Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/8CKcN-SRoQO9JUmL4yTExDvEyOA.roa
File: 8CKcN-SRoQO9JUmL4yTExDvEyOA.roa (raw, json)
Hash identifier: OiMf5Nf+OTh9H87VfBx1A0/7NWZO8HCqhBwOMnyM4g4=
Subject key identifier: F0:22:9C:37:E4:91:A1:03:BD:25:49:8B:E3:24:C4:C4:3B:C4:C8:E0
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0198791D2F675D83665FCB0A3AC0B02365A5
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/8CKcN-SRoQO9JUmL4yTExDvEyOA.roa
Signing time: Tue 05 Aug 2025 07:23:32 +0000
ROA not before: Tue 05 Aug 2025 07:23:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3356
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 12 Aug 2025 02:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:1d:2f:67:5d:83:66:5f:cb:0a:3a:c0:b0:23:65:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Aug 5 07:23:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0229c37e491a103bd25498be324c4c43bc4c8e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:d9:05:fd:c8:ab:10:8b:98:6b:c7:74:27:45:
a7:34:91:ed:87:ff:8e:3a:eb:61:d8:e8:58:db:b6:
7b:fc:ee:ea:3a:50:02:a5:07:b5:f3:0e:e0:85:e1:
15:74:2f:d2:10:9c:4f:d9:33:41:81:7b:86:a1:a5:
cd:f7:67:57:eb:d0:53:9f:58:97:4d:eb:ff:bf:a0:
82:83:63:02:54:0b:17:08:b3:9f:99:28:9a:96:f9:
4b:8a:be:fd:ed:79:95:05:7c:f3:1c:a3:3c:70:ad:
61:bc:df:4d:c9:43:40:99:50:0f:d0:d6:34:eb:a5:
32:b0:87:94:42:54:9d:4d:68:98:1c:92:6c:0b:0a:
ec:fa:65:2b:4f:d4:78:32:6a:14:fb:a6:94:a1:5f:
b3:87:04:dd:32:6d:58:a7:da:3b:5c:89:10:52:27:
38:13:55:b6:8c:de:ca:68:7d:cb:64:37:f0:18:c4:
fa:81:4e:04:d6:32:d9:55:69:f1:fa:90:b5:a4:f4:
ab:eb:9a:dc:87:ff:78:e7:d2:48:e3:5a:35:19:f5:
bc:2e:97:00:31:ca:b2:21:66:4e:07:e3:95:0e:c8:
e3:fc:c5:09:60:e8:25:40:21:ab:a0:cf:08:07:2b:
49:fe:a4:36:b8:bc:f2:f1:bc:6a:63:ee:2e:cb:6b:
db:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:22:9C:37:E4:91:A1:03:BD:25:49:8B:E3:24:C4:C4:3B:C4:C8:E0
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/8CKcN-SRoQO9JUmL4yTExDvEyOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
ae:fa:cf:e5:40:83:68:69:25:62:28:e7:40:f5:6d:2f:70:e8:
be:82:e4:05:c8:21:a7:cf:2f:92:aa:1d:01:3f:03:46:af:06:
68:1e:9a:b9:00:57:1b:d8:cb:86:b0:eb:db:b1:2d:2b:e2:76:
7d:89:3b:2f:b6:6c:ef:50:05:ff:01:12:e2:66:ec:a9:4a:e8:
9a:71:ef:7c:a8:16:da:c2:51:77:97:31:69:85:f6:a0:c7:fe:
16:82:c2:1a:ca:e9:6d:1b:af:2f:85:9f:84:b1:d3:4f:f3:dd:
99:ec:52:11:08:74:00:2f:ae:cd:3f:d6:94:f9:b9:ad:91:98:
e8:7d:e3:2c:4c:c3:73:e6:27:5f:d1:da:cd:13:37:86:da:fd:
ad:c6:23:21:3b:2c:2a:40:cd:41:c5:ce:62:ab:f6:6c:bf:8e:
60:17:f4:26:5e:8f:8c:40:17:f7:8d:5a:12:60:be:f3:b6:b1:
3b:8e:37:0c:27:e2:73:29:14:f5:fe:41:72:57:be:e9:d9:35:
d8:e4:4a:53:b1:35:b0:ac:d7:5e:24:d0:1c:97:3f:54:77:f1:
ff:a9:4b:61:de:84:32:72:69:cf:1a:05:3f:c9:2f:dd:db:4b:
1a:2a:56:df:23:9f:83:36:ae:90:63:4f:4a:4e:1b:ec:ac:12:
99:39:aa:ed
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZh5HS9nXYNmX8sKOsCwI2WlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwODA1MDcyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDIyOWMzN2U0OTFhMTAzYmQyNTQ5OGJlMzI0YzRjNDNiYzRjOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdkF/cirEIuYa8d0J0WnNJHth/+O
Outh2OhY27Z7/O7qOlACpQe18w7gheEVdC/SEJxP2TNBgXuGoaXN92dX69BTn1iX
Tev/v6CCg2MCVAsXCLOfmSialvlLir797XmVBXzzHKM8cK1hvN9NyUNAmVAP0NY0
66UysIeUQlSdTWiYHJJsCwrs+mUrT9R4MmoU+6aUoV+zhwTdMm1Yp9o7XIkQUic4
E1W2jN7KaH3LZDfwGMT6gU4E1jLZVWnx+pC1pPSr65rch/9459JI41o1GfW8LpcA
McqyIWZOB+OVDsjj/MUJYOglQCGroM8IBytJ/qQ2uLzy8bxqY+4uy2vbmQIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFPAinDfkkaEDvSVJi+MkxMQ7xMjgMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvOENLY04tU1JvUU85SlVtTDR5VEV4RHZFeU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEAbm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQCu+s/lQINoaSViKOdA9W0vcOi+guQFyCGnzy+Sqh0BPwNG
rwZoHpq5AFcb2MuGsOvbsS0r4nZ9iTsvtmzvUAX/ARLiZuypSuiace98qBbawlF3
lzFphfagx/4WgsIayultG68vhZ+EsdNP892Z7FIRCHQAL67NP9aU+bmtkZjofeMs
TMNz5idf0drNEzeG2v2txiMhOywqQM1Bxc5iq/Zsv45gF/QmXo+MQBf3jVoSYL7z
trE7jjcMJ+JzKRT1/kFyV77p2TXY5EpTsTWwrNdeJNAclz9Ud/H/qUth3oQycmnP
GgU/yS/d20saKlbfI5+DNq6QY09KThvsrBKZOart
-----END CERTIFICATE-----
Generated at Mon Aug 11 09:52:15 2025 by rpki-client