Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/ZSASssxXWzh67IcbvQuSjMbjXlE.roa
File: ZSASssxXWzh67IcbvQuSjMbjXlE.roa (raw, json)
Hash identifier: 8NFvVB0e1Ed6PcQb0KzEDJBB77MUqbc2YSQy8ySf1Y4=
Subject key identifier: 65:20:12:B2:CC:57:5B:38:7A:EC:87:1B:BD:0B:92:8C:C6:E3:5E:51
Certificate issuer: /CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Certificate serial: 019420D66301CC0066699D0C87208D8DDE22
Authority key identifier: 5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/ZSASssxXWzh67IcbvQuSjMbjXlE.roa
Signing time: Wed 01 Jan 2025 07:48:28 +0000
ROA not before: Wed 01 Jan 2025 07:48:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47377
IP address blocks: 62.88.0.0/17 maxlen: 21
62.88.0.0/19 maxlen: 19
62.88.32.0/19 maxlen: 19
62.88.80.0/21 maxlen: 21
85.10.64.0/18 maxlen: 24
91.86.0.0/15 maxlen: 20
91.86.0.0/16 maxlen: 16
91.87.0.0/19 maxlen: 19
91.87.32.0/19 maxlen: 19
91.87.64.0/19 maxlen: 19
91.87.96.0/19 maxlen: 19
91.87.128.0/19 maxlen: 19
91.87.160.0/19 maxlen: 19
94.104.0.0/13 maxlen: 23
94.104.0.0/24 maxlen: 24
94.104.17.0/24 maxlen: 24
94.104.24.0/21 maxlen: 21
94.104.32.0/19 maxlen: 19
94.104.64.0/19 maxlen: 19
94.104.96.0/19 maxlen: 19
94.104.128.0/21 maxlen: 21
94.104.160.0/19 maxlen: 19
94.104.192.0/19 maxlen: 19
94.104.240.0/21 maxlen: 21
94.104.248.0/22 maxlen: 22
94.104.252.0/22 maxlen: 22
94.105.48.0/20 maxlen: 20
94.105.64.0/19 maxlen: 19
94.106.128.0/17 maxlen: 17
94.107.0.0/17 maxlen: 17
94.107.128.0/18 maxlen: 18
94.107.192.0/18 maxlen: 18
94.107.246.0/24 maxlen: 24
94.110.0.0/19 maxlen: 19
94.110.32.0/19 maxlen: 19
94.110.64.0/19 maxlen: 19
94.110.96.0/19 maxlen: 19
94.110.128.0/19 maxlen: 19
94.110.160.0/19 maxlen: 19
94.110.192.0/19 maxlen: 19
94.110.224.0/19 maxlen: 19
94.111.0.0/19 maxlen: 19
94.111.32.0/19 maxlen: 19
94.111.64.0/19 maxlen: 19
94.111.96.0/19 maxlen: 19
94.111.128.0/19 maxlen: 19
94.111.160.0/19 maxlen: 19
94.111.192.0/19 maxlen: 19
94.111.224.0/19 maxlen: 19
178.50.0.0/15 maxlen: 19
185.65.72.0/22 maxlen: 24
212.53.0.0/20 maxlen: 24
212.65.32.0/19 maxlen: 19
212.87.96.0/19 maxlen: 24
212.224.128.0/17 maxlen: 19
2a00:1868::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 16 Apr 2025 04:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:63:01:cc:00:66:69:9d:0c:87:20:8d:8d:de:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Validity
Not Before: Jan 1 07:48:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=652012b2cc575b387aec871bbd0b928cc6e35e51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1f:6d:d0:61:88:77:db:5b:99:f9:eb:25:ad:
c6:4d:c0:1a:00:5d:a8:9b:3f:c7:cd:66:31:24:65:
ad:56:f3:c1:34:85:ab:aa:60:4b:37:bb:a2:3f:6e:
cd:d6:10:c7:07:08:08:5d:4b:53:d1:68:c9:c1:22:
1b:5d:fa:47:3d:0a:f9:49:15:da:4b:51:4d:f4:b2:
c9:94:9a:1e:38:a2:56:51:4e:51:96:ba:0e:82:44:
c0:b3:06:3e:89:53:35:55:36:cf:64:5f:db:34:91:
2f:f8:4a:1b:08:ab:7b:36:10:b6:79:63:5c:cb:71:
73:29:b8:ab:b6:0a:50:21:12:bf:be:b1:ea:97:73:
6a:45:7f:19:54:95:55:04:0e:72:49:d7:5f:1d:07:
9e:e9:a4:e4:d8:38:3a:6a:0a:c1:2a:a4:f8:ab:b5:
2e:5f:37:52:13:30:60:ad:43:e5:bf:f5:74:c5:ad:
cc:0d:d2:c6:d5:74:0e:c9:46:13:63:e0:1e:b8:b7:
d9:3b:93:ce:a6:fa:49:df:29:d9:34:b7:59:02:4d:
15:b4:31:eb:96:20:91:87:8d:0c:aa:2c:9e:87:0d:
88:cb:16:ec:c1:50:1a:f5:96:b4:fc:ca:aa:00:a5:
cd:41:fc:a0:fd:e1:8e:01:4c:58:aa:d0:78:49:8f:
b1:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:20:12:B2:CC:57:5B:38:7A:EC:87:1B:BD:0B:92:8C:C6:E3:5E:51
X509v3 Authority Key Identifier:
keyid:5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/ZSASssxXWzh67IcbvQuSjMbjXlE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.88.0.0/17
85.10.64.0/18
91.86.0.0/15
94.104.0.0/13
178.50.0.0/15
185.65.72.0/22
212.53.0.0/20
212.65.32.0/19
212.87.96.0/19
212.224.128.0/17
IPv6:
2a00:1868::/32
Signature Algorithm: sha256WithRSAEncryption
a0:b8:57:d6:f6:43:0b:ed:6a:09:87:e1:b9:59:5f:c6:46:a1:
04:5d:65:59:fd:8c:dc:8b:4e:fb:5e:52:0c:63:2b:3f:4c:1f:
8a:f6:d1:c7:8b:4f:6e:82:6b:b3:03:dd:81:37:c3:ae:b3:d9:
04:97:c9:f9:cc:a7:6e:9e:3c:11:2b:79:9c:be:d6:54:11:09:
64:a2:eb:df:96:18:b6:14:f2:e3:b7:bf:f8:ac:22:04:8a:cf:
65:f0:1c:b8:45:e1:e3:68:94:e5:07:5e:97:0d:f5:22:28:1b:
ba:05:b0:8c:57:74:4f:74:76:59:0b:5f:dc:1b:26:4c:aa:f8:
c0:49:45:29:e3:a8:15:b6:9f:ef:62:22:1d:6c:7c:45:f1:52:
c4:1c:21:70:07:c5:68:0f:87:02:b8:6f:a3:35:ab:a3:4a:f6:
37:e0:8b:e4:16:9e:c0:bd:1e:90:14:fe:4a:72:b1:0c:56:bc:
2c:60:77:f9:33:d1:b9:19:28:e0:31:fe:33:14:63:0b:3e:de:
d0:13:02:72:ac:2c:4e:38:b6:ab:a9:3c:38:56:6c:7b:1c:bc:
8c:4c:a7:e2:1b:e3:86:f3:56:11:c7:8d:b5:6b:31:18:02:a2:
5c:0b:48:35:5d:d7:dc:d1:6b:b5:2f:b0:25:ef:f5:a2:10:5d:
20:6a:bc:82
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQg1mMBzABmaZ0MhyCNjd4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkM2JiODQ4OTE2NTFmMjAzOWNkODFiMGI2MDkxMmY3YzBl
NWNmOTYwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTIwMTJiMmNjNTc1YjM4N2FlYzg3MWJiZDBiOTI4Y2M2ZTM1ZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR9t0GGId9tbmfnrJa3GTcAaAF2o
mz/HzWYxJGWtVvPBNIWrqmBLN7uiP27N1hDHBwgIXUtT0WjJwSIbXfpHPQr5SRXa
S1FN9LLJlJoeOKJWUU5RlroOgkTAswY+iVM1VTbPZF/bNJEv+EobCKt7NhC2eWNc
y3FzKbirtgpQIRK/vrHql3NqRX8ZVJVVBA5ySddfHQee6aTk2Dg6agrBKqT4q7Uu
XzdSEzBgrUPlv/V0xa3MDdLG1XQOyUYTY+AeuLfZO5POpvpJ3ynZNLdZAk0VtDHr
liCRh40Mqiyehw2IyxbswVAa9Za0/MqqAKXNQfyg/eGOAUxYqtB4SY+xdwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGUgErLMV1s4euyHG70LkozG415RMB8GA1UdIwQY
MBaAFF07uEiRZR8gOc2BsLYJEvfA5c+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4Njkt
NGY4YzYzOGE3MmUxLzEvWlNBU3NzeFhXemg2N0ljYnZRdVNqTWJqWGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4NjktNGY4YzYzOGE3MmUx
LzEvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwQHPlgAAwQG
VQpAAwMBW1YDAwNeaAMDAbIyAwQCuUFIAwQE1DUAAwQF1EEgAwQF1FdgAwQH1OCA
MA0EAgACMAcDBQAqABhoMA0GCSqGSIb3DQEBCwUAA4IBAQCguFfW9kML7WoJh+G5
WV/GRqEEXWVZ/Yzci077XlIMYys/TB+K9tHHi09ugmuzA92BN8Ous9kEl8n5zKdu
njwRK3mcvtZUEQlkouvflhi2FPLjt7/4rCIEis9l8By4ReHjaJTlB16XDfUiKBu6
BbCMV3RPdHZZC1/cGyZMqvjASUUp46gVtp/vYiIdbHxF8VLEHCFwB8VoD4cCuG+j
NaujSvY34IvkFp7AvR6QFP5KcrEMVrwsYHf5M9G5GSjgMf4zFGMLPt7QEwJyrCxO
OLarqTw4Vmx7HLyMTKfiG+OG81YRx421azEYAqJcC0g1Xdfc0Wu1L7Al7/WiEF0g
aryC
-----END CERTIFICATE-----
Generated at Tue Apr 15 09:40:24 2025 by rpki-client