Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/IeeTFnQlmZw5QQYCud1CYemZFpo.roa
File: IeeTFnQlmZw5QQYCud1CYemZFpo.roa (raw, json)
Hash identifier: h9yIp1tlCMgUdpl9m96yFNJm/7N7CGyrEz7Vzq3DY3Q=
Subject key identifier: 21:E7:93:16:74:25:99:9C:39:41:06:02:B9:DD:42:61:E9:99:16:9A
Certificate issuer: /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial: 01972866CB77D71607D86E8974A2B3C8CB4F
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/IeeTFnQlmZw5QQYCud1CYemZFpo.roa
Signing time: Sat 31 May 2025 22:11:54 +0000
ROA not before: Sat 31 May 2025 22:11:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 5.187.33.0/24 maxlen: 24
37.235.48.0/24 maxlen: 24
37.235.51.0/24 maxlen: 24
45.151.73.0/24 maxlen: 24
45.151.74.0/24 maxlen: 24
45.153.127.0/24 maxlen: 24
46.183.187.0/24 maxlen: 24
83.172.134.0/24 maxlen: 24
83.172.135.0/24 maxlen: 24
83.172.136.0/24 maxlen: 24
83.172.138.0/24 maxlen: 24
83.172.150.0/24 maxlen: 24
83.172.159.0/24 maxlen: 24
83.243.120.0/24 maxlen: 24
83.243.121.0/24 maxlen: 24
89.31.120.0/24 maxlen: 24
89.31.121.0/24 maxlen: 24
89.31.123.0/24 maxlen: 24
89.46.232.0/24 maxlen: 24
89.46.233.0/24 maxlen: 24
89.46.234.0/24 maxlen: 24
89.46.235.0/24 maxlen: 24
89.46.236.0/24 maxlen: 24
91.132.92.0/24 maxlen: 24
91.132.93.0/24 maxlen: 24
91.132.95.0/24 maxlen: 24
92.243.64.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
103.57.248.0/24 maxlen: 24
103.57.249.0/24 maxlen: 24
103.57.251.0/24 maxlen: 24
134.255.211.0/24 maxlen: 24
149.154.157.0/24 maxlen: 24
149.154.158.0/24 maxlen: 24
149.154.159.0/24 maxlen: 24
151.236.4.0/24 maxlen: 24
151.236.15.0/24 maxlen: 24
151.236.16.0/24 maxlen: 24
151.236.17.0/24 maxlen: 24
151.236.18.0/24 maxlen: 24
151.236.20.0/24 maxlen: 24
151.236.21.0/24 maxlen: 24
151.236.22.0/24 maxlen: 24
151.236.25.0/24 maxlen: 24
158.255.208.0/24 maxlen: 24
158.255.213.0/24 maxlen: 24
158.255.214.0/24 maxlen: 24
158.255.215.0/24 maxlen: 24
176.126.99.0/24 maxlen: 24
185.26.236.0/24 maxlen: 24
185.26.238.0/24 maxlen: 24
185.26.239.0/24 maxlen: 24
185.76.78.0/24 maxlen: 24
185.76.79.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.193.48.0/24 maxlen: 24
185.195.64.0/24 maxlen: 24
185.195.66.0/24 maxlen: 24
188.214.32.0/24 maxlen: 24
213.183.55.0/24 maxlen: 24
2a03:f80:32::/48 maxlen: 48
2a03:f80:33::/48 maxlen: 48
2a03:f80:39::/48 maxlen: 48
2a03:f80:40::/48 maxlen: 48
2a03:f80:41::/48 maxlen: 48
2a03:f80:44::/48 maxlen: 48
2a03:f80:45::/48 maxlen: 48
2a03:f80:46::/48 maxlen: 48
2a03:f80:47::/48 maxlen: 48
2a03:f80:48::/48 maxlen: 48
2a03:f80:49::/48 maxlen: 48
2a03:f80:61::/48 maxlen: 48
2a03:f80:65::/48 maxlen: 48
2a03:f80:81::/48 maxlen: 48
2a03:f80:358::/48 maxlen: 48
2a03:f80:381::/48 maxlen: 48
2a03:f80:852::/48 maxlen: 48
2a03:f80:971::/48 maxlen: 48
2a03:f80:4416::/48 maxlen: 48
2a03:f80:ed51::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 04 Jun 2025 04:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:28:66:cb:77:d7:16:07:d8:6e:89:74:a2:b3:c8:cb:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Validity
Not Before: May 31 22:11:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21e793167425999c39410602b9dd4261e999169a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:06:7e:6e:33:08:9a:5e:d9:97:16:a7:d6:4d:
d7:1a:6f:e0:cf:5a:15:08:c6:59:d6:11:f7:93:8a:
d0:8e:b1:69:a1:b1:7e:44:54:c8:54:38:6b:33:e4:
23:8b:8c:21:6e:8a:d0:c1:f2:fd:da:35:c3:6b:0a:
f7:a1:d6:3a:a8:6d:91:26:bd:be:8a:2b:72:dc:5c:
a0:9f:b3:0f:58:5e:1e:c1:26:55:36:b1:ca:15:b3:
bb:14:4c:2b:73:84:2d:b9:90:58:df:ed:96:4b:08:
10:2a:ae:a4:00:ec:f0:ce:a9:56:bf:73:9d:4a:31:
da:5b:f6:5e:2f:e8:48:4a:42:d4:ee:e3:fb:d0:d3:
99:58:ac:60:cc:60:55:e0:eb:b5:70:96:63:a2:da:
c8:ac:f3:12:f8:30:03:51:03:93:2a:dc:05:fd:e0:
a3:3a:2a:9f:17:1e:1c:f9:c8:de:7a:a5:56:9d:8e:
e3:09:6f:ad:6b:d3:db:8e:ed:ba:15:fd:0b:8b:1a:
d9:d4:39:ad:55:f6:93:cc:9d:be:ae:5f:9d:9c:34:
6f:df:68:da:f1:f3:39:36:0b:b1:fd:c8:b6:62:81:
98:85:72:4d:bf:29:51:5e:24:be:a0:48:a8:21:53:
a9:04:2b:4a:14:1f:a2:34:37:23:1f:8d:94:72:06:
56:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:E7:93:16:74:25:99:9C:39:41:06:02:B9:DD:42:61:E9:99:16:9A
X509v3 Authority Key Identifier:
keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/IeeTFnQlmZw5QQYCud1CYemZFpo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.33.0/24
37.235.48.0/24
37.235.51.0/24
45.151.73.0-45.151.74.255
45.153.127.0/24
46.183.187.0/24
83.172.134.0-83.172.136.255
83.172.138.0/24
83.172.150.0/24
83.172.159.0/24
83.243.120.0/23
89.31.120.0/23
89.31.123.0/24
89.46.232.0-89.46.236.255
91.132.92.0/23
91.132.95.0/24
92.243.64.0/24
95.156.204.0/24
95.156.207.0/24
103.57.248.0/23
103.57.251.0/24
134.255.211.0/24
149.154.157.0-149.154.159.255
151.236.4.0/24
151.236.15.0-151.236.18.255
151.236.20.0-151.236.22.255
151.236.25.0/24
158.255.208.0/24
158.255.213.0-158.255.215.255
176.126.99.0/24
185.26.236.0/24
185.26.238.0/23
185.76.78.0/23
185.122.187.0/24
185.193.48.0/24
185.195.64.0/24
185.195.66.0/24
188.214.32.0/24
213.183.55.0/24
IPv6:
2a03:f80:32::/47
2a03:f80:39::/48
2a03:f80:40::/47
2a03:f80:44::-2a03:f80:49:ffff:ffff:ffff:ffff:ffff
2a03:f80:61::/48
2a03:f80:65::/48
2a03:f80:81::/48
2a03:f80:358::/48
2a03:f80:381::/48
2a03:f80:852::/48
2a03:f80:971::/48
2a03:f80:4416::/48
2a03:f80:ed51::/48
Signature Algorithm: sha256WithRSAEncryption
b7:03:3d:a8:a2:94:c8:88:78:ee:64:db:a2:fb:2c:46:65:c1:
8a:75:b4:51:18:4a:fd:42:51:e9:b9:63:88:7a:8b:a2:60:ca:
d9:79:29:c8:b3:b8:b8:d6:a5:52:8f:99:d4:f1:8b:24:54:94:
8d:cc:6f:66:af:e5:0c:76:17:54:eb:a5:5e:a2:70:14:f9:9e:
26:c5:96:5f:98:bd:b0:8f:b3:8e:69:03:44:5d:34:0a:42:3c:
c7:d2:a8:12:7a:78:54:1c:2b:7c:2a:ba:60:f6:a6:84:c1:ca:
a1:bc:19:d8:7e:11:45:8e:86:09:79:28:4c:bc:1e:9b:06:c9:
bf:b0:b4:20:d5:a4:2e:db:4f:20:e9:d6:d6:9e:e8:27:8c:82:
7f:7f:59:6f:d3:e6:48:e5:d9:b6:09:c9:96:cb:ca:c6:3d:11:
a5:ed:92:bc:16:3b:12:be:63:de:01:15:1f:ba:21:32:b8:05:
bc:21:a2:e7:ed:81:e7:71:82:1b:fe:de:22:90:ed:a1:ca:b5:
dc:22:98:f4:de:18:25:4a:dd:bf:9b:3c:98:3d:1d:6d:99:53:
ab:ca:09:a6:e9:7b:1f:93:d6:fe:8f:e8:39:2e:2a:d3:3c:17:
e1:57:0d:5b:94:96:3b:7a:2c:77:9a:9f:ae:84:b2:0b:52:82:
a4:c7:b5:3a
-----BEGIN CERTIFICATE-----
MIIGrTCCBZWgAwIBAgISAZcoZst31xYH2G6JdKKzyMtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwNTMxMjIxMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWU3OTMxNjc0MjU5OTljMzk0MTA2MDJiOWRkNDI2MWU5OTkxNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AZ+bjMIml7Zlxan1k3XGm/gz1oV
CMZZ1hH3k4rQjrFpobF+RFTIVDhrM+Qji4whborQwfL92jXDawr3odY6qG2RJr2+
iity3Fygn7MPWF4ewSZVNrHKFbO7FEwrc4QtuZBY3+2WSwgQKq6kAOzwzqlWv3Od
SjHaW/ZeL+hISkLU7uP70NOZWKxgzGBV4Ou1cJZjotrIrPMS+DADUQOTKtwF/eCj
OiqfFx4c+cjeeqVWnY7jCW+ta9Pbju26Ff0LixrZ1DmtVfaTzJ2+rl+dnDRv32ja
8fM5Ngux/ci2YoGYhXJNvylRXiS+oEioIVOpBCtKFB+iNDcjH42UcgZWywIDAQAB
o4IDuTCCA7UwHQYDVR0OBBYEFCHnkxZ0JZmcOUEGArndQmHpmRaaMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvSWVlVEZuUWxtWnc1UVFZQ3VkMUNZZW1aRnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzQYIKwYBBQUHAQcBAf8EggG8MIIBuDCCASoEAgABMIIB
IgMEAAW7IQMEACXrMAMEACXrMzAMAwQALZdJAwQALZdKAwQALZl/AwQALre7MAwD
BAFTrIYDBABTrIgDBABTrIoDBABTrJYDBABTrJ8DBAFT83gDBAFZH3gDBABZH3sw
DAMEA1ku6AMEAFku7AMEAVuEXAMEAFuEXwMEAFzzQAMEAF+czAMEAF+czwMEAWc5
+AMEAGc5+wMEAIb/0zAMAwQAlZqdAwQFlZqAAwQAl+wEMAwDBACX7A8DBACX7BIw
DAMEApfsFAMEAJfsFgMEAJfsGQMEAJ7/0DAMAwQAnv/VAwQDnv/QAwQAsH5jAwQA
uRrsAwQBuRruAwQBuUxOAwQAuXq7AwQAucEwAwQAucNAAwQAucNCAwQAvNYgAwQA
1bc3MIGHBAIAAjCBgAMHASoDD4AAMgMHACoDD4AAOQMHASoDD4AAQDASAwcCKgMP
gABEAwcBKgMPgABIAwcAKgMPgABhAwcAKgMPgABlAwcAKgMPgACBAwcAKgMPgANY
AwcAKgMPgAOBAwcAKgMPgAhSAwcAKgMPgAlxAwcAKgMPgEQWAwcAKgMPgO1RMA0G
CSqGSIb3DQEBCwUAA4IBAQC3Az2oopTIiHjuZNui+yxGZcGKdbRRGEr9QlHpuWOI
eouiYMrZeSnIs7i41qVSj5nU8YskVJSNzG9mr+UMdhdU66VeonAU+Z4mxZZfmL2w
j7OOaQNEXTQKQjzH0qgSenhUHCt8Krpg9qaEwcqhvBnYfhFFjoYJeShMvB6bBsm/
sLQg1aQu208g6dbWnugnjIJ/f1lv0+ZI5dm2CcmWy8rGPRGl7ZK8FjsSvmPeARUf
uiEyuAW8IaLn7YHncYIb/t4ikO2hyrXcIpj03hglSt2/mzyYPR1tmVOrygmm6Xsf
k9b+j+g5LirTPBfhVw1blJY7eix3mp+uhLILUoKkx7U6
-----END CERTIFICATE-----
Generated at Tue Jun 3 10:20:24 2025 by rpki-client