Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/wCTFVOhH1_JXXaKELRZTghNafbE.roa
File: wCTFVOhH1_JXXaKELRZTghNafbE.roa (raw, json)
Hash identifier: uIydk4XczljVO9qTa7Z+Ts/JZRVkQzKoeoyTGqvobdE=
Subject key identifier: C0:24:C5:54:E8:47:D7:F2:57:5D:A2:84:2D:16:53:82:13:5A:7D:B1
Certificate issuer: /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial: 019738A2B9A063EDE151130207BBA1BE2149
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/wCTFVOhH1_JXXaKELRZTghNafbE.roa
Signing time: Wed 04 Jun 2025 01:51:17 +0000
ROA not before: Wed 04 Jun 2025 01:51:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54994
IP address blocks: 91.194.205.0/24 maxlen: 24
91.202.200.0/24 maxlen: 24
93.188.132.0/24 maxlen: 24
93.188.135.0/24 maxlen: 24
148.253.34.0/24 maxlen: 24
148.253.36.0/24 maxlen: 24
148.253.41.0/24 maxlen: 24
148.253.42.0/24 maxlen: 24
148.253.44.0/24 maxlen: 24
148.253.47.0/24 maxlen: 24
148.253.60.0/24 maxlen: 24
148.253.61.0/24 maxlen: 24
148.253.62.0/24 maxlen: 24
148.253.63.0/24 maxlen: 24
148.253.228.0/24 maxlen: 24
148.253.229.0/24 maxlen: 24
148.253.231.0/24 maxlen: 24
148.253.232.0/24 maxlen: 24
148.253.233.0/24 maxlen: 24
148.253.234.0/24 maxlen: 24
148.253.235.0/24 maxlen: 24
148.253.237.0/24 maxlen: 24
148.253.239.0/24 maxlen: 24
148.253.244.0/24 maxlen: 24
148.253.245.0/24 maxlen: 24
148.253.246.0/24 maxlen: 24
148.253.248.0/24 maxlen: 24
151.249.92.0/24 maxlen: 24
151.249.93.0/24 maxlen: 24
151.249.94.0/24 maxlen: 24
163.171.64.0/24 maxlen: 24
163.171.67.0/24 maxlen: 24
163.171.70.0/24 maxlen: 24
163.171.71.0/24 maxlen: 24
163.171.77.0/24 maxlen: 24
163.171.84.0/24 maxlen: 24
163.171.85.0/24 maxlen: 24
163.171.87.0/24 maxlen: 24
163.171.93.0/24 maxlen: 24
163.171.94.0/24 maxlen: 24
163.171.96.0/24 maxlen: 24
163.171.97.0/24 maxlen: 24
163.171.98.0/24 maxlen: 24
163.171.101.0/24 maxlen: 24
163.171.102.0/24 maxlen: 24
163.171.103.0/24 maxlen: 24
163.171.104.0/24 maxlen: 24
163.171.119.0/24 maxlen: 24
163.171.126.0/24 maxlen: 24
163.171.143.0/24 maxlen: 24
163.171.153.0/24 maxlen: 24
163.171.166.0/24 maxlen: 24
163.171.176.0/24 maxlen: 24
163.171.177.0/24 maxlen: 24
163.171.182.0/24 maxlen: 24
163.171.188.0/24 maxlen: 24
163.171.198.0/24 maxlen: 24
163.171.207.0/24 maxlen: 24
163.171.215.0/24 maxlen: 24
163.171.216.0/24 maxlen: 24
163.171.222.0/24 maxlen: 24
163.171.224.0/24 maxlen: 24
163.171.225.0/24 maxlen: 24
163.171.230.0/24 maxlen: 24
163.171.231.0/24 maxlen: 24
163.171.234.0/24 maxlen: 24
163.171.249.0/24 maxlen: 24
163.171.252.0/24 maxlen: 24
185.27.230.0/24 maxlen: 24
194.107.19.0/24 maxlen: 24
2a01:53c0:ffc6::/48 maxlen: 48
2a01:53c0:ffe7::/48 maxlen: 48
2a01:53c0:fff2::/48 maxlen: 48
2a01:53c0:fff4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:38:a2:b9:a0:63:ed:e1:51:13:02:07:bb:a1:be:21:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Validity
Not Before: Jun 4 01:51:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c024c554e847d7f2575da2842d165382135a7db1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:f2:22:e8:56:20:6d:a4:9a:cf:38:d4:d8:a8:
0e:58:c9:a9:ec:41:26:bf:4f:06:e7:01:39:f5:8b:
05:89:e6:ba:d8:8c:a0:51:ee:ed:22:12:52:67:2e:
d0:0d:c2:d9:02:7d:82:1f:da:f0:01:6e:3d:f1:96:
12:38:d0:40:a8:22:a5:78:46:8d:c6:91:c9:f2:6e:
c5:13:ec:84:76:91:d4:64:83:0b:cb:13:43:b7:c6:
02:4a:6f:e3:b8:28:a1:c1:9d:d3:ac:0c:75:35:4d:
35:f3:92:94:3b:49:36:99:09:0d:11:ba:11:58:62:
f5:03:47:f8:5c:26:83:3c:c5:8f:b0:2e:35:d3:61:
8c:4c:07:f3:d4:ef:d4:0c:55:b0:e1:36:39:80:98:
19:aa:58:4d:2c:6d:21:de:a0:fa:e5:dc:61:2d:21:
c8:06:9f:ed:59:45:bf:a9:d8:14:39:b4:bc:68:a8:
3b:1a:98:85:90:74:23:43:0b:95:54:e5:50:84:9b:
19:c9:21:53:4e:98:bd:93:5b:47:da:71:cd:79:b4:
47:71:94:e7:fb:8f:43:0c:23:58:23:b6:d9:8e:cf:
2a:13:a5:43:2a:9e:8c:c4:95:14:9c:88:00:e4:e7:
8e:31:c6:15:0f:75:b3:4e:80:c3:7a:7c:f4:3d:18:
78:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:24:C5:54:E8:47:D7:F2:57:5D:A2:84:2D:16:53:82:13:5A:7D:B1
X509v3 Authority Key Identifier:
keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/wCTFVOhH1_JXXaKELRZTghNafbE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.205.0/24
91.202.200.0/24
93.188.132.0/24
93.188.135.0/24
148.253.34.0/24
148.253.36.0/24
148.253.41.0-148.253.42.255
148.253.44.0/24
148.253.47.0/24
148.253.60.0/22
148.253.228.0/23
148.253.231.0-148.253.235.255
148.253.237.0/24
148.253.239.0/24
148.253.244.0-148.253.246.255
148.253.248.0/24
151.249.92.0-151.249.94.255
163.171.64.0/24
163.171.67.0/24
163.171.70.0/23
163.171.77.0/24
163.171.84.0/23
163.171.87.0/24
163.171.93.0-163.171.94.255
163.171.96.0-163.171.98.255
163.171.101.0-163.171.104.255
163.171.119.0/24
163.171.126.0/24
163.171.143.0/24
163.171.153.0/24
163.171.166.0/24
163.171.176.0/23
163.171.182.0/24
163.171.188.0/24
163.171.198.0/24
163.171.207.0/24
163.171.215.0-163.171.216.255
163.171.222.0/24
163.171.224.0/23
163.171.230.0/23
163.171.234.0/24
163.171.249.0/24
163.171.252.0/24
185.27.230.0/24
194.107.19.0/24
IPv6:
2a01:53c0:ffc6::/48
2a01:53c0:ffe7::/48
2a01:53c0:fff2::/48
2a01:53c0:fff4::/48
Signature Algorithm: sha256WithRSAEncryption
d0:5a:7d:05:62:86:77:7a:b3:fe:5e:ed:b4:a9:d6:a7:0d:b6:
52:7c:8b:18:7f:c5:ef:12:1b:ce:79:97:0a:84:cd:5b:f6:7a:
fb:0f:fd:f3:52:83:17:17:73:4f:c6:48:3a:69:ce:89:b0:3c:
b1:70:02:f9:c9:71:8c:b2:b1:c9:99:97:b4:1e:a6:6d:83:e3:
43:dc:12:b0:79:2c:cc:cc:9c:04:f2:63:57:d0:b1:5a:7e:c2:
f4:54:ba:53:24:bd:55:bc:a0:84:0b:92:2a:54:71:15:ec:73:
50:d4:95:dd:11:1b:cf:f1:48:5e:cf:a9:db:b8:ca:54:4e:ee:
2f:99:50:a5:51:80:12:7d:94:be:24:42:82:87:d4:c1:d8:84:
a6:97:5e:33:f9:c6:ad:dd:d3:73:de:d3:30:3f:d0:dd:84:9c:
e3:44:f6:b1:9e:c7:ff:4e:87:9b:e3:52:20:de:a9:f3:1e:98:
85:77:9d:a0:44:98:6f:df:f0:cc:f4:a7:e7:c4:73:36:a4:4e:
c2:51:93:9d:7d:63:95:c7:68:10:0c:68:06:a4:da:71:ae:6a:
8e:95:0a:c8:e1:c8:29:6f:7e:f6:8a:56:20:99:96:f6:6c:c2:
23:05:62:a6:f8:86:8c:71:7b:d0:cb:ff:28:9d:24:18:7e:6c:
72:58:04:d4
-----BEGIN CERTIFICATE-----
MIIGezCCBWOgAwIBAgISAZc4ormgY+3hURMCB7uhviFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwNjA0MDE1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDI0YzU1NGU4NDdkN2YyNTc1ZGEyODQyZDE2NTM4MjEzNWE3ZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/Ii6FYgbaSazzjU2KgOWMmp7EEm
v08G5wE59YsFiea62IygUe7tIhJSZy7QDcLZAn2CH9rwAW498ZYSONBAqCKleEaN
xpHJ8m7FE+yEdpHUZIMLyxNDt8YCSm/juCihwZ3TrAx1NU0185KUO0k2mQkNEboR
WGL1A0f4XCaDPMWPsC4102GMTAfz1O/UDFWw4TY5gJgZqlhNLG0h3qD65dxhLSHI
Bp/tWUW/qdgUObS8aKg7GpiFkHQjQwuVVOVQhJsZySFTTpi9k1tH2nHNebRHcZTn
+49DDCNYI7bZjs8qE6VDKp6MxJUUnIgA5OeOMcYVD3WzToDDenz0PRh44QIDAQAB
o4IDhzCCA4MwHQYDVR0OBBYEFMAkxVToR9fyV12ihC0WU4ITWn2xMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvd0NURlZPaEgxX0pYWGFLRUxSWlRnaE5hZmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBmwYIKwYBBQUHAQcBAf8EggGKMIIBhjCCAVYEAgABMIIB
TgMEAFvCzQMEAFvKyAMEAF28hAMEAF28hwMEAJT9IgMEAJT9JDAMAwQAlP0pAwQA
lP0qAwQAlP0sAwQAlP0vAwQClP08AwQBlP3kMAwDBACU/ecDBAKU/egDBACU/e0D
BACU/e8wDAMEApT99AMEAJT99gMEAJT9+DAMAwQCl/lcAwQAl/leAwQAo6tAAwQA
o6tDAwQBo6tGAwQAo6tNAwQBo6tUAwQAo6tXMAwDBACjq10DBACjq14wDAMEBaOr
YAMEAKOrYjAMAwQAo6tlAwQAo6toAwQAo6t3AwQAo6t+AwQAo6uPAwQAo6uZAwQA
o6umAwQBo6uwAwQAo6u2AwQAo6u8AwQAo6vGAwQAo6vPMAwDBACjq9cDBACjq9gD
BACjq94DBAGjq+ADBAGjq+YDBACjq+oDBACjq/kDBACjq/wDBAC5G+YDBADCaxMw
KgQCAAIwJAMHACoBU8D/xgMHACoBU8D/5wMHACoBU8D/8gMHACoBU8D/9DANBgkq
hkiG9w0BAQsFAAOCAQEA0Fp9BWKGd3qz/l7ttKnWpw22UnyLGH/F7xIbznmXCoTN
W/Z6+w/981KDFxdzT8ZIOmnOibA8sXAC+clxjLKxyZmXtB6mbYPjQ9wSsHkszMyc
BPJjV9CxWn7C9FS6UyS9VbyghAuSKlRxFexzUNSV3REbz/FIXs+p27jKVE7uL5lQ
pVGAEn2UviRCgofUwdiEppdeM/nGrd3Tc97TMD/Q3YSc40T2sZ7H/06Hm+NSIN6p
8x6YhXedoESYb9/wzPSn58RzNqROwlGTnX1jlcdoEAxoBqTaca5qjpUKyOHIKW9+
9opWIJmW9mzCIwVipviGjHF70Mv/KJ0kGH5sclgE1A==
-----END CERTIFICATE-----
Generated at Sun Jun 8 11:54:51 2025 by rpki-client