:88:2c:8d:c6:6d:4b:8a:f9:58:f1:1b:6e:
29:45:21:50:85:51:95:e1:f1:6c:5f:06:6b:a1:58:d5:14:63:
81:de:fa:46:06:47:13:a2:40:82:21:ec:7b:54:a6:62:06:05:
e3:2a:d9:44:a7:e5:ea:c7:49:05:f1:bc:59:0b:a6:b3:29:6e:
72:0c:a5:7e:25:06:5e:89:bb:ca:cc:77:30:91:b7:15:fe:0f:
d1:9a:d3:96:67:69:24:6f:b7:df:b3:20:44:78:34:2f:ec:93:
d0:56:eb:97:ff:e3:7b:b1:cd:55:78:66:b0:c4:5b:00:f1:7f:
fe:64:7b:a6:72:b6:b0:91:47:17:01:c7:ed:5e:bb:34:07:a6:
bf:ca:b5:1f:a0:ba:41:ff:c9:0e:60:82:81:34:40:b3:6b:5d:
99:fa:21:70:83:91:8c:f1:ec:a3:93:0a:83:8d:01:04:a3:9d:
57:c8:18:c7:3c:65:db:a2:9a:1a:58:8c:5e:94:d0:f4:6c:81:
b6:b1:7e:d0:76:bd:ca:f9:77:01:99:5e:7c:ef:4e:1c:7e:12:
59:ce:56:13
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZbNYBz3hoKwH4/fFe8aqxhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMmE0YmZkMmMwYzY5NzY1YTgyOTllZjc0OTY1Zjg2MmE3
MTQ4YjcwHhcNMjUwNTE0MDU1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ0MTY1NmY0MzE4ZDQxMGZlMmJkYmUxNjQwMTExNjc3OGE2NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lRL/PG74qcMBTyJWrExx0I2WYVa
RdTEZffw/M8m1Uxgfx024iwDq1La2cEMiKO6GSmYEWy+SbHWs1LSWqIxpcl8YLex
qIMoIHXT9iGZuz0AgNvRpo74KcZlGPrFp6LvTDEsqHEkz++noVhh5ZveK/fforey
/glsmF3qvLauNmEvOz0AMNsRry6vvCDdvt2zBJVBuI/L/5fNprtIxr/oVBoo7UpT
mzuxLZuxLSuPSNVooU1qERewtBgHzRQfcVAsjVmxA1ZjUAlxmXFLGaWIEsk4zXqn
oAxV+L+EKHvdHYi12oRrntxOQhplfbnIVsrQrnJ5Zv8QaeXD5SzUBokGtwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKFEFlb0MY1BD+K9vhZAERZ3imTFMB8GA1UdIwQY
MBaAFBoqS/0sDGl2WoKZ73SWX4YqcUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2lwTF9Td01hWFphZ3BudmRKWmZoaXB4U0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82NzdhZjgtODUzZS00OTNiLThiODUt
YmI3MDgwMGMyYTY1LzEvb1VRV1Z2UXhqVUVQNHIyLUZrQVJGbmVLWk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82NzdhZjgtODUzZS00OTNiLThiODUtYmI3MDgwMGMyYTY1
LzEvR2lwTF9Td01hWFphZ3BudmRKWmZoaXB4U0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGWWwAAwQC
uRSYAwQGvHVAAwQF1ExAAwQF1ewgMA0EAgACMAcDBQAqAg1wMA0GCSqGSIb3DQEB
CwUAA4IBAQAs5fbUNzax0IfuFpZgMWMLhlqwbofGDZFZUntim3OQn2w/U6ju7t6f
1teILI3GbUuK+VjxG24pRSFQhVGV4fFsXwZroVjVFGOB3vpGBkcTokCCIex7VKZi
BgXjKtlEp+Xqx0kF8bxZC6azKW5yDKV+JQZeibvKzHcwkbcV/g/RmtOWZ2kkb7ff
syBEeDQv7JPQVuuX/+N7sc1VeGawxFsA8X/+ZHumcrawkUcXAcftXrs0B6a/yrUf
oLpB/8kOYIKBNECza12Z+iFwg5GM8eyjkwqDjQEEo51XyBjHPGXbopoaWIxelND0
bIG2sX7Qdr3K+XcBmV58704cfhJZzlYT
-----END CERTIFICATE-----
Generated at Mon Jun 9 09:17:13 2025 by rpki-client