Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YaZUGK7JIFNW1WziLtHIWCg5WxI.roa
File: YaZUGK7JIFNW1WziLtHIWCg5WxI.roa (raw, json)
Hash identifier: QIk1ugLv4hm2rp/yLb1wyhNOSwRu0RNXYIVeCygG/iM=
Subject key identifier: 61:A6:54:18:AE:C9:20:53:56:D5:6C:E2:2E:D1:C8:58:28:39:5B:12
Certificate issuer: /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial: 01972FDE6B9F69FB0C646D65636D22585187
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YaZUGK7JIFNW1WziLtHIWCg5WxI.roa
Signing time: Mon 02 Jun 2025 08:59:55 +0000
ROA not before: Mon 02 Jun 2025 08:59:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5511
IP address blocks: 80.12.71.0/24 maxlen: 32
80.12.76.0/24 maxlen: 24
80.12.79.0/24 maxlen: 24
80.12.96.0/22 maxlen: 24
80.12.96.0/23 maxlen: 24
80.12.98.0/24 maxlen: 24
81.52.128.0/21 maxlen: 24
81.52.136.0/22 maxlen: 24
81.52.140.0/23 maxlen: 24
81.52.160.0/24 maxlen: 24
81.52.166.0/23 maxlen: 24
81.52.168.0/23 maxlen: 24
81.52.176.0/20 maxlen: 24
81.52.190.0/24 maxlen: 24
81.52.201.0/24 maxlen: 24
81.52.202.0/24 maxlen: 24
81.52.236.0/22 maxlen: 24
90.84.48.0/20 maxlen: 24
90.84.128.0/20 maxlen: 24
90.84.148.0/24 maxlen: 24
90.84.151.0/24 maxlen: 24
90.84.159.0/24 maxlen: 24
90.84.255.0/24 maxlen: 24
193.251.128.0/19 maxlen: 24
193.251.148.0/23 maxlen: 23
193.251.160.0/20 maxlen: 24
193.251.169.0/24 maxlen: 24
193.251.220.0/22 maxlen: 24
193.251.240.0/20 maxlen: 24
193.252.113.0/24 maxlen: 24
193.252.226.0/24 maxlen: 24
193.253.158.0/23 maxlen: 23
2001:688::/32 maxlen: 48
2001:688:2::/48 maxlen: 48
2001:688:3::/48 maxlen: 48
2001:688:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 19:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2f:de:6b:9f:69:fb:0c:64:6d:65:63:6d:22:58:51:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
Validity
Not Before: Jun 2 08:59:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=61a65418aec9205356d56ce22ed1c85828395b12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:01:27:cd:72:8d:ef:8b:04:0b:8f:1a:17:c1:
b6:f7:c8:a1:e9:8f:d0:a8:1f:86:6e:af:d6:04:ce:
84:4e:0a:5c:92:97:79:41:5a:de:5c:d7:0f:5f:21:
16:03:38:f5:dd:d6:28:c6:19:2e:ba:00:69:87:3e:
43:68:7d:b1:46:eb:e7:93:b2:8a:4b:18:4e:37:d1:
94:ff:16:08:41:f2:2b:b0:1f:7c:e7:1e:5c:f7:3c:
55:39:10:ea:a9:f4:3b:84:52:36:9a:6e:7a:41:82:
84:c1:2c:ef:ee:de:94:e4:ae:3b:2b:4d:f4:ad:33:
45:53:8e:3e:d7:c4:d9:6d:ef:6c:5a:86:26:dd:62:
f2:b2:b5:96:49:9f:00:8c:aa:ba:31:77:31:0f:24:
6d:3c:b4:5d:e6:8b:39:b1:b1:d8:93:de:ac:4b:20:
4f:d8:a9:cf:96:d9:86:36:4b:db:8a:10:cd:4b:bb:
7a:2b:30:2d:09:ac:fc:63:71:d4:2a:0e:eb:05:30:
ac:f5:f9:7f:35:7a:a4:d3:2e:50:3a:d5:d7:53:8c:
4f:13:c4:be:ad:40:8f:a8:eb:3e:5d:55:8f:2d:06:
f6:04:ce:05:83:2f:d8:3c:2e:fb:bc:25:6d:f5:a0:
e5:b9:1d:a0:d8:c4:da:7d:3a:a0:90:a8:ef:84:48:
46:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:A6:54:18:AE:C9:20:53:56:D5:6C:E2:2E:D1:C8:58:28:39:5B:12
X509v3 Authority Key Identifier:
keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/YaZUGK7JIFNW1WziLtHIWCg5WxI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.12.71.0/24
80.12.76.0/24
80.12.79.0/24
80.12.96.0/22
81.52.128.0-81.52.141.255
81.52.160.0/24
81.52.166.0-81.52.169.255
81.52.176.0/20
81.52.201.0-81.52.202.255
81.52.236.0/22
90.84.48.0/20
90.84.128.0/20
90.84.148.0/24
90.84.151.0/24
90.84.159.0/24
90.84.255.0/24
193.251.128.0-193.251.175.255
193.251.220.0/22
193.251.240.0/20
193.252.113.0/24
193.252.226.0/24
193.253.158.0/23
IPv6:
2001:688::/32
Signature Algorithm: sha256WithRSAEncryption
49:6f:c5:81:2c:06:1a:d8:ed:5a:8b:e7:14:b3:a0:4d:ce:85:
b0:8f:b8:51:04:12:ba:30:39:3e:4d:db:57:7d:67:a8:72:0b:
b5:1f:d9:94:9e:ec:99:af:e3:83:e6:9b:8b:b9:da:9f:86:4a:
d0:f4:8a:e3:de:5d:3d:8f:f9:58:7d:83:09:cd:48:c9:a2:4d:
f8:c4:83:29:07:a7:cb:fe:44:6c:30:a4:b5:50:4b:0b:0c:f3:
c6:16:82:96:b1:59:2f:5a:17:0f:f9:52:ca:af:01:63:de:ab:
47:9b:f2:53:80:4e:9d:09:62:59:25:fb:bd:1b:9a:fc:6f:f9:
5c:40:81:25:3c:dd:5c:87:50:5e:af:f1:19:81:7e:b8:bc:d0:
ad:67:58:91:7d:0c:17:3b:a3:fc:57:8c:1e:0b:7a:75:3f:67:
09:af:3b:9a:c2:b7:dc:63:67:67:a8:92:4e:8f:79:50:b9:9b:
93:8e:41:37:14:cd:73:45:fa:37:91:b3:65:77:8a:be:ff:8b:
62:1c:f5:f9:ee:3a:b0:c5:ac:e1:1f:d2:92:f0:df:75:84:0a:
3a:fc:e4:51:e2:93:89:ae:db:0b:e7:bd:0d:ea:a8:6e:7d:9e:
cf:4e:98:7a:ec:97:c7:c1:e7:a1:e4:4e:00:5b:b3:fc:51:ce:
66:f3:94:f6
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAZcv3mufafsMZG1lY20iWFGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNjAyMDg1OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWE2NTQxOGFlYzkyMDUzNTZkNTZjZTIyZWQxYzg1ODI4Mzk1YjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQEnzXKN74sEC48aF8G298ih6Y/Q
qB+Gbq/WBM6ETgpckpd5QVreXNcPXyEWAzj13dYoxhkuugBphz5DaH2xRuvnk7KK
SxhON9GU/xYIQfIrsB985x5c9zxVORDqqfQ7hFI2mm56QYKEwSzv7t6U5K47K030
rTNFU44+18TZbe9sWoYm3WLysrWWSZ8AjKq6MXcxDyRtPLRd5os5sbHYk96sSyBP
2KnPltmGNkvbihDNS7t6KzAtCaz8Y3HUKg7rBTCs9fl/NXqk0y5QOtXXU4xPE8S+
rUCPqOs+XVWPLQb2BM4Fgy/YPC77vCVt9aDluR2g2MTafTqgkKjvhEhGfwIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFGGmVBiuySBTVtVs4i7RyFgoOVsSMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvWWFaVUdLN0pJRk5XMVd6aUx0SElXQ2c1V3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHQBggrBgEFBQcBBwEB/wSBwDCBvTCBqwQCAAEwgaQDBABQ
DEcDBABQDEwDBABQDE8DBAJQDGAwDAMEB1E0gAMEAVE0jAMEAFE0oDAMAwQBUTSm
AwQBUTSoAwQEUTSwMAwDBABRNMkDBABRNMoDBAJRNOwDBARaVDADBARaVIADBABa
VJQDBABaVJcDBABaVJ8DBABaVP8wDAMEB8H7gAMEBMH7oAMEAsH73AMEBMH78AME
AMH8cQMEAMH84gMEAcH9njANBAIAAjAHAwUAIAEGiDANBgkqhkiG9w0BAQsFAAOC
AQEASW/FgSwGGtjtWovnFLOgTc6FsI+4UQQSujA5Pk3bV31nqHILtR/ZlJ7sma/j
g+abi7nan4ZK0PSK495dPY/5WH2DCc1IyaJN+MSDKQeny/5EbDCktVBLCwzzxhaC
lrFZL1oXD/lSyq8BY96rR5vyU4BOnQliWSX7vRua/G/5XECBJTzdXIdQXq/xGYF+
uLzQrWdYkX0MFzuj/FeMHgt6dT9nCa87msK33GNnZ6iSTo95ULmbk45BNxTNc0X6
N5GzZXeKvv+LYhz1+e46sMWs4R/SkvDfdYQKOvzkUeKTia7bC+e9Deqobn2ez06Y
euyXx8HnoeROAFuz/FHOZvOU9g==
-----END CERTIFICATE-----
Generated at Sun Jun 15 04:07:08 2025 by rpki-client