Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/xqYP462dYCt-0eOV8zXikdtxg14.roa
File: xqYP462dYCt-0eOV8zXikdtxg14.roa (raw, json)
Hash identifier: YzKJbzm4Szaaz/1aNRHY+rmqu5/8YwNywOTzBNgzdeo=
Subject key identifier: C6:A6:0F:E3:AD:9D:60:2B:7E:D1:E3:95:F3:35:E2:91:DB:71:83:5E
Certificate issuer: /CN=df0198a7b3afdcdd7003562a0871878e238760ad
Certificate serial: 0194214432426A8E2FD1CECBC00E71B51029
Authority key identifier: DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/xqYP462dYCt-0eOV8zXikdtxg14.roa
Signing time: Wed 01 Jan 2025 09:48:24 +0000
ROA not before: Wed 01 Jan 2025 09:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1299
IP address blocks: 5.63.192.0/18 maxlen: 24
5.148.192.0/18 maxlen: 24
5.206.128.0/18 maxlen: 24
37.188.80.0/21 maxlen: 24
37.191.0.0/18 maxlen: 24
37.220.192.0/18 maxlen: 24
78.139.0.0/18 maxlen: 24
80.98.0.0/15 maxlen: 24
80.244.96.0/20 maxlen: 24
86.101.0.0/16 maxlen: 24
88.87.240.0/21 maxlen: 24
89.132.0.0/14 maxlen: 24
89.223.128.0/17 maxlen: 24
94.44.0.0/16 maxlen: 24
130.43.192.0/18 maxlen: 24
151.0.64.0/18 maxlen: 24
176.63.0.0/16 maxlen: 24
178.48.0.0/16 maxlen: 24
185.10.124.0/22 maxlen: 24
185.33.80.0/23 maxlen: 24
185.123.28.0/22 maxlen: 24
188.142.160.0/19 maxlen: 24
188.142.192.0/18 maxlen: 24
195.184.160.0/19 maxlen: 24
212.48.240.0/20 maxlen: 24
212.96.32.0/19 maxlen: 24
213.222.128.0/18 maxlen: 24
2a02:ab80::/28 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 06:01:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:32:42:6a:8e:2f:d1:ce:cb:c0:0e:71:b5:10:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df0198a7b3afdcdd7003562a0871878e238760ad
Validity
Not Before: Jan 1 09:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c6a60fe3ad9d602b7ed1e395f335e291db71835e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:44:be:ee:40:ab:cb:63:0c:8d:49:d1:b8:94:
42:63:6c:48:87:20:c6:19:a5:3c:3a:48:8a:e0:a9:
4b:17:f1:2f:cc:43:4d:f9:36:2a:69:a0:0f:13:25:
b5:e5:9e:3c:15:d0:6b:c5:2b:d7:87:37:e9:21:f8:
ac:7f:b3:b7:9c:ce:a7:b0:69:cd:bf:ba:74:53:19:
42:e2:4c:6e:27:34:ed:ee:db:e2:fc:25:c0:b4:a2:
ba:c9:90:49:b5:10:35:73:68:47:73:f0:06:c0:8b:
80:3a:fb:ce:86:c9:ea:bf:6d:6c:50:a1:5b:2e:02:
a3:fa:bb:ce:d3:32:88:4d:d7:63:36:d3:8e:76:1a:
16:45:f2:ae:af:65:66:b9:72:ca:1f:44:9e:e1:f1:
8e:90:5b:27:e1:09:c9:8d:2a:08:c3:8c:4e:af:8a:
21:8e:a4:4b:61:31:ab:ae:ff:31:78:e1:9b:55:78:
8c:89:98:c0:86:ae:1c:7a:c4:8e:d3:f4:f8:43:91:
1a:86:75:4c:b2:cf:99:1d:8a:30:2d:06:3d:4b:05:
de:e8:cf:16:0b:e6:d8:70:4c:79:8e:9a:39:2f:f7:
a5:e6:12:60:e5:3e:df:d7:49:b9:2d:ca:a6:13:62:
0d:c0:05:17:48:6c:9b:c6:cd:2e:21:8a:5f:bf:9a:
c0:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A6:0F:E3:AD:9D:60:2B:7E:D1:E3:95:F3:35:E2:91:DB:71:83:5E
X509v3 Authority Key Identifier:
keyid:DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/xqYP462dYCt-0eOV8zXikdtxg14.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.192.0/18
5.148.192.0/18
5.206.128.0/18
37.188.80.0/21
37.191.0.0/18
37.220.192.0/18
78.139.0.0/18
80.98.0.0/15
80.244.96.0/20
86.101.0.0/16
88.87.240.0/21
89.132.0.0/14
89.223.128.0/17
94.44.0.0/16
130.43.192.0/18
151.0.64.0/18
176.63.0.0/16
178.48.0.0/16
185.10.124.0/22
185.33.80.0/23
185.123.28.0/22
188.142.160.0-188.142.255.255
195.184.160.0/19
212.48.240.0/20
212.96.32.0/19
213.222.128.0/18
IPv6:
2a02:ab80::/28
Signature Algorithm: sha256WithRSAEncryption
6b:ac:3a:34:91:74:32:aa:73:41:64:70:60:18:5b:f2:80:be:
67:f6:da:d8:75:62:e7:3d:a0:2b:07:1c:1e:aa:89:61:6c:97:
79:9f:9e:0f:7d:96:58:c1:9b:3e:8c:7e:ea:62:3c:b9:d7:4f:
91:be:25:01:d8:2b:28:f4:32:50:e6:c7:f0:dc:19:cd:ce:9a:
58:2c:a6:4b:79:bf:a6:53:6a:ff:81:be:e0:2d:25:92:c7:03:
68:f2:19:3e:d1:dc:8c:fc:df:4b:ce:de:a8:6e:86:f4:29:c1:
15:7a:1f:e9:5c:55:5f:f7:bb:aa:e3:4e:7b:df:f4:4f:29:de:
83:05:e9:31:e0:3b:d5:41:e7:31:67:b1:0d:5d:15:d4:20:94:
30:d2:ab:5f:5f:3a:00:40:6c:3c:49:d8:d8:00:22:bc:f2:b8:
2f:26:be:e9:3c:96:7d:09:5d:a4:ed:96:ff:0a:c2:6e:e6:dc:
57:74:d6:18:39:35:ea:f8:e8:b9:7a:e6:23:a8:19:6a:ad:83:
c3:12:b4:b5:f5:d4:d4:ec:69:44:7f:ba:7e:fc:f8:24:e3:55:
50:3f:4b:20:ba:cc:5d:23:c5:1e:6d:ba:01:05:35:a3:7a:87:
d8:3b:9d:61:9a:a2:11:8d:ca:22:6c:4a:af:28:45:a0:8d:b2:
71:99:3d:d5
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZQhRDJCao4v0c7LwA5xtRApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMDE5OGE3YjNhZmRjZGQ3MDAzNTYyYTA4NzE4NzhlMjM4
NzYwYWQwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE2MGZlM2FkOWQ2MDJiN2VkMWUzOTVmMzM1ZTI5MWRiNzE4MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUS+7kCry2MMjUnRuJRCY2xIhyDG
GaU8OkiK4KlLF/EvzENN+TYqaaAPEyW15Z48FdBrxSvXhzfpIfisf7O3nM6nsGnN
v7p0UxlC4kxuJzTt7tvi/CXAtKK6yZBJtRA1c2hHc/AGwIuAOvvOhsnqv21sUKFb
LgKj+rvO0zKITddjNtOOdhoWRfKur2VmuXLKH0Se4fGOkFsn4QnJjSoIw4xOr4oh
jqRLYTGrrv8xeOGbVXiMiZjAhq4cesSO0/T4Q5EahnVMss+ZHYowLQY9SwXe6M8W
C+bYcEx5jpo5L/el5hJg5T7f10m5LcqmE2INwAUXSGybxs0uIYpfv5rAGQIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFMamD+OtnWArftHjlfM14pHbcYNeMB8GA1UdIwQY
MBaAFN8BmKezr9zdcANWKghxh44jh2CtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQt
MGZjYzZjMzAxMWZjLzEveHFZUDQ2MmRZQ3QtMGVPVjh6WGlrZHR4ZzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQtMGZjYzZjMzAxMWZj
LzEvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBpAQCAAEwgZ0DBAYF
P8ADBAYFlMADBAYFzoADBAMlvFADBAYlvwADBAYl3MADBAZOiwADAwFQYgMEBFD0
YAMDAFZlAwQDWFfwAwMCWYQDBAdZ34ADAwBeLAMEBoIrwAMEBpcAQAMDALA/AwMA
sjADBAK5CnwDBAG5IVADBAK5exwwCwMEBbyOoAMDALyOAwQFw7igAwQE1DDwAwQF
1GAgAwQG1d6AMA0EAgACMAcDBQQqAquAMA0GCSqGSIb3DQEBCwUAA4IBAQBrrDo0
kXQyqnNBZHBgGFvygL5n9trYdWLnPaArBxweqolhbJd5n54PfZZYwZs+jH7qYjy5
10+RviUB2Cso9DJQ5sfw3BnNzppYLKZLeb+mU2r/gb7gLSWSxwNo8hk+0dyM/N9L
zt6obob0KcEVeh/pXFVf97uq40573/RPKd6DBekx4DvVQecxZ7ENXRXUIJQw0qtf
XzoAQGw8SdjYACK88rgvJr7pPJZ9CV2k7Zb/CsJu5txXdNYYOTXq+Oi5euYjqBlq
rYPDErS19dTU7GlEf7p+/Pgk41VQP0sgusxdI8UebboBBTWjeofYO51hmqIRjcoi
bEqvKEWgjbJxmT3V
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:12:40 2025 by rpki-client