Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/2oAVyU2seJGTQFfvnoLEW0LxBMw.roa
File: 2oAVyU2seJGTQFfvnoLEW0LxBMw.roa (raw, json)
Hash identifier: ZURqts9j5VKp8XJN1Pz3dvi3R29PhjPq43deEFPHUGM=
Subject key identifier: DA:80:15:C9:4D:AC:78:91:93:40:57:EF:9E:82:C4:5B:42:F1:04:CC
Certificate issuer: /CN=c2d2a234e224bf87996f2f0df559ead882f9e651
Certificate serial: 01942747D5F4CE9D830831161EA57ED68C56
Authority key identifier: C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/2oAVyU2seJGTQFfvnoLEW0LxBMw.roa
Signing time: Thu 02 Jan 2025 13:50:06 +0000
ROA not before: Thu 02 Jan 2025 13:50:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50926
IP address blocks: 5.175.40.0/21 maxlen: 24
31.24.40.0/21 maxlen: 24
31.24.152.0/21 maxlen: 24
84.246.208.0/21 maxlen: 24
91.142.208.0/20 maxlen: 24
91.200.140.0/22 maxlen: 24
91.213.46.0/24 maxlen: 24
94.127.184.0/21 maxlen: 24
109.68.80.0/21 maxlen: 24
149.62.168.0/21 maxlen: 24
185.23.68.0/22 maxlen: 24
185.70.92.0/22 maxlen: 24
185.101.224.0/22 maxlen: 24
185.129.248.0/22 maxlen: 24
185.176.8.0/22 maxlen: 24
185.222.156.0/22 maxlen: 24
188.95.112.0/21 maxlen: 24
188.164.192.0/21 maxlen: 24
194.116.147.0/24 maxlen: 24
195.5.116.0/23 maxlen: 24
212.34.156.0/22 maxlen: 24
2a00:5ac0::/44 maxlen: 44
2a00:5ac0:100::/48 maxlen: 48
2a00:5ac0:147::/48 maxlen: 48
2a00:5ac0:180::/48 maxlen: 48
2a00:5ac0:200::/48 maxlen: 48
2a00:5ac0:300::/48 maxlen: 48
2a01:4b80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.mft
rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:d5:f4:ce:9d:83:08:31:16:1e:a5:7e:d6:8c:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2d2a234e224bf87996f2f0df559ead882f9e651
Validity
Not Before: Jan 2 13:50:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=da8015c94dac7891934057ef9e82c45b42f104cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:b4:15:5b:dd:82:30:63:ee:a4:69:9c:90:a0:
93:f5:5e:a3:47:66:c8:1e:84:30:a0:d4:a8:a1:a9:
c5:16:27:cb:7d:85:cf:59:f1:81:e8:d7:31:8f:c6:
0d:ab:d0:af:5a:ca:c8:f4:8f:d4:08:66:ef:83:58:
0f:c7:f8:3d:8e:2e:16:f8:6b:cc:dc:e3:ca:94:65:
27:40:e3:f4:3e:6a:6e:95:f9:67:35:16:74:47:fa:
26:91:88:60:ba:95:82:1d:2b:bf:ed:20:d8:8a:f1:
f0:46:05:01:34:1a:29:42:e8:9b:d1:7d:41:ee:20:
f4:89:01:2c:bf:7a:87:90:9d:8e:b0:fe:d6:08:27:
f4:72:e3:c0:77:56:3e:cd:07:8f:91:aa:22:51:a3:
e3:13:9e:07:89:53:c4:e1:4e:58:72:69:8b:13:41:
b8:cc:b4:c1:74:a2:48:15:2e:70:bc:08:96:ba:f5:
12:16:e9:a0:5d:6a:5b:f0:67:27:49:2a:b6:09:b6:
3d:a7:a6:0e:d1:5c:23:82:a4:5e:3a:05:ed:d4:33:
2b:30:d3:79:dc:3a:b9:58:b5:7b:3c:fc:ab:e9:93:
9c:55:de:d6:cb:e0:15:ce:1d:ca:c6:8a:9a:a5:d3:
e4:4d:40:7f:00:ef:80:0e:71:2a:30:15:39:a1:a9:
59:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:80:15:C9:4D:AC:78:91:93:40:57:EF:9E:82:C4:5B:42:F1:04:CC
X509v3 Authority Key Identifier:
keyid:C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/2oAVyU2seJGTQFfvnoLEW0LxBMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.40.0/21
31.24.40.0/21
31.24.152.0/21
84.246.208.0/21
91.142.208.0/20
91.200.140.0/22
91.213.46.0/24
94.127.184.0/21
109.68.80.0/21
149.62.168.0/21
185.23.68.0/22
185.70.92.0/22
185.101.224.0/22
185.129.248.0/22
185.176.8.0/22
185.222.156.0/22
188.95.112.0/21
188.164.192.0/21
194.116.147.0/24
195.5.116.0/23
212.34.156.0/22
IPv6:
2a00:5ac0::/44
2a00:5ac0:100::/48
2a00:5ac0:147::/48
2a00:5ac0:180::/48
2a00:5ac0:200::/48
2a00:5ac0:300::/48
2a01:4b80::/32
Signature Algorithm: sha256WithRSAEncryption
2a:c1:53:c2:cb:81:93:c2:2b:bf:6c:f4:41:a3:7c:64:ac:95:
d0:09:cc:a0:24:c3:50:a7:eb:49:15:7a:0e:10:b9:ae:89:87:
07:95:50:0d:9b:eb:08:70:e7:ec:2c:c5:e9:bc:3f:44:26:17:
33:76:37:13:dd:27:10:16:63:48:20:b9:e3:6d:e1:e5:e3:c2:
e0:8c:e3:5b:0c:1d:ab:20:90:41:09:2d:c6:e0:88:eb:6a:11:
70:da:97:58:a7:a9:bc:af:48:d3:fa:dd:2b:eb:fd:ec:99:36:
16:75:ba:f1:32:ca:02:77:8d:ed:7d:1d:39:d0:63:52:c1:ef:
e7:dc:fd:a7:53:ad:25:2e:5e:4b:92:07:cd:8b:e7:0b:f5:54:
d6:bc:c6:f9:e8:0a:09:0f:a4:59:d6:22:6c:6a:39:5c:15:38:
2c:92:91:38:0e:48:e7:81:79:b2:3d:8a:e4:ae:0c:c7:75:4c:
3b:88:c6:b1:cb:fc:40:99:56:e2:11:35:ee:b8:26:40:26:2e:
d8:2b:ef:5f:d4:a9:f7:a6:85:7c:30:1f:b6:04:33:c5:51:b2:
a4:85:57:5c:a5:9c:ed:48:b0:76:fc:8c:c5:7a:3d:a5:b4:78:
a8:dc:b2:5c:a0:2e:fc:d5:eb:7e:9d:82:97:fc:b0:1c:9c:23:
7d:63:12:4b
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZQnR9X0zp2DCDEWHqV+1oxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDJhMjM0ZTIyNGJmODc5OTZmMmYwZGY1NTllYWQ4ODJm
OWU2NTEwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTgwMTVjOTRkYWM3ODkxOTM0MDU3ZWY5ZTgyYzQ1YjQyZjEwNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbQVW92CMGPupGmckKCT9V6jR2bI
HoQwoNSooanFFifLfYXPWfGB6Ncxj8YNq9CvWsrI9I/UCGbvg1gPx/g9ji4W+GvM
3OPKlGUnQOP0PmpulflnNRZ0R/omkYhgupWCHSu/7SDYivHwRgUBNBopQuib0X1B
7iD0iQEsv3qHkJ2OsP7WCCf0cuPAd1Y+zQePkaoiUaPjE54HiVPE4U5YcmmLE0G4
zLTBdKJIFS5wvAiWuvUSFumgXWpb8GcnSSq2CbY9p6YO0VwjgqReOgXt1DMrMNN5
3Dq5WLV7PPyr6ZOcVd7Wy+AVzh3KxoqapdPkTUB/AO+ADnEqMBU5oalZJwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFNqAFclNrHiRk0BX756CxFtC8QTMMB8GA1UdIwQY
MBaAFMLSojTiJL+HmW8vDfVZ6tiC+eZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYt
NGIyNDhkYTZjOTZjLzEvMm9BVnlVMnNlSkdUUUZmdm5vTEVXMEx4Qk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYtNGIyNDhkYTZjOTZj
LzEvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCBhAQCAAEwfgMEAwWv
KAMEAx8YKAMEAx8YmAMEA1T20AMEBFuO0AMEAlvIjAMEAFvVLgMEA15/uAMEA21E
UAMEA5U+qAMEArkXRAMEArlGXAMEArll4AMEArmB+AMEArmwCAMEArnenAMEA7xf
cAMEA7ykwAMEAMJ0kwMEAcMFdAMEAtQinDBDBAIAAjA9AwcEKgBawAAAAwcAKgBa
wAEAAwcAKgBawAFHAwcAKgBawAGAAwcAKgBawAIAAwcAKgBawAMAAwUAKgFLgDAN
BgkqhkiG9w0BAQsFAAOCAQEAKsFTwsuBk8Irv2z0QaN8ZKyV0AnMoCTDUKfrSRV6
DhC5romHB5VQDZvrCHDn7CzF6bw/RCYXM3Y3E90nEBZjSCC5423h5ePC4IzjWwwd
qyCQQQktxuCI62oRcNqXWKepvK9I0/rdK+v97Jk2FnW68TLKAneN7X0dOdBjUsHv
59z9p1OtJS5eS5IHzYvnC/VU1rzG+egKCQ+kWdYibGo5XBU4LJKROA5I54F5sj2K
5K4Mx3VMO4jGscv8QJlW4hE17rgmQCYu2CvvX9Sp96aFfDAftgQzxVGypIVXXKWc
7UiwdvyMxXo9pbR4qNyyXKAu/NXrfp2Cl/ywHJwjfWMSSw==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:02 2025 by rpki-client