Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ry2u2EGGr1l7CqwoKIeNpDD83DU.roa
File: Ry2u2EGGr1l7CqwoKIeNpDD83DU.roa (raw, json)
Hash identifier: c4rx9h+TC6WPwioWtQ1MElrQmQRi/SLkpEGxuWX+qS4=
Subject key identifier: 47:2D:AE:D8:41:86:AF:59:7B:0A:AC:28:28:87:8D:A4:30:FC:DC:35
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0197EA190B122D39985E4C1A12989AF8604D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ry2u2EGGr1l7CqwoKIeNpDD83DU.roa
Signing time: Tue 08 Jul 2025 12:53:19 +0000
ROA not before: Tue 08 Jul 2025 12:53:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213122
IP address blocks: 5.226.52.0/22 maxlen: 24
43.225.88.0/23 maxlen: 24
45.139.6.0/23 maxlen: 24
46.249.97.0/24 maxlen: 24
178.173.236.0/22 maxlen: 24
178.173.242.0/23 maxlen: 24
178.173.244.0/22 maxlen: 24
185.215.246.0/24 maxlen: 24
188.253.28.0/22 maxlen: 24
188.253.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 06:21:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ea:19:0b:12:2d:39:98:5e:4c:1a:12:98:9a:f8:60:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 8 12:53:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=472daed84186af597b0aac2828878da430fcdc35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:76:6e:26:30:08:e4:1d:2f:35:43:f8:3b:9a:
cb:73:2c:24:c8:2e:95:57:f5:33:ef:b5:96:cf:b5:
8f:8b:c5:eb:48:57:65:44:c6:3a:d8:5a:a6:92:fc:
53:ac:5b:9a:a9:b3:c3:90:02:12:85:de:10:df:53:
96:17:0f:cb:9f:12:60:c0:8a:d5:13:d5:5a:09:d1:
ed:66:f3:74:25:f4:b6:2c:0c:f8:de:4b:f0:f3:db:
4b:2c:21:2a:e9:12:1f:be:64:12:66:a0:d1:cf:bc:
45:81:c6:72:88:63:ea:ba:f1:d3:62:35:82:93:33:
da:5a:05:b6:c9:d8:04:c5:a6:2b:6b:36:32:97:82:
ea:84:0e:dd:e4:87:95:41:65:0f:b3:9a:a1:33:e7:
db:05:a8:03:3e:08:99:27:62:84:ca:c9:9e:a5:6e:
9a:8b:f9:6e:f6:97:b5:b4:e9:64:38:b9:cc:e9:af:
9a:4f:d1:cb:ad:41:7d:e8:74:37:0d:6c:bc:b2:da:
1c:1f:7a:27:03:22:ec:a7:40:2d:1c:63:fa:47:6e:
e1:10:86:41:4d:7e:bd:45:c9:46:1a:23:9e:e6:c0:
3d:26:d3:94:c9:27:83:97:27:39:41:b9:31:bc:f4:
dd:78:fe:ad:08:33:89:08:1c:d9:7b:1d:21:93:1a:
83:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:2D:AE:D8:41:86:AF:59:7B:0A:AC:28:28:87:8D:A4:30:FC:DC:35
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Ry2u2EGGr1l7CqwoKIeNpDD83DU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.52.0/22
43.225.88.0/23
45.139.6.0/23
46.249.97.0/24
178.173.236.0/22
178.173.242.0-178.173.247.255
185.215.246.0/24
188.253.28.0/22
188.253.104.0/21
Signature Algorithm: sha256WithRSAEncryption
74:a1:ce:c1:b2:b7:58:5c:66:dc:1c:6e:2b:5e:a7:0d:f1:31:
61:f1:21:8d:f4:5b:49:88:26:94:e2:fb:11:21:44:cd:7c:44:
68:aa:c9:65:20:1e:c3:80:d3:65:89:d0:d6:5b:2c:84:b7:6e:
b9:60:3f:4e:01:0a:0b:f5:dc:53:6b:5c:ec:5e:eb:6d:a2:e7:
f2:ac:d8:82:83:24:6b:57:39:69:41:6f:50:cb:f9:4d:f7:9c:
f4:e8:c0:94:84:b8:66:e2:50:81:17:36:d8:16:4a:a9:7e:3d:
0d:5c:5c:98:70:e4:f3:2a:2d:ec:43:ea:63:dd:3b:39:29:d6:
c1:08:b5:da:85:a7:2c:8b:0d:0f:83:3e:76:6a:1a:6d:69:49:
fe:7d:61:c6:a9:a5:4f:92:37:ba:32:50:78:f1:16:e2:ec:c6:
59:2a:cc:c5:bf:3f:01:71:76:78:4b:45:eb:79:2e:d4:42:06:
ae:7f:96:db:5d:34:59:a0:d2:76:ef:6b:ad:0e:f6:95:87:20:
3b:44:55:89:49:83:70:b9:b1:ca:5a:50:8a:17:80:ae:17:1b:
dc:8b:de:ff:72:27:fc:a6:32:1d:70:20:3b:67:e9:0d:8d:65:
31:a1:a9:36:e2:24:1b:d4:f8:87:36:95:1e:3f:93:ac:76:8c:
26:88:96:e2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZfqGQsSLTmYXkwaEpia+GBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNzA4MTI1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzJkYWVkODQxODZhZjU5N2IwYWFjMjgyODg3OGRhNDMwZmNkYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnZuJjAI5B0vNUP4O5rLcywkyC6V
V/Uz77WWz7WPi8XrSFdlRMY62FqmkvxTrFuaqbPDkAIShd4Q31OWFw/LnxJgwIrV
E9VaCdHtZvN0JfS2LAz43kvw89tLLCEq6RIfvmQSZqDRz7xFgcZyiGPquvHTYjWC
kzPaWgW2ydgExaYrazYyl4LqhA7d5IeVQWUPs5qhM+fbBagDPgiZJ2KEysmepW6a
i/lu9pe1tOlkOLnM6a+aT9HLrUF96HQ3DWy8stocH3onAyLsp0AtHGP6R27hEIZB
TX69RclGGiOe5sA9JtOUySeDlyc5QbkxvPTdeP6tCDOJCBzZex0hkxqDLQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEctrthBhq9ZewqsKCiHjaQw/Nw1MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUnkydTJFR0dyMWw3Q3F3b0tJZU5wREQ4M0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCBeI0AwQB
K+FYAwQBLYsGAwQALvlhAwQCsq3sMAwDBAGyrfIDBAOyrfADBAC51/YDBAK8/RwD
BAO8/WgwDQYJKoZIhvcNAQELBQADggEBAHShzsGyt1hcZtwcbitepw3xMWHxIY30
W0mIJpTi+xEhRM18RGiqyWUgHsOA02WJ0NZbLIS3brlgP04BCgv13FNrXOxe622i
5/Ks2IKDJGtXOWlBb1DL+U33nPTowJSEuGbiUIEXNtgWSql+PQ1cXJhw5PMqLexD
6mPdOzkp1sEItdqFpyyLDQ+DPnZqGm1pSf59YcappU+SN7oyUHjxFuLsxlkqzMW/
PwFxdnhLRet5LtRCBq5/lttdNFmg0nbva60O9pWHIDtEVYlJg3C5scpaUIoXgK4X
G9yL3v9yJ/ymMh1wIDtn6Q2NZTGhqTbiJBvU+Ic2lR4/k6x2jCaIluI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 15:15:49 2025 by rpki-client