Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/S4OBpHOebbLzTuQ00t3mBgwXvyQ.roa
File: S4OBpHOebbLzTuQ00t3mBgwXvyQ.roa (raw, json)
Hash identifier: OQ5EZlUpLPY6amvC/44Wwi9NpSbK2JOYNPttEGoFZyE=
Subject key identifier: 4B:83:81:A4:73:9E:6D:B2:F3:4E:E4:34:D2:DD:E6:06:0C:17:BF:24
Certificate issuer: /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial: 01967BA059179B16FB3E7660EB0EAB30444C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/S4OBpHOebbLzTuQ00t3mBgwXvyQ.roa
Signing time: Mon 28 Apr 2025 09:00:28 +0000
ROA not before: Mon 28 Apr 2025 09:00:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50670
IP address blocks: 81.21.8.0/22 maxlen: 22
81.21.8.0/24 maxlen: 24
81.21.9.0/24 maxlen: 24
81.21.10.0/24 maxlen: 24
81.21.11.0/24 maxlen: 24
81.21.12.0/24 maxlen: 24
81.21.14.0/24 maxlen: 24
109.237.192.0/20 maxlen: 24
109.237.192.0/24 maxlen: 24
109.237.193.0/24 maxlen: 24
109.237.194.0/24 maxlen: 24
109.237.195.0/24 maxlen: 24
109.237.196.0/24 maxlen: 24
109.237.197.0/24 maxlen: 24
109.237.198.0/24 maxlen: 24
109.237.199.0/24 maxlen: 24
109.237.200.0/24 maxlen: 24
109.237.201.0/24 maxlen: 24
109.237.202.0/24 maxlen: 24
109.237.203.0/24 maxlen: 24
109.237.204.0/24 maxlen: 24
109.237.205.0/24 maxlen: 24
109.237.206.0/24 maxlen: 24
109.237.207.0/24 maxlen: 24
176.241.64.0/21 maxlen: 24
176.241.64.0/24 maxlen: 24
176.241.65.0/24 maxlen: 24
176.241.66.0/24 maxlen: 24
176.241.67.0/24 maxlen: 24
176.241.68.0/24 maxlen: 24
176.241.69.0/24 maxlen: 24
176.241.70.0/24 maxlen: 24
176.241.71.0/24 maxlen: 24
178.20.184.0/21 maxlen: 24
178.20.184.0/24 maxlen: 24
178.20.185.0/24 maxlen: 24
178.20.186.0/24 maxlen: 24
178.20.187.0/24 maxlen: 24
178.20.188.0/24 maxlen: 24
178.20.189.0/24 maxlen: 24
178.20.190.0/24 maxlen: 24
178.20.191.0/24 maxlen: 24
185.51.212.0/22 maxlen: 22
185.51.212.0/24 maxlen: 24
185.51.213.0/24 maxlen: 24
185.51.214.0/24 maxlen: 24
185.51.215.0/24 maxlen: 24
185.193.176.0/22 maxlen: 22
185.193.176.0/24 maxlen: 24
185.193.177.0/24 maxlen: 24
185.193.178.0/24 maxlen: 24
185.193.179.0/24 maxlen: 24
2a01:1d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 03 May 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7b:a0:59:17:9b:16:fb:3e:76:60:eb:0e:ab:30:44:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
Validity
Not Before: Apr 28 09:00:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b8381a4739e6db2f34ee434d2dde6060c17bf24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:e6:d8:ff:6a:c0:01:25:ae:df:7c:7c:9c:a7:
7c:54:11:77:87:79:12:38:0a:ec:a1:85:88:aa:8f:
07:94:c8:e1:c8:d6:8d:7a:52:53:7a:b7:bb:ea:d8:
3c:99:78:7a:7a:19:5d:59:ce:e2:1d:dd:97:1a:11:
18:22:2f:fa:ae:c3:1e:8a:d5:eb:53:3e:b4:c4:f7:
0a:ee:9c:5f:03:f8:33:98:d3:03:2b:5b:57:63:e7:
7f:6a:b1:c0:bc:cd:85:34:1e:0b:07:b2:d7:ee:aa:
bd:cf:af:c3:4d:b0:73:d2:a1:7b:5b:5b:f7:65:e3:
fa:e1:c4:22:e8:dd:73:bd:43:92:da:8e:06:b9:d6:
00:66:b8:4b:78:91:54:79:10:36:f3:20:f0:20:dc:
f8:ca:47:fe:3c:5b:2c:26:f8:fe:d5:e0:1a:68:29:
5a:5b:b7:9e:d5:4b:2c:d5:2a:50:05:5c:64:dc:8a:
13:76:5c:77:3e:bb:b6:45:07:0c:5b:16:82:8b:5c:
ce:24:0c:16:ab:ac:20:f5:ec:54:10:47:c1:2b:b4:
83:d8:5f:eb:ba:cf:c3:6d:4e:65:eb:83:7a:44:d4:
6f:af:f7:7f:f2:87:f8:39:da:0c:3f:e1:d3:d0:5e:
b4:21:de:84:1e:51:c4:f3:8e:6e:fc:41:de:18:b9:
7b:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:83:81:A4:73:9E:6D:B2:F3:4E:E4:34:D2:DD:E6:06:0C:17:BF:24
X509v3 Authority Key Identifier:
keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/S4OBpHOebbLzTuQ00t3mBgwXvyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.8.0-81.21.12.255
81.21.14.0/24
109.237.192.0/20
176.241.64.0/21
178.20.184.0/21
185.51.212.0/22
185.193.176.0/22
IPv6:
2a01:1d0::/32
Signature Algorithm: sha256WithRSAEncryption
31:7b:9d:24:32:90:2c:e3:14:37:60:86:7a:ff:07:6e:c4:4d:
2d:5b:0f:37:26:b8:ec:c9:31:3a:79:ea:58:ca:2d:2c:5f:be:
fb:1e:d3:d2:ee:d0:2c:ec:db:28:27:6a:b7:e4:5d:c6:37:a1:
51:36:35:7b:a2:ba:04:9c:05:46:cb:a4:b0:cc:69:81:7f:f8:
e5:67:a4:11:08:50:ec:2e:da:58:28:52:65:a5:7d:b6:44:02:
a7:ac:62:21:4d:bf:0d:78:13:ab:bb:3b:5f:74:86:ce:16:50:
c0:55:ad:46:f5:9d:74:29:df:26:5a:c5:5a:2f:f0:6e:7c:6d:
cc:3f:1a:d4:3d:56:6a:e3:8f:5e:c8:c5:4c:c7:96:da:41:e5:
12:ab:18:8d:9c:31:78:25:44:3f:06:b1:ff:17:ae:76:4c:af:
26:69:23:4c:3d:6d:9c:33:69:8c:2e:7e:60:5a:96:b4:3f:90:
f8:b2:fc:a1:30:89:7c:0a:12:45:a9:74:df:6c:a8:db:23:16:
a7:65:87:d6:b9:bf:a3:f9:e1:3a:7c:80:d3:4d:e4:b7:dd:42:
12:0e:3a:99:20:29:80:e7:d7:11:35:57:e6:0e:3b:3e:81:8f:
1e:2c:07:13:b0:f7:81:5f:b7:0e:d3:2f:1f:71:8c:c8:1a:bc:
b1:0d:a6:85
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZZ7oFkXmxb7PnZg6w6rMERMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwNDI4MDkwMDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjgzODFhNDczOWU2ZGIyZjM0ZWU0MzRkMmRkZTYwNjBjMTdiZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+bY/2rAASWu33x8nKd8VBF3h3kS
OArsoYWIqo8HlMjhyNaNelJTere76tg8mXh6ehldWc7iHd2XGhEYIi/6rsMeitXr
Uz60xPcK7pxfA/gzmNMDK1tXY+d/arHAvM2FNB4LB7LX7qq9z6/DTbBz0qF7W1v3
ZeP64cQi6N1zvUOS2o4GudYAZrhLeJFUeRA28yDwINz4ykf+PFssJvj+1eAaaCla
W7ee1Uss1SpQBVxk3IoTdlx3Pru2RQcMWxaCi1zOJAwWq6wg9exUEEfBK7SD2F/r
us/DbU5l64N6RNRvr/d/8of4OdoMP+HT0F60Id6EHlHE845u/EHeGLl7vQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFEuDgaRznm2y807kNNLd5gYMF78kMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUzRPQnBIT2ViYkx6VHVRMDB0M21CZ3dYdnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBANRFQgD
BABRFQwDBABRFQ4DBARt7cADBAOw8UADBAOyFLgDBAK5M9QDBAK5wbAwDQQCAAIw
BwMFACoBAdAwDQYJKoZIhvcNAQELBQADggEBADF7nSQykCzjFDdghnr/B27ETS1b
DzcmuOzJMTp56ljKLSxfvvse09Lu0Czs2ygnarfkXcY3oVE2NXuiugScBUbLpLDM
aYF/+OVnpBEIUOwu2lgoUmWlfbZEAqesYiFNvw14E6u7O190hs4WUMBVrUb1nXQp
3yZaxVov8G58bcw/GtQ9Vmrjj17IxUzHltpB5RKrGI2cMXglRD8Gsf8XrnZMryZp
I0w9bZwzaYwufmBalrQ/kPiy/KEwiXwKEkWpdN9sqNsjFqdlh9a5v6P54Tp8gNNN
5LfdQhIOOpkgKYDn1xE1V+YOOz6Bjx4sBxOw94Fftw7TLx9xjMgavLENpoU=
-----END CERTIFICATE-----
Generated at Sat May 3 02:58:38 2025 by rpki-client