Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/XLQiBV_ri1fMksGmND_AktarMBc.roa
File: XLQiBV_ri1fMksGmND_AktarMBc.roa (raw, json)
Hash identifier: 9x4BHRNiA66EHCHdbrUK+jieemen0Xw/2jV5fxKC3uk=
Subject key identifier: 5C:B4:22:05:5F:EB:8B:57:CC:92:C1:A6:34:3F:C0:92:D6:AB:30:17
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 0197350435BAF5AD0DA7B459FD79C04B4042
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/XLQiBV_ri1fMksGmND_AktarMBc.roa
Signing time: Tue 03 Jun 2025 08:59:17 +0000
ROA not before: Tue 03 Jun 2025 08:59:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 37.49.145.0/24 maxlen: 24
37.49.151.0/24 maxlen: 24
94.74.147.0/24 maxlen: 24
94.74.157.0/24 maxlen: 24
94.74.168.0/24 maxlen: 24
109.203.160.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:35:04:35:ba:f5:ad:0d:a7:b4:59:fd:79:c0:4b:40:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Jun 3 08:59:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5cb422055feb8b57cc92c1a6343fc092d6ab3017
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:73:9a:a0:45:f0:93:d7:ce:61:61:04:59:d8:
fa:e2:aa:b3:92:71:9a:31:d3:3c:67:9f:c8:5d:b5:
03:39:b8:35:e8:63:15:f0:ec:1f:4e:60:4b:d3:1a:
1d:8f:7d:0c:f0:7b:f3:0c:d2:0d:17:9f:e8:a1:53:
ae:c0:d7:4c:91:6b:14:81:ed:e7:33:ba:91:55:4e:
88:78:33:d2:39:0d:69:52:1b:d6:cf:6b:4b:4b:df:
fe:42:76:4f:57:dc:d3:38:d6:7c:2b:a0:23:c8:27:
4b:a7:b8:76:14:ab:92:c7:aa:c8:00:3e:b3:a8:9d:
c6:d9:18:a6:c2:8d:78:d2:bd:6a:08:aa:88:31:30:
42:54:60:ea:41:97:66:99:a6:9d:9d:16:a7:11:06:
2b:32:82:7e:4d:fa:ca:4e:cf:cc:ea:29:be:b7:0f:
2b:46:62:c6:67:ab:36:84:0f:c7:89:77:1e:e6:4b:
2a:db:9b:87:bb:91:7e:cb:8d:c5:9c:b1:43:d4:fb:
27:cb:91:ab:86:77:36:af:1e:6f:14:d6:d9:10:6b:
7c:72:5c:1e:ff:31:34:43:fc:cf:27:e1:f2:b6:aa:
9e:0d:1f:05:eb:cc:0e:10:07:b3:28:33:72:94:eb:
8d:8b:d7:dd:c4:32:c5:7d:98:d3:dd:2a:6d:3e:4a:
17:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:B4:22:05:5F:EB:8B:57:CC:92:C1:A6:34:3F:C0:92:D6:AB:30:17
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/XLQiBV_ri1fMksGmND_AktarMBc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.145.0/24
37.49.151.0/24
94.74.147.0/24
94.74.157.0/24
94.74.168.0/24
109.203.160.0/24
Signature Algorithm: sha256WithRSAEncryption
23:1b:d6:4c:97:e5:b2:e7:88:e9:36:5e:08:df:be:4c:11:6f:
92:71:56:41:46:f1:55:fe:0c:f2:a0:9e:d9:10:d2:5a:a3:e2:
60:ce:b2:12:d4:81:36:98:5c:1f:4a:30:1c:e7:48:22:34:61:
9e:b5:89:1c:a9:34:39:14:1a:76:cc:20:54:ca:26:4e:d8:fb:
4d:a5:9c:fc:d0:09:56:56:e8:21:cf:92:d4:08:b9:94:07:cc:
77:6c:45:ce:e2:24:8e:43:07:d3:a1:95:39:cb:b4:0d:ff:ae:
55:21:32:c9:e4:e7:51:60:95:63:f5:96:7b:c4:cb:ce:dd:58:
62:53:72:d9:e6:60:2b:d1:8b:3a:7e:33:77:c8:73:bf:e2:b0:
9f:d6:57:53:d1:71:62:a2:0b:96:3d:25:69:b2:2b:0b:a6:ef:
3f:8f:96:cf:04:68:5a:64:fa:d0:12:99:b7:0a:3e:c3:c1:48:
a1:2f:f2:1a:e9:82:d2:90:b2:d8:8f:2c:6d:ef:a1:68:19:01:
ef:39:98:79:01:bf:74:25:bd:e3:70:88:c0:f7:50:e6:73:f2:
68:d7:2d:95:fa:53:17:4b:6b:77:e6:f7:b2:f1:b5:c5:f5:d6:
d5:36:d2:91:06:51:04:df:36:0b:6c:b7:af:a3:36:c7:02:ff:
51:83:fd:69
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZc1BDW69a0Np7RZ/XnAS0BCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNjAzMDg1OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2I0MjIwNTVmZWI4YjU3Y2M5MmMxYTYzNDNmYzA5MmQ2YWIzMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3OaoEXwk9fOYWEEWdj64qqzknGa
MdM8Z5/IXbUDObg16GMV8OwfTmBL0xodj30M8HvzDNINF5/ooVOuwNdMkWsUge3n
M7qRVU6IeDPSOQ1pUhvWz2tLS9/+QnZPV9zTONZ8K6AjyCdLp7h2FKuSx6rIAD6z
qJ3G2Rimwo140r1qCKqIMTBCVGDqQZdmmaadnRanEQYrMoJ+TfrKTs/M6im+tw8r
RmLGZ6s2hA/HiXce5ksq25uHu5F+y43FnLFD1Psny5Grhnc2rx5vFNbZEGt8clwe
/zE0Q/zPJ+HytqqeDR8F68wOEAezKDNylOuNi9fdxDLFfZjT3SptPkoXYwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFy0IgVf64tXzJLBpjQ/wJLWqzAXMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvWExRaUJWX3JpMWZNa3NHbU5EX0FrdGFyTUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJTGRAwQA
JTGXAwQAXkqTAwQAXkqdAwQAXkqoAwQAbcugMA0GCSqGSIb3DQEBCwUAA4IBAQAj
G9ZMl+Wy54jpNl4I375MEW+ScVZBRvFV/gzyoJ7ZENJao+JgzrIS1IE2mFwfSjAc
50giNGGetYkcqTQ5FBp2zCBUyiZO2PtNpZz80AlWVughz5LUCLmUB8x3bEXO4iSO
QwfToZU5y7QN/65VITLJ5OdRYJVj9ZZ7xMvO3VhiU3LZ5mAr0Ys6fjN3yHO/4rCf
1ldT0XFioguWPSVpsisLpu8/j5bPBGhaZPrQEpm3Cj7DwUihL/Ia6YLSkLLYjyxt
76FoGQHvOZh5Ab90Jb3jcIjA91Dmc/Jo1y2V+lMXS2t35vey8bXF9dbVNtKRBlEE
3zYLbLevozbHAv9Rg/1p
-----END CERTIFICATE-----
Generated at Sat Jun 7 16:11:35 2025 by rpki-client