Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PaLAmRJ_3zTHmfmd-CxJizQC6fw.roa
File: PaLAmRJ_3zTHmfmd-CxJizQC6fw.roa (raw, json)
Hash identifier: h7oAzJfGoLEAtxPC18QAzcbsjFJmDfQaTy7XRGBW6ss=
Subject key identifier: 3D:A2:C0:99:12:7F:DF:34:C7:99:F9:9D:F8:2C:49:8B:34:02:E9:FC
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01978D2BBE36E35753B9AA2B3AD458C3947C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PaLAmRJ_3zTHmfmd-CxJizQC6fw.roa
Signing time: Fri 20 Jun 2025 11:49:03 +0000
ROA not before: Fri 20 Jun 2025 11:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8851
IP address blocks: 37.98.144.0/21 maxlen: 24
37.98.144.0/22 maxlen: 24
37.252.24.0/21 maxlen: 24
77.93.128.0/19 maxlen: 24
77.107.64.0/18 maxlen: 24
79.99.72.0/21 maxlen: 24
79.99.144.0/21 maxlen: 24
80.240.80.0/20 maxlen: 24
81.5.128.0/18 maxlen: 24
81.168.0.0/17 maxlen: 24
82.152.0.0/15 maxlen: 24
82.152.0.0/16 maxlen: 24
82.163.0.0/19 maxlen: 24
85.159.128.0/21 maxlen: 24
89.28.232.0/21 maxlen: 24
89.31.232.0/21 maxlen: 24
89.213.48.0/20 maxlen: 24
89.213.64.0/18 maxlen: 24
89.213.192.0/18 maxlen: 24
95.130.96.0/21 maxlen: 24
109.176.0.0/16 maxlen: 24
158.255.8.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
185.24.84.0/24 maxlen: 24
185.24.86.0/23 maxlen: 24
185.101.44.0/22 maxlen: 24
193.27.212.0/23 maxlen: 24
194.105.64.0/19 maxlen: 24
195.128.138.0/24 maxlen: 24
212.38.64.0/19 maxlen: 24
213.130.128.0/19 maxlen: 24
213.152.32.0/19 maxlen: 24
213.210.0.0/18 maxlen: 24
213.218.208.0/20 maxlen: 24
213.218.224.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
2001:1a90::/32 maxlen: 48
2a00:c60::/32 maxlen: 48
2a00:1c40::/29 maxlen: 48
2a02:21f8::/32 maxlen: 48
2a02:6f80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 04 Jul 2025 05:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:8d:2b:be:36:e3:57:53:b9:aa:2b:3a:d4:58:c3:94:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 20 11:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3da2c099127fdf34c799f99df82c498b3402e9fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:9f:99:15:5b:45:76:9b:31:05:50:24:05:d6:
d0:2a:56:c8:78:e1:dc:a0:b2:a3:74:24:0e:dd:91:
90:e4:eb:80:05:7c:b3:e1:7d:f3:f1:e7:40:18:81:
11:73:ba:32:1b:d1:e6:d9:57:02:7a:9b:a4:42:d7:
18:fa:39:f9:18:3e:21:df:37:6d:ed:30:fd:9b:3e:
e9:91:90:2b:15:35:32:60:27:09:a0:71:33:bf:e3:
53:a3:6a:fc:ca:f9:d5:d5:7b:8e:02:5b:86:48:c9:
15:eb:e0:65:b7:fc:67:d0:6e:a8:da:e2:dd:10:33:
f8:36:bd:bc:df:f0:61:d4:53:35:8e:b8:38:77:84:
83:e5:37:ca:80:f5:0d:ac:1c:2b:23:cf:b6:c1:63:
85:dd:1e:4c:66:00:2c:0f:f3:67:43:e2:f9:03:66:
c5:91:13:fa:81:0e:44:cd:d3:b7:15:f1:fe:91:db:
a7:04:de:3c:ce:de:d2:d9:31:0d:79:a1:76:91:cb:
1f:b6:61:15:11:c1:2f:17:a3:fe:6f:d4:c7:63:ab:
fa:92:b1:5d:8c:cf:c6:ab:8d:4c:f2:f6:09:51:d0:
ca:b5:d1:a0:88:14:17:c6:28:2e:30:68:f0:d6:45:
47:d8:f1:d8:30:57:f9:e5:67:bf:f9:ff:c6:c6:bd:
d8:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:A2:C0:99:12:7F:DF:34:C7:99:F9:9D:F8:2C:49:8B:34:02:E9:FC
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PaLAmRJ_3zTHmfmd-CxJizQC6fw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.93.128.0/19
77.107.64.0/18
79.99.72.0/21
79.99.144.0/21
80.240.80.0/20
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
82.163.0.0/19
85.159.128.0/21
89.28.232.0/21
89.31.232.0/21
89.213.48.0-89.213.127.255
89.213.192.0/18
95.130.96.0/21
109.176.0.0/16
158.255.8.0/21
185.20.32.0/22
185.24.84.0/24
185.24.86.0/23
185.101.44.0/22
193.27.212.0/23
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.152.32.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a00:1c40::/29
2a02:21f8::/32
2a02:6f80::/29
Signature Algorithm: sha256WithRSAEncryption
14:53:26:eb:37:f2:62:9d:a7:97:bc:83:ca:3a:d4:87:09:e7:
6b:9a:49:f6:5c:2b:f7:9b:92:cf:a0:bc:26:18:ab:de:df:e8:
12:53:be:d2:bd:43:ce:a7:fc:e4:e8:89:e3:7b:5a:ee:c6:77:
c7:89:99:9d:78:bb:66:9b:97:86:45:51:94:66:1a:54:79:b7:
91:cc:a3:16:08:97:7d:fe:fa:a1:1e:5f:2e:d1:33:d7:4b:a6:
a0:63:a7:17:3d:b6:59:66:0a:b2:50:5b:d1:58:53:4a:90:4c:
5b:77:e2:d2:d8:3f:f8:a2:a9:b0:ca:31:94:f6:95:96:c4:a2:
8b:a6:1c:1e:67:c2:30:02:c8:56:2f:5b:5e:55:d6:28:ab:c7:
58:a9:a2:43:dd:5a:e1:6b:6d:5a:04:2e:b8:a1:e2:72:cf:fb:
96:5d:28:af:ca:29:ab:5e:be:eb:4d:83:93:36:23:9d:97:b7:
ee:2f:e1:47:c8:78:99:54:59:c3:9b:68:22:9b:3b:be:d6:48:
fe:3d:78:a2:f8:f1:d0:b9:b2:e3:59:e7:e4:31:c1:34:b3:96:
89:1d:ee:63:b7:75:c9:c7:2f:55:91:a6:9d:95:2e:be:01:59:
a7:d6:c8:51:88:7c:87:76:34:e9:d8:78:68:93:58:17:53:fc:
cd:5c:b9:cd
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISAZeNK74241dTuaorOtRYw5R8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjIwMTE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGEyYzA5OTEyN2ZkZjM0Yzc5OWY5OWRmODJjNDk4YjM0MDJlOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp+ZFVtFdpsxBVAkBdbQKlbIeOHc
oLKjdCQO3ZGQ5OuABXyz4X3z8edAGIERc7oyG9Hm2VcCepukQtcY+jn5GD4h3zdt
7TD9mz7pkZArFTUyYCcJoHEzv+NTo2r8yvnV1XuOAluGSMkV6+Blt/xn0G6o2uLd
EDP4Nr283/Bh1FM1jrg4d4SD5TfKgPUNrBwrI8+2wWOF3R5MZgAsD/NnQ+L5A2bF
kRP6gQ5EzdO3FfH+kdunBN48zt7S2TENeaF2kcsftmEVEcEvF6P+b9THY6v6krFd
jM/Gq41M8vYJUdDKtdGgiBQXxiguMGjw1kVH2PHYMFf55We/+f/Gxr3YfQIDAQAB
o4IDCTCCAwUwHQYDVR0OBBYEFD2iwJkSf980x5n5nfgsSYs0Aun8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUGFMQW1SSl8zelRIbWZtZC1DeEppelFDNmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHQYIKwYBBQUHAQcBAf8EggEMMIIBCDCB2gQCAAEwgdMD
BAMlYpADBAMl/BgDBAVNXYADBAZNa0ADBANPY0gDBANPY5ADBARQ8FADBAZRBYAD
BAdRqAADAwFSmAMEBVKjAAMEA1WfgAMEA1kc6AMEA1kf6DAMAwQEWdUwAwQHWdUA
AwQGWdXAAwQDX4JgAwMAbbADBAOe/wgDBAK5FCADBAC5GFQDBAG5GFYDBAK5ZSwD
BAHBG9QDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV0gAwCwMEBNXa
0AMDANXaAwQE2ZCQAwQE2ZFAMCkEAgACMCMDBQAgARqQAwUAKgAMYAMFAyoAHEAD
BQAqAiH4AwUDKgJvgDANBgkqhkiG9w0BAQsFAAOCAQEAFFMm6zfyYp2nl7yDyjrU
hwnna5pJ9lwr95uSz6C8Jhir3t/oElO+0r1Dzqf85OiJ43ta7sZ3x4mZnXi7ZpuX
hkVRlGYaVHm3kcyjFgiXff76oR5fLtEz10umoGOnFz22WWYKslBb0VhTSpBMW3fi
0tg/+KKpsMoxlPaVlsSii6YcHmfCMALIVi9bXlXWKKvHWKmiQ91a4WttWgQuuKHi
cs/7ll0or8opq16+602DkzYjnZe37i/hR8h4mVRZw5toIps7vtZI/j14ovjx0Lmy
41nn5DHBNLOWiR3uY7d1yccvVZGmnZUuvgFZp9bIUYh8h3Y06dh4aJNYF1P8zVy5
zQ==
-----END CERTIFICATE-----
Generated at Thu Jul 3 14:46:46 2025 by rpki-client