Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/5-hHI6qwVnKq___GvukeGIgiWgA.roa
File: 5-hHI6qwVnKq___GvukeGIgiWgA.roa (raw, json)
Hash identifier: 2gmLFI2YLEPz4i5j9o2f2h5Evmn8mJBa5u25ZDjJdJ4=
Subject key identifier: E7:E8:47:23:AA:B0:56:72:AA:FF:FF:C6:BE:E9:1E:18:88:22:5A:00
Certificate issuer: /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial: 0197ED25D39DA8ED2604641A98C70056FC14
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/5-hHI6qwVnKq___GvukeGIgiWgA.roa
Signing time: Wed 09 Jul 2025 03:06:08 +0000
ROA not before: Wed 09 Jul 2025 03:06:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216154
IP address blocks: 45.10.172.0/23 maxlen: 23
45.10.172.0/24 maxlen: 24
45.10.173.0/24 maxlen: 24
45.114.60.0/22 maxlen: 22
80.74.24.0/21 maxlen: 21
84.252.102.0/23 maxlen: 23
89.46.131.0/24 maxlen: 24
89.150.34.0/23 maxlen: 23
89.150.41.0/24 maxlen: 24
89.150.59.0/24 maxlen: 24
91.132.56.0/22 maxlen: 22
91.132.224.0/24 maxlen: 24
103.54.16.0/22 maxlen: 22
103.90.72.0/23 maxlen: 23
103.90.74.0/23 maxlen: 23
103.90.74.0/24 maxlen: 24
103.90.75.0/24 maxlen: 24
103.137.248.0/22 maxlen: 22
185.200.176.0/22 maxlen: 22
188.241.196.0/23 maxlen: 23
2a0c:db40::/32 maxlen: 32
2a0c:db40::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl
rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.mft
rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 Aug 2025 15:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ed:25:d3:9d:a8:ed:26:04:64:1a:98:c7:00:56:fc:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Validity
Not Before: Jul 9 03:06:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e7e84723aab05672aaffffc6bee91e1888225a00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:52:db:6c:cc:ac:63:3a:51:ee:8d:40:3c:4a:
1a:1d:20:b0:54:07:a2:4d:dc:5f:8e:0a:a1:85:c4:
a5:99:1d:a9:71:b3:11:01:c6:13:7a:ec:f5:0e:3b:
a6:66:9a:4f:ea:95:74:16:2d:f6:26:71:a6:47:ec:
75:67:5e:9e:84:d7:2e:cb:6f:ce:b7:d7:b2:9f:9e:
15:42:d8:cb:9b:8b:87:f3:86:5d:12:71:12:e1:44:
26:2c:88:89:9e:88:ab:9c:a6:77:27:d0:d2:20:4e:
8a:cf:c7:e7:52:0d:bb:48:5f:a7:67:33:f6:85:d0:
c1:96:30:30:e0:c7:86:31:52:89:f4:66:ca:c8:5b:
33:83:19:35:4b:b3:fd:84:97:c9:07:18:b0:88:8f:
11:f2:2a:c6:05:43:f5:35:4c:5c:ea:44:af:d5:f0:
52:17:2f:a0:45:68:48:46:df:55:97:85:9f:55:d6:
3d:79:34:ff:7d:08:89:8a:f7:db:9e:47:fe:83:a4:
a6:0e:51:d5:6f:6f:f1:c3:50:c7:63:0c:52:70:a2:
6b:f7:d9:4e:86:2b:9f:8c:f7:86:d6:de:3d:17:ca:
63:18:b3:d5:f9:ea:c9:b6:60:14:df:ca:4e:44:cc:
79:f4:04:ac:f4:f2:ba:14:92:3a:30:33:2e:b4:18:
63:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:E8:47:23:AA:B0:56:72:AA:FF:FF:C6:BE:E9:1E:18:88:22:5A:00
X509v3 Authority Key Identifier:
keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/5-hHI6qwVnKq___GvukeGIgiWgA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.172.0/23
45.114.60.0/22
80.74.24.0/21
84.252.102.0/23
89.46.131.0/24
89.150.34.0/23
89.150.41.0/24
89.150.59.0/24
91.132.56.0/22
91.132.224.0/24
103.54.16.0/22
103.90.72.0/22
103.137.248.0/22
185.200.176.0/22
188.241.196.0/23
IPv6:
2a0c:db40::/32
Signature Algorithm: sha256WithRSAEncryption
51:b9:7d:f2:60:2a:44:ab:42:82:df:3d:df:4a:14:3f:15:81:
e5:4c:ee:af:cf:9d:86:81:1b:d8:3b:21:bc:a7:9d:24:82:c3:
67:2b:8f:52:90:2c:d6:fd:55:f9:6f:69:67:5f:e4:27:99:fd:
b6:43:15:41:c0:5a:96:2c:b2:88:d4:c5:aa:c3:90:a9:c6:e5:
e1:b5:8a:e3:34:27:23:e4:94:2e:11:f6:ca:f5:cf:49:e5:8f:
e4:56:3a:35:cd:36:16:68:10:0a:1a:61:3b:e4:94:cc:a4:fb:
13:c0:1e:7c:9f:eb:49:d2:39:57:7f:bf:99:5d:24:47:43:3a:
ca:bb:dd:a0:d3:5c:40:77:5a:93:c0:f9:75:c5:25:96:e6:34:
5f:7b:32:5b:33:42:13:1a:63:ae:5b:26:af:3b:bf:c0:15:d9:
78:d3:a4:7c:2f:47:d8:a1:1e:46:9e:3f:c4:23:be:ab:82:02:
08:ec:b2:44:0b:e6:f4:ed:16:0b:3f:9c:38:67:91:7c:28:da:
07:d3:1c:e6:4b:05:12:f9:c6:f3:75:04:16:59:95:c9:c5:8a:
a1:80:23:2f:a4:b7:ee:3e:0c:86:a3:8a:7b:5e:91:b5:31:81:
28:e1:08:70:1e:db:1d:26:1f:5a:ea:0c:c1:3a:d5:bb:e5:e5:
a7:0d:77:c3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZftJdOdqO0mBGQamMcAVvwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjUwNzA5MDMwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U4NDcyM2FhYjA1NjcyYWFmZmZmYzZiZWU5MWUxODg4MjI1YTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVLbbMysYzpR7o1APEoaHSCwVAei
TdxfjgqhhcSlmR2pcbMRAcYTeuz1DjumZppP6pV0Fi32JnGmR+x1Z16ehNcuy2/O
t9eyn54VQtjLm4uH84ZdEnES4UQmLIiJnoirnKZ3J9DSIE6Kz8fnUg27SF+nZzP2
hdDBljAw4MeGMVKJ9GbKyFszgxk1S7P9hJfJBxiwiI8R8irGBUP1NUxc6kSv1fBS
Fy+gRWhIRt9Vl4WfVdY9eTT/fQiJivfbnkf+g6SmDlHVb2/xw1DHYwxScKJr99lO
hiufjPeG1t49F8pjGLPV+erJtmAU38pORMx59ASs9PK6FJI6MDMutBhjmwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFOfoRyOqsFZyqv//xr7pHhiIIloAMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEvNS1oSEk2cXdWbktxX19fR3Z1a2VHSWdpV2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEAS0KrAME
Ai1yPAMEA1BKGAMEAVT8ZgMEAFkugwMEAVmWIgMEAFmWKQMEAFmWOwMEAluEOAME
AFuE4AMEAmc2EAMEAmdaSAMEAmeJ+AMEArnIsAMEAbzxxDANBAIAAjAHAwUAKgzb
QDANBgkqhkiG9w0BAQsFAAOCAQEAUbl98mAqRKtCgt8930oUPxWB5Uzur8+dhoEb
2DshvKedJILDZyuPUpAs1v1V+W9pZ1/kJ5n9tkMVQcBaliyyiNTFqsOQqcbl4bWK
4zQnI+SULhH2yvXPSeWP5FY6Nc02FmgQChphO+SUzKT7E8AefJ/rSdI5V3+/mV0k
R0M6yrvdoNNcQHdak8D5dcUlluY0X3syWzNCExpjrlsmrzu/wBXZeNOkfC9H2KEe
Rp4/xCO+q4ICCOyyRAvm9O0WCz+cOGeRfCjaB9Mc5ksFEvnG83UEFlmVycWKoYAj
L6S37j4MhqOKe16RtTGBKOEIcB7bHSYfWuoMwTrVu+Xlpw13ww==
-----END CERTIFICATE-----
Generated at Thu Jul 31 23:44:17 2025 by rpki-client