Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/b4Bg3C8yLnwhHAdBQw5sKUy_31w.roa
File: b4Bg3C8yLnwhHAdBQw5sKUy_31w.roa (raw, json)
Hash identifier: hVVvprBUndrQW0sDkipdwCtFpl7nrY4xlGhjcSamk+Q=
Subject key identifier: 6F:80:60:DC:2F:32:2E:7C:21:1C:07:41:43:0E:6C:29:4C:BF:DF:5C
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 01989E2BC279C9E0CA6AD490467341CA9D0E
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/b4Bg3C8yLnwhHAdBQw5sKUy_31w.roa
Signing time: Tue 12 Aug 2025 12:05:24 +0000
ROA not before: Tue 12 Aug 2025 12:05:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5413
IP address blocks: 5.22.224.0/21 maxlen: 24
45.83.76.0/22 maxlen: 24
62.44.64.0/19 maxlen: 24
62.69.32.0/19 maxlen: 24
62.72.128.0/19 maxlen: 24
62.105.64.0/18 maxlen: 24
62.232.0.0/16 maxlen: 24
77.44.0.0/17 maxlen: 24
77.73.120.0/21 maxlen: 24
77.107.128.0/18 maxlen: 24
78.41.208.0/21 maxlen: 24
78.141.0.0/18 maxlen: 24
80.64.48.0/20 maxlen: 24
80.69.128.0/20 maxlen: 24
80.89.80.0/20 maxlen: 24
80.234.128.0/17 maxlen: 24
82.195.96.0/19 maxlen: 24
83.219.32.0/19 maxlen: 24
89.145.192.0/18 maxlen: 24
93.92.120.0/21 maxlen: 24
93.95.104.0/21 maxlen: 24
94.30.0.0/17 maxlen: 24
109.170.128.0/17 maxlen: 24
130.185.64.0/21 maxlen: 24
176.35.0.0/16 maxlen: 24
185.3.76.0/22 maxlen: 24
185.138.152.0/22 maxlen: 24
185.196.204.0/22 maxlen: 24
193.41.96.0/21 maxlen: 24
193.192.64.0/19 maxlen: 24
193.242.113.0/24 maxlen: 24
193.242.115.0/24 maxlen: 24
193.242.116.0/24 maxlen: 24
194.1.210.0/24 maxlen: 24
194.79.240.0/22 maxlen: 24
194.126.64.0/19 maxlen: 24
194.143.160.0/19 maxlen: 24
194.153.0.0/19 maxlen: 24
194.154.160.0/19 maxlen: 24
195.38.64.0/19 maxlen: 24
195.70.64.0/19 maxlen: 24
195.147.0.0/16 maxlen: 24
195.224.0.0/16 maxlen: 24
195.226.32.0/19 maxlen: 24
212.19.64.0/19 maxlen: 24
212.35.224.0/19 maxlen: 24
212.88.32.0/19 maxlen: 24
212.102.214.0/24 maxlen: 24
212.103.224.0/19 maxlen: 24
212.241.128.0/17 maxlen: 24
213.205.128.0/18 maxlen: 24
217.67.48.0/20 maxlen: 24
2001:b98::/29 maxlen: 29
2001:b98::/32 maxlen: 32
2a04:b2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 14:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:9e:2b:c2:79:c9:e0:ca:6a:d4:90:46:73:41:ca:9d:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Aug 12 12:05:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6f8060dc2f322e7c211c0741430e6c294cbfdf5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:15:12:fb:63:70:47:c5:b2:6f:6d:02:de:14:
30:81:b4:56:52:05:97:56:6a:5f:9c:2d:53:e7:71:
07:8f:54:c5:b6:68:c7:7c:f3:c2:ae:8e:8b:af:66:
3a:eb:78:8c:e2:43:58:14:4c:85:76:96:5c:1a:f4:
f6:35:dd:94:8f:e9:01:59:70:bb:7b:bd:96:05:d1:
11:6f:97:14:9a:c2:2f:4a:8d:f5:4e:02:d7:8d:a4:
e3:d6:0e:d9:b5:1b:54:79:16:2b:64:4a:d3:fc:af:
8d:57:39:8e:1c:34:36:90:37:4f:d6:c5:cb:a2:a9:
b4:d5:77:40:46:84:dc:e8:82:ba:a3:4b:2a:05:20:
3c:56:f9:eb:5e:be:e2:78:b9:77:dc:a7:c5:9e:36:
c8:5a:a8:32:11:1f:3d:e4:2b:e1:9d:b8:08:75:b9:
e9:aa:b1:72:f5:92:41:48:79:81:7d:ae:c5:c1:9f:
38:97:8e:c8:ed:22:1e:60:b4:b5:e5:3e:dc:c1:58:
ab:99:77:41:55:eb:dc:6e:ec:4a:91:1b:1d:19:e2:
55:1f:5d:3e:6e:36:d2:6a:d7:8a:13:40:dd:0e:4b:
d0:1c:6b:67:13:92:69:0a:2d:5f:e2:5d:ce:0f:32:
59:b3:ee:a9:3c:53:7d:b6:f3:3d:2b:d5:63:47:51:
87:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:80:60:DC:2F:32:2E:7C:21:1C:07:41:43:0E:6C:29:4C:BF:DF:5C
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/b4Bg3C8yLnwhHAdBQw5sKUy_31w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.224.0/21
45.83.76.0/22
62.44.64.0/19
62.69.32.0/19
62.72.128.0/19
62.105.64.0/18
62.232.0.0/16
77.44.0.0/17
77.73.120.0/21
77.107.128.0/18
78.41.208.0/21
78.141.0.0/18
80.64.48.0/20
80.69.128.0/20
80.89.80.0/20
80.234.128.0/17
82.195.96.0/19
83.219.32.0/19
89.145.192.0/18
93.92.120.0/21
93.95.104.0/21
94.30.0.0/17
109.170.128.0/17
130.185.64.0/21
176.35.0.0/16
185.3.76.0/22
185.138.152.0/22
185.196.204.0/22
193.41.96.0/21
193.192.64.0/19
193.242.113.0/24
193.242.115.0-193.242.116.255
194.1.210.0/24
194.79.240.0/22
194.126.64.0/19
194.143.160.0/19
194.153.0.0/19
194.154.160.0/19
195.38.64.0/19
195.70.64.0/19
195.147.0.0/16
195.224.0.0/16
195.226.32.0/19
212.19.64.0/19
212.35.224.0/19
212.88.32.0/19
212.102.214.0/24
212.103.224.0/19
212.241.128.0/17
213.205.128.0/18
217.67.48.0/20
IPv6:
2001:b98::/29
2a04:b2c0::/29
Signature Algorithm: sha256WithRSAEncryption
46:fd:d9:8b:9d:d3:45:b3:15:48:83:15:38:e5:a1:4d:4e:76:
1b:21:83:36:80:53:66:98:0c:12:a1:70:ca:f9:31:2e:4f:e7:
2b:f8:d4:bb:6e:05:2e:74:30:86:e4:dc:1f:0c:86:d6:27:94:
3f:7c:80:49:bb:80:e0:61:b2:64:d8:24:20:24:0f:c9:61:d7:
78:e7:1e:a8:09:18:e8:b0:6a:08:1e:ea:40:4d:44:7b:d4:e5:
aa:35:18:a2:f8:6c:99:75:3a:54:92:3a:fc:7b:a0:3f:fd:a0:
ea:a1:6a:04:4b:e9:10:23:15:b2:7c:9b:6d:20:f0:e6:dc:e0:
74:81:59:4a:73:b1:8c:8a:a5:2d:41:6b:7a:be:8e:63:d3:f6:
be:c4:96:73:bb:a5:59:43:fe:d7:b2:1b:fc:0d:9d:09:21:35:
fe:41:fe:6d:9d:1d:77:dd:73:0a:16:d0:36:1c:eb:3c:17:76:
81:4f:09:cd:94:a2:a1:43:6e:ef:85:c0:a6:7f:07:bb:10:f4:
06:a3:3a:30:d5:65:1d:59:59:70:65:8c:7b:d5:d3:b0:7b:76:
b4:d4:bd:5d:e2:1f:78:28:6b:8c:12:e7:6f:28:5f:89:c2:48:
11:bb:34:90:c7:0b:c7:2e:70:12:b1:e0:5b:f1:b7:39:0c:a3:
2a:1a:39:14
-----BEGIN CERTIFICATE-----
MIIGTTCCBTWgAwIBAgISAZieK8J5yeDKatSQRnNByp0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwODEyMTIwNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjgwNjBkYzJmMzIyZTdjMjExYzA3NDE0MzBlNmMyOTRjYmZkZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBUS+2NwR8Wyb20C3hQwgbRWUgWX
VmpfnC1T53EHj1TFtmjHfPPCro6Lr2Y663iM4kNYFEyFdpZcGvT2Nd2Uj+kBWXC7
e72WBdERb5cUmsIvSo31TgLXjaTj1g7ZtRtUeRYrZErT/K+NVzmOHDQ2kDdP1sXL
oqm01XdARoTc6IK6o0sqBSA8VvnrXr7ieLl33KfFnjbIWqgyER895CvhnbgIdbnp
qrFy9ZJBSHmBfa7FwZ84l47I7SIeYLS15T7cwVirmXdBVevcbuxKkRsdGeJVH10+
bjbSateKE0DdDkvQHGtnE5JpCi1f4l3ODzJZs+6pPFN9tvM9K9VjR1GHWwIDAQAB
o4IDWTCCA1UwHQYDVR0OBBYEFG+AYNwvMi58IRwHQUMObClMv99cMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvYjRCZzNDOHlMbndoSEFkQlF3NXNLVXlfMzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBbQYIKwYBBQUHAQcBAf8EggFcMIIBWDCCAT4EAgABMIIB
NgMEAwUW4AMEAi1TTAMEBT4sQAMEBT5FIAMEBT5IgAMEBj5pQAMDAD7oAwQHTSwA
AwQDTUl4AwQGTWuAAwQDTinQAwQGTo0AAwQEUEAwAwQEUEWAAwQEUFlQAwQHUOqA
AwQFUsNgAwQFU9sgAwQGWZHAAwQDXVx4AwQDXV9oAwQHXh4AAwQHbaqAAwQDgrlA
AwMAsCMDBAK5A0wDBAK5ipgDBAK5xMwDBAPBKWADBAXBwEADBADB8nEwDAMEAMHy
cwMEAMHydAMEAMIB0gMEAsJP8AMEBcJ+QAMEBcKPoAMEBcKZAAMEBcKaoAMEBcMm
QAMEBcNGQAMDAMOTAwMAw+ADBAXD4iADBAXUE0ADBAXUI+ADBAXUWCADBADUZtYD
BAXUZ+ADBAfU8YADBAbVzYADBATZQzAwFAQCAAIwDgMFAyABC5gDBQMqBLLAMA0G
CSqGSIb3DQEBCwUAA4IBAQBG/dmLndNFsxVIgxU45aFNTnYbIYM2gFNmmAwSoXDK
+TEuT+cr+NS7bgUudDCG5NwfDIbWJ5Q/fIBJu4DgYbJk2CQgJA/JYdd45x6oCRjo
sGoIHupATUR71OWqNRii+GyZdTpUkjr8e6A//aDqoWoES+kQIxWyfJttIPDm3OB0
gVlKc7GMiqUtQWt6vo5j0/a+xJZzu6VZQ/7Xshv8DZ0JITX+Qf5tnR133XMKFtA2
HOs8F3aBTwnNlKKhQ27vhcCmfwe7EPQGozow1WUdWVlwZYx71dOwe3a01L1d4h94
KGuMEudvKF+JwkgRuzSQxwvHLnASseBb8bc5DKMqGjkU
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:26:36 2025 by rpki-client