Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ctu_zdT55QvC6-G-SxIKwGi4wDc.roa
File: Ctu_zdT55QvC6-G-SxIKwGi4wDc.roa (raw, json)
Hash identifier: wdlWguNWI5zFZbP+4kdzwSssF7MRzveLv4qiPvTiQro=
Subject key identifier: 0A:DB:BF:CD:D4:F9:E5:0B:C2:EB:E1:BE:4B:12:0A:C0:68:B8:C0:37
Certificate issuer: /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial: 01941FFA448CACF9D13B237B250242E56198
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ctu_zdT55QvC6-G-SxIKwGi4wDc.roa
Signing time: Wed 01 Jan 2025 03:48:02 +0000
ROA not before: Wed 01 Jan 2025 03:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13237
IP address blocks: 62.4.64.0/19 maxlen: 24
62.4.64.0/22 maxlen: 24
62.80.96.0/19 maxlen: 24
62.93.192.0/18 maxlen: 24
80.86.160.0/19 maxlen: 24
80.252.32.0/20 maxlen: 20
81.209.128.0/17 maxlen: 24
82.98.200.0/21 maxlen: 24
82.98.208.0/20 maxlen: 24
82.98.224.0/21 maxlen: 24
82.197.128.0/19 maxlen: 24
83.124.0.0/14 maxlen: 24
83.125.45.0/24 maxlen: 24
83.125.71.0/24 maxlen: 24
83.133.0.0/16 maxlen: 24
83.137.80.0/21 maxlen: 21
84.207.0.0/16 maxlen: 24
84.207.205.0/24 maxlen: 24
84.207.210.0/24 maxlen: 24
84.207.225.0/24 maxlen: 24
84.207.226.0/24 maxlen: 24
84.207.228.0/24 maxlen: 24
84.207.229.0/24 maxlen: 24
84.207.231.0/24 maxlen: 24
84.207.240.0/24 maxlen: 24
185.99.80.0/22 maxlen: 22
185.250.87.0/24 maxlen: 24
217.19.32.0/20 maxlen: 20
217.71.96.0/20 maxlen: 24
217.112.144.0/20 maxlen: 24
217.112.144.0/21 maxlen: 24
2001:7f0::/29 maxlen: 48
2001:7f0::/32 maxlen: 48
2001:7f0:4020::/48 maxlen: 48
2001:1618::/29 maxlen: 48
2001:4d40::/29 maxlen: 48
2001:4d40::/32 maxlen: 48
2a00:cc0::/29 maxlen: 48
2a00:cc0::/32 maxlen: 48
2a00:fa0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 20:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:44:8c:ac:f9:d1:3b:23:7b:25:02:42:e5:61:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Validity
Not Before: Jan 1 03:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0adbbfcdd4f9e50bc2ebe1be4b120ac068b8c037
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:f2:29:69:ab:e6:89:72:30:60:5b:e5:37:78:
7c:c2:8b:61:36:16:9a:29:6b:40:73:3f:07:b9:33:
c7:b4:d4:4d:2b:5d:c0:60:82:dc:25:1e:60:ee:1f:
a0:d3:8b:e9:88:c4:e4:f6:92:86:4d:f6:8f:3e:e6:
5f:e5:1c:a7:04:3d:e0:1a:62:28:b5:1b:ab:6c:df:
8a:81:25:b5:bb:97:50:46:eb:cd:98:ea:ac:bc:7a:
26:b6:86:1f:9c:36:ff:26:d6:e5:11:77:20:38:7e:
4f:fa:c6:53:8b:c1:05:e0:b4:ef:2b:11:60:f9:27:
c6:ea:e1:60:89:a3:de:dd:f7:b1:68:44:4d:5d:58:
2c:e5:a7:9b:a3:80:4a:8d:3a:21:00:f2:63:cb:8f:
ee:88:2b:f4:80:f4:91:b2:58:c1:2b:f2:70:e6:72:
c3:7c:72:db:8f:b4:04:db:3b:b7:24:81:17:09:82:
4f:e0:38:76:69:19:35:5d:a4:19:47:40:62:aa:cd:
e6:3b:b3:2c:0e:67:d6:7c:75:52:ee:5b:1e:48:e8:
59:d7:7f:92:9a:f8:c7:be:31:1a:5f:f3:29:ff:a1:
57:7d:24:82:59:c8:57:14:93:0d:97:7e:93:21:8e:
5f:1f:60:75:92:93:6e:16:80:f0:21:80:01:a0:fa:
ee:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:DB:BF:CD:D4:F9:E5:0B:C2:EB:E1:BE:4B:12:0A:C0:68:B8:C0:37
X509v3 Authority Key Identifier:
keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/Ctu_zdT55QvC6-G-SxIKwGi4wDc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.4.64.0/19
62.80.96.0/19
62.93.192.0/18
80.86.160.0/19
80.252.32.0/20
81.209.128.0/17
82.98.200.0-82.98.231.255
82.197.128.0/19
83.124.0.0/14
83.133.0.0/16
83.137.80.0/21
84.207.0.0/16
185.99.80.0/22
185.250.87.0/24
217.19.32.0/20
217.71.96.0/20
217.112.144.0/20
IPv6:
2001:7f0::/29
2001:1618::/29
2001:4d40::/29
2a00:cc0::/29
2a00:fa0::/32
Signature Algorithm: sha256WithRSAEncryption
62:13:7f:f0:57:cc:bc:a3:8e:87:ab:a9:cd:c1:d6:43:61:d6:
6e:df:e9:57:e9:84:7f:bb:7d:b1:cb:d1:23:3b:28:a7:cd:39:
49:57:39:87:62:30:32:25:38:bb:9e:93:a4:8c:99:32:07:6c:
e0:76:f4:44:0b:fa:75:24:f3:53:d0:f5:3a:db:c4:58:4e:66:
1f:14:c8:6e:1a:96:13:8c:ba:cd:22:df:a4:fb:5a:15:f8:98:
6b:9b:9e:ca:52:83:00:37:a9:c9:13:95:bf:9d:72:8e:1e:8e:
fd:51:f7:7b:ec:0d:df:d5:73:93:02:14:2a:52:7f:c4:d8:6d:
06:c5:16:c6:8a:0a:43:ed:ec:76:73:16:0f:0b:b1:d1:60:31:
14:9e:ba:cf:38:14:f1:e1:ad:c2:50:42:e0:b9:24:9b:9f:d0:
93:d3:5b:d6:78:42:75:84:d0:88:80:5a:96:bf:60:a2:40:71:
02:be:2c:dd:d6:d1:96:f5:9c:6b:f9:2d:52:f7:b3:52:40:26:
e1:48:4f:61:94:08:ae:87:04:85:9f:36:85:f8:1f:36:56:12:
30:8e:a8:c8:c4:ee:4d:5c:d4:55:3e:05:96:8c:f4:1a:d0:d3:
a2:1a:16:f2:8c:84:7a:30:55:1e:73:39:58:a8:cf:c1:6c:be:
ef:ad:68:91
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAZQf+kSMrPnROyN7JQJC5WGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRiYmZjZGQ0ZjllNTBiYzJlYmUxYmU0YjEyMGFjMDY4YjhjMDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvIpaavmiXIwYFvlN3h8wothNhaa
KWtAcz8HuTPHtNRNK13AYILcJR5g7h+g04vpiMTk9pKGTfaPPuZf5RynBD3gGmIo
tRurbN+KgSW1u5dQRuvNmOqsvHomtoYfnDb/JtblEXcgOH5P+sZTi8EF4LTvKxFg
+SfG6uFgiaPe3fexaERNXVgs5aebo4BKjTohAPJjy4/uiCv0gPSRsljBK/Jw5nLD
fHLbj7QE2zu3JIEXCYJP4Dh2aRk1XaQZR0Biqs3mO7MsDmfWfHVS7lseSOhZ13+S
mvjHvjEaX/Mp/6FXfSSCWchXFJMNl36TIY5fH2B1kpNuFoDwIYABoPruNwIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFArbv83U+eULwuvhvksSCsBouMA3MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvQ3R1X3pkVDU1UXZDNi1HLVN4SUt3R2k0d0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjBxBAIAATBrAwQFPgRA
AwQFPlBgAwQGPl3AAwQFUFagAwQEUPwgAwQHUdGAMAwDBANSYsgDBANSYuADBAVS
xYADAwJTfAMDAFOFAwQDU4lQAwMAVM8DBAK5Y1ADBAC5+lcDBATZEyADBATZR2AD
BATZcJAwKQQCAAIwIwMFAyABB/ADBQMgARYYAwUDIAFNQAMFAyoADMADBQAqAA+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBiE3/wV8y8o46Hq6nNwdZDYdZu3+lX6YR/u32x
y9EjOyinzTlJVzmHYjAyJTi7npOkjJkyB2zgdvREC/p1JPNT0PU628RYTmYfFMhu
GpYTjLrNIt+k+1oV+Jhrm57KUoMAN6nJE5W/nXKOHo79Ufd77A3f1XOTAhQqUn/E
2G0GxRbGigpD7ex2cxYPC7HRYDEUnrrPOBTx4a3CUELguSSbn9CT01vWeEJ1hNCI
gFqWv2CiQHECvizd1tGW9Zxr+S1S97NSQCbhSE9hlAiuhwSFnzaF+B82VhIwjqjI
xO5NXNRVPgWWjPQa0NOiGhbyjIR6MFUeczlYqM/BbL7vrWiR
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:34:24 2025 by rpki-client