Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/X5BI_4m66OA1gTOSPBNCsDRd-Pw.roa
File: X5BI_4m66OA1gTOSPBNCsDRd-Pw.roa (raw, json)
Hash identifier: 3oZT1fDyGLqNouLkyRSol/W9I5a1RPKZknAigOCTTYM=
Subject key identifier: 5F:90:48:FF:89:BA:E8:E0:35:81:33:92:3C:13:42:B0:34:5D:F8:FC
Certificate issuer: /CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
Certificate serial: 019422FC2839EAAC2EBFC020BC938309F7EA
Authority key identifier: A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/X5BI_4m66OA1gTOSPBNCsDRd-Pw.roa
Signing time: Wed 01 Jan 2025 17:48:58 +0000
ROA not before: Wed 01 Jan 2025 17:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39704
IP address blocks: 5.22.248.0/21 maxlen: 24
46.182.216.0/21 maxlen: 24
91.192.36.0/22 maxlen: 24
94.124.88.0/21 maxlen: 24
185.94.168.0/22 maxlen: 24
185.103.16.0/22 maxlen: 24
194.50.163.0/24 maxlen: 24
195.216.246.0/24 maxlen: 24
213.132.192.0/19 maxlen: 24
2a00:1bd0::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl
rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.mft
rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 20:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:28:39:ea:ac:2e:bf:c0:20:bc:93:83:09:f7:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
Validity
Not Before: Jan 1 17:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f9048ff89bae8e0358133923c1342b0345df8fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:13:19:66:a0:ff:ca:1f:4b:48:7a:58:e7:93:
ed:04:47:83:e5:d1:db:b0:35:9c:95:50:a5:e0:20:
d9:6e:ff:d8:1e:68:7e:14:84:c2:b8:19:7d:d7:93:
05:75:93:46:5f:77:2b:f8:ec:32:3e:e9:93:1d:a6:
79:be:7c:28:ed:e7:ba:ae:18:57:8f:d2:c8:98:33:
29:41:9c:19:8c:0c:d2:3f:7f:18:3e:fb:26:0e:e1:
6b:c1:dc:ed:ac:59:4a:46:15:95:bd:16:e2:48:ab:
a1:55:43:4e:e5:3c:28:30:3b:14:4e:66:5f:0f:3f:
37:59:fc:0a:d3:a3:3c:02:b1:f8:bc:c9:2f:85:ac:
69:87:d2:26:95:60:85:e0:59:2a:a3:73:c6:38:68:
3a:87:f1:40:ac:23:b1:59:79:80:ec:04:2c:4f:9b:
29:46:02:9f:d7:63:f3:e7:4e:78:72:11:07:30:fe:
b2:0f:08:d5:cc:f2:f1:53:fc:53:bb:e9:e6:fa:fd:
02:b1:a8:8d:cf:33:42:97:36:d3:7d:7a:87:cf:7a:
7c:d6:d7:c6:42:2c:6a:69:28:93:44:bb:2b:93:32:
3a:8a:b5:49:e2:d3:f3:67:43:53:50:55:35:6a:fa:
d9:db:c2:42:e0:21:ef:63:84:35:0b:d4:1a:21:2d:
c3:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:90:48:FF:89:BA:E8:E0:35:81:33:92:3C:13:42:B0:34:5D:F8:FC
X509v3 Authority Key Identifier:
keyid:A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/X5BI_4m66OA1gTOSPBNCsDRd-Pw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.248.0/21
46.182.216.0/21
91.192.36.0/22
94.124.88.0/21
185.94.168.0/22
185.103.16.0/22
194.50.163.0/24
195.216.246.0/24
213.132.192.0/19
IPv6:
2a00:1bd0::/29
Signature Algorithm: sha256WithRSAEncryption
99:ed:65:da:7a:5d:e0:2b:d7:d4:a7:3c:5c:2a:96:8e:ed:34:
1e:64:3b:e4:93:ac:cc:09:a9:9b:b6:0f:10:5b:01:ef:99:fd:
83:18:95:8a:fb:19:90:e6:27:4e:72:a4:83:1d:58:db:a3:ac:
0e:37:8f:7e:a5:05:fc:4a:69:e6:7e:8b:57:73:91:47:91:fd:
a6:29:63:56:f3:10:70:8b:bb:aa:1a:9d:d8:7f:40:94:39:a8:
72:20:be:87:e7:a2:10:43:bc:04:4d:e0:80:f6:da:34:b3:7b:
15:3e:b1:91:69:b0:d4:6b:68:37:cd:5b:bc:63:55:04:9e:be:
83:ba:bb:49:31:a3:e8:e4:b2:af:e2:28:99:14:7d:80:05:cd:
b5:c8:ee:d4:61:e1:cc:f3:d8:49:6e:fa:3b:01:6a:48:95:89:
d2:32:44:bd:48:24:92:7d:a6:2d:a2:df:ed:43:1e:d2:64:2a:
2e:33:cf:bd:fc:35:1f:fc:cd:0e:36:62:1d:93:d9:fd:67:78:
ad:de:c5:18:33:d4:2f:16:0d:e7:76:85:2a:59:b9:17:31:e0:
b0:40:fe:1e:92:ee:b0:9a:25:16:8f:23:3e:bb:4d:08:76:c9:
ea:24:bf:be:81:54:00:46:2b:5b:b6:7e:3a:7c:35:b9:9d:c7:
1e:65:e4:a0
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZQi/Cg56qwuv8AgvJODCffqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGI0OGVkYzdhMzI1ZDdmMWFlMGYyNTdjMGUyODM1MTcx
YmM5YWUwHhcNMjUwMTAxMTc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkwNDhmZjg5YmFlOGUwMzU4MTMzOTIzYzEzNDJiMDM0NWRmOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhMZZqD/yh9LSHpY55PtBEeD5dHb
sDWclVCl4CDZbv/YHmh+FITCuBl915MFdZNGX3cr+OwyPumTHaZ5vnwo7ee6rhhX
j9LImDMpQZwZjAzSP38YPvsmDuFrwdztrFlKRhWVvRbiSKuhVUNO5TwoMDsUTmZf
Dz83WfwK06M8ArH4vMkvhaxph9ImlWCF4Fkqo3PGOGg6h/FArCOxWXmA7AQsT5sp
RgKf12Pz5054chEHMP6yDwjVzPLxU/xTu+nm+v0CsaiNzzNClzbTfXqHz3p81tfG
QixqaSiTRLsrkzI6irVJ4tPzZ0NTUFU1avrZ28JC4CHvY4Q1C9QaIS3DVwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFF+QSP+JuujgNYEzkjwTQrA0Xfj8MB8GA1UdIwQY
MBaAFKJLSO3HoyXX8a4PJXwOKDUXG8muMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYt
N2YxZTU3NDg3YzFhLzEvWDVCSV80bTY2T0ExZ1RPU1BCTkNzRFJkLVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYtN2YxZTU3NDg3YzFh
LzEvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDBRb4AwQD
LrbYAwQCW8AkAwQDXnxYAwQCuV6oAwQCuWcQAwQAwjKjAwQAw9j2AwQF1YTAMA0E
AgACMAcDBQMqABvQMA0GCSqGSIb3DQEBCwUAA4IBAQCZ7WXael3gK9fUpzxcKpaO
7TQeZDvkk6zMCambtg8QWwHvmf2DGJWK+xmQ5idOcqSDHVjbo6wON49+pQX8Smnm
fotXc5FHkf2mKWNW8xBwi7uqGp3Yf0CUOahyIL6H56IQQ7wETeCA9to0s3sVPrGR
abDUa2g3zVu8Y1UEnr6DurtJMaPo5LKv4iiZFH2ABc21yO7UYeHM89hJbvo7AWpI
lYnSMkS9SCSSfaYtot/tQx7SZCouM8+9/DUf/M0ONmIdk9n9Z3it3sUYM9QvFg3n
doUqWbkXMeCwQP4eku6wmiUWjyM+u00IdsnqJL++gVQARitbtn46fDW5ncceZeSg
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:53:37 2025 by rpki-client