Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa
File: xYOsm8BUsmYBwfKFXCGnakfV_m8.roa (raw, json)
Hash identifier: 061quaNl9U6/3ODiu8AkctDs7yOiVTs6PkYfEN9U9Cs=
Subject key identifier: C5:83:AC:9B:C0:54:B2:66:01:C1:F2:85:5C:21:A7:6A:47:D5:FE:6F
Certificate issuer: /CN=c90b394ac63337607fa1bb0eaba11453a831f398
Certificate serial: 01972FCD05D674BA0903BC5B550A0083E24C
Authority key identifier: C9:0B:39:4A:C6:33:37:60:7F:A1:BB:0E:AB:A1:14:53:A8:31:F3:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa
Signing time: Mon 02 Jun 2025 08:40:54 +0000
ROA not before: Mon 02 Jun 2025 08:40:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50223
IP address blocks: 46.251.192.0/19 maxlen: 19
46.251.192.0/22 maxlen: 22
46.251.192.0/24 maxlen: 24
46.251.193.0/24 maxlen: 24
46.251.194.0/24 maxlen: 24
46.251.195.0/24 maxlen: 24
46.251.196.0/22 maxlen: 22
46.251.196.0/24 maxlen: 24
46.251.197.0/24 maxlen: 24
46.251.198.0/24 maxlen: 24
46.251.199.0/24 maxlen: 24
46.251.200.0/22 maxlen: 22
46.251.200.0/24 maxlen: 24
46.251.201.0/24 maxlen: 24
46.251.202.0/24 maxlen: 24
46.251.203.0/24 maxlen: 24
46.251.204.0/22 maxlen: 22
46.251.204.0/24 maxlen: 24
46.251.205.0/24 maxlen: 24
46.251.206.0/24 maxlen: 24
46.251.207.0/24 maxlen: 24
46.251.208.0/22 maxlen: 22
46.251.208.0/24 maxlen: 24
46.251.209.0/24 maxlen: 24
46.251.210.0/24 maxlen: 24
46.251.211.0/24 maxlen: 24
46.251.212.0/22 maxlen: 22
46.251.212.0/24 maxlen: 24
46.251.213.0/24 maxlen: 24
46.251.214.0/24 maxlen: 24
46.251.215.0/24 maxlen: 24
46.251.216.0/22 maxlen: 22
46.251.216.0/24 maxlen: 24
46.251.217.0/24 maxlen: 24
46.251.218.0/24 maxlen: 24
46.251.220.0/22 maxlen: 22
46.251.221.0/24 maxlen: 24
109.71.224.0/21 maxlen: 21
109.71.224.0/24 maxlen: 24
109.71.226.0/24 maxlen: 24
109.71.228.0/24 maxlen: 24
109.71.229.0/24 maxlen: 24
109.71.230.0/24 maxlen: 24
109.71.231.0/24 maxlen: 24
185.48.136.0/22 maxlen: 22
185.48.136.0/24 maxlen: 24
185.48.139.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.mft
rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Jun 2025 20:45:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2f:cd:05:d6:74:ba:09:03:bc:5b:55:0a:00:83:e2:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c90b394ac63337607fa1bb0eaba11453a831f398
Validity
Not Before: Jun 2 08:40:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c583ac9bc054b26601c1f2855c21a76a47d5fe6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ef:9f:28:62:21:83:6b:93:8e:1d:0c:7b:e5:
7e:ab:bb:b2:76:31:9a:70:0c:e4:b3:e3:05:f8:cb:
32:2e:34:42:82:3f:8f:1b:7d:3e:d3:4c:04:4e:a4:
d4:df:1d:98:a8:d4:28:4b:04:9b:7d:80:33:aa:59:
96:7c:15:4a:7d:da:15:f3:9d:cb:ff:5c:82:de:a5:
3e:d0:ae:21:62:d9:4b:15:5b:66:d5:c0:a9:ee:03:
9d:db:ea:e6:aa:27:1f:6c:44:24:02:14:67:de:3d:
ff:5c:a1:23:9f:6b:5d:85:d6:97:96:a1:d5:82:13:
22:31:40:ff:df:36:84:21:09:66:10:70:89:d7:a9:
64:af:92:6c:4e:77:46:85:68:22:5d:e0:17:80:1f:
1b:c8:32:60:39:61:8c:cd:31:cb:66:1f:da:aa:59:
41:72:ce:fc:5e:81:ed:5a:9f:29:d5:2a:73:9a:34:
9b:e7:59:84:86:7f:e6:74:e9:cd:9b:7e:59:15:6e:
40:89:f3:eb:a3:f0:ee:ff:39:3d:0a:63:fb:eb:ad:
2f:fa:1a:94:5b:35:48:88:10:34:d5:1f:f1:08:37:
03:64:f3:25:bd:21:28:67:3c:2c:7d:8e:66:35:9f:
74:13:c6:fe:2d:22:1b:0a:9a:3b:d7:5a:8a:01:ba:
db:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:83:AC:9B:C0:54:B2:66:01:C1:F2:85:5C:21:A7:6A:47:D5:FE:6F
X509v3 Authority Key Identifier:
keyid:C9:0B:39:4A:C6:33:37:60:7F:A1:BB:0E:AB:A1:14:53:A8:31:F3:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.251.192.0/19
109.71.224.0/21
185.48.136.0/22
Signature Algorithm: sha256WithRSAEncryption
1d:2e:7a:26:c2:3f:aa:ee:f4:4b:c2:77:df:2d:1a:f8:e8:3e:
dd:eb:63:f7:3f:d9:e2:d6:be:77:80:46:13:85:b6:05:9a:0a:
f9:cb:67:db:d3:fe:84:77:90:e5:cb:89:31:de:b0:ae:9f:07:
63:9e:96:13:a8:ec:72:bc:83:0d:38:cf:5b:ce:07:3e:6b:35:
c3:52:20:85:29:10:0a:99:80:3b:e5:20:93:fb:2b:07:14:6c:
3e:3e:3f:31:98:ad:53:7e:c1:ae:8a:bb:65:28:ef:7b:e7:7d:
fa:77:91:22:68:b7:4a:77:dc:b5:97:3b:08:43:5e:f5:9f:70:
90:7a:da:8f:6a:ac:19:c7:d4:b0:5e:05:5b:84:81:91:7e:ac:
f4:ec:22:39:7d:bf:57:69:11:5b:53:84:08:b3:64:e4:88:75:
c1:af:53:1c:e4:89:a0:75:d9:7f:78:f7:e8:3a:f5:14:f5:13:
8b:1e:e6:5c:a0:09:8f:9d:34:9c:f2:4e:ec:e0:f5:4c:7f:4f:
8d:b8:88:09:6b:f2:cd:40:ee:56:a1:69:18:28:ef:d0:ac:7a:
69:ea:49:02:e8:16:f7:68:61:b5:08:a4:03:e3:fe:18:4a:0f:
47:58:f2:9e:d5:e4:c9:05:ae:b4:14:8e:f3:6b:b6:f1:6b:88:
0b:60:7b:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcvzQXWdLoJA7xbVQoAg+JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MGIzOTRhYzYzMzM3NjA3ZmExYmIwZWFiYTExNDUzYTgz
MWYzOTgwHhcNMjUwNjAyMDg0MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTgzYWM5YmMwNTRiMjY2MDFjMWYyODU1YzIxYTc2YTQ3ZDVmZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs++fKGIhg2uTjh0Me+V+q7uydjGa
cAzks+MF+MsyLjRCgj+PG30+00wETqTU3x2YqNQoSwSbfYAzqlmWfBVKfdoV853L
/1yC3qU+0K4hYtlLFVtm1cCp7gOd2+rmqicfbEQkAhRn3j3/XKEjn2tdhdaXlqHV
ghMiMUD/3zaEIQlmEHCJ16lkr5JsTndGhWgiXeAXgB8byDJgOWGMzTHLZh/aqllB
cs78XoHtWp8p1SpzmjSb51mEhn/mdOnNm35ZFW5AifPro/Du/zk9CmP7660v+hqU
WzVIiBA01R/xCDcDZPMlvSEoZzwsfY5mNZ90E8b+LSIbCpo711qKAbrbsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMWDrJvAVLJmAcHyhVwhp2pH1f5vMB8GA1UdIwQY
MBaAFMkLOUrGMzdgf6G7DquhFFOoMfOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVFzNVNzWXpOMkJfb2JzT3E2RVVVNmd4ODVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni83ZDc4NGItNjYzOS00YmMwLTlhYjkt
MWEyMDBlNDFiMDA2LzEveFlPc204QlVzbVlCd2ZLRlhDR25ha2ZWX204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni83ZDc4NGItNjYzOS00YmMwLTlhYjktMWEyMDBlNDFiMDA2
LzEveVFzNVNzWXpOMkJfb2JzT3E2RVVVNmd4ODVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFLvvAAwQD
bUfgAwQCuTCIMA0GCSqGSIb3DQEBCwUAA4IBAQAdLnomwj+q7vRLwnffLRr46D7d
62P3P9ni1r53gEYThbYFmgr5y2fb0/6Ed5Dly4kx3rCunwdjnpYTqOxyvIMNOM9b
zgc+azXDUiCFKRAKmYA75SCT+ysHFGw+Pj8xmK1TfsGuirtlKO975336d5EiaLdK
d9y1lzsIQ171n3CQetqPaqwZx9SwXgVbhIGRfqz07CI5fb9XaRFbU4QIs2TkiHXB
r1Mc5Imgddl/ePfoOvUU9ROLHuZcoAmPnTSc8k7s4PVMf0+NuIgJa/LNQO5WoWkY
KO/QrHpp6kkC6Bb3aGG1CKQD4/4YSg9HWPKe1eTJBa60FI7za7bxa4gLYHu8
-----END CERTIFICATE-----
Generated at Wed Jun 11 02:05:14 2025 by rpki-client