Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/emp4tB3QMq2iFRGT6du3Ngp8SQo.roa
File: emp4tB3QMq2iFRGT6du3Ngp8SQo.roa (raw, json)
Hash identifier: rvvaS62XaxKM+UxfJAbRl/m7Irete3lEJzXfU7sY+Ls=
Subject key identifier: 7A:6A:78:B4:1D:D0:32:AD:A2:15:11:93:E9:DB:B7:36:0A:7C:49:0A
Certificate issuer: /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial: 01942444896F30C789F00D208F42ED9C7952
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/emp4tB3QMq2iFRGT6du3Ngp8SQo.roa
Signing time: Wed 01 Jan 2025 23:47:38 +0000
ROA not before: Wed 01 Jan 2025 23:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 23959
IP address blocks: 45.14.64.0/22 maxlen: 24
45.14.70.0/24 maxlen: 24
45.14.105.0/24 maxlen: 24
45.14.107.0/24 maxlen: 24
45.66.128.0/22 maxlen: 24
45.66.216.0/22 maxlen: 24
45.82.76.0/22 maxlen: 32
45.130.21.0/24 maxlen: 24
45.142.125.0/24 maxlen: 24
45.142.126.0/24 maxlen: 24
45.142.127.0/24 maxlen: 24
45.143.232.0/22 maxlen: 24
45.143.232.0/24 maxlen: 24
45.143.233.0/24 maxlen: 24
45.143.234.0/24 maxlen: 24
45.143.235.0/24 maxlen: 24
45.149.156.0/22 maxlen: 24
45.159.48.0/22 maxlen: 24
79.143.140.0/22 maxlen: 24
88.214.22.0/24 maxlen: 24
91.200.240.0/24 maxlen: 24
91.200.242.0/24 maxlen: 24
91.200.243.0/24 maxlen: 24
92.60.43.0/24 maxlen: 24
94.124.119.0/24 maxlen: 24
95.214.164.0/24 maxlen: 24
95.214.165.0/24 maxlen: 24
141.98.196.0/24 maxlen: 24
141.98.197.0/24 maxlen: 24
141.98.198.0/24 maxlen: 24
147.78.240.0/21 maxlen: 24
149.62.44.0/24 maxlen: 24
149.62.45.0/24 maxlen: 24
149.62.46.0/24 maxlen: 24
149.62.47.0/24 maxlen: 24
176.119.148.0/22 maxlen: 24
185.194.54.0/24 maxlen: 24
185.200.64.0/24 maxlen: 24
185.200.66.0/24 maxlen: 24
193.32.148.0/22 maxlen: 24
193.111.30.0/23 maxlen: 24
194.36.24.0/24 maxlen: 24
194.104.153.0/24 maxlen: 24
194.104.154.0/24 maxlen: 24
194.104.155.0/24 maxlen: 24
194.114.136.0/24 maxlen: 24
194.169.54.0/24 maxlen: 24
195.245.219.0/24 maxlen: 24
195.245.241.0/24 maxlen: 24
195.245.242.0/24 maxlen: 24
2a09:7::/36 maxlen: 48
2a0d:c7c1::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 07:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:89:6f:30:c7:89:f0:0d:20:8f:42:ed:9c:79:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Validity
Not Before: Jan 1 23:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7a6a78b41dd032ada2151193e9dbb7360a7c490a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b2:ca:9e:9f:6d:68:d3:31:57:8a:2b:f6:8a:
87:11:4d:74:f2:1f:1d:c5:dd:44:d9:79:ca:0b:6d:
18:ff:78:ae:4d:c6:61:18:e9:77:90:08:bb:66:fb:
83:c0:d0:8c:c3:37:25:43:c9:66:83:7e:6d:f0:46:
e2:94:76:26:59:98:5e:28:2b:f1:c8:f4:32:9b:37:
14:d8:e6:2f:22:10:b8:71:cd:d5:b1:96:54:4f:4a:
2d:a4:e4:c2:6c:40:58:f9:2f:55:b4:98:c2:0b:28:
ad:4d:d4:18:2e:6f:70:d6:33:19:23:8a:df:0f:45:
05:a8:b6:87:2e:27:46:10:8a:92:08:b7:89:b8:77:
5b:ca:f8:80:4a:25:5e:e4:04:5f:80:2c:dc:ee:fe:
b3:04:bf:0d:4d:fb:94:2c:e6:22:7e:3b:a7:4c:2b:
91:c6:d4:79:e6:bc:d7:e5:49:ca:fc:eb:08:1e:11:
09:9d:70:d7:65:0f:ed:d7:38:24:57:48:65:fd:50:
09:f6:24:ed:79:e2:1f:6f:86:69:02:82:95:e8:ee:
c7:18:00:0d:c3:2f:ab:5b:c8:ca:c9:66:f4:aa:4d:
6b:2e:4b:5b:a9:e1:51:d4:aa:69:ca:35:0d:97:54:
20:31:f0:43:50:af:2b:ea:fe:46:89:ff:9f:7d:93:
a0:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:6A:78:B4:1D:D0:32:AD:A2:15:11:93:E9:DB:B7:36:0A:7C:49:0A
X509v3 Authority Key Identifier:
keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/emp4tB3QMq2iFRGT6du3Ngp8SQo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.64.0/22
45.14.70.0/24
45.14.105.0/24
45.14.107.0/24
45.66.128.0/22
45.66.216.0/22
45.82.76.0/22
45.130.21.0/24
45.142.125.0-45.142.127.255
45.143.232.0/22
45.149.156.0/22
45.159.48.0/22
79.143.140.0/22
88.214.22.0/24
91.200.240.0/24
91.200.242.0/23
92.60.43.0/24
94.124.119.0/24
95.214.164.0/23
141.98.196.0-141.98.198.255
147.78.240.0/21
149.62.44.0/22
176.119.148.0/22
185.194.54.0/24
185.200.64.0/24
185.200.66.0/24
193.32.148.0/22
193.111.30.0/23
194.36.24.0/24
194.104.153.0-194.104.155.255
194.114.136.0/24
194.169.54.0/24
195.245.219.0/24
195.245.241.0-195.245.242.255
IPv6:
2a09:7::/36
2a0d:c7c1::/32
Signature Algorithm: sha256WithRSAEncryption
69:5a:83:9b:c4:27:8b:51:2c:d0:ab:cb:fe:78:26:e5:17:38:
3d:d5:74:bb:35:ce:3f:f7:4d:4d:01:59:17:ea:f2:5d:b0:e9:
c2:fa:d1:77:89:c8:df:03:53:75:2e:18:79:27:99:3f:b0:47:
c7:7e:aa:93:aa:e6:3f:5d:e1:b8:6e:48:77:11:56:38:ac:aa:
02:26:c9:74:f9:2d:7e:e5:60:00:85:fb:6f:b1:72:90:f8:2a:
bf:56:21:24:0f:b2:f7:24:3f:e8:2b:96:ed:e4:39:00:e1:1b:
e9:fc:63:d5:80:cd:18:54:d4:8c:08:52:8a:91:d3:f2:08:84:
f0:a8:12:89:66:a2:14:83:a4:f1:01:43:7c:33:14:ac:68:c5:
d8:99:37:7e:ef:77:c1:ea:20:9a:31:b6:7c:57:83:74:ee:ef:
50:1a:8c:d8:ea:84:aa:c7:9e:d5:72:4f:c1:2a:4f:98:bf:0b:
03:4b:48:7a:3f:ea:04:a3:84:ec:fa:3e:99:36:80:9e:56:91:
4f:85:69:ea:6c:68:f9:c5:6c:00:93:6c:30:45:ef:f3:8a:1b:
fb:96:61:74:72:93:04:f6:9a:d0:09:16:45:c3:9e:f3:e0:23:
d1:7e:e1:29:76:d4:35:b5:7d:86:6b:da:be:7a:e9:81:7e:8a:
e0:7c:69:e3
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZQkRIlvMMeJ8A0gj0LtnHlSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTZhNzhiNDFkZDAzMmFkYTIxNTExOTNlOWRiYjczNjBhN2M0OTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrLKnp9taNMxV4or9oqHEU108h8d
xd1E2XnKC20Y/3iuTcZhGOl3kAi7ZvuDwNCMwzclQ8lmg35t8EbilHYmWZheKCvx
yPQymzcU2OYvIhC4cc3VsZZUT0otpOTCbEBY+S9VtJjCCyitTdQYLm9w1jMZI4rf
D0UFqLaHLidGEIqSCLeJuHdbyviASiVe5ARfgCzc7v6zBL8NTfuULOYifjunTCuR
xtR55rzX5UnK/OsIHhEJnXDXZQ/t1zgkV0hl/VAJ9iTteeIfb4ZpAoKV6O7HGAAN
wy+rW8jKyWb0qk1rLktbqeFR1KppyjUNl1QgMfBDUK8r6v5Gif+ffZOgFwIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFHpqeLQd0DKtohURk+nbtzYKfEkKMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvZW1wNHRCM1FNcTJpRlJHVDZkdTNOZ3A4U1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCB8wQCAAEwgewD
BAItDkADBAAtDkYDBAAtDmkDBAAtDmsDBAItQoADBAItQtgDBAItUkwDBAAtghUw
DAMEAC2OfQMEBy2OAAMEAi2P6AMEAi2VnAMEAi2fMAMEAk+PjAMEAFjWFgMEAFvI
8AMEAVvI8gMEAFw8KwMEAF58dwMEAV/WpDAMAwQCjWLEAwQAjWLGAwQDk07wAwQC
lT4sAwQCsHeUAwQAucI2AwQAuchAAwQAuchCAwQCwSCUAwQBwW8eAwQAwiQYMAwD
BADCaJkDBALCaJgDBADCcogDBADCqTYDBADD9dswDAMEAMP18QMEAMP18jAVBAIA
AjAPAwYEKgkABwADBQAqDcfBMA0GCSqGSIb3DQEBCwUAA4IBAQBpWoObxCeLUSzQ
q8v+eCblFzg91XS7Nc4/901NAVkX6vJdsOnC+tF3icjfA1N1Lhh5J5k/sEfHfqqT
quY/XeG4bkh3EVY4rKoCJsl0+S1+5WAAhftvsXKQ+Cq/ViEkD7L3JD/oK5bt5DkA
4Rvp/GPVgM0YVNSMCFKKkdPyCITwqBKJZqIUg6TxAUN8MxSsaMXYmTd+73fB6iCa
MbZ8V4N07u9QGozY6oSqx57Vck/BKk+YvwsDS0h6P+oEo4Ts+j6ZNoCeVpFPhWnq
bGj5xWwAk2wwRe/zihv7lmF0cpME9prQCRZFw57z4CPRfuEpdtQ1tX2Ga9q+eumB
forgfGnj
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:45:12 2025 by rpki-client