Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/S9qORFlVihRXgXPTMQZutfjwKHE.roa
File: S9qORFlVihRXgXPTMQZutfjwKHE.roa (raw, json)
Hash identifier: vsbhWoTnzrB7AOoQuujS+OxmDvP0R8xrr9NkNJFez7M=
Subject key identifier: 4B:DA:8E:44:59:55:8A:14:57:81:73:D3:31:06:6E:B5:F8:F0:28:71
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 0194236988058FBF8510566F9E2486416349
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/S9qORFlVihRXgXPTMQZutfjwKHE.roa
Signing time: Wed 01 Jan 2025 19:48:26 +0000
ROA not before: Wed 01 Jan 2025 19:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12975
IP address blocks: 37.8.0.0/17 maxlen: 20
37.8.0.0/20 maxlen: 20
37.8.16.0/20 maxlen: 20
37.8.32.0/20 maxlen: 20
37.8.48.0/20 maxlen: 20
82.102.192.0/18 maxlen: 24
82.102.192.0/20 maxlen: 20
82.102.208.0/21 maxlen: 21
82.102.218.0/23 maxlen: 23
82.102.220.0/22 maxlen: 22
82.102.224.0/20 maxlen: 20
82.102.240.0/20 maxlen: 20
82.205.0.0/17 maxlen: 21
82.205.0.0/20 maxlen: 20
82.205.16.0/20 maxlen: 20
82.205.27.0/24 maxlen: 24
82.205.96.0/20 maxlen: 20
82.205.104.0/21 maxlen: 21
82.205.120.0/21 maxlen: 21
85.113.96.0/19 maxlen: 24
86.107.16.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
89.239.32.0/20 maxlen: 20
94.26.112.0/20 maxlen: 20
109.232.162.0/23 maxlen: 23
109.232.162.0/24 maxlen: 24
109.232.163.0/24 maxlen: 24
147.189.176.0/20 maxlen: 20
176.65.12.0/22 maxlen: 22
185.40.192.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
185.138.132.0/22 maxlen: 22
185.171.132.0/22 maxlen: 22
188.209.208.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
194.169.121.0/24 maxlen: 24
194.169.122.0/23 maxlen: 23
194.169.122.0/24 maxlen: 24
194.169.123.0/24 maxlen: 24
199.204.215.0/24 maxlen: 24
199.250.128.0/19 maxlen: 21
212.33.96.0/19 maxlen: 20
212.106.64.0/19 maxlen: 20
217.21.0.0/20 maxlen: 20
217.21.2.0/24 maxlen: 24
217.21.3.0/24 maxlen: 24
217.21.4.0/24 maxlen: 24
217.21.5.0/24 maxlen: 24
217.21.6.0/23 maxlen: 23
217.21.8.0/23 maxlen: 23
217.21.10.0/23 maxlen: 23
217.21.12.0/23 maxlen: 23
217.21.14.0/23 maxlen: 23
217.66.224.0/19 maxlen: 24
217.66.233.0/24 maxlen: 24
217.66.234.0/23 maxlen: 23
217.66.237.0/24 maxlen: 24
217.66.240.0/20 maxlen: 20
217.78.48.0/20 maxlen: 20
217.78.48.0/21 maxlen: 21
217.78.60.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.mft
rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 13 Apr 2025 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:88:05:8f:bf:85:10:56:6f:9e:24:86:41:63:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: Jan 1 19:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4bda8e4459558a14578173d331066eb5f8f02871
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:50:da:8b:d8:d1:e6:53:ad:c9:bd:73:90:b3:
6e:16:2d:31:07:8a:60:92:a5:aa:82:d8:c0:75:28:
cf:95:5c:cd:0a:21:fe:b4:c1:bb:50:5a:59:ef:9f:
18:c7:3b:ec:4e:cb:f6:b7:67:52:f6:a4:ed:49:6e:
f5:08:52:9f:1b:57:45:40:99:7b:cf:0b:de:3a:10:
59:0d:e3:dc:65:e2:3f:62:8c:c5:d2:cc:60:80:ad:
b2:ff:b2:a4:0a:bc:95:eb:cf:18:c4:9b:21:db:a6:
4f:d9:38:d9:5d:05:fc:66:76:5a:54:95:16:cb:b2:
f9:6a:dc:a4:61:5c:cf:60:06:44:ab:d0:ab:9f:98:
12:c2:cb:7c:bd:27:db:f9:23:ae:b4:ad:31:6f:26:
30:7c:0c:51:a8:c9:b8:0b:bd:dc:7c:2b:0a:9c:7a:
51:29:ff:30:5b:2c:34:07:38:c9:49:fc:f7:12:5f:
16:01:5f:fa:f8:85:4c:15:d1:80:ac:f5:bb:0e:3f:
6b:7e:44:8a:43:b2:e4:5e:ea:37:81:08:68:e5:cd:
e8:ce:67:d5:67:ef:0e:17:7c:c6:a1:75:95:d9:38:
66:87:00:c2:91:c3:a8:92:2c:d8:ec:24:1f:c1:d2:
f8:01:d6:86:0a:13:d0:a4:d6:2c:38:7a:1f:05:df:
d8:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:DA:8E:44:59:55:8A:14:57:81:73:D3:31:06:6E:B5:F8:F0:28:71
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/S9qORFlVihRXgXPTMQZutfjwKHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
109.232.162.0/23
147.189.176.0/20
176.65.12.0/22
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.121.0-194.169.123.255
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.224.0/19
217.78.48.0/20
Signature Algorithm: sha256WithRSAEncryption
4b:4b:58:e3:dd:34:8b:fa:20:49:4a:f0:aa:fc:ae:fb:2a:60:
0d:74:f2:47:8e:50:89:74:c1:45:df:24:9f:ba:97:e4:58:63:
9d:64:f4:32:6f:ae:a9:b3:b9:36:00:66:21:94:5b:9c:96:8b:
28:3b:36:e6:0d:a1:30:59:03:5b:fb:59:f8:0d:02:bc:1b:a8:
ef:29:d6:82:e9:34:18:4b:33:ef:ef:75:4b:40:9e:ca:89:e6:
54:bf:e9:8d:5f:37:72:55:6a:e1:01:e1:4f:48:ef:06:3e:eb:
96:ae:5d:17:d3:dd:70:fc:7a:66:1b:af:84:21:86:12:01:2a:
0d:c1:80:75:1c:20:aa:cb:4d:33:97:fc:e5:d8:8c:fc:2e:87:
df:26:0a:8f:11:54:f1:2c:01:e1:64:7e:a2:b6:d6:c8:7b:a1:
7b:44:e1:f6:b6:0e:77:48:5b:c0:02:f6:a2:1f:20:c2:95:29:
df:2a:a5:0e:06:d3:f9:7e:34:d8:2d:35:d8:1e:0a:2d:67:b6:
65:4c:59:6f:fc:df:2e:4c:8c:6c:90:68:de:0b:12:12:cb:76:
bf:6c:12:d8:7d:42:89:a2:4d:eb:4d:60:1a:46:d8:d1:ec:f9:
b3:ee:f7:56:0d:f2:f4:c7:bf:0b:a1:68:14:f3:05:80:8e:db:
60:fe:63:f9
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZQjaYgFj7+FEFZvniSGQWNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRhOGU0NDU5NTU4YTE0NTc4MTczZDMzMTA2NmViNWY4ZjAyODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFDai9jR5lOtyb1zkLNuFi0xB4pg
kqWqgtjAdSjPlVzNCiH+tMG7UFpZ758YxzvsTsv2t2dS9qTtSW71CFKfG1dFQJl7
zwveOhBZDePcZeI/YozF0sxggK2y/7KkCryV688YxJsh26ZP2TjZXQX8ZnZaVJUW
y7L5atykYVzPYAZEq9Crn5gSwst8vSfb+SOutK0xbyYwfAxRqMm4C73cfCsKnHpR
Kf8wWyw0BzjJSfz3El8WAV/6+IVMFdGArPW7Dj9rfkSKQ7LkXuo3gQho5c3ozmfV
Z+8OF3zGoXWV2ThmhwDCkcOokizY7CQfwdL4AdaGChPQpNYsOHofBd/YswIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFEvajkRZVYoUV4Fz0zEGbrX48ChxMB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvUzlxT1JGbFZpaFJYZ1hQVE1RWnV0Zmp3S0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJWaxADBAJX/GwDBARZ7yADBAReGnADBAFt
6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK80dADBAK8
12QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAMEBNkVAAME
BdlC4AMEBNlOMDANBgkqhkiG9w0BAQsFAAOCAQEAS0tY4900i/ogSUrwqvyu+ypg
DXTyR45QiXTBRd8kn7qX5FhjnWT0Mm+uqbO5NgBmIZRbnJaLKDs25g2hMFkDW/tZ
+A0CvBuo7ynWguk0GEsz7+91S0CeyonmVL/pjV83clVq4QHhT0jvBj7rlq5dF9Pd
cPx6ZhuvhCGGEgEqDcGAdRwgqstNM5f85diM/C6H3yYKjxFU8SwB4WR+orbWyHuh
e0Th9rYOd0hbwAL2oh8gwpUp3yqlDgbT+X402C012B4KLWe2ZUxZb/zfLkyMbJBo
3gsSEst2v2wS2H1CiaJN601gGkbY0ez5s+73Vg3y9Me/C6FoFPMFgI7bYP5j+Q==
-----END CERTIFICATE-----
Generated at Sun Apr 13 05:02:28 2025 by rpki-client