Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/ax82hmj304KQ6lsAdD5oZeQi8aQ.roa
File: ax82hmj304KQ6lsAdD5oZeQi8aQ.roa (raw, json)
Hash identifier: etYT+wmJ3v0dyDPK3kOFDbBh+/DHGm30j18qmZddn14=
Subject key identifier: 6B:1F:36:86:68:F7:D3:82:90:EA:5B:00:74:3E:68:65:E4:22:F1:A4
Certificate issuer: /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial: 01962A315B21394986AFE4DD58F9E074FD10
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/ax82hmj304KQ6lsAdD5oZeQi8aQ.roa
Signing time: Sat 12 Apr 2025 13:29:59 +0000
ROA not before: Sat 12 Apr 2025 13:29:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48551
IP address blocks: 5.253.225.0/24 maxlen: 24
31.193.186.0/24 maxlen: 24
45.94.252.0/24 maxlen: 24
45.94.254.0/24 maxlen: 24
45.94.255.0/24 maxlen: 24
45.150.150.0/24 maxlen: 24
45.159.196.0/24 maxlen: 24
45.159.197.0/24 maxlen: 24
45.159.198.0/24 maxlen: 24
45.159.199.0/24 maxlen: 24
91.217.177.0/24 maxlen: 24
103.216.60.0/24 maxlen: 24
103.216.61.0/24 maxlen: 24
103.216.62.0/24 maxlen: 24
103.216.63.0/24 maxlen: 24
157.119.188.0/24 maxlen: 24
157.119.190.0/24 maxlen: 24
157.119.191.0/24 maxlen: 24
185.63.114.0/24 maxlen: 24
185.74.221.0/24 maxlen: 24
185.86.180.0/24 maxlen: 24
185.86.181.0/24 maxlen: 24
185.128.40.0/24 maxlen: 24
185.149.192.0/24 maxlen: 24
185.159.189.0/24 maxlen: 24
185.228.58.0/24 maxlen: 24
185.229.135.0/24 maxlen: 24
185.236.36.0/24 maxlen: 24
185.236.37.0/24 maxlen: 24
185.236.38.0/24 maxlen: 24
185.236.39.0/24 maxlen: 24
185.238.143.0/24 maxlen: 24
194.147.212.0/24 maxlen: 24
194.147.222.0/24 maxlen: 24
195.114.4.0/24 maxlen: 24
195.114.5.0/24 maxlen: 24
195.114.8.0/24 maxlen: 24
195.114.9.0/24 maxlen: 24
2a0d:9500::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:2a:31:5b:21:39:49:86:af:e4:dd:58:f9:e0:74:fd:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Validity
Not Before: Apr 12 13:29:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6b1f368668f7d38290ea5b00743e6865e422f1a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:b1:f5:8f:3f:60:b8:ec:2d:13:ef:a8:7c:12:
46:bb:a2:84:56:5e:c4:31:be:7d:a7:7d:fb:5d:1a:
3a:5a:10:42:ef:df:f0:89:48:89:e1:a0:b5:a0:8f:
29:3a:4b:28:f5:22:73:88:fd:4e:c4:da:fc:a0:80:
1d:b4:96:8f:62:79:6c:a5:93:db:58:c8:3b:ea:b8:
94:5f:7c:5a:68:f7:56:ee:90:d4:0e:e8:1e:33:09:
2c:fb:93:b1:c2:7c:2a:b4:ff:52:8b:01:d4:3f:66:
7e:a3:02:53:d2:9e:db:b6:b7:50:12:66:fe:86:77:
bb:f8:a9:ef:02:fe:a6:d2:8f:d4:51:6b:d9:f8:08:
56:d1:e2:93:1e:99:2a:7e:fa:ef:44:a7:45:32:18:
fc:13:86:15:fa:e9:85:e1:3b:3e:aa:9a:4e:2e:2c:
73:56:00:4a:13:f8:8b:54:75:6d:8c:63:ed:0a:d4:
8a:a1:19:04:f3:50:8d:6a:fe:bd:c2:0e:ca:cf:9f:
c0:84:9c:9a:45:5a:c4:e6:8a:04:bd:75:ef:77:4c:
32:72:e4:d9:f1:de:97:44:cd:eb:16:83:dd:ad:d3:
81:87:b2:bf:74:2e:5d:a4:dd:20:9a:f1:d7:f7:50:
43:5c:70:51:09:4e:8f:c4:26:af:e8:c2:64:ee:af:
fd:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:1F:36:86:68:F7:D3:82:90:EA:5B:00:74:3E:68:65:E4:22:F1:A4
X509v3 Authority Key Identifier:
keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/ax82hmj304KQ6lsAdD5oZeQi8aQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.225.0/24
31.193.186.0/24
45.94.252.0/24
45.94.254.0/23
45.150.150.0/24
45.159.196.0/22
91.217.177.0/24
103.216.60.0/22
157.119.188.0/24
157.119.190.0/23
185.63.114.0/24
185.74.221.0/24
185.86.180.0/23
185.128.40.0/24
185.149.192.0/24
185.159.189.0/24
185.228.58.0/24
185.229.135.0/24
185.236.36.0/22
185.238.143.0/24
194.147.212.0/24
194.147.222.0/24
195.114.4.0/23
195.114.8.0/23
IPv6:
2a0d:9500::/29
Signature Algorithm: sha256WithRSAEncryption
1c:37:00:51:00:be:86:a8:fe:05:8e:af:9b:7f:28:86:1b:eb:
6e:25:77:ac:09:fb:a9:73:d2:f9:54:26:d0:64:45:4e:ea:b8:
62:29:52:fa:38:e1:e2:1e:90:d0:1d:21:b3:38:34:e1:eb:b0:
03:42:94:e6:77:50:97:73:4b:a2:d2:e2:3a:e5:c6:47:ef:d7:
14:3f:29:a6:1f:09:01:52:91:a1:ee:b0:ec:80:88:81:98:ff:
d1:a0:1e:b8:30:97:5e:96:d9:00:0d:bc:ad:a6:ab:e1:bb:a0:
ce:d3:3b:e1:6e:d1:d8:a7:40:66:ca:63:0a:a5:4d:9a:cb:66:
c3:0d:2b:6c:15:4e:ce:c4:9e:b7:f6:fa:b4:88:41:1c:11:62:
0d:38:c7:70:f7:e3:4a:84:46:b7:1e:2b:9f:49:8d:29:0e:a2:
b9:79:7d:62:51:01:7e:31:ef:dd:b5:58:dc:39:55:63:55:c5:
65:cb:9a:c0:36:f4:98:4f:6c:fd:d1:e6:65:0d:c8:05:90:8e:
06:99:4e:93:9e:76:a3:ca:c4:07:d5:df:d3:93:14:5e:19:df:
9d:bd:d0:97:17:20:3a:08:e3:54:59:1f:de:48:15:cc:9c:2f:
11:88:72:b8:41:51:42:9e:0c:02:78:82:ed:4f:a2:cd:73:2a:
65:bb:da:99
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISAZYqMVshOUmGr+TdWPngdP0QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjUwNDEyMTMyOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjFmMzY4NjY4ZjdkMzgyOTBlYTViMDA3NDNlNjg2NWU0MjJmMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LH1jz9guOwtE++ofBJGu6KEVl7E
Mb59p337XRo6WhBC79/wiUiJ4aC1oI8pOkso9SJziP1OxNr8oIAdtJaPYnlspZPb
WMg76riUX3xaaPdW7pDUDugeMwks+5OxwnwqtP9SiwHUP2Z+owJT0p7btrdQEmb+
hne7+KnvAv6m0o/UUWvZ+AhW0eKTHpkqfvrvRKdFMhj8E4YV+umF4Ts+qppOLixz
VgBKE/iLVHVtjGPtCtSKoRkE81CNav69wg7Kz5/AhJyaRVrE5ooEvXXvd0wycuTZ
8d6XRM3rFoPdrdOBh7K/dC5dpN0gmvHX91BDXHBRCU6PxCav6MJk7q/9dQIDAQAB
o4ICpzCCAqMwHQYDVR0OBBYEFGsfNoZo99OCkOpbAHQ+aGXkIvGkMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvYXg4MmhtajMwNEtRNmxzQWRENW9aZVFpOGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG8BggrBgEFBQcBBwEB/wSBrDCBqTCBlwQCAAEwgZADBAAF
/eEDBAAfwboDBAAtXvwDBAEtXv4DBAAtlpYDBAItn8QDBABb2bEDBAJn2DwDBACd
d7wDBAGdd74DBAC5P3IDBAC5St0DBAG5VrQDBAC5gCgDBAC5lcADBAC5n70DBAC5
5DoDBAC55YcDBAK57CQDBAC57o8DBADCk9QDBADCk94DBAHDcgQDBAHDcggwDQQC
AAIwBwMFAyoNlQAwDQYJKoZIhvcNAQELBQADggEBABw3AFEAvoao/gWOr5t/KIYb
624ld6wJ+6lz0vlUJtBkRU7quGIpUvo44eIekNAdIbM4NOHrsANClOZ3UJdzS6LS
4jrlxkfv1xQ/KaYfCQFSkaHusOyAiIGY/9GgHrgwl16W2QANvK2mq+G7oM7TO+Fu
0dinQGbKYwqlTZrLZsMNK2wVTs7Enrf2+rSIQRwRYg04x3D340qERrceK59JjSkO
orl5fWJRAX4x7921WNw5VWNVxWXLmsA29JhPbP3R5mUNyAWQjgaZTpOedqPKxAfV
39OTFF4Z35290JcXIDoI41RZH95IFcycLxGIcrhBUUKeDAJ4gu1Pos1zKmW72pk=
-----END CERTIFICATE-----
Generated at Tue Apr 22 14:24:37 2025 by rpki-client