Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UjGBSXbldfCFYBnL8LoCotMRMTw.roa
File: UjGBSXbldfCFYBnL8LoCotMRMTw.roa (raw, json)
Hash identifier: 8XlnUuGPS9qPsNjB49znffiz5V+wQfFpFjaCZ17mc+Y=
Subject key identifier: 52:31:81:49:76:E5:75:F0:85:60:19:CB:F0:BA:02:A2:D3:11:31:3C
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01973FCD717CBEBFF3F10BC20BAC83C44F29
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UjGBSXbldfCFYBnL8LoCotMRMTw.roa
Signing time: Thu 05 Jun 2025 11:15:17 +0000
ROA not before: Thu 05 Jun 2025 11:15:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213122
IP address blocks: 5.226.52.0/22 maxlen: 24
45.139.6.0/23 maxlen: 24
178.173.236.0/22 maxlen: 24
178.173.242.0/23 maxlen: 24
178.173.244.0/22 maxlen: 24
188.253.28.0/22 maxlen: 24
188.253.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Jun 2025 05:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:cd:71:7c:be:bf:f3:f1:0b:c2:0b:ac:83:c4:4f:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 5 11:15:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5231814976e575f0856019cbf0ba02a2d311313c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:ed:73:99:bc:89:74:39:96:65:a9:78:d2:7f:
1e:a8:18:ec:52:39:34:8c:58:cf:81:8c:a6:33:37:
a1:fa:f8:a9:c2:cc:ed:ff:92:8f:f1:d4:20:db:36:
72:50:ef:cf:49:1c:c1:d5:ef:a4:3a:b9:9b:af:88:
b1:1a:1d:1c:cc:ad:07:36:7e:0d:bc:89:5e:9f:ad:
dd:c0:4d:4f:ce:45:c0:59:68:8c:0c:9f:54:1a:3e:
7f:20:1e:93:67:4b:44:18:c9:75:7f:eb:4e:00:41:
70:52:85:be:69:61:b6:01:3a:a8:6b:77:97:07:a4:
21:5f:a1:20:60:79:da:3f:8e:1d:f2:70:07:a1:8f:
00:58:6f:9a:4f:cc:92:d5:b9:26:44:2f:20:a2:be:
a7:d9:a1:58:5d:1a:ae:ad:bd:fc:a6:1e:81:c1:3c:
57:5b:41:a1:a9:a1:70:c2:4d:51:7c:50:44:95:af:
84:c1:dc:5f:c3:57:ab:17:ed:37:1a:76:8e:67:26:
ff:d6:57:56:9d:a9:6b:2e:28:12:1b:a2:cd:7f:1b:
03:8c:b0:cb:0f:9f:ac:3b:05:ef:55:3e:b3:bb:7c:
29:e0:f2:14:c0:19:da:15:50:11:cd:52:5f:37:5c:
af:af:52:07:cc:42:ed:03:6c:5d:8a:2f:8c:5e:f6:
d3:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:31:81:49:76:E5:75:F0:85:60:19:CB:F0:BA:02:A2:D3:11:31:3C
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UjGBSXbldfCFYBnL8LoCotMRMTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.52.0/22
45.139.6.0/23
178.173.236.0/22
178.173.242.0-178.173.247.255
188.253.28.0/22
188.253.104.0/21
Signature Algorithm: sha256WithRSAEncryption
29:6c:37:2f:ef:27:58:e3:45:b6:5f:b7:91:ff:04:2c:0c:fd:
c9:48:01:8b:92:66:c4:01:03:59:65:8a:8d:51:2d:c7:d7:98:
69:f5:d7:0e:1d:5e:f3:11:90:0f:f9:59:26:6c:36:2d:7c:16:
79:63:f3:5f:c5:ab:0c:d8:24:fb:3c:f1:b3:fb:af:6f:6f:f7:
17:b1:76:e6:55:72:35:b2:14:a6:7f:60:d7:74:6e:a8:a3:61:
60:3c:d3:39:34:c3:ea:06:4b:96:0a:da:8a:6e:3e:4d:5d:54:
1f:ca:2c:44:b8:81:a4:5e:d0:28:1e:79:63:7f:d7:26:1e:46:
f2:b7:36:95:70:57:8c:30:54:28:77:52:71:a9:56:d4:c6:85:
27:6e:69:e8:51:c6:01:b5:39:58:d0:29:11:a2:48:2d:88:13:
17:49:c5:08:81:10:2f:b6:78:a5:48:90:40:63:95:79:20:84:
9c:5f:3b:70:32:9c:8c:7d:1f:fa:da:dc:5a:9b:a0:70:9e:df:
46:a8:ff:2e:58:04:9e:66:c5:5d:e8:ec:32:c4:fa:b6:b9:2a:
fc:dc:85:20:23:97:59:bd:0a:8d:87:7f:8c:a1:17:cc:fa:6d:
f3:16:72:cb:2e:69:35:b6:9d:05:33:cd:73:c6:4c:a9:3b:8b:
e7:27:10:f2
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZc/zXF8vr/z8QvCC6yDxE8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNjA1MTExNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMxODE0OTc2ZTU3NWYwODU2MDE5Y2JmMGJhMDJhMmQzMTEzMTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO1zmbyJdDmWZal40n8eqBjsUjk0
jFjPgYymMzeh+vipwszt/5KP8dQg2zZyUO/PSRzB1e+kOrmbr4ixGh0czK0HNn4N
vIlen63dwE1PzkXAWWiMDJ9UGj5/IB6TZ0tEGMl1f+tOAEFwUoW+aWG2ATqoa3eX
B6QhX6EgYHnaP44d8nAHoY8AWG+aT8yS1bkmRC8gor6n2aFYXRqurb38ph6BwTxX
W0GhqaFwwk1RfFBEla+Ewdxfw1erF+03GnaOZyb/1ldWnalrLigSG6LNfxsDjLDL
D5+sOwXvVT6zu3wp4PIUwBnaFVARzVJfN1yvr1IHzELtA2xdii+MXvbTDwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFIxgUl25XXwhWAZy/C6AqLTETE8MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVWpHQlNYYmxkZkNGWUJuTDhMb0NvdE1STVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCBeI0AwQB
LYsGAwQCsq3sMAwDBAGyrfIDBAOyrfADBAK8/RwDBAO8/WgwDQYJKoZIhvcNAQEL
BQADggEBAClsNy/vJ1jjRbZft5H/BCwM/clIAYuSZsQBA1llio1RLcfXmGn11w4d
XvMRkA/5WSZsNi18Fnlj81/FqwzYJPs88bP7r29v9xexduZVcjWyFKZ/YNd0bqij
YWA80zk0w+oGS5YK2opuPk1dVB/KLES4gaRe0CgeeWN/1yYeRvK3NpVwV4wwVCh3
UnGpVtTGhSduaehRxgG1OVjQKRGiSC2IExdJxQiBEC+2eKVIkEBjlXkghJxfO3Ay
nIx9H/ra3FqboHCe30ao/y5YBJ5mxV3o7DLE+ra5KvzchSAjl1m9Co2Hf4yhF8z6
bfMWcssuaTW2nQUzzXPGTKk7i+cnEPI=
-----END CERTIFICATE-----
Generated at Fri Jun 13 10:08:56 2025 by rpki-client