Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/piqGQMX4oirPFvgG8Iq_EgyaZlA.roa
File: piqGQMX4oirPFvgG8Iq_EgyaZlA.roa (raw, json)
Hash identifier: bp50gBIVG7X/XZgCWoEMLtteWAtAXpTyJaa7OoH3Wr8=
Subject key identifier: A6:2A:86:40:C5:F8:A2:2A:CF:16:F8:06:F0:8A:BF:12:0C:9A:66:50
Certificate issuer: /CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Certificate serial: 0198D23808595B82C3D9C1553D7E76591007
Authority key identifier: 10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/piqGQMX4oirPFvgG8Iq_EgyaZlA.roa
Signing time: Fri 22 Aug 2025 14:39:04 +0000
ROA not before: Fri 22 Aug 2025 14:39:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8685
IP address blocks: 81.21.160.0/20 maxlen: 24
81.21.160.0/21 maxlen: 21
81.21.160.0/24 maxlen: 24
81.21.161.0/24 maxlen: 24
81.21.162.0/24 maxlen: 24
81.21.163.0/24 maxlen: 24
81.21.164.0/22 maxlen: 22
81.21.164.0/24 maxlen: 24
81.21.165.0/24 maxlen: 24
81.21.166.0/24 maxlen: 24
81.21.167.0/24 maxlen: 24
81.21.168.0/21 maxlen: 24
81.21.168.0/24 maxlen: 24
81.21.169.0/24 maxlen: 24
81.21.170.0/23 maxlen: 23
81.21.170.0/24 maxlen: 24
81.21.171.0/24 maxlen: 24
81.21.172.0/24 maxlen: 24
81.21.173.0/24 maxlen: 24
81.21.174.0/24 maxlen: 24
81.21.175.0/24 maxlen: 24
82.151.128.0/19 maxlen: 24
82.151.128.0/20 maxlen: 20
82.151.128.0/24 maxlen: 24
82.151.129.0/24 maxlen: 24
82.151.131.0/24 maxlen: 24
82.151.132.0/24 maxlen: 24
82.151.133.0/24 maxlen: 24
82.151.134.0/24 maxlen: 24
82.151.135.0/24 maxlen: 24
82.151.138.0/24 maxlen: 24
82.151.140.0/24 maxlen: 24
82.151.142.0/24 maxlen: 24
82.151.143.0/24 maxlen: 24
82.151.144.0/20 maxlen: 20
82.151.144.0/24 maxlen: 24
82.151.154.0/23 maxlen: 24
94.102.64.0/20 maxlen: 24
94.102.64.0/21 maxlen: 21
94.102.70.0/23 maxlen: 24
94.102.72.0/21 maxlen: 24
94.102.76.0/24 maxlen: 24
185.58.244.0/22 maxlen: 24
212.2.192.0/19 maxlen: 24
212.2.192.0/21 maxlen: 21
212.2.192.0/24 maxlen: 24
212.2.193.0/24 maxlen: 24
212.2.194.0/24 maxlen: 24
212.2.195.0/24 maxlen: 24
212.2.196.0/24 maxlen: 24
212.2.197.0/24 maxlen: 24
212.2.198.0/24 maxlen: 24
212.2.199.0/24 maxlen: 24
212.2.204.0/22 maxlen: 22
212.2.204.0/23 maxlen: 23
212.2.204.0/24 maxlen: 24
212.2.205.0/24 maxlen: 24
212.2.206.0/24 maxlen: 24
212.2.208.0/24 maxlen: 24
212.2.209.0/24 maxlen: 24
212.2.210.0/24 maxlen: 24
212.2.211.0/24 maxlen: 24
212.2.212.0/23 maxlen: 23
212.2.212.0/24 maxlen: 24
212.2.213.0/24 maxlen: 24
212.2.215.0/24 maxlen: 24
212.2.216.0/21 maxlen: 21
212.2.216.0/24 maxlen: 24
212.2.217.0/24 maxlen: 24
212.2.222.0/24 maxlen: 24
212.58.0.0/19 maxlen: 24
212.58.0.0/21 maxlen: 21
212.58.0.0/24 maxlen: 24
212.58.8.0/21 maxlen: 24
212.58.13.0/24 maxlen: 24
212.58.16.0/21 maxlen: 24
212.58.16.0/24 maxlen: 24
212.58.18.0/24 maxlen: 24
212.58.24.0/21 maxlen: 24
212.58.28.0/24 maxlen: 24
212.58.31.0/24 maxlen: 24
213.155.96.0/19 maxlen: 19
213.155.96.0/21 maxlen: 21
213.155.99.0/24 maxlen: 24
213.155.102.0/24 maxlen: 24
213.155.103.0/24 maxlen: 24
213.155.104.0/21 maxlen: 24
213.155.112.0/21 maxlen: 24
213.155.120.0/23 maxlen: 24
213.155.121.0/24 maxlen: 24
213.155.122.0/23 maxlen: 24
213.155.124.0/22 maxlen: 24
2a02:480::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.mft
rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d2:38:08:59:5b:82:c3:d9:c1:55:3d:7e:76:59:10:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Validity
Not Before: Aug 22 14:39:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a62a8640c5f8a22acf16f806f08abf120c9a6650
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b0:36:69:87:e3:24:25:74:1f:ed:87:f4:be:
87:e4:bf:1b:0b:6e:44:5b:b1:bb:95:f3:d9:54:b5:
dc:9c:df:cf:7d:f2:36:a7:e2:9d:12:d2:28:3f:97:
fa:b6:50:20:69:03:5f:59:49:7e:82:53:3a:af:fd:
f6:b7:db:ad:b1:85:10:5f:95:a4:ae:38:32:45:79:
f7:d4:bc:6c:7a:2d:06:60:e0:4c:5e:a5:aa:18:19:
e3:b5:70:07:03:19:b6:80:0e:01:c0:f2:b0:ce:a3:
9d:7e:2f:4b:33:e4:b7:58:ec:20:57:2e:4d:7d:ca:
31:56:c3:65:ae:c5:b6:c4:b6:91:54:8c:94:e6:f9:
39:21:4e:04:1d:0e:f0:d4:f5:65:84:b2:34:ed:57:
5e:e1:82:80:96:d5:44:c8:4e:34:59:26:d5:68:7e:
34:a6:f7:14:6f:7d:32:d9:3f:ee:46:d5:8b:70:25:
b1:f8:ce:f6:82:d8:c9:1b:78:19:03:2d:21:52:dd:
3d:f1:7d:92:2c:b0:7c:c9:6f:8d:ab:75:88:1b:bc:
db:19:1f:7e:6d:bf:31:5b:3c:e6:60:6d:b3:ba:d5:
50:3d:57:9a:cc:4f:77:99:4b:25:c6:4f:da:ec:53:
b1:c4:0c:22:86:ee:2c:85:d2:50:ef:87:f6:41:61:
f5:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:2A:86:40:C5:F8:A2:2A:CF:16:F8:06:F0:8A:BF:12:0C:9A:66:50
X509v3 Authority Key Identifier:
keyid:10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/piqGQMX4oirPFvgG8Iq_EgyaZlA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.160.0/20
82.151.128.0/19
94.102.64.0/20
185.58.244.0/22
212.2.192.0/19
212.58.0.0/19
213.155.96.0/19
IPv6:
2a02:480::/32
Signature Algorithm: sha256WithRSAEncryption
9b:a9:24:71:ad:21:fc:b3:38:1e:77:27:39:65:58:d0:c0:ce:
fc:8d:12:73:9b:51:a5:0d:87:23:55:e2:60:48:06:7c:db:7b:
01:03:7a:46:f6:63:c0:c1:1d:ee:16:0e:74:cb:3a:52:59:73:
3a:23:8b:bd:eb:f0:36:34:f7:44:48:4a:42:71:56:18:5b:df:
00:dd:3c:37:e9:20:d9:fb:50:41:1f:0a:5b:33:61:2d:e0:15:
43:18:c6:43:80:45:d4:e8:0b:4a:b9:79:7a:c0:f2:5b:77:74:
72:f1:cb:27:ac:27:f5:3e:2b:b2:18:b3:19:fc:02:8b:44:0a:
21:f2:f8:52:0c:a6:86:da:93:ad:38:99:5f:ce:fe:a2:a8:22:
50:50:cd:d9:c0:c7:b4:f0:3e:49:ce:ff:8d:44:24:a5:02:3a:
8d:95:b6:08:4d:be:ea:87:4d:0a:3f:34:9a:8b:6a:4e:12:9e:
12:30:15:4a:36:ac:f6:04:96:2a:60:e3:9c:81:c9:40:52:c7:
fa:9d:b1:c7:56:00:84:98:f6:30:3a:de:63:d0:f5:7d:d9:cf:
3c:56:28:d4:ab:7f:db:1a:2d:ef:1b:4f:0a:f5:12:86:e4:c9:
f5:a3:92:5f:16:b6:45:3f:0a:78:7b:b4:f2:d1:eb:e0:41:3a:
62:c1:d2:f6
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZjSOAhZW4LD2cFVPX52WRAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzRkYjk2NDAyZmY1Y2YxODc1NjQ1NjBlYThmMTNlZWVi
NWZmZWIwHhcNMjUwODIyMTQzOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJhODY0MGM1ZjhhMjJhY2YxNmY4MDZmMDhhYmYxMjBjOWE2NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7A2aYfjJCV0H+2H9L6H5L8bC25E
W7G7lfPZVLXcnN/PffI2p+KdEtIoP5f6tlAgaQNfWUl+glM6r/32t9utsYUQX5Wk
rjgyRXn31Lxsei0GYOBMXqWqGBnjtXAHAxm2gA4BwPKwzqOdfi9LM+S3WOwgVy5N
fcoxVsNlrsW2xLaRVIyU5vk5IU4EHQ7w1PVlhLI07Vde4YKAltVEyE40WSbVaH40
pvcUb30y2T/uRtWLcCWx+M72gtjJG3gZAy0hUt098X2SLLB8yW+Nq3WIG7zbGR9+
bb8xWzzmYG2zutVQPVeazE93mUslxk/a7FOxxAwihu4shdJQ74f2QWH1aQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKYqhkDF+KIqzxb4BvCKvxIMmmZQMB8GA1UdIwQY
MBaAFBB025ZAL/XPGHVkVg6o8T7utf/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEt
YWI0MGI1OGEyODkyLzEvcGlxR1FNWDRvaXJQRnZnRzhJcV9FZ3lhWmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEtYWI0MGI1OGEyODky
LzEvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEURWgAwQF
UpeAAwQEXmZAAwQCuTr0AwQF1ALAAwQF1DoAAwQF1ZtgMA0EAgACMAcDBQAqAgSA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbqSRxrSH8szgedyc5ZVjQwM78jRJzm1GlDYcj
VeJgSAZ823sBA3pG9mPAwR3uFg50yzpSWXM6I4u96/A2NPdESEpCcVYYW98A3Tw3
6SDZ+1BBHwpbM2Et4BVDGMZDgEXU6AtKuXl6wPJbd3Ry8csnrCf1PiuyGLMZ/AKL
RAoh8vhSDKaG2pOtOJlfzv6iqCJQUM3ZwMe08D5Jzv+NRCSlAjqNlbYITb7qh00K
PzSai2pOEp4SMBVKNqz2BJYqYOOcgclAUsf6nbHHVgCEmPYwOt5j0PV92c88VijU
q3/bGi3vG08K9RKG5Mn1o5JfFrZFPwp4e7Ty0evgQTpiwdL2
-----END CERTIFICATE-----
Generated at Sun Aug 24 06:28:17 2025 by rpki-client