Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/kwpnT1xPB1VAITNADjwIbPKhMO8.roa
File: kwpnT1xPB1VAITNADjwIbPKhMO8.roa (raw, json)
Hash identifier: ldLWOu27228oPxmRhkfkGlE8wNUIUYwgvY62aRxFVm8=
Subject key identifier: 93:0A:67:4F:5C:4F:07:55:40:21:33:40:0E:3C:08:6C:F2:A1:30:EF
Certificate issuer: /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial: 0197C056C9881F5C42F01FA2A7FAE2600CE0
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/kwpnT1xPB1VAITNADjwIbPKhMO8.roa
Signing time: Mon 30 Jun 2025 10:16:42 +0000
ROA not before: Mon 30 Jun 2025 10:16:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49556
IP address blocks: 5.159.49.0/24 maxlen: 24
5.159.54.0/24 maxlen: 24
45.94.213.0/24 maxlen: 24
89.46.217.0/24 maxlen: 24
185.3.200.0/24 maxlen: 24
185.239.0.0/24 maxlen: 24
185.239.2.0/24 maxlen: 24
185.239.3.0/24 maxlen: 24
188.212.99.0/24 maxlen: 24
188.240.196.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 17:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c0:56:c9:88:1f:5c:42:f0:1f:a2:a7:fa:e2:60:0c:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Validity
Not Before: Jun 30 10:16:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=930a674f5c4f0755402133400e3c086cf2a130ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:bc:05:9d:c9:14:bc:f9:9d:49:dc:c1:06:7a:
e1:e9:eb:9c:2e:aa:38:bf:c1:61:53:4b:4a:3b:39:
2d:32:a4:c0:22:7b:85:9d:ff:a1:d2:96:a4:44:b5:
31:25:44:e8:65:c1:73:73:21:e3:a5:50:10:f6:1e:
71:9c:cc:cf:4b:e6:5e:53:42:4d:a1:a7:cb:25:3c:
fc:0e:53:d4:7a:44:cb:98:d4:1b:1d:51:aa:33:bc:
ca:dd:3e:86:ea:de:04:40:5e:4d:dd:d4:f6:86:65:
c7:96:65:26:9e:64:53:34:52:89:66:66:5d:6b:db:
fc:0a:99:15:d4:1d:e3:ff:5c:3b:eb:da:4a:5c:85:
55:6c:2d:ea:81:8d:e8:41:7d:01:63:8f:72:06:29:
5c:40:15:06:59:c0:c3:a0:d4:47:22:fc:5c:d6:02:
41:02:6d:ba:a2:44:8a:a5:40:0f:76:de:f4:51:86:
21:20:5a:9c:de:10:50:9a:bd:41:2b:2d:18:19:4e:
61:b3:14:ee:aa:17:0c:bd:45:00:c7:5d:7c:b6:c3:
10:d8:82:67:49:10:2b:02:83:24:29:23:53:fd:29:
07:a5:4c:51:2d:d7:ef:26:12:65:5a:8b:d7:b0:b4:
7d:38:56:7f:44:68:a2:a9:23:19:76:c2:b9:b8:30:
b1:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:0A:67:4F:5C:4F:07:55:40:21:33:40:0E:3C:08:6C:F2:A1:30:EF
X509v3 Authority Key Identifier:
keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/kwpnT1xPB1VAITNADjwIbPKhMO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.49.0/24
5.159.54.0/24
45.94.213.0/24
89.46.217.0/24
185.3.200.0/24
185.239.0.0/24
185.239.2.0/23
188.212.99.0/24
188.240.196.0/24
Signature Algorithm: sha256WithRSAEncryption
20:b4:1d:71:ae:ef:00:7d:2b:1c:12:23:a0:5d:60:31:e6:ac:
e3:74:57:2c:d0:69:2c:98:31:be:af:a5:fa:89:c8:59:d7:4b:
67:bf:6a:79:e6:e1:53:20:37:a1:73:2b:c7:be:fd:72:0f:42:
2d:5e:1b:0c:01:93:34:8b:b0:31:67:2b:1f:28:a0:39:f4:27:
18:d6:a7:12:fb:4b:e0:81:c1:9f:52:f1:81:b2:01:fd:be:9d:
1d:95:9d:a0:da:97:8a:c1:09:46:28:72:62:f4:e4:33:13:03:
24:f1:dd:34:d5:8d:e3:6d:a8:d5:07:bf:a0:9b:34:1a:61:91:
0d:a5:29:20:b4:d6:b9:d1:d8:f0:0a:f9:9a:94:5f:18:55:e7:
01:08:4f:81:1a:b2:11:49:8a:ff:22:80:49:ff:37:e3:cc:c2:
f1:6a:c5:ba:dc:90:ac:7e:bd:b5:43:20:b5:96:4b:39:94:b2:
dc:5b:f4:f5:60:1d:64:a0:59:dd:43:6f:62:20:9e:2b:7c:79:
74:e0:9a:5d:96:8f:53:9c:31:60:0c:65:e8:38:cc:f3:0e:a3:
36:b6:e7:9b:47:71:08:aa:76:4f:e7:d7:86:ba:b6:84:d8:c9:
fc:68:56:05:e0:d2:03:1a:de:cf:27:76:d8:0f:2e:90:f4:59:
b5:97:dd:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZfAVsmIH1xC8B+ip/riYAzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjMwMTAxNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBhNjc0ZjVjNGYwNzU1NDAyMTMzNDAwZTNjMDg2Y2YyYTEzMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7wFnckUvPmdSdzBBnrh6eucLqo4
v8FhU0tKOzktMqTAInuFnf+h0pakRLUxJUToZcFzcyHjpVAQ9h5xnMzPS+ZeU0JN
oafLJTz8DlPUekTLmNQbHVGqM7zK3T6G6t4EQF5N3dT2hmXHlmUmnmRTNFKJZmZd
a9v8CpkV1B3j/1w769pKXIVVbC3qgY3oQX0BY49yBilcQBUGWcDDoNRHIvxc1gJB
Am26okSKpUAPdt70UYYhIFqc3hBQmr1BKy0YGU5hsxTuqhcMvUUAx118tsMQ2IJn
SRArAoMkKSNT/SkHpUxRLdfvJhJlWovXsLR9OFZ/RGiiqSMZdsK5uDCxjwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJMKZ09cTwdVQCEzQA48CGzyoTDvMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEva3dwblQxeFBCMVZBSVROQURqd0liUEtoTU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQABZ8xAwQA
BZ82AwQALV7VAwQAWS7ZAwQAuQPIAwQAue8AAwQBue8CAwQAvNRjAwQAvPDEMA0G
CSqGSIb3DQEBCwUAA4IBAQAgtB1xru8AfSscEiOgXWAx5qzjdFcs0GksmDG+r6X6
ichZ10tnv2p55uFTIDehcyvHvv1yD0ItXhsMAZM0i7AxZysfKKA59CcY1qcS+0vg
gcGfUvGBsgH9vp0dlZ2g2peKwQlGKHJi9OQzEwMk8d001Y3jbajVB7+gmzQaYZEN
pSkgtNa50djwCvmalF8YVecBCE+BGrIRSYr/IoBJ/zfjzMLxasW63JCsfr21QyC1
lks5lLLcW/T1YB1koFndQ29iIJ4rfHl04Jpdlo9TnDFgDGXoOMzzDqM2tuebR3EI
qnZP59eGuraE2Mn8aFYF4NIDGt7PJ3bYDy6Q9Fm1l934
-----END CERTIFICATE-----
Generated at Mon Jul 21 01:57:58 2025 by rpki-client