Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/o45bYQhOCCIJ6diASSlaPPyYOes.roa
File: o45bYQhOCCIJ6diASSlaPPyYOes.roa (raw, json)
Hash identifier: uj8xvTOhvYykytL80kX0T4Yxevvgs6AdIz3+LIY+FaU=
Subject key identifier: A3:8E:5B:61:08:4E:08:22:09:E9:D8:80:49:29:5A:3C:FC:98:39:EB
Certificate issuer: /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial: 01946FE689A1618FC6417DFBFF752B716EA6
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/o45bYQhOCCIJ6diASSlaPPyYOes.roa
Signing time: Thu 16 Jan 2025 16:16:06 +0000
ROA not before: Thu 16 Jan 2025 16:16:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8966
IP address blocks: 5.195.70.0/24 maxlen: 24
5.195.166.0/23 maxlen: 24
5.195.166.0/24 maxlen: 24
5.195.167.0/24 maxlen: 24
5.195.172.0/24 maxlen: 24
5.195.172.0/26 maxlen: 26
5.195.172.64/26 maxlen: 26
5.195.172.128/26 maxlen: 26
5.195.172.192/26 maxlen: 26
5.195.173.0/24 maxlen: 24
5.195.174.0/24 maxlen: 24
5.195.175.0/24 maxlen: 24
5.195.208.0/24 maxlen: 24
5.195.223.0/24 maxlen: 24
31.219.177.0/24 maxlen: 24
31.219.177.0/25 maxlen: 25
31.219.177.128/25 maxlen: 25
31.219.179.0/24 maxlen: 24
31.219.180.0/24 maxlen: 24
194.170.165.0/24 maxlen: 24
194.170.165.0/26 maxlen: 26
194.170.165.64/26 maxlen: 26
194.170.165.128/26 maxlen: 26
194.170.165.192/26 maxlen: 26
194.170.186.0/24 maxlen: 24
195.229.0.0/19 maxlen: 19
195.229.0.0/24 maxlen: 24
195.229.1.0/24 maxlen: 24
195.229.2.0/24 maxlen: 24
195.229.3.0/24 maxlen: 24
195.229.4.0/24 maxlen: 24
195.229.5.0/24 maxlen: 24
195.229.6.0/24 maxlen: 24
195.229.12.0/24 maxlen: 24
195.229.27.0/24 maxlen: 24
195.229.31.0/24 maxlen: 24
195.229.34.0/24 maxlen: 24
2001:8f8::/32 maxlen: 32
2001:8f8:0:14::/63 maxlen: 63
2001:8f8:0:14::/64 maxlen: 64
2001:8f8:0:15::/64 maxlen: 64
2001:8f8:0:121::/64 maxlen: 64
2001:8f8:0:122::/64 maxlen: 64
2001:8f8:0:124::/62 maxlen: 62
2001:8f8:0:124::/64 maxlen: 64
2001:8f8:0:125::/64 maxlen: 64
2001:8f8:0:126::/64 maxlen: 64
2001:8f8:0:127::/64 maxlen: 64
2001:8f8:0:128::/62 maxlen: 62
2001:8f8:0:128::/64 maxlen: 64
2001:8f8:0:129::/64 maxlen: 64
2001:8f8:0:12a::/64 maxlen: 64
2001:8f8:0:12b::/64 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Mar 2025 10:02:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6f:e6:89:a1:61:8f:c6:41:7d:fb:ff:75:2b:71:6e:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Validity
Not Before: Jan 16 16:16:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a38e5b61084e082209e9d88049295a3cfc9839eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4c:f6:a3:67:74:4e:9a:1a:12:bc:3e:cf:cf:
11:37:8e:70:2d:c2:8a:57:0b:2f:c4:b1:e3:b7:79:
83:71:34:30:ee:76:15:9e:59:1e:ec:0b:d0:16:06:
0f:54:a7:63:a9:1f:24:0e:73:28:af:62:c6:83:db:
7d:fd:5d:f8:8b:af:dd:c7:b2:42:27:8a:01:dd:6e:
d7:e5:22:2c:e9:f7:2a:03:3c:3a:dc:0d:9f:fd:ae:
66:8b:80:93:5a:1d:9a:14:e3:ae:66:1b:51:0d:0c:
86:7b:d0:63:34:3b:2e:7e:ab:d4:6b:ba:53:6b:b3:
9e:3f:6b:0c:e7:73:83:04:f0:bf:2c:59:9b:e0:3f:
f4:07:49:11:c1:e1:2f:e7:62:36:24:d0:26:19:d9:
11:b7:81:d8:ec:7b:f9:f5:74:aa:a6:4c:a6:2d:5e:
53:1c:b8:0d:68:80:a4:0f:be:74:aa:44:55:9f:62:
c7:cb:28:1d:9a:be:96:c9:53:9d:35:31:9c:78:57:
be:a1:4f:3c:99:7d:ea:b7:a5:b4:38:b3:c5:e2:43:
ba:51:34:86:a4:bf:64:e0:2d:78:36:60:bb:d4:6e:
eb:e8:f3:20:80:07:e1:d9:2c:c7:1c:14:bc:79:9b:
c7:fc:26:5b:7c:2c:a7:be:53:73:ff:b4:d9:3b:9d:
43:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:8E:5B:61:08:4E:08:22:09:E9:D8:80:49:29:5A:3C:FC:98:39:EB
X509v3 Authority Key Identifier:
keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/o45bYQhOCCIJ6diASSlaPPyYOes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.195.70.0/24
5.195.166.0/23
5.195.172.0/22
5.195.208.0/24
5.195.223.0/24
31.219.177.0/24
31.219.179.0-31.219.180.255
194.170.165.0/24
194.170.186.0/24
195.229.0.0/19
195.229.34.0/24
IPv6:
2001:8f8::/32
Signature Algorithm: sha256WithRSAEncryption
09:46:31:10:55:c4:3b:7d:98:0c:fb:64:4e:1a:f8:54:c6:0a:
82:5e:da:c2:ee:9b:14:7d:0f:1d:8f:22:a8:78:b9:3a:bd:36:
9e:ee:9b:ca:94:da:e1:bf:97:4a:17:22:e2:0c:e2:2f:f2:bd:
96:4f:75:a4:df:a1:bc:2a:5d:c0:00:a0:81:02:58:fe:61:36:
7e:c2:97:24:ab:d1:d5:60:e1:19:44:8b:a0:7b:4e:20:b9:1c:
12:3b:3f:33:47:db:e5:3c:41:0a:00:92:4e:d9:55:6f:c8:b6:
f4:65:2f:6d:97:bd:97:eb:9b:93:7f:92:0f:81:25:9a:fb:36:
6c:db:cd:ab:15:31:d9:bb:d6:6a:48:42:fd:da:15:a3:67:4a:
40:0a:67:2e:1a:d8:60:f3:fc:89:2d:ea:be:91:74:da:ce:06:
86:7e:9d:fa:86:be:e5:fe:e0:f2:1b:52:bb:c7:f6:2f:72:3c:
98:5c:5e:31:06:4c:57:b8:d9:84:2b:47:f2:e8:5f:95:23:60:
b1:96:b9:d6:56:6d:92:21:e3:01:33:97:cd:ab:0b:28:60:a4:
df:c6:d4:18:8f:e5:d0:82:a1:d5:e3:66:1b:0b:fc:8b:6d:56:
ca:1b:3e:5c:3f:a4:fb:e1:06:cd:68:c2:68:bf:94:e8:cc:c3:
1b:49:a1:15
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZRv5omhYY/GQX37/3UrcW6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjUwMTE2MTYxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzhlNWI2MTA4NGUwODIyMDllOWQ4ODA0OTI5NWEzY2ZjOTgzOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEz2o2d0TpoaErw+z88RN45wLcKK
VwsvxLHjt3mDcTQw7nYVnlke7AvQFgYPVKdjqR8kDnMor2LGg9t9/V34i6/dx7JC
J4oB3W7X5SIs6fcqAzw63A2f/a5mi4CTWh2aFOOuZhtRDQyGe9BjNDsufqvUa7pT
a7OeP2sM53ODBPC/LFmb4D/0B0kRweEv52I2JNAmGdkRt4HY7Hv59XSqpkymLV5T
HLgNaICkD750qkRVn2LHyygdmr6WyVOdNTGceFe+oU88mX3qt6W0OLPF4kO6UTSG
pL9k4C14NmC71G7r6PMggAfh2SzHHBS8eZvH/CZbfCynvlNz/7TZO51DxwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFKOOW2EITggiCenYgEkpWjz8mDnrMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvbzQ1YllRaE9DQ0lKNmRpQVNTbGFQUHlZT2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQABcNGAwQB
BcOmAwQCBcOsAwQABcPQAwQABcPfAwQAH9uxMAwDBAAf27MDBAAf27QDBADCqqUD
BADCqroDBAXD5QADBADD5SIwDQQCAAIwBwMFACABCPgwDQYJKoZIhvcNAQELBQAD
ggEBAAlGMRBVxDt9mAz7ZE4a+FTGCoJe2sLumxR9Dx2PIqh4uTq9Np7um8qU2uG/
l0oXIuIM4i/yvZZPdaTfobwqXcAAoIECWP5hNn7ClySr0dVg4RlEi6B7TiC5HBI7
PzNH2+U8QQoAkk7ZVW/ItvRlL22XvZfrm5N/kg+BJZr7NmzbzasVMdm71mpIQv3a
FaNnSkAKZy4a2GDz/Ikt6r6RdNrOBoZ+nfqGvuX+4PIbUrvH9i9yPJhcXjEGTFe4
2YQrR/LoX5UjYLGWudZWbZIh4wEzl82rCyhgpN/G1BiP5dCCodXjZhsL/IttVsob
Plw/pPvhBs1owmi/lOjMwxtJoRU=
-----END CERTIFICATE-----
Generated at Tue Mar 11 19:46:46 2025 by rpki-client