Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZwLN6lCS9w_xW2Y_PIGO30WACy8.roa
File: ZwLN6lCS9w_xW2Y_PIGO30WACy8.roa (raw, json)
Hash identifier: CarrBppfd1vGTuoIO28FgxO7+p3v+KtqcvOFdZWsF2k=
Subject key identifier: 67:02:CD:EA:50:92:F7:0F:F1:5B:66:3F:3C:81:8E:DF:45:80:0B:2F
Certificate issuer: /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial: 0195EF3B294A6028838E69F13FEE30F9E641
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZwLN6lCS9w_xW2Y_PIGO30WACy8.roa
Signing time: Tue 01 Apr 2025 02:43:06 +0000
ROA not before: Tue 01 Apr 2025 02:43:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54994
IP address blocks: 140.150.0.0/24 maxlen: 24
140.150.1.0/24 maxlen: 24
140.150.2.0/24 maxlen: 24
140.150.3.0/24 maxlen: 24
140.150.4.0/24 maxlen: 24
140.150.5.0/24 maxlen: 24
140.150.6.0/24 maxlen: 24
140.150.7.0/24 maxlen: 24
140.150.10.0/24 maxlen: 24
140.150.11.0/24 maxlen: 24
140.150.12.0/24 maxlen: 24
140.150.14.0/24 maxlen: 24
140.150.15.0/24 maxlen: 24
140.150.18.0/24 maxlen: 24
140.150.19.0/24 maxlen: 24
140.150.20.0/24 maxlen: 24
140.150.21.0/24 maxlen: 24
140.150.22.0/24 maxlen: 24
140.150.23.0/24 maxlen: 24
140.150.24.0/24 maxlen: 24
140.150.25.0/24 maxlen: 24
140.150.26.0/24 maxlen: 24
140.150.27.0/24 maxlen: 24
140.150.28.0/24 maxlen: 24
140.150.29.0/24 maxlen: 24
140.150.30.0/24 maxlen: 24
140.150.31.0/24 maxlen: 24
140.150.32.0/24 maxlen: 24
140.150.33.0/24 maxlen: 24
140.150.34.0/24 maxlen: 24
140.150.35.0/24 maxlen: 24
140.150.36.0/24 maxlen: 24
140.150.37.0/24 maxlen: 24
140.150.38.0/24 maxlen: 24
140.150.40.0/24 maxlen: 24
140.150.41.0/24 maxlen: 24
140.150.42.0/24 maxlen: 24
140.150.43.0/24 maxlen: 24
140.150.44.0/24 maxlen: 24
140.150.46.0/24 maxlen: 24
140.150.47.0/24 maxlen: 24
146.103.64.0/24 maxlen: 24
146.103.65.0/24 maxlen: 24
146.103.66.0/24 maxlen: 24
146.103.67.0/24 maxlen: 24
146.103.68.0/24 maxlen: 24
146.103.71.0/24 maxlen: 24
146.103.73.0/24 maxlen: 24
146.103.74.0/24 maxlen: 24
146.103.75.0/24 maxlen: 24
146.103.76.0/24 maxlen: 24
146.103.77.0/24 maxlen: 24
146.103.78.0/24 maxlen: 24
146.103.79.0/24 maxlen: 24
146.103.80.0/24 maxlen: 24
146.103.81.0/24 maxlen: 24
146.103.82.0/24 maxlen: 24
146.103.83.0/24 maxlen: 24
146.103.84.0/24 maxlen: 24
146.103.85.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ef:3b:29:4a:60:28:83:8e:69:f1:3f:ee:30:f9:e6:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Validity
Not Before: Apr 1 02:43:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6702cdea5092f70ff15b663f3c818edf45800b2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:68:c4:81:22:26:16:d4:6f:33:aa:3e:15:c7:
3c:1d:25:63:86:fa:65:29:09:4a:48:d8:f9:e0:bc:
98:d7:79:9f:59:40:bc:81:ef:47:2a:78:b0:3f:ff:
62:5b:23:42:96:13:72:c9:78:0d:84:b3:66:b0:88:
e7:9c:da:c4:73:92:0d:b1:19:d7:33:6b:e4:1e:d3:
73:63:74:a3:eb:46:32:0a:9e:52:eb:5a:8b:ce:aa:
99:7c:34:78:7d:55:f0:11:b8:2a:c5:cd:b1:92:3c:
c6:b1:33:c8:09:33:31:c7:c1:10:a7:c4:21:b3:9d:
74:39:cc:de:cb:24:23:6b:6c:6e:58:c4:49:88:6d:
70:1b:22:aa:f1:da:17:8e:b5:16:19:a7:25:8c:26:
f0:2f:db:7c:9f:38:77:13:ea:90:d4:72:fe:51:12:
22:23:c4:f2:25:52:c2:94:25:e5:78:56:30:ba:4c:
c5:39:97:4d:7b:77:2d:2d:1d:09:4b:06:84:b8:45:
71:75:56:09:a1:11:39:bd:30:bd:35:cf:e8:00:ee:
21:d0:4f:7e:2b:ca:b6:9f:55:ef:45:0e:64:52:3a:
01:d1:78:af:2e:73:1a:bb:62:26:f1:b7:53:e8:15:
d2:3b:2e:23:f8:3f:0c:6c:05:68:f9:63:c6:a8:df:
b2:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:02:CD:EA:50:92:F7:0F:F1:5B:66:3F:3C:81:8E:DF:45:80:0B:2F
X509v3 Authority Key Identifier:
keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/ZwLN6lCS9w_xW2Y_PIGO30WACy8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.0.0/21
140.150.10.0-140.150.12.255
140.150.14.0/23
140.150.18.0-140.150.38.255
140.150.40.0-140.150.44.255
140.150.46.0/23
146.103.64.0-146.103.68.255
146.103.71.0/24
146.103.73.0-146.103.85.255
Signature Algorithm: sha256WithRSAEncryption
4d:4b:ad:2f:06:c3:64:8d:77:42:36:e4:0f:85:f8:d6:6b:a2:
ea:4f:ab:9e:b6:0b:df:4e:33:62:e8:90:5e:df:77:21:3f:77:
44:b0:3b:3f:37:8a:60:69:a8:5d:ad:8b:53:27:48:59:3c:bd:
15:2e:89:67:2e:71:da:4d:0a:ac:c9:ba:5a:bf:2e:a8:a2:47:
4f:fc:8b:89:47:ff:2a:3f:63:d0:68:58:54:b8:6a:22:53:c2:
bc:dc:dc:a0:48:24:0c:72:03:3b:49:44:ca:6e:6a:23:2f:36:
db:fc:5d:e5:75:eb:09:48:ec:96:c5:98:2f:c6:ec:9e:a3:57:
3c:23:31:16:fc:a1:b6:95:55:9d:4e:35:53:f5:ca:d9:5a:de:
a5:0a:e9:0f:8f:2c:56:fb:5b:29:08:d9:e9:c7:e7:2a:59:ae:
04:c0:8a:4a:b3:14:79:4c:75:ce:7f:47:43:06:ab:cc:39:bb:
bc:9b:6a:fd:74:81:16:18:b2:0a:d0:03:bc:90:0e:53:13:8c:
a1:78:5e:92:b7:fa:b7:90:07:fe:d2:4a:a4:0e:04:9a:e1:26:
0a:4a:94:5f:e8:69:24:c8:fa:d4:ec:de:c5:ae:fa:59:13:bb:
dc:b4:13:08:e8:ed:c7:ec:a0:80:2e:44:33:81:d5:05:00:d0:
db:f5:fe:85
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZXvOylKYCiDjmnxP+4w+eZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwNDAxMDI0MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzAyY2RlYTUwOTJmNzBmZjE1YjY2M2YzYzgxOGVkZjQ1ODAwYjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jEgSImFtRvM6o+Fcc8HSVjhvpl
KQlKSNj54LyY13mfWUC8ge9HKniwP/9iWyNClhNyyXgNhLNmsIjnnNrEc5INsRnX
M2vkHtNzY3Sj60YyCp5S61qLzqqZfDR4fVXwEbgqxc2xkjzGsTPICTMxx8EQp8Qh
s510OczeyyQja2xuWMRJiG1wGyKq8doXjrUWGacljCbwL9t8nzh3E+qQ1HL+URIi
I8TyJVLClCXleFYwukzFOZdNe3ctLR0JSwaEuEVxdVYJoRE5vTC9Nc/oAO4h0E9+
K8q2n1XvRQ5kUjoB0XivLnMau2Im8bdT6BXSOy4j+D8MbAVo+WPGqN+ysQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFGcCzepQkvcP8VtmPzyBjt9FgAsvMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvWndMTjZsQ1M5d194VzJZX1BJR08zMFdBQ3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQDjJYAMAwD
BAGMlgoDBACMlgwDBAGMlg4wDAMEAYyWEgMEAIyWJjAMAwQDjJYoAwQAjJYsAwQB
jJYuMAwDBAaSZ0ADBACSZ0QDBACSZ0cwDAMEAJJnSQMEAZJnVDANBgkqhkiG9w0B
AQsFAAOCAQEATUutLwbDZI13QjbkD4X41mui6k+rnrYL304zYuiQXt93IT93RLA7
PzeKYGmoXa2LUydIWTy9FS6JZy5x2k0KrMm6Wr8uqKJHT/yLiUf/Kj9j0GhYVLhq
IlPCvNzcoEgkDHIDO0lEym5qIy822/xd5XXrCUjslsWYL8bsnqNXPCMxFvyhtpVV
nU41U/XK2VrepQrpD48sVvtbKQjZ6cfnKlmuBMCKSrMUeUx1zn9HQwarzDm7vJtq
/XSBFhiyCtADvJAOUxOMoXhekrf6t5AH/tJKpA4EmuEmCkqUX+hpJMj61Ozexa76
WRO73LQTCOjtx+yggC5EM4HVBQDQ2/X+hQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:29:44 2025 by rpki-client