Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/ZAx7Azq9YHnuLtmsAGgkpQ9XaQk.roa
File: ZAx7Azq9YHnuLtmsAGgkpQ9XaQk.roa (raw, json)
Hash identifier: Nv+QAFomBrYRU4aOf9OpKKgjZFP6zJcF4QMA/O4RLyo=
Subject key identifier: 64:0C:7B:03:3A:BD:60:79:EE:2E:D9:AC:00:68:24:A5:0F:57:69:09
Certificate issuer: /CN=c44db8b0983acf97a3255152c2ea592adae7735b
Certificate serial: 0196EC906ED66C07E3596B38094D73E3506C
Authority key identifier: C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/ZAx7Azq9YHnuLtmsAGgkpQ9XaQk.roa
Signing time: Tue 20 May 2025 07:20:10 +0000
ROA not before: Tue 20 May 2025 07:20:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 18046
IP address blocks: 45.112.248.0/22 maxlen: 24
103.52.124.0/22 maxlen: 24
103.210.200.0/22 maxlen: 24
139.84.96.0/19 maxlen: 24
140.209.128.0/18 maxlen: 24
152.114.224.0/22 maxlen: 24
152.114.240.0/21 maxlen: 24
157.239.32.0/19 maxlen: 24
160.20.0.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.mft
rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ec:90:6e:d6:6c:07:e3:59:6b:38:09:4d:73:e3:50:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c44db8b0983acf97a3255152c2ea592adae7735b
Validity
Not Before: May 20 07:20:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=640c7b033abd6079ee2ed9ac006824a50f576909
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:c2:a3:a8:54:75:28:b2:4f:74:60:96:b0:25:
59:bd:74:90:40:19:4e:2d:76:da:71:c1:eb:1a:47:
a4:29:20:5f:f0:a6:6b:75:21:5b:ef:6d:fd:e4:de:
9f:d5:c1:8c:d8:bb:b5:48:6c:51:29:48:f3:49:8a:
b7:e4:b0:fb:c5:00:2c:f5:4e:57:b8:43:2f:3e:7b:
b6:4e:71:68:8c:25:72:d8:99:2b:68:23:59:c1:63:
66:86:1d:59:b7:a6:5b:30:35:8b:ab:57:24:b1:78:
0b:42:e8:a3:8b:61:8f:36:d9:62:e5:6c:b0:9d:c9:
fe:ae:92:1d:bc:70:e8:c9:72:2e:2c:d7:5f:fc:25:
00:b5:37:76:17:7c:ae:52:80:e7:56:51:85:28:79:
f7:e4:3a:2c:e6:e8:26:54:05:e1:ca:a1:a9:20:8d:
c1:eb:fb:a4:54:8e:e6:91:79:23:1e:cd:ec:24:3c:
95:24:18:3c:51:0b:b4:74:e3:ce:5a:66:ca:d1:e1:
85:f7:e5:36:d7:14:ac:4c:bc:66:f6:eb:8a:81:98:
fc:00:cf:43:6f:89:21:d7:34:00:bd:af:c8:72:9a:
49:e7:78:aa:e2:ea:bc:0a:c8:c3:e2:e8:21:ab:8b:
d1:f5:8a:a8:03:64:ab:27:84:31:93:04:09:66:f4:
0c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:0C:7B:03:3A:BD:60:79:EE:2E:D9:AC:00:68:24:A5:0F:57:69:09
X509v3 Authority Key Identifier:
keyid:C4:4D:B8:B0:98:3A:CF:97:A3:25:51:52:C2:EA:59:2A:DA:E7:73:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xE24sJg6z5ejJVFSwupZKtrnc1s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/ZAx7Azq9YHnuLtmsAGgkpQ9XaQk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/437897-af58-4959-8e76-eedd94ec128c/1/xE24sJg6z5ejJVFSwupZKtrnc1s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.112.248.0/22
103.52.124.0/22
103.210.200.0/22
139.84.96.0/19
140.209.128.0/18
152.114.224.0/22
152.114.240.0/21
157.239.32.0/19
160.20.0.0/22
Signature Algorithm: sha256WithRSAEncryption
40:35:19:32:e7:7d:77:a6:9f:50:a5:d7:d9:37:4e:14:ae:d1:
14:44:21:0e:fe:71:e2:54:eb:65:ec:c0:af:9b:63:61:c9:29:
a0:b4:e9:1d:5f:ed:75:b2:da:aa:ea:09:fd:40:1a:05:ce:4a:
5c:80:79:a9:06:cf:8d:71:f5:30:82:9d:17:f4:10:09:f3:50:
e9:0a:d4:10:e8:a5:06:4f:37:9a:1d:98:e9:43:4e:a2:63:9d:
40:83:57:0e:fa:c9:2f:43:f7:36:93:41:ec:98:59:d6:a1:30:
ac:32:86:19:7b:a4:87:4e:c9:0c:dd:da:6c:6f:1c:ab:e7:dc:
a1:99:bf:6e:30:3e:fe:eb:54:d2:67:47:ce:69:89:4c:a8:a0:
ef:8b:ba:98:3d:9f:78:9a:05:ba:31:1e:b8:0a:dd:4d:2f:fa:
e2:2b:f6:2b:18:fc:c6:7e:03:f7:af:d7:ff:73:1f:25:c2:c0:
40:5a:48:6e:8e:f1:12:5c:39:a5:51:92:d1:6c:47:ea:29:22:
9c:77:a9:0f:5f:d0:21:5b:5c:38:76:80:5c:e7:03:a8:60:2a:
e7:7c:47:2a:36:c6:cc:6b:8c:38:1c:b9:f9:d4:b2:12:de:8d:
c1:80:1f:11:e1:08:02:c5:d5:37:e6:01:3d:3a:09:53:45:f4:
51:2a:a7:38
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZbskG7WbAfjWWs4CU1z41BsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NGRiOGIwOTgzYWNmOTdhMzI1NTE1MmMyZWE1OTJhZGFl
NzczNWIwHhcNMjUwNTIwMDcyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBjN2IwMzNhYmQ2MDc5ZWUyZWQ5YWMwMDY4MjRhNTBmNTc2OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMKjqFR1KLJPdGCWsCVZvXSQQBlO
LXbaccHrGkekKSBf8KZrdSFb72395N6f1cGM2Lu1SGxRKUjzSYq35LD7xQAs9U5X
uEMvPnu2TnFojCVy2JkraCNZwWNmhh1Zt6ZbMDWLq1cksXgLQuiji2GPNtli5Wyw
ncn+rpIdvHDoyXIuLNdf/CUAtTd2F3yuUoDnVlGFKHn35Dos5ugmVAXhyqGpII3B
6/ukVI7mkXkjHs3sJDyVJBg8UQu0dOPOWmbK0eGF9+U21xSsTLxm9uuKgZj8AM9D
b4kh1zQAva/IcppJ53iq4uq8CsjD4ughq4vR9YqoA2SrJ4QxkwQJZvQMEwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGQMewM6vWB57i7ZrABoJKUPV2kJMB8GA1UdIwQY
MBaAFMRNuLCYOs+XoyVRUsLqWSra53NbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYt
ZWVkZDk0ZWMxMjhjLzEvWkF4N0F6cTlZSG51THRtc0FHZ2twUTlYYVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80Mzc4OTctYWY1OC00OTU5LThlNzYtZWVkZDk0ZWMxMjhj
LzEveEUyNHNKZzZ6NWVqSlZGU3d1cFpLdHJuYzFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCLXD4AwQC
ZzR8AwQCZ9LIAwQFi1RgAwQGjNGAAwQCmHLgAwQDmHLwAwQFne8gAwQCoBQAMA0G
CSqGSIb3DQEBCwUAA4IBAQBANRky5313pp9QpdfZN04UrtEURCEO/nHiVOtl7MCv
m2NhySmgtOkdX+11stqq6gn9QBoFzkpcgHmpBs+NcfUwgp0X9BAJ81DpCtQQ6KUG
TzeaHZjpQ06iY51Ag1cO+skvQ/c2k0HsmFnWoTCsMoYZe6SHTskM3dpsbxyr59yh
mb9uMD7+61TSZ0fOaYlMqKDvi7qYPZ94mgW6MR64Ct1NL/riK/YrGPzGfgP3r9f/
cx8lwsBAWkhujvESXDmlUZLRbEfqKSKcd6kPX9AhW1w4doBc5wOoYCrnfEcqNsbM
a4w4HLn51LIS3o3BgB8R4QgCxdU35gE9OglTRfRRKqc4
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:10:38 2025 by rpki-client