Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/ck-X2BfQ9kaJsQaa7rG7LeZYXCw.roa
File: ck-X2BfQ9kaJsQaa7rG7LeZYXCw.roa (raw, json)
Hash identifier: Vx8Qp2RSKtofWMLQTgGJh1cPfywMtoxWpA5K76Nqi/E=
Subject key identifier: 72:4F:97:D8:17:D0:F6:46:89:B1:06:9A:EE:B1:BB:2D:E6:58:5C:2C
Certificate issuer: /CN=05bcde319a3dca2cf6744d2881ca91b83db9bdea
Certificate serial: 01941FFAA3D4DD0F9522C6866282C6C47457
Authority key identifier: 05:BC:DE:31:9A:3D:CA:2C:F6:74:4D:28:81:CA:91:B8:3D:B9:BD:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbzeMZo9yiz2dE0ogcqRuD25veo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/ck-X2BfQ9kaJsQaa7rG7LeZYXCw.roa
Signing time: Wed 01 Jan 2025 03:48:27 +0000
ROA not before: Wed 01 Jan 2025 03:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60187
IP address blocks: 5.150.64.0/24 maxlen: 24
5.150.65.0/24 maxlen: 24
5.150.66.0/24 maxlen: 24
5.150.67.0/24 maxlen: 24
5.150.68.0/24 maxlen: 24
5.150.69.0/24 maxlen: 24
5.150.70.0/24 maxlen: 24
5.150.71.0/24 maxlen: 24
5.150.74.0/24 maxlen: 24
5.150.76.0/24 maxlen: 24
5.150.80.0/20 maxlen: 20
5.150.96.0/22 maxlen: 22
5.150.100.0/22 maxlen: 22
5.150.104.0/22 maxlen: 22
5.150.108.0/22 maxlen: 22
5.150.112.0/22 maxlen: 22
5.150.116.0/22 maxlen: 22
5.150.120.0/22 maxlen: 22
5.150.124.0/22 maxlen: 22
171.33.192.0/21 maxlen: 21
171.33.192.0/22 maxlen: 22
171.33.196.0/22 maxlen: 22
171.33.200.0/21 maxlen: 21
171.33.208.0/21 maxlen: 21
171.33.216.0/21 maxlen: 21
2a02:af40::/29 maxlen: 29
2a02:af40::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/BbzeMZo9yiz2dE0ogcqRuD25veo.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/BbzeMZo9yiz2dE0ogcqRuD25veo.mft
rsync://rpki.ripe.net/repository/DEFAULT/BbzeMZo9yiz2dE0ogcqRuD25veo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 23:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:a3:d4:dd:0f:95:22:c6:86:62:82:c6:c4:74:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05bcde319a3dca2cf6744d2881ca91b83db9bdea
Validity
Not Before: Jan 1 03:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=724f97d817d0f64689b1069aeeb1bb2de6585c2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b5:a2:71:ce:0a:df:2b:d2:e3:9c:12:34:74:
07:6f:90:aa:a6:09:71:63:e2:9b:17:b7:31:fc:ac:
ea:77:97:37:f3:ca:66:70:9e:7e:c9:41:62:5d:6f:
f8:c6:45:b4:7b:8c:48:7c:d1:d7:04:27:a3:2a:93:
fb:59:04:31:3b:87:74:55:6c:ac:48:67:a2:dd:39:
26:e9:d2:d9:5f:7c:19:24:f4:bd:ab:df:e2:c9:48:
ff:4a:b0:0b:9b:84:ea:be:fd:09:68:37:96:3e:4b:
db:fc:1b:df:a7:4b:d0:18:4d:6a:6a:33:39:56:66:
82:12:83:b0:c8:7e:9c:67:43:a1:2d:5b:b1:75:32:
5d:3f:38:90:01:0d:1f:da:f4:09:ff:79:fa:94:35:
7b:c1:11:7d:d1:f9:e6:a1:c8:50:f9:ec:08:36:78:
5d:bd:5c:42:f6:4a:af:d8:18:df:f2:b7:9d:b3:e2:
bf:67:46:a0:61:15:df:8a:eb:a2:79:63:bc:7b:49:
2a:7c:a7:78:d1:bc:0c:18:a7:82:81:16:31:dc:85:
7e:8a:49:df:56:97:67:6d:f3:99:be:99:d6:55:e7:
4f:3a:fa:b6:17:20:6c:a1:69:29:65:a3:30:0d:4d:
44:6f:1f:ea:ad:1c:a3:05:56:7d:3d:0f:1a:fe:24:
e6:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:4F:97:D8:17:D0:F6:46:89:B1:06:9A:EE:B1:BB:2D:E6:58:5C:2C
X509v3 Authority Key Identifier:
keyid:05:BC:DE:31:9A:3D:CA:2C:F6:74:4D:28:81:CA:91:B8:3D:B9:BD:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbzeMZo9yiz2dE0ogcqRuD25veo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/ck-X2BfQ9kaJsQaa7rG7LeZYXCw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ed28d5-78d3-45e2-a7d3-6867c4ae3161/1/BbzeMZo9yiz2dE0ogcqRuD25veo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.150.64.0/21
5.150.74.0/24
5.150.76.0/24
5.150.80.0-5.150.127.255
171.33.192.0/19
IPv6:
2a02:af40::/29
Signature Algorithm: sha256WithRSAEncryption
8a:97:6d:62:39:16:63:9d:c6:e5:6e:59:3a:ee:c6:71:59:ad:
4c:ee:fd:6a:b1:e2:91:ca:ed:d6:00:63:a9:fe:23:0a:f4:3e:
50:e6:e4:2b:37:aa:79:44:63:b6:9d:ef:3e:a2:7a:2b:91:f8:
d8:8f:1f:db:cb:cb:1f:45:21:1e:47:28:9a:e7:6d:c0:b6:60:
ae:a8:37:e4:5e:58:ff:f2:86:19:b2:66:b8:7e:8d:89:68:0e:
ae:be:ca:2d:b1:ee:86:e3:d5:65:5b:4b:f9:83:a1:10:15:42:
45:57:8a:22:21:d1:db:1d:83:93:24:bf:06:00:09:3b:85:8c:
75:3d:95:7c:93:22:53:0e:68:ac:9f:d4:60:90:14:b4:66:f3:
99:27:f7:2b:83:d6:ea:7d:f5:89:66:14:f3:8e:9c:fe:75:a1:
d6:dc:92:f0:f0:c1:f1:dc:38:8c:fb:e9:ac:3d:ee:86:44:63:
e4:34:57:fe:a3:24:d7:ab:3f:f2:f5:8a:ca:aa:4f:d5:75:e3:
d5:af:ed:59:46:1c:98:a6:a0:7c:4a:3d:19:f4:a3:e3:4a:2f:
41:68:5d:e5:5d:31:29:a0:91:fc:ce:76:f4:6e:e0:04:57:06:
cd:f4:10:01:6e:41:ff:bf:b9:91:a2:5e:d0:17:52:b1:3e:3c:
9c:9b:e8:e3
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQf+qPU3Q+VIsaGYoLGxHRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmNkZTMxOWEzZGNhMmNmNjc0NGQyODgxY2E5MWI4M2Ri
OWJkZWEwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRmOTdkODE3ZDBmNjQ2ODliMTA2OWFlZWIxYmIyZGU2NTg1YzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrWicc4K3yvS45wSNHQHb5Cqpglx
Y+KbF7cx/Kzqd5c388pmcJ5+yUFiXW/4xkW0e4xIfNHXBCejKpP7WQQxO4d0VWys
SGei3Tkm6dLZX3wZJPS9q9/iyUj/SrALm4Tqvv0JaDeWPkvb/Bvfp0vQGE1qajM5
VmaCEoOwyH6cZ0OhLVuxdTJdPziQAQ0f2vQJ/3n6lDV7wRF90fnmochQ+ewINnhd
vVxC9kqv2Bjf8reds+K/Z0agYRXfiuuieWO8e0kqfKd40bwMGKeCgRYx3IV+iknf
VpdnbfOZvpnWVedPOvq2FyBsoWkpZaMwDU1Ebx/qrRyjBVZ9PQ8a/iTmkQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFHJPl9gX0PZGibEGmu6xuy3mWFwsMB8GA1UdIwQY
MBaAFAW83jGaPcos9nRNKIHKkbg9ub3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJ6ZU1abzl5aXoyZEUwb2djcVJ1RDI1dmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9lZDI4ZDUtNzhkMy00NWUyLWE3ZDMt
Njg2N2M0YWUzMTYxLzEvY2stWDJCZlE5a2FKc1FhYTdyRzdMZVpZWEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9lZDI4ZDUtNzhkMy00NWUyLWE3ZDMtNjg2N2M0YWUzMTYx
LzEvQmJ6ZU1abzl5aXoyZEUwb2djcVJ1RDI1dmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQDBZZAAwQA
BZZKAwQABZZMMAwDBAQFllADBAcFlgADBAWrIcAwDQQCAAIwBwMFAyoCr0AwDQYJ
KoZIhvcNAQELBQADggEBAIqXbWI5FmOdxuVuWTruxnFZrUzu/Wqx4pHK7dYAY6n+
Iwr0PlDm5Cs3qnlEY7ad7z6ieiuR+NiPH9vLyx9FIR5HKJrnbcC2YK6oN+ReWP/y
hhmyZrh+jYloDq6+yi2x7obj1WVbS/mDoRAVQkVXiiIh0dsdg5MkvwYACTuFjHU9
lXyTIlMOaKyf1GCQFLRm85kn9yuD1up99YlmFPOOnP51odbckvDwwfHcOIz76aw9
7oZEY+Q0V/6jJNerP/L1isqqT9V149Wv7VlGHJimoHxKPRn0o+NKL0FoXeVdMSmg
kfzOdvRu4ARXBs30EAFuQf+/uZGiXtAXUrE+PJyb6OM=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:42:52 2025 by rpki-client