Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/UjFHvunES4zB1buoYQwOJAvtic4.roa
File: UjFHvunES4zB1buoYQwOJAvtic4.roa (raw, json)
Hash identifier: 8JRnvC2WvvUD8xqaEPafciSNs/2Jt6gLe7JRKtz6ghA=
Subject key identifier: 52:31:47:BE:E9:C4:4B:8C:C1:D5:BB:A8:61:0C:0E:24:0B:ED:89:CE
Certificate issuer: /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial: 019425218429EB3F52FA583B69DE6297058F
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/UjFHvunES4zB1buoYQwOJAvtic4.roa
Signing time: Thu 02 Jan 2025 03:49:01 +0000
ROA not before: Thu 02 Jan 2025 03:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34659
IP address blocks: 5.104.192.0/21 maxlen: 24
37.32.56.0/21 maxlen: 24
77.247.104.0/22 maxlen: 24
83.136.160.0/21 maxlen: 25
85.31.168.0/22 maxlen: 24
178.21.176.0/21 maxlen: 24
178.22.0.0/21 maxlen: 24
185.3.196.0/22 maxlen: 24
185.45.228.0/22 maxlen: 24
185.83.236.0/22 maxlen: 24
185.96.156.0/22 maxlen: 24
185.153.96.0/22 maxlen: 24
185.185.4.0/22 maxlen: 24
185.185.8.0/22 maxlen: 24
192.166.204.0/22 maxlen: 24
193.36.52.0/22 maxlen: 24
194.104.16.0/22 maxlen: 24
194.169.176.0/22 maxlen: 24
194.180.116.0/22 maxlen: 24
213.41.240.0/21 maxlen: 24
2a00:1db8::/29 maxlen: 48
2a07:8580::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 23:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:84:29:eb:3f:52:fa:58:3b:69:de:62:97:05:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Validity
Not Before: Jan 2 03:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=523147bee9c44b8cc1d5bba8610c0e240bed89ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:1e:76:f7:3c:ec:67:1d:fa:8d:c3:4a:2f:7d:
b8:2d:81:e9:52:14:15:d7:6f:7f:0f:d1:85:c7:11:
c4:52:86:19:ab:c0:e0:f3:c7:18:8c:33:04:1c:cb:
97:09:d4:68:05:1e:fa:76:1c:17:e6:cf:97:ac:fc:
ed:00:f1:74:f4:08:c9:79:90:ec:41:4b:0e:05:a8:
dd:ed:69:61:d4:25:a1:03:68:a0:0e:08:30:da:4b:
12:9b:e7:b6:87:d3:cf:f0:48:f9:9d:f4:a7:29:b7:
96:df:8b:dc:a0:51:8c:4e:5f:2c:3c:e6:d9:d0:90:
f1:e3:4d:19:c4:57:3e:c8:b5:de:7c:71:6e:40:4b:
47:c6:1e:b5:c3:cc:cb:3b:2b:13:9e:cd:88:2c:35:
67:31:6e:7f:d2:5e:84:54:22:7a:a7:64:9c:cd:d2:
8e:40:f4:66:6d:46:8d:86:38:d9:4e:da:a5:32:b0:
de:94:65:0c:23:cd:b3:27:12:83:45:0d:16:87:ef:
2f:0b:58:20:4f:58:2b:cd:c8:77:9d:d8:fc:63:fa:
4f:a1:de:a7:b3:fb:36:39:a2:1a:f1:ac:6b:9e:4e:
3b:fb:9a:f1:99:bb:71:98:6b:a6:b6:4c:45:18:d2:
69:51:78:e6:a2:7f:06:6c:d4:b5:6d:a8:96:69:05:
ee:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:31:47:BE:E9:C4:4B:8C:C1:D5:BB:A8:61:0C:0E:24:0B:ED:89:CE
X509v3 Authority Key Identifier:
keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/UjFHvunES4zB1buoYQwOJAvtic4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.104.192.0/21
37.32.56.0/21
77.247.104.0/22
83.136.160.0/21
85.31.168.0/22
178.21.176.0/21
178.22.0.0/21
185.3.196.0/22
185.45.228.0/22
185.83.236.0/22
185.96.156.0/22
185.153.96.0/22
185.185.4.0-185.185.11.255
192.166.204.0/22
193.36.52.0/22
194.104.16.0/22
194.169.176.0/22
194.180.116.0/22
213.41.240.0/21
IPv6:
2a00:1db8::/29
2a07:8580::/29
Signature Algorithm: sha256WithRSAEncryption
9f:8e:74:d2:1b:95:e8:dc:bc:c8:62:98:1e:74:1d:02:0c:0b:
02:05:a1:1d:04:15:2f:9c:ba:ee:b7:d3:53:c6:41:b2:88:8b:
e4:7c:40:1c:7f:aa:74:1c:6f:25:e2:39:ff:b7:d5:af:3b:ab:
51:55:62:4f:33:12:0d:76:7e:67:07:6a:da:6a:f1:ea:73:4e:
5f:82:34:00:4b:6c:df:7a:4e:7b:f0:e6:8b:41:eb:0c:1e:0a:
cf:a8:f4:ad:6f:43:4b:61:aa:74:e3:16:b7:53:24:e3:9c:b8:
b6:24:d9:fa:f5:e0:71:71:20:49:1f:a2:3c:ca:90:2d:5b:e8:
c5:ae:2e:4f:73:97:ae:f9:c4:dd:f5:4c:99:56:e9:8e:86:b1:
18:49:ab:c4:02:d0:29:6d:5d:78:9c:f0:27:60:f2:ff:4d:f5:
bd:be:55:0d:9e:40:18:69:db:e3:95:a2:0e:de:6b:b6:88:0b:
b2:1d:8c:da:f4:e7:f6:22:67:f4:c7:f1:76:b4:76:4e:40:81:
ef:a0:db:5b:5e:6b:c5:7f:a9:ea:9a:9d:b0:68:39:a3:39:b2:
ed:49:46:8a:70:15:62:81:93:91:37:a3:91:46:33:b0:e9:38:
cb:b7:a6:74:ff:8b:c0:8a:8c:03:c2:d2:e2:c9:ab:8d:fc:e0:
29:e2:69:24
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAZQlIYQp6z9S+lg7ad5ilwWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjUwMTAyMDM0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMxNDdiZWU5YzQ0YjhjYzFkNWJiYTg2MTBjMGUyNDBiZWQ4OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxB529zzsZx36jcNKL324LYHpUhQV
129/D9GFxxHEUoYZq8Dg88cYjDMEHMuXCdRoBR76dhwX5s+XrPztAPF09AjJeZDs
QUsOBajd7Wlh1CWhA2igDggw2ksSm+e2h9PP8Ej5nfSnKbeW34vcoFGMTl8sPObZ
0JDx400ZxFc+yLXefHFuQEtHxh61w8zLOysTns2ILDVnMW5/0l6EVCJ6p2SczdKO
QPRmbUaNhjjZTtqlMrDelGUMI82zJxKDRQ0Wh+8vC1ggT1grzch3ndj8Y/pPod6n
s/s2OaIa8axrnk47+5rxmbtxmGumtkxFGNJpUXjmon8GbNS1baiWaQXubwIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFFIxR77pxEuMwdW7qGEMDiQL7YnOMB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEvVWpGSHZ1bkVTNHpCMWJ1b1lRd09KQXZ0aWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBgAQCAAEwegMEAwVo
wAMEAyUgOAMEAk33aAMEA1OIoAMEAlUfqAMEA7IVsAMEA7IWAAMEArkDxAMEArkt
5AMEArlT7AMEArlgnAMEArmZYDAMAwQCubkEAwQCubkIAwQCwKbMAwQCwSQ0AwQC
wmgQAwQCwqmwAwQCwrR0AwQD1SnwMBQEAgACMA4DBQMqAB24AwUDKgeFgDANBgkq
hkiG9w0BAQsFAAOCAQEAn4500huV6Ny8yGKYHnQdAgwLAgWhHQQVL5y67rfTU8ZB
soiL5HxAHH+qdBxvJeI5/7fVrzurUVViTzMSDXZ+Zwdq2mrx6nNOX4I0AEts33pO
e/Dmi0HrDB4Kz6j0rW9DS2GqdOMWt1Mk45y4tiTZ+vXgcXEgSR+iPMqQLVvoxa4u
T3OXrvnE3fVMmVbpjoaxGEmrxALQKW1deJzwJ2Dy/031vb5VDZ5AGGnb45WiDt5r
togLsh2M2vTn9iJn9MfxdrR2TkCB76DbW15rxX+p6pqdsGg5ozmy7UlGinAVYoGT
kTejkUYzsOk4y7emdP+LwIqMA8LS4smrjfzgKeJpJA==
-----END CERTIFICATE-----
Generated at Tue Apr 8 08:09:36 2025 by rpki-client