Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/680g9QNm1e-ThM3i1QaScS4bSbw.roa
File: 680g9QNm1e-ThM3i1QaScS4bSbw.roa (raw, json)
Hash identifier: npGuthO7au6knt0v4xQS1R1nwKbXpzRRvDz8rwf17yQ=
Subject key identifier: EB:CD:20:F5:03:66:D5:EF:93:84:CD:E2:D5:06:92:71:2E:1B:49:BC
Certificate issuer: /CN=50f2d6b21660fad1f60e2df9d0bd7c6ccf95c311
Certificate serial: 01975F5B23790F65DE28AC8E670C1AA2B02D
Authority key identifier: 50:F2:D6:B2:16:60:FA:D1:F6:0E:2D:F9:D0:BD:7C:6C:CF:95:C3:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UPLWshZg-tH2Di350L18bM-VwxE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/680g9QNm1e-ThM3i1QaScS4bSbw.roa
Signing time: Wed 11 Jun 2025 14:18:17 +0000
ROA not before: Wed 11 Jun 2025 14:18:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41722
IP address blocks: 91.142.80.0/24 maxlen: 24
91.142.81.0/24 maxlen: 24
91.142.82.0/24 maxlen: 24
91.142.83.0/24 maxlen: 24
91.142.84.0/24 maxlen: 24
91.142.85.0/24 maxlen: 24
91.142.86.0/24 maxlen: 24
91.142.87.0/24 maxlen: 24
91.142.88.0/24 maxlen: 24
91.142.89.0/24 maxlen: 24
91.142.90.0/24 maxlen: 24
91.142.91.0/24 maxlen: 24
91.142.92.0/24 maxlen: 24
91.142.93.0/24 maxlen: 24
91.142.94.0/24 maxlen: 24
91.142.95.0/24 maxlen: 24
178.249.68.0/24 maxlen: 24
178.249.69.0/24 maxlen: 24
178.249.70.0/24 maxlen: 24
178.249.71.0/24 maxlen: 24
178.250.152.0/24 maxlen: 24
178.250.153.0/24 maxlen: 24
178.250.154.0/24 maxlen: 24
178.250.155.0/24 maxlen: 24
185.53.20.0/24 maxlen: 24
185.53.21.0/24 maxlen: 24
185.53.22.0/24 maxlen: 24
185.53.23.0/24 maxlen: 24
185.73.212.0/24 maxlen: 24
185.73.213.0/24 maxlen: 24
185.73.214.0/24 maxlen: 24
185.73.215.0/24 maxlen: 24
185.147.80.0/24 maxlen: 24
185.147.81.0/24 maxlen: 24
185.147.82.0/24 maxlen: 24
185.147.83.0/24 maxlen: 24
185.162.92.0/24 maxlen: 24
185.162.93.0/24 maxlen: 24
185.162.94.0/24 maxlen: 24
185.162.95.0/24 maxlen: 24
185.174.164.0/24 maxlen: 24
185.174.165.0/24 maxlen: 24
2a03:21c0::/32 maxlen: 32
2a07:a500::/32 maxlen: 32
2a07:a501::/32 maxlen: 32
2a07:a502::/32 maxlen: 32
2a07:a503::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/UPLWshZg-tH2Di350L18bM-VwxE.crl
rsync://rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/UPLWshZg-tH2Di350L18bM-VwxE.mft
rsync://rpki.ripe.net/repository/DEFAULT/UPLWshZg-tH2Di350L18bM-VwxE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5f:5b:23:79:0f:65:de:28:ac:8e:67:0c:1a:a2:b0:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50f2d6b21660fad1f60e2df9d0bd7c6ccf95c311
Validity
Not Before: Jun 11 14:18:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ebcd20f50366d5ef9384cde2d50692712e1b49bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:7f:77:48:47:4f:71:a5:d1:1d:af:a9:66:38:
bf:1c:a1:80:c8:59:9f:42:02:42:08:99:66:17:2b:
a6:f5:69:7c:1c:af:4b:7c:19:6d:d6:82:4a:64:65:
63:a3:6f:aa:80:30:a0:9e:eb:9f:f8:58:f8:f2:ef:
bf:a2:3a:d1:3a:71:a4:2d:d6:95:de:d4:56:13:82:
26:df:a2:69:25:55:86:9b:af:2f:f1:cc:90:dd:85:
ff:7a:1c:ed:84:42:cc:0d:02:a6:22:64:be:d0:72:
e0:54:7f:59:3d:00:50:65:97:d1:42:5a:aa:b2:b0:
0c:c0:85:0c:59:5d:37:b5:9b:9c:0d:f5:71:7c:18:
dd:ca:c8:fa:dd:2f:bb:a6:a5:ae:95:27:d0:fb:03:
9b:6b:fc:9d:19:cc:86:68:15:ed:72:d8:b0:24:6f:
2b:3b:74:57:2a:7c:f7:07:83:10:68:60:db:23:34:
c2:f0:ee:17:af:60:e3:a0:97:82:3f:1d:ff:a3:c7:
79:73:9e:50:86:2d:49:ee:22:32:b0:3d:ec:c8:3f:
ba:17:3b:92:f7:96:bf:26:bc:7a:01:22:76:93:f9:
c1:18:4e:89:33:fb:6a:72:e1:30:e8:de:c2:e8:61:
51:56:45:8f:77:61:62:ee:c1:b6:35:18:8f:9b:e4:
a3:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:CD:20:F5:03:66:D5:EF:93:84:CD:E2:D5:06:92:71:2E:1B:49:BC
X509v3 Authority Key Identifier:
keyid:50:F2:D6:B2:16:60:FA:D1:F6:0E:2D:F9:D0:BD:7C:6C:CF:95:C3:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UPLWshZg-tH2Di350L18bM-VwxE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/680g9QNm1e-ThM3i1QaScS4bSbw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d0edd5-6087-4be1-b36f-ab3dd5dc6709/1/UPLWshZg-tH2Di350L18bM-VwxE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.142.80.0/20
178.249.68.0/22
178.250.152.0/22
185.53.20.0/22
185.73.212.0/22
185.147.80.0/22
185.162.92.0/22
185.174.164.0/23
IPv6:
2a03:21c0::/32
2a07:a500::/30
Signature Algorithm: sha256WithRSAEncryption
38:4d:d1:ec:44:af:f3:09:c1:52:49:7a:f4:88:90:b8:59:d4:
4b:e9:ec:70:e3:94:28:58:f9:35:77:59:ba:4b:7a:68:58:78:
08:e7:05:ca:73:ba:fa:25:8e:5e:2d:54:fb:1e:ee:87:dc:5b:
15:a7:74:30:28:97:37:2f:ae:ae:94:24:e2:a9:18:86:84:d4:
07:4d:b0:ac:56:be:a6:31:e0:6a:65:91:07:d5:07:e7:d3:df:
93:72:97:72:01:a4:2f:aa:92:c4:11:ff:27:b3:e8:8f:04:d7:
70:56:fe:78:a6:c8:51:03:fc:7c:9e:5e:cc:ac:e9:1d:1c:1a:
f6:50:65:e9:99:10:ac:21:9c:5e:62:53:4b:8a:1c:0c:19:42:
ae:96:3c:31:71:a9:4a:9b:f2:c3:9c:aa:b0:0a:b5:ae:38:1d:
64:a5:72:8f:9d:7c:55:9a:83:08:ca:41:a7:9a:c4:47:d1:79:
71:04:7b:a0:ee:28:34:9a:a6:4a:13:a5:d3:2f:63:f1:e1:09:
f4:16:1f:03:c6:5c:60:07:42:d9:51:25:88:c7:40:50:0a:15:
11:4e:2e:4b:fe:73:18:50:7e:3f:de:5a:a8:56:09:b4:81:a0:
60:a5:d5:f1:5c:4a:69:c7:6f:9b:32:d8:9b:59:27:6e:51:6c:
d8:51:6c:95
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZdfWyN5D2XeKKyOZwwaorAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZjJkNmIyMTY2MGZhZDFmNjBlMmRmOWQwYmQ3YzZjY2Y5
NWMzMTEwHhcNMjUwNjExMTQxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmNkMjBmNTAzNjZkNWVmOTM4NGNkZTJkNTA2OTI3MTJlMWI0OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH93SEdPcaXRHa+pZji/HKGAyFmf
QgJCCJlmFyum9Wl8HK9LfBlt1oJKZGVjo2+qgDCgnuuf+Fj48u+/ojrROnGkLdaV
3tRWE4Im36JpJVWGm68v8cyQ3YX/ehzthELMDQKmImS+0HLgVH9ZPQBQZZfRQlqq
srAMwIUMWV03tZucDfVxfBjdysj63S+7pqWulSfQ+wOba/ydGcyGaBXtctiwJG8r
O3RXKnz3B4MQaGDbIzTC8O4Xr2DjoJeCPx3/o8d5c55Qhi1J7iIysD3syD+6FzuS
95a/Jrx6ASJ2k/nBGE6JM/tqcuEw6N7C6GFRVkWPd2Fi7sG2NRiPm+SjbQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOvNIPUDZtXvk4TN4tUGknEuG0m8MB8GA1UdIwQY
MBaAFFDy1rIWYPrR9g4t+dC9fGzPlcMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVBMV3NoWmctdEgyRGkzNTBMMThiTS1Wd3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kMGVkZDUtNjA4Ny00YmUxLWIzNmYt
YWIzZGQ1ZGM2NzA5LzEvNjgwZzlRTm0xZS1UaE0zaTFRYVNjUzRiU2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kMGVkZDUtNjA4Ny00YmUxLWIzNmYtYWIzZGQ1ZGM2NzA5
LzEvVVBMV3NoWmctdEgyRGkzNTBMMThiTS1Wd3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEW45QAwQC
svlEAwQCsvqYAwQCuTUUAwQCuUnUAwQCuZNQAwQCuaJcAwQBua6kMBQEAgACMA4D
BQAqAyHAAwUCKgelADANBgkqhkiG9w0BAQsFAAOCAQEAOE3R7ESv8wnBUkl69IiQ
uFnUS+nscOOUKFj5NXdZukt6aFh4COcFynO6+iWOXi1U+x7uh9xbFad0MCiXNy+u
rpQk4qkYhoTUB02wrFa+pjHgamWRB9UH59Pfk3KXcgGkL6qSxBH/J7PojwTXcFb+
eKbIUQP8fJ5ezKzpHRwa9lBl6ZkQrCGcXmJTS4ocDBlCrpY8MXGpSpvyw5yqsAq1
rjgdZKVyj518VZqDCMpBp5rER9F5cQR7oO4oNJqmShOl0y9j8eEJ9BYfA8ZcYAdC
2VEliMdAUAoVEU4uS/5zGFB+P95aqFYJtIGgYKXV8VxKacdvmzLYm1knblFs2FFs
lQ==
-----END CERTIFICATE-----
Generated at Sun Jun 29 08:08:51 2025 by rpki-client