Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enyvkgn3RUCa04cDVJ-gdeliV1A.roa
File: Enyvkgn3RUCa04cDVJ-gdeliV1A.roa (raw, json)
Hash identifier: xQ9p3txs6GWKUFjqyIWju/DikEtLj3Iuh86XLpBOnSQ=
Subject key identifier: 12:7C:AF:92:09:F7:45:40:9A:D3:87:03:54:9F:A0:75:E9:62:57:50
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 01963DB0F92B4F4A9C049E879F7F16F4DBF6
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enyvkgn3RUCa04cDVJ-gdeliV1A.roa
Signing time: Wed 16 Apr 2025 08:22:10 +0000
ROA not before: Wed 16 Apr 2025 08:22:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8359
IP address blocks: 5.144.96.0/19 maxlen: 19
5.144.125.0/24 maxlen: 24
5.189.208.0/21 maxlen: 21
31.40.112.0/20 maxlen: 20
37.208.120.0/21 maxlen: 21
62.118.0.0/16 maxlen: 24
62.168.224.0/19 maxlen: 19
79.171.115.0/24 maxlen: 24
80.80.96.0/19 maxlen: 19
80.83.237.0/24 maxlen: 24
81.91.32.0/19 maxlen: 19
81.91.41.0/24 maxlen: 24
81.195.0.0/16 maxlen: 24
82.96.192.0/18 maxlen: 18
83.237.0.0/16 maxlen: 16
85.140.0.0/15 maxlen: 24
85.235.32.0/19 maxlen: 19
89.175.0.0/16 maxlen: 16
89.175.248.0/21 maxlen: 21
91.76.0.0/14 maxlen: 14
92.43.184.0/21 maxlen: 21
93.90.224.0/20 maxlen: 20
93.90.224.0/22 maxlen: 22
94.77.128.0/18 maxlen: 18
94.77.144.0/22 maxlen: 22
94.140.128.0/19 maxlen: 19
94.243.5.0/24 maxlen: 24
95.153.136.0/22 maxlen: 22
95.169.128.0/19 maxlen: 19
109.198.224.0/19 maxlen: 19
141.105.24.0/21 maxlen: 21
176.222.17.0/24 maxlen: 24
178.141.0.0/16 maxlen: 16
178.155.0.0/17 maxlen: 17
178.155.48.0/22 maxlen: 22
178.159.16.0/20 maxlen: 20
185.168.236.0/22 maxlen: 22
193.104.128.0/24 maxlen: 24
193.189.68.0/23 maxlen: 23
194.126.203.0/24 maxlen: 24
195.34.0.0/19 maxlen: 19
195.34.15.0/24 maxlen: 24
195.34.32.0/19 maxlen: 19
195.34.36.0/24 maxlen: 24
195.34.38.0/24 maxlen: 24
195.34.42.0/24 maxlen: 24
212.188.0.0/17 maxlen: 17
212.188.1.0/24 maxlen: 24
212.188.16.0/24 maxlen: 24
212.188.29.0/24 maxlen: 24
213.27.0.0/17 maxlen: 17
213.87.0.0/16 maxlen: 16
213.87.64.0/22 maxlen: 22
213.87.70.0/23 maxlen: 23
213.87.76.0/23 maxlen: 23
213.87.80.0/20 maxlen: 20
213.87.98.0/23 maxlen: 23
213.87.100.0/24 maxlen: 24
213.87.104.0/24 maxlen: 24
213.87.105.0/24 maxlen: 24
213.87.106.0/23 maxlen: 23
213.87.128.0/19 maxlen: 19
213.87.160.0/22 maxlen: 22
213.87.200.0/22 maxlen: 22
213.87.204.0/22 maxlen: 22
213.87.208.0/23 maxlen: 23
213.87.210.0/23 maxlen: 23
213.87.240.0/22 maxlen: 22
213.87.244.0/23 maxlen: 23
213.87.246.0/24 maxlen: 24
213.87.248.0/22 maxlen: 22
213.147.32.0/19 maxlen: 19
213.176.228.0/22 maxlen: 22
217.74.244.0/22 maxlen: 22
217.74.248.0/21 maxlen: 21
2a00:1fa0::/29 maxlen: 29
2a00:1fa0::/33 maxlen: 33
2a00:1fa0:8000::/33 maxlen: 33
2a00:1fa1::/33 maxlen: 33
2a00:1fa2::/33 maxlen: 33
2a00:1fa3::/33 maxlen: 33
2a00:1fa3:8000::/40 maxlen: 40
2a02:28::/29 maxlen: 29
2a02:28::/32 maxlen: 32
2a02:28:1::/48 maxlen: 48
2a02:28:a::/48 maxlen: 48
2a02:29::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Apr 2025 20:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:3d:b0:f9:2b:4f:4a:9c:04:9e:87:9f:7f:16:f4:db:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Apr 16 08:22:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=127caf9209f745409ad38703549fa075e9625750
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:28:bc:e9:c1:e9:b8:67:c6:30:1f:24:9c:16:
98:70:e3:69:9f:16:68:f4:c9:ba:74:3c:02:e8:7a:
8a:a9:55:8d:79:d4:76:df:bd:54:80:38:a1:8a:cf:
1f:66:0a:28:cf:e2:44:66:01:7d:e3:d2:7c:07:d9:
8b:4f:da:dd:b1:8c:c2:4c:cf:1e:45:68:d7:81:59:
4e:cd:c0:c1:14:d8:c8:24:b8:87:89:49:ee:c0:ae:
53:0b:a7:09:76:3e:da:3e:10:f4:ee:00:d6:ad:e6:
6a:c4:29:d2:8a:20:b7:26:66:4c:fd:53:18:3f:8b:
65:59:8c:9c:99:d7:4b:68:92:84:f0:c5:51:f9:2e:
7f:1f:c2:2f:60:04:75:fa:96:a9:b3:30:85:b3:b7:
44:52:31:69:e1:f4:17:91:e3:69:f3:f1:15:b5:58:
9a:28:b8:70:12:a6:cd:5e:60:c9:d7:54:16:45:0d:
c8:b9:5f:e0:0c:be:5b:6d:15:66:a2:7d:6b:ac:05:
66:97:3e:59:8b:38:4c:79:52:91:cb:46:5d:0a:a6:
a4:dd:22:6f:5f:e1:87:02:37:9b:08:3c:81:10:fb:
7c:01:d5:79:fb:c2:9d:88:4e:12:57:78:a6:1d:fc:
49:3a:38:44:94:fc:74:dc:ac:26:8d:c1:18:a9:6a:
b5:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:7C:AF:92:09:F7:45:40:9A:D3:87:03:54:9F:A0:75:E9:62:57:50
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Enyvkgn3RUCa04cDVJ-gdeliV1A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.144.96.0/19
5.189.208.0/21
31.40.112.0/20
37.208.120.0/21
62.118.0.0/16
62.168.224.0/19
79.171.115.0/24
80.80.96.0/19
80.83.237.0/24
81.91.32.0/19
81.195.0.0/16
82.96.192.0/18
83.237.0.0/16
85.140.0.0/15
85.235.32.0/19
89.175.0.0/16
91.76.0.0/14
92.43.184.0/21
93.90.224.0/20
94.77.128.0/18
94.140.128.0/19
94.243.5.0/24
95.153.136.0/22
95.169.128.0/19
109.198.224.0/19
141.105.24.0/21
176.222.17.0/24
178.141.0.0/16
178.155.0.0/17
178.159.16.0/20
185.168.236.0/22
193.104.128.0/24
193.189.68.0/23
194.126.203.0/24
195.34.0.0/18
212.188.0.0/17
213.27.0.0/17
213.87.0.0/16
213.147.32.0/19
213.176.228.0/22
217.74.244.0-217.74.255.255
IPv6:
2a00:1fa0::/29
2a02:28::/29
Signature Algorithm: sha256WithRSAEncryption
73:09:4f:6f:c1:4e:65:72:ab:25:70:7e:ec:62:89:8a:b4:66:
22:93:62:05:77:d2:dd:22:f2:a1:dd:55:d2:b2:09:75:1f:72:
47:f1:69:b2:77:99:26:67:91:30:8a:41:99:ac:15:84:33:b1:
4b:c9:fe:06:86:0d:48:80:07:ad:5c:e5:e2:e1:f2:74:8b:df:
eb:3d:0a:ac:72:1d:d5:47:09:fc:17:8d:54:c8:0e:ba:31:e2:
c2:3e:ec:fb:8e:6a:09:f8:96:57:47:bc:66:3e:e3:c5:1a:fb:
2e:b6:c8:d3:2e:b0:eb:34:15:b9:b5:be:e0:9a:3e:98:c4:23:
87:42:99:92:90:41:71:fd:ef:4b:0a:9a:95:b5:4c:f1:d1:ff:
a8:90:21:7b:45:50:4e:51:d8:c3:0d:28:10:95:6d:0b:c9:0d:
9d:f6:60:3f:15:bc:76:06:26:d1:f3:b4:66:b0:b6:5f:aa:d4:
13:c4:db:08:3c:55:77:b7:96:b4:6f:0a:ba:bb:dc:61:ac:d5:
a8:58:34:77:f1:e9:4c:de:2b:dc:0e:7c:fe:2c:77:a6:95:54:
94:e5:b3:16:e4:fe:7a:6b:e7:2d:c2:84:ed:3b:99:fe:a6:b3:
87:11:3c:c7:6a:e7:94:0a:df:d5:06:a2:82:9c:28:27:ab:b8:
17:34:68:3c
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAZY9sPkrT0qcBJ6Hn38W9Nv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNDE2MDgyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjdjYWY5MjA5Zjc0NTQwOWFkMzg3MDM1NDlmYTA3NWU5NjI1NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCi86cHpuGfGMB8knBaYcONpnxZo
9Mm6dDwC6HqKqVWNedR2371UgDihis8fZgooz+JEZgF949J8B9mLT9rdsYzCTM8e
RWjXgVlOzcDBFNjIJLiHiUnuwK5TC6cJdj7aPhD07gDWreZqxCnSiiC3JmZM/VMY
P4tlWYycmddLaJKE8MVR+S5/H8IvYAR1+papszCFs7dEUjFp4fQXkeNp8/EVtVia
KLhwEqbNXmDJ11QWRQ3IuV/gDL5bbRVmon1rrAVmlz5ZizhMeVKRy0ZdCqak3SJv
X+GHAjebCDyBEPt8AdV5+8KdiE4SV3imHfxJOjhElPx03KwmjcEYqWq1gwIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFBJ8r5IJ90VAmtOHA1SfoHXpYldQMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvRW55dmtnbjNSVUNhMDRjRFZKLWdkZWxpVjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKgYIKwYBBQUHAQcBAf8EggEZMIIBFTCB/AQCAAEwgfUD
BAUFkGADBAMFvdADBAQfKHADBAMl0HgDAwA+dgMEBT6o4AMEAE+rcwMEBVBQYAME
AFBT7QMEBVFbIAMDAFHDAwQGUmDAAwMAU+0DAwFVjAMEBVXrIAMDAFmvAwMCW0wD
BANcK7gDBARdWuADBAZeTYADBAVejIADBABe8wUDBAJfmYgDBAVfqYADBAVtxuAD
BAONaRgDBACw3hEDAwCyjQMEB7KbAAMEBLKfEAMEArmo7AMEAMFogAMEAcG9RAME
AMJ+ywMEBsMiAAMEB9S8AAMEB9UbAAMDANVXAwQF1ZMgAwQC1bDkMAsDBALZSvQD
AwDZSjAUBAIAAjAOAwUDKgAfoAMFAyoCACgwDQYJKoZIhvcNAQELBQADggEBAHMJ
T2/BTmVyqyVwfuxiiYq0ZiKTYgV30t0i8qHdVdKyCXUfckfxabJ3mSZnkTCKQZms
FYQzsUvJ/gaGDUiAB61c5eLh8nSL3+s9CqxyHdVHCfwXjVTIDrox4sI+7PuOagn4
lldHvGY+48Ua+y62yNMusOs0Fbm1vuCaPpjEI4dCmZKQQXH970sKmpW1TPHR/6iQ
IXtFUE5R2MMNKBCVbQvJDZ32YD8VvHYGJtHztGawtl+q1BPE2wg8VXe3lrRvCrq7
3GGs1ahYNHfx6UzeK9wOfP4sd6aVVJTlsxbk/npr5y3ChO07mf6ms4cRPMdq55QK
39UGooKcKCeruBc0aDw=
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:46:18 2025 by rpki-client