Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/kIgDZb1mJNxoy-31G2UkNHRwWx0.roa
File: kIgDZb1mJNxoy-31G2UkNHRwWx0.roa (raw, json)
Hash identifier: zPGGaXstMh703tXkFi/JyzFhGqACNCTHmmN1tjIc6M0=
Subject key identifier: 90:88:03:65:BD:66:24:DC:68:CB:ED:F5:1B:65:24:34:74:70:5B:1D
Certificate issuer: /CN=addd2a815060aa7e621a2094349758b2036896f0
Certificate serial: 0196C90416338D2E96603CF6D6998EBDCE1B
Authority key identifier: AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/kIgDZb1mJNxoy-31G2UkNHRwWx0.roa
Signing time: Tue 13 May 2025 09:40:10 +0000
ROA not before: Tue 13 May 2025 09:40:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201776
IP address blocks: 2.59.51.0/24 maxlen: 24
31.40.208.0/22 maxlen: 22
31.40.252.0/22 maxlen: 22
37.44.252.0/22 maxlen: 22
77.83.8.0/22 maxlen: 22
77.83.16.0/22 maxlen: 22
78.136.196.0/22 maxlen: 22
78.136.200.0/21 maxlen: 21
78.153.137.0/24 maxlen: 24
78.153.138.0/24 maxlen: 24
78.153.147.0/24 maxlen: 24
83.171.252.0/22 maxlen: 22
83.172.60.0/22 maxlen: 24
83.172.61.0/24 maxlen: 24
85.115.200.0/22 maxlen: 22
89.107.136.0/22 maxlen: 22
89.107.138.0/24 maxlen: 24
89.107.139.0/24 maxlen: 24
91.103.110.0/23 maxlen: 23
94.126.24.0/21 maxlen: 24
94.126.30.0/24 maxlen: 24
109.94.220.0/22 maxlen: 22
109.236.52.0/22 maxlen: 22
109.237.104.0/24 maxlen: 24
178.34.152.0/21 maxlen: 21
178.34.176.0/20 maxlen: 20
178.173.124.0/22 maxlen: 22
185.64.44.0/22 maxlen: 22
188.119.76.0/22 maxlen: 22
188.124.224.0/21 maxlen: 21
188.124.248.0/21 maxlen: 21
193.47.44.0/22 maxlen: 22
193.56.64.0/22 maxlen: 22
193.56.72.0/22 maxlen: 22
193.148.52.0/22 maxlen: 22
217.197.172.0/22 maxlen: 22
2a04:f800::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 09 Jun 2025 03:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c9:04:16:33:8d:2e:96:60:3c:f6:d6:99:8e:bd:ce:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=addd2a815060aa7e621a2094349758b2036896f0
Validity
Not Before: May 13 09:40:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=90880365bd6624dc68cbedf51b65243474705b1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:48:ef:d7:70:0f:24:03:5d:a8:63:66:39:52:
c4:04:3c:ac:dc:13:e4:3e:2b:a6:2d:fd:c2:69:d4:
d7:6b:2c:52:e7:c0:79:52:24:19:e0:f6:45:68:4a:
81:7d:38:ef:47:3a:f7:ee:c4:b5:fc:d0:b9:e8:42:
a0:b7:0f:15:33:3b:18:67:39:50:47:2d:c3:57:75:
97:31:48:f8:44:cc:10:f4:50:d3:a2:f9:e9:8b:d6:
d9:ca:60:a5:00:b8:ae:a8:31:dd:13:7b:63:a2:55:
b7:9c:bf:0c:ca:84:d2:86:dc:17:e1:77:65:87:11:
14:3d:ca:f2:91:31:51:80:03:91:ee:ac:9c:b7:98:
7a:43:9e:5b:77:ac:ef:e3:65:da:75:0b:e0:23:55:
02:37:34:8c:d2:4b:a3:ae:e4:ab:c6:1a:1a:39:19:
99:7e:5e:b3:50:0b:f5:93:c0:94:38:5e:02:34:31:
41:ea:6e:99:95:27:80:2a:00:e3:f1:ef:f3:df:b1:
69:1e:80:a1:31:4b:a6:d3:78:12:04:93:6d:fb:3b:
9b:6d:50:11:21:f8:a3:ed:68:81:af:e8:9e:d0:f3:
56:5b:03:e0:ef:08:52:8a:28:71:2f:ef:19:1c:67:
32:c7:b4:6e:ea:d4:e0:3c:1b:5a:7b:45:9c:7f:41:
55:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:88:03:65:BD:66:24:DC:68:CB:ED:F5:1B:65:24:34:74:70:5B:1D
X509v3 Authority Key Identifier:
keyid:AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/kIgDZb1mJNxoy-31G2UkNHRwWx0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.51.0/24
31.40.208.0/22
31.40.252.0/22
37.44.252.0/22
77.83.8.0/22
77.83.16.0/22
78.136.196.0-78.136.207.255
78.153.137.0-78.153.138.255
78.153.147.0/24
83.171.252.0/22
83.172.60.0/22
85.115.200.0/22
89.107.136.0/22
91.103.110.0/23
94.126.24.0/21
109.94.220.0/22
109.236.52.0/22
109.237.104.0/24
178.34.152.0/21
178.34.176.0/20
178.173.124.0/22
185.64.44.0/22
188.119.76.0/22
188.124.224.0/21
188.124.248.0/21
193.47.44.0/22
193.56.64.0/22
193.56.72.0/22
193.148.52.0/22
217.197.172.0/22
IPv6:
2a04:f800::/29
Signature Algorithm: sha256WithRSAEncryption
5c:e9:93:04:c7:bc:ad:3f:c3:5e:c6:05:45:52:66:f0:34:24:
3a:af:a6:f8:ed:e1:8a:a2:3f:00:94:d7:02:0b:75:ef:5a:33:
7d:82:7d:a9:e5:c0:2c:75:45:e3:93:e4:f3:06:85:4a:ac:c3:
f1:31:45:b5:53:72:e0:ee:7a:bc:ef:a5:c3:47:b8:4c:e2:27:
4b:9b:cb:08:3e:89:d0:bc:ca:3b:85:d2:44:ee:41:ad:a6:62:
4d:bf:3a:1b:71:ec:07:cb:fa:fc:b7:0a:9d:9c:30:85:18:a2:
5e:77:ae:41:84:42:3f:78:fc:64:53:d1:e6:01:fe:75:fb:00:
e6:51:e0:4d:77:8e:6b:fb:21:7a:34:8b:6b:a1:1d:58:d2:73:
54:a1:4c:4c:29:3b:ec:25:db:b7:83:ad:c1:61:db:67:da:ef:
f2:bc:7d:75:f8:67:36:4b:ec:30:b0:7d:6c:03:33:77:3e:86:
f2:12:ff:45:07:cb:52:78:85:9a:26:59:37:53:66:f9:d4:a2:
00:86:96:4b:fe:98:b3:85:c5:ca:e9:23:c2:04:56:51:e8:8d:
c0:0f:8c:68:a1:03:66:00:41:4f:cb:52:93:fe:d3:50:d0:d9:
0c:39:05:23:11:d6:ff:a8:41:3c:b0:df:ed:b0:45:8a:d4:8b:
c9:b8:9e:31
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgISAZbJBBYzjS6WYDz21pmOvc4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZGQyYTgxNTA2MGFhN2U2MjFhMjA5NDM0OTc1OGIyMDM2
ODk2ZjAwHhcNMjUwNTEzMDk0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDg4MDM2NWJkNjYyNGRjNjhjYmVkZjUxYjY1MjQzNDc0NzA1YjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUjv13APJANdqGNmOVLEBDys3BPk
PiumLf3CadTXayxS58B5UiQZ4PZFaEqBfTjvRzr37sS1/NC56EKgtw8VMzsYZzlQ
Ry3DV3WXMUj4RMwQ9FDTovnpi9bZymClALiuqDHdE3tjolW3nL8MyoTShtwX4Xdl
hxEUPcrykTFRgAOR7qyct5h6Q55bd6zv42XadQvgI1UCNzSM0kujruSrxhoaORmZ
fl6zUAv1k8CUOF4CNDFB6m6ZlSeAKgDj8e/z37FpHoChMUum03gSBJNt+zubbVAR
Ifij7WiBr+ie0PNWWwPg7whSiihxL+8ZHGcyx7Ru6tTgPBtae0Wcf0FV/QIDAQAB
o4IC2zCCAtcwHQYDVR0OBBYEFJCIA2W9ZiTcaMvt9RtlJDR0cFsdMB8GA1UdIwQY
MBaAFK3dKoFQYKp+YhoglDSXWLIDaJbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYt
OGEwZDBiZjBiNTc3LzEva0lnRFpiMW1KTnhveS0zMUcyVWtOSFJ3V3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYtOGEwZDBiZjBiNTc3
LzEvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHwBggrBgEFBQcBBwEB/wSB4DCB3TCBywQCAAEwgcQDBAAC
OzMDBAIfKNADBAIfKPwDBAIlLPwDBAJNUwgDBAJNUxAwDAMEAk6IxAMEBE6IwDAM
AwQATpmJAwQATpmKAwQATpmTAwQCU6v8AwQCU6w8AwQCVXPIAwQCWWuIAwQBW2du
AwQDXn4YAwQCbV7cAwQCbew0AwQAbe1oAwQDsiKYAwQEsiKwAwQCsq18AwQCuUAs
AwQCvHdMAwQDvHzgAwQDvHz4AwQCwS8sAwQCwThAAwQCwThIAwQCwZQ0AwQC2cWs
MA0EAgACMAcDBQMqBPgAMA0GCSqGSIb3DQEBCwUAA4IBAQBc6ZMEx7ytP8NexgVF
UmbwNCQ6r6b47eGKoj8AlNcCC3XvWjN9gn2p5cAsdUXjk+TzBoVKrMPxMUW1U3Lg
7nq876XDR7hM4idLm8sIPonQvMo7hdJE7kGtpmJNvzobcewHy/r8twqdnDCFGKJe
d65BhEI/ePxkU9HmAf51+wDmUeBNd45r+yF6NItroR1Y0nNUoUxMKTvsJdu3g63B
Ydtn2u/yvH11+Gc2S+wwsH1sAzN3PobyEv9FB8tSeIWaJlk3U2b51KIAhpZL/piz
hcXK6SPCBFZR6I3AD4xooQNmAEFPy1KT/tNQ0NkMOQUjEdb/qEE8sN/tsEWK1IvJ
uJ4x
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:56:49 2025 by rpki-client