Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ShXwELNENSFmGBdjnWGg5NqouYI.roa
File: ShXwELNENSFmGBdjnWGg5NqouYI.roa (raw, json)
Hash identifier: CvtdGpDGnIEThk2qtR3nRVqJ7XKDlnHvbjdMw3b5GEg=
Subject key identifier: 4A:15:F0:10:B3:44:35:21:66:18:17:63:9D:61:A0:E4:DA:A8:B9:82
Certificate issuer: /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial: 01976881F99678CD3FDF5DDDCE11B246254F
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ShXwELNENSFmGBdjnWGg5NqouYI.roa
Signing time: Fri 13 Jun 2025 08:57:17 +0000
ROA not before: Fri 13 Jun 2025 08:57:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12732
IP address blocks: 212.21.71.0/24 maxlen: 24
212.21.92.0/22 maxlen: 24
212.42.230.0/24 maxlen: 24
212.42.236.0/23 maxlen: 24
212.42.242.0/23 maxlen: 24
2001:bf0::/29 maxlen: 32
2001:bf0::/32 maxlen: 32
2001:bf0:40::/48 maxlen: 48
2001:bf0:69::/48 maxlen: 48
2001:bf1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.mft
rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 22:19:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:68:81:f9:96:78:cd:3f:df:5d:dd:ce:11:b2:46:25:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Validity
Not Before: Jun 13 08:57:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4a15f010b3443521661817639d61a0e4daa8b982
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b6:ee:47:47:dc:3b:15:a4:97:b5:19:c4:d0:
e3:6c:93:28:96:17:8f:0b:b9:d7:25:60:9c:f0:c9:
35:6f:29:1b:06:14:9e:df:32:95:31:cb:2f:1f:4b:
f1:b3:15:37:ae:86:18:67:11:af:12:c0:e3:19:6f:
08:4c:50:b7:de:4b:4e:99:8f:90:95:a8:36:1b:fe:
29:97:f3:c2:b7:4d:62:cf:99:58:01:06:de:4a:39:
8f:19:27:f1:41:48:7d:15:a9:f1:8b:c5:d7:d9:b2:
4a:83:ac:05:63:8b:c7:a8:15:af:f9:61:95:50:17:
30:57:7d:37:77:1f:99:82:96:3c:0c:e6:86:bc:fb:
03:35:dd:80:95:2d:97:24:d9:36:f9:86:21:07:d8:
37:74:7c:f8:49:ee:e5:08:86:7c:4d:ad:98:66:8f:
d9:14:21:ce:49:fe:25:e5:3b:7c:f9:54:15:7c:ad:
8a:1f:ff:6f:77:a6:7b:3d:18:a5:f6:50:aa:b7:f2:
7b:1e:33:34:11:5b:b0:c9:fc:03:cd:0d:da:8a:1f:
49:67:75:63:05:c7:4c:79:47:11:f3:99:b9:0d:90:
f1:09:9d:f5:a4:35:be:ef:f0:84:f1:fe:b8:e1:ea:
dd:10:76:f3:43:3b:74:16:13:dc:60:d3:a4:ad:49:
05:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:15:F0:10:B3:44:35:21:66:18:17:63:9D:61:A0:E4:DA:A8:B9:82
X509v3 Authority Key Identifier:
keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ShXwELNENSFmGBdjnWGg5NqouYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.21.71.0/24
212.21.92.0/22
212.42.230.0/24
212.42.236.0/23
212.42.242.0/23
IPv6:
2001:bf0::/29
Signature Algorithm: sha256WithRSAEncryption
99:28:ad:f9:e7:5d:ee:df:4d:f0:73:3c:cc:f5:eb:e1:a2:5e:
48:5e:b0:be:9b:ec:d9:77:d8:b5:4a:55:59:44:73:3d:e5:5a:
80:6a:10:26:c5:d4:22:35:5a:4a:bf:96:46:02:70:a5:8d:95:
ce:99:be:e0:22:da:05:93:3e:e8:f9:99:58:c6:ed:f2:dc:83:
60:e8:0c:1c:25:12:b8:79:12:a1:ca:65:ce:f5:af:71:13:ec:
32:5a:12:dd:e0:b2:61:8d:35:38:46:c4:66:e9:27:22:24:2e:
46:a1:bc:db:7b:65:bd:c4:86:c0:15:e6:19:4e:29:35:66:20:
63:fd:3f:75:c5:94:6a:30:02:56:08:73:f2:4d:07:83:49:c9:
ea:b2:28:bb:e2:3d:cb:d5:c0:c2:8c:d6:6e:18:70:3b:43:f1:
2d:4e:d5:23:39:6b:bc:28:af:31:81:18:70:06:02:9c:c4:9b:
0f:13:0c:9a:cb:fd:0e:27:02:a1:3b:30:f4:83:d5:97:b1:ad:
87:5c:a7:fa:61:d2:9e:c0:fc:57:3e:50:c2:19:aa:01:fc:f5:
9f:37:a0:9a:e0:28:ab:07:d7:54:6d:f9:55:aa:78:44:55:64:
e1:8b:eb:64:ff:09:46:3a:15:96:37:6e:97:0c:3f:74:ab:bc:
7c:a7:12:f2
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZdogfmWeM0/313dzhGyRiVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzE0OTI0NzNhNzhjNmZlOWY1MzlmOWZhN2QyMjUyNTYw
YTJiN2UwHhcNMjUwNjEzMDg1NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE1ZjAxMGIzNDQzNTIxNjYxODE3NjM5ZDYxYTBlNGRhYThiOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bbuR0fcOxWkl7UZxNDjbJMolheP
C7nXJWCc8Mk1bykbBhSe3zKVMcsvH0vxsxU3roYYZxGvEsDjGW8ITFC33ktOmY+Q
lag2G/4pl/PCt01iz5lYAQbeSjmPGSfxQUh9Fanxi8XX2bJKg6wFY4vHqBWv+WGV
UBcwV303dx+ZgpY8DOaGvPsDNd2AlS2XJNk2+YYhB9g3dHz4Se7lCIZ8Ta2YZo/Z
FCHOSf4l5Tt8+VQVfK2KH/9vd6Z7PRil9lCqt/J7HjM0EVuwyfwDzQ3aih9JZ3Vj
BcdMeUcR85m5DZDxCZ31pDW+7/CE8f644erdEHbzQzt0FhPcYNOkrUkFLwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEoV8BCzRDUhZhgXY51hoOTaqLmCMB8GA1UdIwQY
MBaAFP8xSSRzp4xv6fU5+fp9IlJWCit+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDct
NzNmZDNiYzE5YWE3LzEvU2hYd0VMTkVOU0ZtR0Jkam5XR2c1TnFvdVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDctNzNmZDNiYzE5YWE3
LzEvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQA1BVHAwQC
1BVcAwQA1CrmAwQB1CrsAwQB1CryMA0EAgACMAcDBQMgAQvwMA0GCSqGSIb3DQEB
CwUAA4IBAQCZKK35513u303wczzM9evhol5IXrC+m+zZd9i1SlVZRHM95VqAahAm
xdQiNVpKv5ZGAnCljZXOmb7gItoFkz7o+ZlYxu3y3INg6AwcJRK4eRKhymXO9a9x
E+wyWhLd4LJhjTU4RsRm6SciJC5Gobzbe2W9xIbAFeYZTik1ZiBj/T91xZRqMAJW
CHPyTQeDScnqsii74j3L1cDCjNZuGHA7Q/EtTtUjOWu8KK8xgRhwBgKcxJsPEwya
y/0OJwKhOzD0g9WXsa2HXKf6YdKewPxXPlDCGaoB/PWfN6Ca4CirB9dUbflVqnhE
VWThi+tk/wlGOhWWN26XDD90q7x8pxLy
-----END CERTIFICATE-----
Generated at Sun Jun 15 08:35:23 2025 by rpki-client