Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1kiFOzSUYK3pcMeNGPSk3j4Tzsg.roa
File: 1kiFOzSUYK3pcMeNGPSk3j4Tzsg.roa (raw, json)
Hash identifier: vMMj9ST74YlPNcRgppnnEZwNxejYhCE+D5UgkKQqDFA=
Subject key identifier: D6:48:85:3B:34:94:60:AD:E9:70:C7:8D:18:F4:A4:DE:3E:13:CE:C8
Certificate issuer: /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial: 0196F1A53495B9288BF7D939DDCE577B9935
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1kiFOzSUYK3pcMeNGPSk3j4Tzsg.roa
Signing time: Wed 21 May 2025 07:00:58 +0000
ROA not before: Wed 21 May 2025 07:00:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56882
IP address blocks: 37.209.160.0/21 maxlen: 21
45.252.236.0/22 maxlen: 22
46.251.252.0/23 maxlen: 23
46.251.254.0/23 maxlen: 23
84.236.154.0/24 maxlen: 24
84.236.156.0/24 maxlen: 24
84.236.157.0/24 maxlen: 24
84.236.158.0/24 maxlen: 24
91.228.91.0/24 maxlen: 24
103.82.48.0/22 maxlen: 22
115.42.52.0/22 maxlen: 22
168.245.196.0/23 maxlen: 23
185.59.64.0/24 maxlen: 24
185.59.65.0/24 maxlen: 24
185.59.66.0/24 maxlen: 24
185.59.67.0/24 maxlen: 24
185.130.152.0/22 maxlen: 22
185.193.8.0/22 maxlen: 22
188.227.128.0/19 maxlen: 19
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 11:24:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f1:a5:34:95:b9:28:8b:f7:d9:39:dd:ce:57:7b:99:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Validity
Not Before: May 21 07:00:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d648853b349460ade970c78d18f4a4de3e13cec8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3b:47:a7:ad:8e:53:77:93:8f:93:11:59:87:
bb:04:d2:eb:b6:8e:17:57:40:9c:18:20:89:24:99:
25:76:e3:28:47:5e:b5:f8:d5:49:4e:74:c0:d7:d8:
c8:84:2c:aa:0d:9a:9c:b0:2f:03:f6:49:be:1a:9c:
e0:fb:63:2d:1b:02:e2:60:1c:60:7c:87:c5:b3:52:
89:e9:70:ab:72:f7:b1:58:f1:09:f3:7b:5e:32:40:
01:5b:44:81:d6:d5:75:10:23:ef:2e:55:bc:5d:fa:
17:07:06:ed:50:72:43:97:55:48:fd:c1:77:83:dd:
8d:5b:24:8c:19:7d:7b:b9:60:70:fa:40:e0:69:7d:
e0:74:3b:7a:e2:ff:e1:f6:6a:fd:d0:99:df:30:1c:
e8:9e:a5:e5:af:ef:86:0c:e2:d3:c0:06:a2:b0:6d:
e4:94:1c:ec:6c:40:0f:1c:bf:8e:21:75:5e:7c:f1:
ee:ab:ef:d8:43:0c:07:d3:00:c4:ce:48:7a:ec:1e:
80:5d:b8:8e:a2:f5:13:07:4a:b6:7c:7b:c7:76:1f:
0f:8a:38:1e:4e:b6:91:51:45:c0:df:d1:c5:55:88:
ec:9b:b1:a0:5e:b1:b9:c0:fb:f2:4f:28:a9:9f:65:
0c:bf:60:92:17:98:7d:6a:fb:76:9d:e9:19:58:67:
53:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:48:85:3B:34:94:60:AD:E9:70:C7:8D:18:F4:A4:DE:3E:13:CE:C8
X509v3 Authority Key Identifier:
keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/1kiFOzSUYK3pcMeNGPSk3j4Tzsg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.160.0/21
45.252.236.0/22
46.251.252.0/22
84.236.154.0/24
84.236.156.0-84.236.158.255
91.228.91.0/24
103.82.48.0/22
115.42.52.0/22
168.245.196.0/23
185.59.64.0/22
185.130.152.0/22
185.193.8.0/22
188.227.128.0/19
Signature Algorithm: sha256WithRSAEncryption
cf:81:13:aa:45:66:4c:48:da:86:3d:fe:04:cd:0a:8d:64:fb:
5e:cc:ab:f1:a9:b1:24:a0:a5:9a:76:d9:ba:99:1b:d5:86:39:
58:af:ee:0c:a7:e9:c8:2a:9f:d1:c7:c5:56:0a:5c:d9:26:e9:
b3:08:51:9f:42:1c:db:62:90:4d:af:34:58:5f:ff:db:14:32:
a8:4c:f8:b9:89:d1:f7:a7:3a:53:04:19:f7:ea:f8:4f:3c:d9:
45:2b:85:30:6a:ec:c9:58:dd:c3:a1:c0:c5:a5:05:cd:8c:07:
36:14:c4:01:13:3b:7a:7e:f6:f0:02:36:b5:c3:c3:0f:ad:ac:
78:fe:91:88:0f:d7:f7:f9:51:64:7c:4e:33:c1:3a:a7:45:98:
07:d2:29:d2:9d:70:88:0f:70:d6:72:5a:00:78:46:0b:71:10:
e2:ac:54:64:0e:eb:65:35:de:48:f4:6b:84:c8:bc:80:57:cf:
d7:ef:0d:19:8b:a4:84:f3:11:46:09:4d:2c:af:e1:40:b9:8b:
cc:a7:df:df:af:17:bd:ed:6e:0c:4b:b6:8e:68:0a:3c:ff:d2:
d3:5c:70:48:25:1b:3a:34:f3:ca:c5:f8:ba:8a:42:a5:02:2d:
2e:18:5d:2a:c4:02:a2:65:cf:2e:d4:84:12:ef:fc:ec:2b:b3:
8f:62:28:43
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZbxpTSVuSiL99k53c5Xe5k1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUwNTIxMDcwMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQ4ODUzYjM0OTQ2MGFkZTk3MGM3OGQxOGY0YTRkZTNlMTNjZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTtHp62OU3eTj5MRWYe7BNLrto4X
V0CcGCCJJJklduMoR161+NVJTnTA19jIhCyqDZqcsC8D9km+Gpzg+2MtGwLiYBxg
fIfFs1KJ6XCrcvexWPEJ83teMkABW0SB1tV1ECPvLlW8XfoXBwbtUHJDl1VI/cF3
g92NWySMGX17uWBw+kDgaX3gdDt64v/h9mr90JnfMBzonqXlr++GDOLTwAaisG3k
lBzsbEAPHL+OIXVefPHuq+/YQwwH0wDEzkh67B6AXbiOovUTB0q2fHvHdh8Pijge
TraRUUXA39HFVYjsm7GgXrG5wPvyTyipn2UMv2CSF5h9avt2nekZWGdTyQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFNZIhTs0lGCt6XDHjRj0pN4+E87IMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvMWtpRk96U1VZSzNwY01lTkdQU2szajRUenNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQDJdGgAwQC
LfzsAwQCLvv8AwQAVOyaMAwDBAJU7JwDBABU7J4DBABb5FsDBAJnUjADBAJzKjQD
BAGo9cQDBAK5O0ADBAK5gpgDBAK5wQgDBAW844AwDQYJKoZIhvcNAQELBQADggEB
AM+BE6pFZkxI2oY9/gTNCo1k+17Mq/GpsSSgpZp22bqZG9WGOViv7gyn6cgqn9HH
xVYKXNkm6bMIUZ9CHNtikE2vNFhf/9sUMqhM+LmJ0fenOlMEGffq+E882UUrhTBq
7MlY3cOhwMWlBc2MBzYUxAETO3p+9vACNrXDww+trHj+kYgP1/f5UWR8TjPBOqdF
mAfSKdKdcIgPcNZyWgB4RgtxEOKsVGQO62U13kj0a4TIvIBXz9fvDRmLpITzEUYJ
TSyv4UC5i8yn39+vF73tbgxLto5oCjz/0tNccEglGzo088rF+LqKQqUCLS4YXSrE
AqJlzy7UhBLv/Owrs49iKEM=
-----END CERTIFICATE-----
Generated at Sat Jun 7 21:30:32 2025 by rpki-client