Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/_deNM6L0-gRjzB9Oru0BeDNyfHo.roa
File: _deNM6L0-gRjzB9Oru0BeDNyfHo.roa (raw, json)
Hash identifier: LDo7rHt3sUV11VVSTI9bz2qFEysdcQXIsvCOfT9GJ88=
Subject key identifier: FD:D7:8D:33:A2:F4:FA:04:63:CC:1F:4E:AE:ED:01:78:33:72:7C:7A
Certificate issuer: /CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Certificate serial: 0195A35EBD9B1B767A20AEBF24D142C1AF56
Authority key identifier: F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/_deNM6L0-gRjzB9Oru0BeDNyfHo.roa
Signing time: Mon 17 Mar 2025 09:10:49 +0000
ROA not before: Mon 17 Mar 2025 09:10:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47956
IP address blocks: 5.102.192.0/18 maxlen: 24
31.210.176.0/21 maxlen: 21
31.210.176.0/22 maxlen: 22
31.210.176.0/23 maxlen: 23
31.210.180.0/22 maxlen: 22
31.210.184.0/22 maxlen: 22
37.46.32.0/20 maxlen: 24
91.205.152.0/22 maxlen: 24
94.230.80.0/20 maxlen: 24
94.230.80.0/21 maxlen: 21
94.230.80.0/22 maxlen: 22
94.230.84.0/22 maxlen: 22
94.230.88.0/22 maxlen: 22
94.230.92.0/22 maxlen: 22
141.226.0.0/19 maxlen: 24
141.226.0.0/21 maxlen: 21
141.226.0.0/22 maxlen: 22
141.226.4.0/22 maxlen: 22
141.226.8.0/21 maxlen: 21
141.226.8.0/22 maxlen: 22
141.226.12.0/22 maxlen: 22
141.226.32.0/20 maxlen: 24
141.226.48.0/22 maxlen: 24
141.226.52.0/23 maxlen: 24
141.226.54.0/24 maxlen: 24
141.226.56.0/21 maxlen: 24
141.226.64.0/22 maxlen: 24
141.226.68.0/23 maxlen: 24
141.226.70.0/24 maxlen: 24
141.226.72.0/21 maxlen: 24
141.226.144.0/20 maxlen: 24
141.226.144.0/21 maxlen: 21
141.226.152.0/21 maxlen: 21
141.226.160.0/20 maxlen: 24
141.226.160.0/21 maxlen: 21
141.226.160.0/22 maxlen: 22
141.226.168.0/21 maxlen: 21
141.226.176.0/21 maxlen: 24
188.120.128.0/19 maxlen: 24
2a02:ed0::/29 maxlen: 29
2a02:ed0::/32 maxlen: 48
2a02:ed1::/32 maxlen: 32
2a02:ed2::/32 maxlen: 32
2a02:ed2::/40 maxlen: 48
2a02:ed3::/32 maxlen: 48
2a02:ed5::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.mft
rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a3:5e:bd:9b:1b:76:7a:20:ae:bf:24:d1:42:c1:af:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Validity
Not Before: Mar 17 09:10:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fdd78d33a2f4fa0463cc1f4eaeed017833727c7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:cd:c7:3f:43:2b:4f:95:9a:c0:e6:b6:2f:01:
0b:58:fe:35:a7:08:7e:eb:1b:cc:fe:23:c0:5a:b2:
b0:d8:7b:ae:27:2f:36:ab:21:56:0e:ee:c9:46:23:
a3:fa:67:b1:7d:1e:d7:c4:b2:f7:e7:3a:08:90:52:
51:3a:59:5a:c0:0e:84:03:bb:12:ec:3e:8f:bd:0b:
15:56:7f:09:3f:f0:04:35:f5:55:90:d3:01:50:63:
73:20:b2:6d:0f:8b:89:64:55:a8:34:6c:ca:c3:78:
fa:75:2e:44:d7:2f:29:0e:84:08:2d:50:c7:46:df:
9c:7e:f2:8f:2a:5e:e0:13:e8:d0:1b:c0:c4:67:d0:
ce:06:dc:db:89:30:05:01:d2:4a:31:ac:3e:ed:70:
e9:73:d0:4c:5c:ea:f1:48:7e:3e:e5:b5:14:73:7d:
91:f7:df:65:b4:3b:76:93:d5:26:1c:e1:bd:5e:4c:
64:2c:c6:c5:19:09:91:5d:df:cf:92:0b:da:40:29:
7c:24:f5:fe:98:2a:6e:41:46:1a:d8:f4:c1:e8:cb:
f1:07:84:aa:5a:e9:d2:a8:66:7b:11:27:6f:df:91:
2c:90:2d:18:84:42:44:37:09:3c:39:18:29:cd:18:
a5:17:db:24:77:8b:5f:a0:13:97:d0:38:2d:6d:2d:
41:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:D7:8D:33:A2:F4:FA:04:63:CC:1F:4E:AE:ED:01:78:33:72:7C:7A
X509v3 Authority Key Identifier:
keyid:F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/_deNM6L0-gRjzB9Oru0BeDNyfHo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.192.0/18
31.210.176.0-31.210.187.255
37.46.32.0/20
91.205.152.0/22
94.230.80.0/20
141.226.0.0-141.226.54.255
141.226.56.0-141.226.70.255
141.226.72.0/21
141.226.144.0-141.226.183.255
188.120.128.0/19
IPv6:
2a02:ed0::/29
Signature Algorithm: sha256WithRSAEncryption
61:ed:78:72:78:2f:49:83:ec:5c:f2:35:c6:f1:61:b4:04:63:
d7:23:3a:cd:89:df:41:c7:22:da:35:1b:84:02:cb:86:01:3d:
75:9b:cb:01:cb:6f:5c:45:8d:47:bd:00:90:cb:e3:0c:5e:31:
b1:0a:4e:0c:a7:65:4c:c5:f9:7d:f5:35:ff:7e:97:8d:e5:0c:
49:fd:8c:28:4f:a6:60:76:7b:bd:ac:40:b4:9d:d3:8c:32:39:
25:38:7c:0f:02:cf:23:ab:cf:87:1e:75:d0:21:3d:12:ef:00:
51:41:12:e3:56:56:e7:2e:0e:eb:d5:57:c2:fb:b3:5b:4e:a2:
23:eb:54:b9:09:5f:1c:82:3a:8d:94:47:8a:37:01:df:83:02:
3f:73:7f:21:49:c0:97:12:04:75:9d:09:b9:4c:e3:e4:19:01:
7a:b1:cd:bd:b0:8c:a9:59:8a:b8:07:08:08:17:b1:db:84:b3:
59:86:8a:4c:00:6e:51:a2:1a:b5:93:ee:88:db:79:d7:5f:dd:
e1:77:31:d3:fe:ca:67:34:4f:5d:35:43:ad:d3:79:e0:e9:cf:
dc:9b:f4:12:c2:e1:12:cb:f7:90:70:14:2b:40:fe:03:ef:62:
25:93:b0:ca:77:f6:0b:be:38:95:3c:d7:c4:f2:02:80:0d:af:
da:8b:1a:e2
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZWjXr2bG3Z6IK6/JNFCwa9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzBhYTdiM2UzY2JmZjg4MjYyYWRkOTJiMzM5ZTM1MDUx
Y2UxYTAwHhcNMjUwMzE3MDkxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ3OGQzM2EyZjRmYTA0NjNjYzFmNGVhZWVkMDE3ODMzNzI3YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6s3HP0MrT5WawOa2LwELWP41pwh+
6xvM/iPAWrKw2HuuJy82qyFWDu7JRiOj+mexfR7XxLL35zoIkFJROllawA6EA7sS
7D6PvQsVVn8JP/AENfVVkNMBUGNzILJtD4uJZFWoNGzKw3j6dS5E1y8pDoQILVDH
Rt+cfvKPKl7gE+jQG8DEZ9DOBtzbiTAFAdJKMaw+7XDpc9BMXOrxSH4+5bUUc32R
999ltDt2k9UmHOG9XkxkLMbFGQmRXd/PkgvaQCl8JPX+mCpuQUYa2PTB6MvxB4Sq
WunSqGZ7ESdv35EskC0YhEJENwk8ORgpzRilF9skd4tfoBOX0DgtbS1BOQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFP3XjTOi9PoEY8wfTq7tAXgzcnx6MB8GA1UdIwQY
MBaAFPTAqns+PL/4gmKt2SsznjUFHOGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEt
ZWE3NWRkZjQ3YjRhLzEvX2RlTk02TDAtZ1JqekI5T3J1MEJlRE55ZkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEtZWE3NWRkZjQ3YjRh
LzEvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwYQQCAAEwWwMEBgVmwDAM
AwQEH9KwAwQCH9K4AwQEJS4gAwQCW82YAwQEXuZQMAsDAwGN4gMEAI3iNjAMAwQD
jeI4AwQAjeJGAwQDjeJIMAwDBASN4pADBAON4rADBAW8eIAwDQQCAAIwBwMFAyoC
DtAwDQYJKoZIhvcNAQELBQADggEBAGHteHJ4L0mD7FzyNcbxYbQEY9cjOs2J30HH
Ito1G4QCy4YBPXWbywHLb1xFjUe9AJDL4wxeMbEKTgynZUzF+X31Nf9+l43lDEn9
jChPpmB2e72sQLSd04wyOSU4fA8CzyOrz4ceddAhPRLvAFFBEuNWVucuDuvVV8L7
s1tOoiPrVLkJXxyCOo2UR4o3Ad+DAj9zfyFJwJcSBHWdCblM4+QZAXqxzb2wjKlZ
irgHCAgXsduEs1mGikwAblGiGrWT7ojbeddf3eF3MdP+ymc0T101Q63TeeDpz9yb
9BLC4RLL95BwFCtA/gPvYiWTsMp39gu+OJU818TyAoANr9qLGuI=
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:19:16 2025 by rpki-client