Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/cakGt0BPf0eiXSoum2ks2bU2JjU.roa
File: cakGt0BPf0eiXSoum2ks2bU2JjU.roa (raw, json)
Hash identifier: SdKj2O/1M+1PiGNRUnkBd4BW4j8l343Ya8DxtNwWNfU=
Subject key identifier: 71:A9:06:B7:40:4F:7F:47:A2:5D:2A:2E:9B:69:2C:D9:B5:36:26:35
Certificate issuer: /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial: 0197EF99E1BEF25954A83FCB141603F24B98
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/cakGt0BPf0eiXSoum2ks2bU2JjU.roa
Signing time: Wed 09 Jul 2025 14:32:08 +0000
ROA not before: Wed 09 Jul 2025 14:32:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62370
IP address blocks: 5.104.224.0/24 maxlen: 24
5.104.225.0/24 maxlen: 24
5.104.226.0/24 maxlen: 24
5.104.228.0/24 maxlen: 24
37.148.160.0/24 maxlen: 24
37.148.161.0/24 maxlen: 24
37.148.162.0/24 maxlen: 24
37.148.163.0/24 maxlen: 24
37.148.165.0/24 maxlen: 24
77.95.225.0/24 maxlen: 24
77.95.228.0/24 maxlen: 24
77.95.229.0/24 maxlen: 24
77.95.231.0/24 maxlen: 24
78.41.201.0/24 maxlen: 24
78.41.203.0/24 maxlen: 24
78.41.204.0/24 maxlen: 24
78.41.205.0/24 maxlen: 24
78.41.206.0/24 maxlen: 24
78.41.207.0/24 maxlen: 24
89.207.128.0/24 maxlen: 24
89.207.129.0/24 maxlen: 24
89.207.130.0/24 maxlen: 24
89.207.131.0/24 maxlen: 24
89.207.132.0/24 maxlen: 24
89.207.134.0/24 maxlen: 24
89.207.135.0/24 maxlen: 24
128.204.192.0/24 maxlen: 24
128.204.194.0/24 maxlen: 24
128.204.197.0/24 maxlen: 24
128.204.199.0/24 maxlen: 24
128.204.205.0/24 maxlen: 24
185.62.56.0/24 maxlen: 24
185.62.57.0/24 maxlen: 24
185.62.58.0/24 maxlen: 24
185.62.59.0/24 maxlen: 24
193.33.60.0/24 maxlen: 24
193.33.61.0/24 maxlen: 24
193.34.166.0/24 maxlen: 24
193.34.167.0/24 maxlen: 24
2a00:7b80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 00:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ef:99:e1:be:f2:59:54:a8:3f:cb:14:16:03:f2:4b:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
Validity
Not Before: Jul 9 14:32:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71a906b7404f7f47a25d2a2e9b692cd9b5362635
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:e5:c8:31:b2:22:3c:d3:82:35:5d:d0:11:c7:
d9:61:d0:f9:2f:3d:ce:d5:9b:51:c0:6e:29:78:8e:
81:7d:0c:40:07:39:f3:d9:dd:51:31:e4:fc:ab:03:
af:9d:bc:e1:8d:50:aa:86:70:ef:ba:3b:b0:9b:b9:
fb:f3:f4:af:8b:2a:8e:ce:6a:89:86:f3:7b:34:7e:
58:8e:ec:ff:32:76:a5:c6:a9:37:2c:78:72:17:4a:
cf:c0:52:b4:87:f5:5c:41:c6:21:75:51:5e:29:5e:
d0:bf:43:65:01:c1:39:37:49:f6:32:64:61:6a:c9:
bb:d9:3b:a0:c3:70:35:0b:81:10:4c:f1:f9:2b:bb:
d9:ab:78:7f:ce:2f:99:da:1d:2b:b6:96:0f:70:70:
c3:a7:ff:2a:f1:1a:c8:19:5d:59:fb:ba:8e:bc:58:
e9:c6:53:91:fe:93:0b:73:bb:24:00:8f:8a:47:f4:
f8:8c:b1:ff:0e:7e:47:a5:e9:63:67:70:f8:82:bc:
df:81:df:53:17:01:83:5f:e7:13:3b:30:dd:aa:3c:
9a:78:4e:ef:f3:de:b5:e3:02:e9:ef:d3:03:e9:73:
2e:94:f2:ba:e1:cc:f4:68:d7:6f:0c:03:1c:8f:9b:
b2:c8:86:6c:20:82:9c:9c:4b:85:46:7c:f1:42:c5:
e2:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:A9:06:B7:40:4F:7F:47:A2:5D:2A:2E:9B:69:2C:D9:B5:36:26:35
X509v3 Authority Key Identifier:
keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/cakGt0BPf0eiXSoum2ks2bU2JjU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.104.224.0-5.104.226.255
5.104.228.0/24
37.148.160.0/22
37.148.165.0/24
77.95.225.0/24
77.95.228.0/23
77.95.231.0/24
78.41.201.0/24
78.41.203.0-78.41.207.255
89.207.128.0-89.207.132.255
89.207.134.0/23
128.204.192.0/24
128.204.194.0/24
128.204.197.0/24
128.204.199.0/24
128.204.205.0/24
185.62.56.0/22
193.33.60.0/23
193.34.166.0/23
IPv6:
2a00:7b80::/32
Signature Algorithm: sha256WithRSAEncryption
94:64:20:cd:54:c7:e2:9f:d7:e9:ec:86:87:ed:e0:61:35:d7:
b8:a5:09:26:3c:51:fb:4b:fc:6c:6a:75:b6:ba:c4:b5:76:86:
6d:ba:42:d5:f4:37:76:7c:fc:7d:d9:26:ef:2a:3c:ac:88:5d:
33:a9:b1:38:0e:a1:9f:84:b9:65:6a:b1:ed:f2:4b:17:e6:f5:
78:9d:a8:b6:2e:0e:42:ff:19:fa:c0:46:c9:d4:82:c1:17:d8:
b1:22:fe:ab:d3:5c:e9:93:0e:4c:7a:f9:07:67:4a:56:6f:a3:
39:d0:95:ec:78:54:9d:7c:0c:4a:cc:2e:83:0d:35:56:9a:e0:
90:1d:41:e1:e1:2d:cc:9b:2f:40:c8:89:98:e1:09:71:00:79:
08:ef:b3:0c:84:67:f9:c8:ed:9c:a2:03:85:a4:51:52:cf:e3:
25:9b:fb:49:fd:0f:9a:ac:31:34:98:8a:74:f3:01:19:28:d1:
19:14:5d:77:20:e8:f6:83:27:02:1c:91:c5:3f:f6:7c:d5:bf:
a4:94:96:32:17:11:9b:53:57:3f:56:9e:35:26:fe:bb:a1:ba:
90:4b:88:20:3f:6b:e2:8d:7a:b2:9b:3c:ce:a5:0f:43:3c:47:
e5:11:2e:e7:1e:98:50:2c:c6:f4:15:3d:d0:c7:e8:08:1e:b3:
6c:26:07:a6
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZfvmeG+8llUqD/LFBYD8kuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjUwNzA5MTQzMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWE5MDZiNzQwNGY3ZjQ3YTI1ZDJhMmU5YjY5MmNkOWI1MzYyNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uXIMbIiPNOCNV3QEcfZYdD5Lz3O
1ZtRwG4peI6BfQxABznz2d1RMeT8qwOvnbzhjVCqhnDvujuwm7n78/SviyqOzmqJ
hvN7NH5Yjuz/Mnalxqk3LHhyF0rPwFK0h/VcQcYhdVFeKV7Qv0NlAcE5N0n2MmRh
asm72Tugw3A1C4EQTPH5K7vZq3h/zi+Z2h0rtpYPcHDDp/8q8RrIGV1Z+7qOvFjp
xlOR/pMLc7skAI+KR/T4jLH/Dn5HpeljZ3D4grzfgd9TFwGDX+cTOzDdqjyaeE7v
89614wLp79MD6XMulPK64cz0aNdvDAMcj5uyyIZsIIKcnEuFRnzxQsXi6wIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFHGpBrdAT39Hol0qLptpLNm1NiY1MB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvY2FrR3QwQlBmMGVpWFNvdW0ya3MyYlUySmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozCBkQQCAAEwgYowDAME
BQVo4AMEAAVo4gMEAAVo5AMEAiWUoAMEACWUpQMEAE1f4QMEAU1f5AMEAE1f5wME
AE4pyTAMAwQATinLAwQETinAMAwDBAdZz4ADBABZz4QDBAFZz4YDBACAzMADBACA
zMIDBACAzMUDBACAzMcDBACAzM0DBAK5PjgDBAHBITwDBAHBIqYwDQQCAAIwBwMF
ACoAe4AwDQYJKoZIhvcNAQELBQADggEBAJRkIM1Ux+Kf1+nshoft4GE117ilCSY8
UftL/Gxqdba6xLV2hm26QtX0N3Z8/H3ZJu8qPKyIXTOpsTgOoZ+EuWVqse3ySxfm
9XidqLYuDkL/GfrARsnUgsEX2LEi/qvTXOmTDkx6+QdnSlZvoznQlex4VJ18DErM
LoMNNVaa4JAdQeHhLcybL0DIiZjhCXEAeQjvswyEZ/nI7ZyiA4WkUVLP4yWb+0n9
D5qsMTSYinTzARko0RkUXXcg6PaDJwIckcU/9nzVv6SUljIXEZtTVz9WnjUm/ruh
upBLiCA/a+KNerKbPM6lD0M8R+URLucemFAsxvQVPdDH6Ages2wmB6Y=
-----END CERTIFICATE-----
Generated at Sun Jul 27 08:39:42 2025 by rpki-client