Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/2-ZT3D_TT57WgEPZaHLs56UG0Yg.roa
File: 2-ZT3D_TT57WgEPZaHLs56UG0Yg.roa (raw, json)
Hash identifier: NyVeJy4V1X4eJ9opwnQRbcNHZ8PbRqXsdUICPp/i7rs=
Subject key identifier: DB:E6:53:DC:3F:D3:4F:9E:D6:80:43:D9:68:72:EC:E7:A5:06:D1:88
Certificate issuer: /CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Certificate serial: 019424B3E8340D8D3415EF2B81D7ED78E464
Authority key identifier: 5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/2-ZT3D_TT57WgEPZaHLs56UG0Yg.roa
Signing time: Thu 02 Jan 2025 01:49:17 +0000
ROA not before: Thu 02 Jan 2025 01:49:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34244
IP address blocks: 5.180.0.0/22 maxlen: 22
31.170.24.0/21 maxlen: 21
37.221.104.0/22 maxlen: 22
45.8.152.0/22 maxlen: 22
45.14.4.0/22 maxlen: 22
45.93.232.0/22 maxlen: 22
45.131.188.0/22 maxlen: 22
45.152.172.0/22 maxlen: 22
81.92.196.0/22 maxlen: 22
81.92.220.0/22 maxlen: 22
85.30.128.0/18 maxlen: 18
92.39.32.0/20 maxlen: 20
94.46.136.0/22 maxlen: 22
94.46.240.0/22 maxlen: 22
128.127.184.0/21 maxlen: 21
141.98.236.0/22 maxlen: 22
155.137.24.0/21 maxlen: 21
178.236.64.0/20 maxlen: 24
178.255.112.0/22 maxlen: 22
185.4.8.0/22 maxlen: 22
185.27.96.0/22 maxlen: 22
185.121.44.0/22 maxlen: 22
185.176.28.0/22 maxlen: 22
185.186.32.0/22 maxlen: 22
185.197.224.0/22 maxlen: 22
185.216.152.0/22 maxlen: 22
185.223.236.0/22 maxlen: 22
185.240.208.0/22 maxlen: 22
185.247.236.0/22 maxlen: 22
188.66.48.0/22 maxlen: 22
193.34.202.0/24 maxlen: 24
193.221.93.0/24 maxlen: 24
193.221.120.0/24 maxlen: 24
193.221.123.0/24 maxlen: 24
193.221.219.0/24 maxlen: 24
195.210.52.0/23 maxlen: 23
2a02:80::/29 maxlen: 29
2a02:80::/32 maxlen: 32
2a02:1610::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 19:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:e8:34:0d:8d:34:15:ef:2b:81:d7:ed:78:e4:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Validity
Not Before: Jan 2 01:49:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dbe653dc3fd34f9ed68043d96872ece7a506d188
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ef:51:80:69:01:f5:69:58:c9:2a:98:6c:84:
9f:b2:74:e4:33:49:96:ec:93:ef:d3:02:ac:9d:a7:
c1:eb:fd:8b:b1:d2:b2:53:cb:5b:ee:a4:f9:3c:21:
32:93:a8:8b:12:7d:53:a2:55:ab:7a:14:f0:c6:0c:
a6:6a:46:c7:59:72:1c:ed:01:24:44:a6:f2:4b:2e:
22:e9:17:56:e7:6c:4e:7c:22:e9:a5:2b:1a:eb:25:
94:b0:7d:e6:a0:8e:7f:81:69:64:91:25:5b:0e:f5:
55:eb:ad:41:1c:1f:64:5a:2a:51:bf:38:28:63:4b:
a2:fb:df:a3:17:4f:df:46:dc:01:de:5f:05:b0:b5:
7f:be:8e:54:a9:b1:15:79:b5:82:72:48:dd:b5:51:
49:e4:2e:d5:6d:ce:96:4b:01:73:80:7c:aa:60:50:
1a:3e:91:55:c7:b1:3a:96:d8:a1:f9:19:a4:2e:a8:
d1:4e:76:e5:99:6b:0b:b0:85:dc:29:5a:58:c4:f8:
51:5c:e4:40:96:84:92:a4:46:c1:86:06:74:b9:5f:
1f:61:98:3b:98:1a:27:73:0c:f6:8e:dd:91:02:02:
c1:6e:0c:ca:9f:86:12:d4:27:79:1b:ff:f1:48:51:
ea:ba:14:01:c0:15:a3:47:c7:0e:a1:4c:ff:ff:6f:
bb:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:E6:53:DC:3F:D3:4F:9E:D6:80:43:D9:68:72:EC:E7:A5:06:D1:88
X509v3 Authority Key Identifier:
keyid:5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/2-ZT3D_TT57WgEPZaHLs56UG0Yg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.0.0/22
31.170.24.0/21
37.221.104.0/22
45.8.152.0/22
45.14.4.0/22
45.93.232.0/22
45.131.188.0/22
45.152.172.0/22
81.92.196.0/22
81.92.220.0/22
85.30.128.0/18
92.39.32.0/20
94.46.136.0/22
94.46.240.0/22
128.127.184.0/21
141.98.236.0/22
155.137.24.0/21
178.236.64.0/20
178.255.112.0/22
185.4.8.0/22
185.27.96.0/22
185.121.44.0/22
185.176.28.0/22
185.186.32.0/22
185.197.224.0/22
185.216.152.0/22
185.223.236.0/22
185.240.208.0/22
185.247.236.0/22
188.66.48.0/22
193.34.202.0/24
193.221.93.0/24
193.221.120.0/24
193.221.123.0/24
193.221.219.0/24
195.210.52.0/23
IPv6:
2a02:80::/29
2a02:1610::/32
Signature Algorithm: sha256WithRSAEncryption
59:0f:1b:4a:4d:9a:55:27:31:78:d3:c5:e8:f2:03:c8:6f:be:
b4:47:18:ea:d9:3b:62:f9:0a:9c:d6:2e:82:e4:e5:d2:a2:0d:
28:92:01:53:e0:04:56:8f:c0:d6:dd:4b:8b:d3:e4:04:82:03:
f1:80:1f:3e:27:1a:27:ea:9b:e5:bf:91:3b:4f:b0:6d:63:a7:
02:26:b7:8f:28:7b:c7:3f:f3:11:db:98:3c:69:74:b9:8f:19:
c9:f9:f6:6d:7c:f1:08:e6:90:f9:40:7d:9c:e4:aa:a1:72:b0:
7d:52:9c:a4:93:e8:1c:20:72:5c:49:c4:50:9f:06:3c:44:06:
52:72:36:d6:ee:52:ea:df:46:58:90:92:6d:8c:4f:0a:e5:31:
44:45:b1:d0:22:ce:46:06:3b:bb:dc:03:d7:cc:6e:bb:50:41:
b5:be:2e:0d:41:29:f3:4e:4d:0f:96:1a:29:61:33:e0:ba:f2:
d9:a9:b1:6b:86:98:bc:d9:16:9e:63:93:5d:e0:2a:c3:fc:ce:
17:32:a9:fa:0f:b6:73:01:17:12:1f:10:35:71:06:57:ab:c3:
81:b0:7c:ee:ae:9e:a0:58:ca:05:c0:08:87:e1:4b:a7:18:f4:
cb:c8:b9:17:0b:65:36:71:c3:5e:79:c4:a2:3e:b7:82:7a:1d:
54:31:04:ee
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAZQks+g0DY00Fe8rgdfteORkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWZhMDZkNWRiYWRhNDNkZTQ0ZjRlNGIxZGM5NDkyYmIy
ODdjOWQwHhcNMjUwMTAyMDE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmU2NTNkYzNmZDM0ZjllZDY4MDQzZDk2ODcyZWNlN2E1MDZkMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO9RgGkB9WlYySqYbISfsnTkM0mW
7JPv0wKsnafB6/2LsdKyU8tb7qT5PCEyk6iLEn1TolWrehTwxgymakbHWXIc7QEk
RKbySy4i6RdW52xOfCLppSsa6yWUsH3moI5/gWlkkSVbDvVV661BHB9kWipRvzgo
Y0ui+9+jF0/fRtwB3l8FsLV/vo5UqbEVebWCckjdtVFJ5C7Vbc6WSwFzgHyqYFAa
PpFVx7E6ltih+RmkLqjRTnblmWsLsIXcKVpYxPhRXORAloSSpEbBhgZ0uV8fYZg7
mBoncwz2jt2RAgLBbgzKn4YS1Cd5G//xSFHquhQBwBWjR8cOoUz//2+7oQIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFNvmU9w/00+e1oBD2Why7OelBtGIMB8GA1UdIwQY
MBaAFF8foG1dutpD3kT05LHclJK7KHydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUt
MjU4NDZkNTlmZDYwLzEvMi1aVDNEX1RUNTdXZ0VQWmFITHM1NlVHMFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUtMjU4NDZkNTlmZDYw
LzEvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8Egfswgfgwgd8EAgABMIHYAwQC
BbQAAwQDH6oYAwQCJd1oAwQCLQiYAwQCLQ4EAwQCLV3oAwQCLYO8AwQCLZisAwQC
UVzEAwQCUVzcAwQGVR6AAwQEXCcgAwQCXi6IAwQCXi7wAwQDgH+4AwQCjWLsAwQD
m4kYAwQEsuxAAwQCsv9wAwQCuQQIAwQCuRtgAwQCuXksAwQCubAcAwQCubogAwQC
ucXgAwQCudiYAwQCud/sAwQCufDQAwQCuffsAwQCvEIwAwQAwSLKAwQAwd1dAwQA
wd14AwQAwd17AwQAwd3bAwQBw9I0MBQEAgACMA4DBQMqAgCAAwUAKgIWEDANBgkq
hkiG9w0BAQsFAAOCAQEAWQ8bSk2aVScxeNPF6PIDyG++tEcY6tk7YvkKnNYuguTl
0qINKJIBU+AEVo/A1t1Li9PkBIID8YAfPicaJ+qb5b+RO0+wbWOnAia3jyh7xz/z
EduYPGl0uY8Zyfn2bXzxCOaQ+UB9nOSqoXKwfVKcpJPoHCByXEnEUJ8GPEQGUnI2
1u5S6t9GWJCSbYxPCuUxREWx0CLORgY7u9wD18xuu1BBtb4uDUEp805ND5YaKWEz
4Lry2amxa4aYvNkWnmOTXeAqw/zOFzKp+g+2cwEXEh8QNXEGV6vDgbB87q6eoFjK
BcAIh+FLpxj0y8i5FwtlNnHDXnnEoj63gnodVDEE7g==
-----END CERTIFICATE-----
Generated at Sun Apr 6 05:13:48 2025 by rpki-client