Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KnTbYMcQcAkjw5CDrSNHrSotPoU.roa
File: KnTbYMcQcAkjw5CDrSNHrSotPoU.roa (raw, json)
Hash identifier: 946ljZS2STjRmPKnG9d6bFWWnuZmZobjGLVQw5ZRLU4=
Subject key identifier: 2A:74:DB:60:C7:10:70:09:23:C3:90:83:AD:23:47:AD:2A:2D:3E:85
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 0197DC2C5653D4ECD40DAC263CCCCEFDBEC8
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KnTbYMcQcAkjw5CDrSNHrSotPoU.roa
Signing time: Sat 05 Jul 2025 19:59:42 +0000
ROA not before: Sat 05 Jul 2025 19:59:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62206
IP address blocks: 5.181.84.0/24 maxlen: 24
5.181.87.0/24 maxlen: 24
45.9.29.0/24 maxlen: 24
45.13.189.0/24 maxlen: 24
45.13.190.0/24 maxlen: 24
45.88.136.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
45.132.180.0/24 maxlen: 24
45.132.182.0/23 maxlen: 24
77.83.37.0/24 maxlen: 24
91.223.110.0/24 maxlen: 24
146.19.125.0/24 maxlen: 24
185.43.248.0/24 maxlen: 24
185.43.249.0/24 maxlen: 24
185.43.251.0/24 maxlen: 24
185.200.62.0/24 maxlen: 24
185.200.63.0/24 maxlen: 24
193.30.240.0/24 maxlen: 24
193.30.242.0/24 maxlen: 24
193.30.243.0/24 maxlen: 24
193.57.43.0/24 maxlen: 24
194.242.96.0/24 maxlen: 24
194.242.98.0/24 maxlen: 24
194.242.99.0/24 maxlen: 24
195.177.92.0/24 maxlen: 24
195.177.93.0/24 maxlen: 24
195.177.94.0/24 maxlen: 24
195.177.95.0/24 maxlen: 24
195.211.188.0/24 maxlen: 24
195.211.189.0/24 maxlen: 24
195.211.190.0/24 maxlen: 24
195.211.191.0/24 maxlen: 24
2a01:7120::/32 maxlen: 32
2a01:7120:7::/48 maxlen: 48
2a07:9200::/29 maxlen: 32
2a07:9201::/32 maxlen: 32
2a07:9206::/32 maxlen: 32
2a07:9207::/32 maxlen: 32
2a09:340::/32 maxlen: 32
2a09:342::/32 maxlen: 32
2a09:346::/32 maxlen: 32
2a09:c440::/32 maxlen: 32
2a0c:5d40::/32 maxlen: 32
2a0c:a580::/29 maxlen: 32
2a0c:a580::/32 maxlen: 32
2a0c:a581::/32 maxlen: 32
2a0c:a584::/32 maxlen: 32
2a0c:a586::/32 maxlen: 32
2a10:dfc0::/29 maxlen: 32
2a10:dfc0::/32 maxlen: 32
2a10:fac0::/32 maxlen: 32
2a11:580::/29 maxlen: 29
2a11:580::/32 maxlen: 32
2a11:1600::/32 maxlen: 32
2a11:2a80::/32 maxlen: 32
2a11:3900::/32 maxlen: 32
2a11:d680::/32 maxlen: 32
2a12:9f00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Jul 2025 22:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:dc:2c:56:53:d4:ec:d4:0d:ac:26:3c:cc:ce:fd:be:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Jul 5 19:59:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a74db60c710700923c39083ad2347ad2a2d3e85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:27:fd:ec:5a:93:9c:48:e3:e0:e6:a7:94:05:
9b:9b:12:bb:c5:83:b1:6b:57:c6:3a:c3:3c:93:b3:
4d:75:48:15:06:6d:ef:f1:e0:c6:05:94:91:1c:af:
7b:b9:a6:02:d7:b8:59:bd:49:f0:35:0c:2d:1b:f0:
c0:77:47:79:3d:25:2b:fd:7c:e4:02:34:4d:36:c3:
42:a3:19:27:c0:c2:c9:2a:e1:9f:2f:37:6a:90:2e:
b6:14:bb:99:e8:af:10:3a:90:5b:c4:10:cd:9a:ac:
29:39:98:a1:a1:bc:39:44:6f:be:a2:78:d8:99:5d:
72:f3:18:2e:50:e7:57:0a:31:56:bc:19:41:ce:a4:
6c:06:0c:c4:40:09:64:2d:f2:fd:28:e3:e8:bb:49:
c1:d7:e1:fd:19:9b:0b:e9:c8:b6:c1:4c:d0:27:f9:
ae:8b:28:d4:ee:85:ea:53:04:43:e2:29:be:40:12:
9c:55:ca:07:6a:31:86:88:43:5b:d8:52:6e:7a:fb:
d1:26:27:82:03:f6:ce:90:0f:cb:6c:b2:a8:a5:fe:
4b:d7:43:3e:73:a3:1d:cd:15:9e:0a:6e:b9:56:42:
5f:59:9a:26:cc:9c:85:49:de:c3:db:98:ce:91:c7:
7e:92:8b:31:68:08:a5:f9:ee:7d:c4:a0:e6:8c:88:
a5:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:74:DB:60:C7:10:70:09:23:C3:90:83:AD:23:47:AD:2A:2D:3E:85
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KnTbYMcQcAkjw5CDrSNHrSotPoU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.84.0/24
5.181.87.0/24
45.9.29.0/24
45.13.189.0-45.13.190.255
45.88.136.0/24
45.94.171.0/24
45.132.180.0/24
45.132.182.0/23
77.83.37.0/24
91.223.110.0/24
146.19.125.0/24
185.43.248.0/23
185.43.251.0/24
185.200.62.0/23
193.30.240.0/24
193.30.242.0/23
193.57.43.0/24
194.242.96.0/24
194.242.98.0/23
195.177.92.0/22
195.211.188.0/22
IPv6:
2a01:7120::/32
2a07:9200::/29
2a09:340::/32
2a09:342::/32
2a09:346::/32
2a09:c440::/32
2a0c:5d40::/32
2a0c:a580::/29
2a10:dfc0::/29
2a10:fac0::/32
2a11:580::/29
2a11:1600::/32
2a11:2a80::/32
2a11:3900::/32
2a11:d680::/32
2a12:9f00::/32
Signature Algorithm: sha256WithRSAEncryption
38:56:41:c5:13:b9:d8:28:d7:a5:47:aa:4a:8a:ed:c7:3b:4e:
fb:4b:48:e0:3c:87:d9:5a:ea:c0:09:69:84:3b:fe:7f:79:23:
76:a4:61:f0:6d:e8:be:96:3c:f0:65:32:0f:38:4c:36:45:58:
6e:c6:4c:de:d9:10:6c:da:01:ce:7a:30:f2:f8:0e:15:02:c2:
57:1d:8e:19:10:98:2b:7c:f0:0f:ed:01:ff:93:b5:72:de:e6:
71:58:9f:e3:bb:0c:57:52:50:43:f4:ab:b9:4c:d0:32:a3:2d:
e2:4b:ea:e3:64:d0:60:58:8c:68:43:81:f5:65:51:54:34:74:
cd:0f:b6:4f:21:ab:9f:20:d8:a2:d2:2b:13:55:0e:05:19:a7:
92:89:18:bc:fd:37:3b:be:17:47:08:70:8a:03:d7:63:b1:70:
48:df:cc:ea:3f:b5:89:90:9a:f6:0d:e3:3b:4a:7d:5b:ea:ec:
0b:d5:a9:13:bf:92:f3:67:54:cf:82:f4:40:20:f8:3d:25:53:
e8:1a:23:8d:75:f5:7c:fa:38:6b:34:db:52:b5:9f:0a:84:a5:
b5:29:83:c6:eb:4e:fa:4b:55:4e:8f:db:f5:05:20:9c:af:79:
9f:92:9d:17:b5:62:5f:88:90:42:7e:d2:06:c0:52:0b:b9:b5:
91:6b:3d:6a
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISAZfcLFZT1OzUDawmPMzO/b7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNzA1MTk1OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc0ZGI2MGM3MTA3MDA5MjNjMzkwODNhZDIzNDdhZDJhMmQzZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSf97FqTnEjj4OanlAWbmxK7xYOx
a1fGOsM8k7NNdUgVBm3v8eDGBZSRHK97uaYC17hZvUnwNQwtG/DAd0d5PSUr/Xzk
AjRNNsNCoxknwMLJKuGfLzdqkC62FLuZ6K8QOpBbxBDNmqwpOZihobw5RG++onjY
mV1y8xguUOdXCjFWvBlBzqRsBgzEQAlkLfL9KOPou0nB1+H9GZsL6ci2wUzQJ/mu
iyjU7oXqUwRD4im+QBKcVcoHajGGiENb2FJuevvRJieCA/bOkA/LbLKopf5L10M+
c6MdzRWeCm65VkJfWZomzJyFSd7D25jOkcd+kosxaAil+e59xKDmjIilxQIDAQAB
o4IDCTCCAwUwHQYDVR0OBBYEFCp022DHEHAJI8OQg60jR60qLT6FMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvS25UYllNY1FjQWtqdzVDRHJTTkhyU290UG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHQYIKwYBBQUHAQcBAf8EggEMMIIBCDCBjQQCAAEwgYYD
BAAFtVQDBAAFtVcDBAAtCR0wDAMEAC0NvQMEAC0NvgMEAC1YiAMEAC1eqwMEAC2E
tAMEAS2EtgMEAE1TJQMEAFvfbgMEAJITfQMEAbkr+AMEALkr+wMEAbnIPgMEAMEe
8AMEAcEe8gMEAME5KwMEAMLyYAMEAcLyYgMEAsOxXAMEAsPTvDB2BAIAAjBwAwUA
KgFxIAMFAyoHkgADBQAqCQNAAwUAKgkDQgMFACoJA0YDBQAqCcRAAwUAKgxdQAMF
AyoMpYADBQMqEN/AAwUAKhD6wAMFAyoRBYADBQAqERYAAwUAKhEqgAMFACoROQAD
BQAqEdaAAwUAKhKfADANBgkqhkiG9w0BAQsFAAOCAQEAOFZBxRO52CjXpUeqSort
xztO+0tI4DyH2VrqwAlphDv+f3kjdqRh8G3ovpY88GUyDzhMNkVYbsZM3tkQbNoB
znow8vgOFQLCVx2OGRCYK3zwD+0B/5O1ct7mcVif47sMV1JQQ/SruUzQMqMt4kvq
42TQYFiMaEOB9WVRVDR0zQ+2TyGrnyDYotIrE1UOBRmnkokYvP03O74XRwhwigPX
Y7FwSN/M6j+1iZCa9g3jO0p9W+rsC9WpE7+S82dUz4L0QCD4PSVT6BojjXX1fPo4
azTbUrWfCoSltSmDxutO+ktVTo/b9QUgnK95n5KdF7ViX4iQQn7SBsBSC7m1kWs9
ag==
-----END CERTIFICATE-----
Generated at Mon Jul 7 01:08:45 2025 by rpki-client