Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ztR8WOgTBgL_HsU-vD01Dbr6zv4.roa
File: ztR8WOgTBgL_HsU-vD01Dbr6zv4.roa (raw, json)
Hash identifier: sR4O/ctID6nSRNUQeJMEtSdtn4qYey5+I/rgVmSACVc=
Subject key identifier: CE:D4:7C:58:E8:13:06:02:FF:1E:C5:3E:BC:3D:35:0D:BA:FA:CE:FE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01975EF49AC270A3F6D551654DF27E471352
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ztR8WOgTBgL_HsU-vD01Dbr6zv4.roa
Signing time: Wed 11 Jun 2025 12:26:18 +0000
ROA not before: Wed 11 Jun 2025 12:26:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.8.93.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.232.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 23:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5e:f4:9a:c2:70:a3:f6:d5:51:65:4d:f2:7e:47:13:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 11 12:26:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ced47c58e8130602ff1ec53ebc3d350dbafacefe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:e0:51:e5:52:a9:fc:bc:ed:93:e8:09:45:78:
75:ff:88:86:43:25:83:ba:40:2c:49:83:91:13:c1:
2c:22:2d:eb:d8:70:a0:26:ed:ea:63:5f:94:11:ee:
c7:23:be:0a:ee:d1:fa:c7:36:4a:55:2d:ff:97:e1:
76:ef:ff:99:e0:97:dc:be:36:03:80:71:43:ac:4a:
59:9a:2e:e1:94:30:f1:ab:b4:88:e0:d9:26:29:42:
4a:49:01:0f:b6:30:a1:8a:e5:d4:57:9b:19:67:81:
27:6c:4a:50:b2:6a:df:e4:74:7d:c9:64:3f:c4:c4:
c0:e3:94:58:47:80:18:2b:91:80:93:fc:cb:af:0e:
d1:4c:82:dc:bd:44:37:d6:08:9c:32:c1:5f:56:e4:
d2:52:ef:94:c9:b2:84:fc:42:5b:0d:3d:e4:25:ae:
d0:f3:6a:9f:14:ff:32:4b:bf:28:8f:dd:47:1a:4c:
3e:15:e3:81:76:4f:9b:96:2f:c3:3a:29:0f:0b:f4:
ce:d4:17:a5:56:2d:83:85:38:3e:f6:f3:e2:07:17:
f1:d3:9f:42:41:21:e9:87:3b:1b:a6:5d:76:a8:8d:
bb:b8:1d:e9:b2:df:70:15:45:05:1f:71:98:6b:2a:
b2:43:4a:d2:d5:d1:9f:db:ea:25:be:aa:bb:a8:9a:
7e:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:D4:7C:58:E8:13:06:02:FF:1E:C5:3E:BC:3D:35:0D:BA:FA:CE:FE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ztR8WOgTBgL_HsU-vD01Dbr6zv4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.8.93.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.89.0/24
87.120.126.0/24
87.120.166.0/24
87.121.20.0-87.121.22.255
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.165.0/24
91.92.70.0/24
92.119.196.0/23
92.249.50.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.162.0/23
94.156.232.0/24
94.156.239.0/24
141.98.1.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
193.222.96.0/24
193.222.98.0/24
194.55.186.0/24
194.169.175.0/24
195.178.111.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:1d:af:65:90:bd:5f:ea:c0:0f:d0:d6:22:d9:48:96:53:aa:
81:12:8c:78:e2:36:1e:ca:bb:14:11:32:f0:af:3e:57:fe:37:
08:7d:e1:d6:42:fb:5a:2d:6d:84:53:e0:54:78:7c:c4:21:22:
31:1a:3b:50:5f:6f:92:44:20:8e:d6:d9:f7:4e:cf:38:27:d3:
c6:d5:dd:2e:5e:28:36:84:7f:38:2d:15:ff:22:94:4b:ba:74:
9c:a2:7d:bb:ee:06:9d:20:b9:87:9e:75:74:ac:59:f8:ed:a2:
39:15:fd:99:5c:96:cb:47:d7:e5:82:75:79:71:f0:f6:77:44:
7e:06:99:3e:58:07:7a:fb:9c:18:77:5c:34:64:f8:cb:55:45:
e8:4c:fa:ca:21:f2:ad:14:a1:dc:d3:ae:a9:52:01:bb:87:f6:
a0:f4:da:c0:cd:2f:ef:81:1b:4d:f2:d4:67:ce:c9:d1:bc:f2:
61:8a:d4:24:7c:82:48:a5:f1:d7:a6:98:81:b1:a4:b0:9c:8e:
ce:df:b7:ec:11:fe:6f:fa:f4:e9:00:82:02:5f:e5:d9:26:d5:
7f:4f:60:18:4f:5b:5c:e9:e1:89:1b:a1:4d:21:86:11:27:b7:
17:3e:d1:bd:60:67:bf:b3:20:06:df:b0:3d:ce:d3:92:7f:46:
3e:2f:50:9f
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgISAZde9JrCcKP21VFlTfJ+RxNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjExMTIyNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQ0N2M1OGU4MTMwNjAyZmYxZWM1M2ViYzNkMzUwZGJhZmFjZWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeBR5VKp/Lztk+gJRXh1/4iGQyWD
ukAsSYORE8EsIi3r2HCgJu3qY1+UEe7HI74K7tH6xzZKVS3/l+F27/+Z4JfcvjYD
gHFDrEpZmi7hlDDxq7SI4NkmKUJKSQEPtjChiuXUV5sZZ4EnbEpQsmrf5HR9yWQ/
xMTA45RYR4AYK5GAk/zLrw7RTILcvUQ31gicMsFfVuTSUu+UybKE/EJbDT3kJa7Q
82qfFP8yS78oj91HGkw+FeOBdk+bli/DOikPC/TO1BelVi2DhTg+9vPiBxfx059C
QSHphzsbpl12qI27uB3pst9wFUUFH3GYayqyQ0rS1dGf2+olvqq7qJp+3QIDAQAB
o4IDVTCCA1EwHQYDVR0OBBYEFM7UfFjoEwYC/x7FPrw9NQ26+s7+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvenRSOFdPZ1RCZ0xfSHNVLXZEMDFEYnI2enY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBaQYIKwYBBQUHAQcBAf8EggFYMIIBVDCCAVAEAgABMIIB
SAMEAAI7/QMEAgX8hAMEAB8N0wMEAC0IXQMEAC0JnQMEAC0M/QMEAC1C5AMEAC1C
5wMEAC1RJwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4WQMEAFd4fgMEAFd4pjAMAwQCV3kUAwQA
V3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQAV3mlAwQAW1xGAwQBXHfEAwQAXPkyAwQA
XXsvAwQAXXtVAwQAXXttAwQAXXt1AwQAXXt3AwQAXmd9AwQBXpqiAwQAXpzoAwQA
XpzvAwQAjWIBAwQAjWIGMAwDBACrFkkDBAKrFkgDBACy1+MDBAK52FQDBADBGdgD
BADBIxIDBADB3mADBADB3mIDBADCN7oDBADCqa8DBADDsm8DBADUcykwDQYJKoZI
hvcNAQELBQADggEBAAwdr2WQvV/qwA/Q1iLZSJZTqoESjHjiNh7KuxQRMvCvPlf+
Nwh94dZC+1otbYRT4FR4fMQhIjEaO1Bfb5JEII7W2fdOzzgn08bV3S5eKDaEfzgt
Ff8ilEu6dJyifbvuBp0guYeedXSsWfjtojkV/ZlclstH1+WCdXlx8PZ3RH4GmT5Y
B3r7nBh3XDRk+MtVRehM+soh8q0UodzTrqlSAbuH9qD02sDNL++BG03y1GfOydG8
8mGK1CR8gkil8demmIGxpLCcjs7ft+wR/m/69OkAggJf5dkm1X9PYBhPW1zp4Ykb
oU0hhhEntxc+0b1gZ7+zIAbfsD3O05J/Rj4vUJ8=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:31:24 2025 by rpki-client