Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa
File: RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa (raw, json)
Hash identifier: Hb7ewCgNUReilTcVx5Y6r0li4yOFHBvAH9Jj35wZEN0=
Subject key identifier: 45:76:F0:C6:7C:6F:E6:2E:FB:6C:F2:97:38:F3:60:DE:02:C7:43:64
Certificate issuer: /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial: 0196C8B903C778E578E7E4A8775DBEFF2824
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa
Signing time: Tue 13 May 2025 08:18:10 +0000
ROA not before: Tue 13 May 2025 08:18:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39686
IP address blocks: 31.207.8.0/21 maxlen: 24
31.207.16.0/20 maxlen: 24
37.251.176.0/20 maxlen: 24
37.251.200.0/21 maxlen: 24
37.251.240.0/21 maxlen: 24
45.11.164.0/22 maxlen: 24
46.102.148.0/22 maxlen: 24
46.231.104.0/21 maxlen: 24
62.122.40.0/21 maxlen: 24
82.148.192.0/19 maxlen: 24
84.53.64.0/18 maxlen: 24
89.20.160.0/19 maxlen: 24
90.145.0.0/16 maxlen: 24
90.145.59.0/24 maxlen: 24
91.194.8.0/23 maxlen: 24
93.95.248.0/21 maxlen: 24
94.24.64.0/21 maxlen: 24
109.94.144.0/20 maxlen: 24
141.136.16.0/20 maxlen: 24
144.178.64.0/19 maxlen: 24
144.178.96.0/21 maxlen: 24
144.178.108.0/22 maxlen: 24
144.178.112.0/22 maxlen: 24
144.178.120.0/21 maxlen: 24
144.178.192.0/19 maxlen: 24
144.178.224.0/20 maxlen: 24
144.178.240.0/21 maxlen: 24
144.178.248.0/22 maxlen: 24
151.236.144.0/20 maxlen: 24
151.248.48.0/21 maxlen: 24
161.51.64.0/19 maxlen: 24
185.41.144.0/22 maxlen: 24
185.184.204.0/22 maxlen: 24
188.214.40.0/21 maxlen: 24
2a01:5620::/29 maxlen: 48
2a01:9bc0::/29 maxlen: 48
2a02:120::/29 maxlen: 48
2a02:fe8::/32 maxlen: 48
2a02:fe9::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.mft
rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 11 Jun 2025 09:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c8:b9:03:c7:78:e5:78:e7:e4:a8:77:5d:be:ff:28:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Validity
Not Before: May 13 08:18:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4576f0c67c6fe62efb6cf29738f360de02c74364
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:8c:dd:0c:73:41:97:e0:e1:08:4f:2f:67:93:
c4:9a:d9:49:a2:b2:2c:a0:49:0c:b0:f9:05:b4:71:
c6:99:69:02:59:78:09:0f:cf:60:6b:b1:43:12:1a:
f4:90:3a:d0:26:7a:4c:05:0b:8c:77:b3:b8:69:22:
2a:51:e0:f3:ae:54:97:6e:0d:a6:9b:b4:cb:ed:a4:
2b:49:b3:6d:23:18:9f:5f:97:96:50:cd:de:ea:5f:
7e:41:d6:ff:53:5d:7d:6b:4c:85:20:16:eb:66:c5:
47:d0:3c:99:2d:2e:7a:fb:2b:14:1d:37:6f:01:9f:
9d:7e:a5:b3:a2:6d:8a:73:a1:03:e3:38:f6:5d:f3:
51:67:a8:dc:25:7d:a2:fa:6a:7a:36:c9:2c:bd:b8:
4f:8f:74:c6:b5:b0:8e:5b:c3:79:f4:d5:bd:69:5c:
c0:b0:8d:ff:86:36:67:82:b9:86:46:2d:72:f5:73:
f5:d9:d9:30:36:db:62:7a:15:f0:54:9a:37:7f:12:
fd:37:85:a2:f6:a4:50:f1:c1:8b:37:93:16:77:86:
ff:7b:db:b0:19:25:ee:10:8e:7a:f8:6c:11:26:dd:
47:be:47:f4:07:6a:de:18:60:16:29:bc:9e:49:a7:
6a:6b:e7:2e:f4:d1:a9:8b:d5:42:fb:e1:63:e9:fa:
68:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:76:F0:C6:7C:6F:E6:2E:FB:6C:F2:97:38:F3:60:DE:02:C7:43:64
X509v3 Authority Key Identifier:
keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.207.8.0-31.207.31.255
37.251.176.0/20
37.251.200.0/21
37.251.240.0/21
45.11.164.0/22
46.102.148.0/22
46.231.104.0/21
62.122.40.0/21
82.148.192.0/19
84.53.64.0/18
89.20.160.0/19
90.145.0.0/16
91.194.8.0/23
93.95.248.0/21
94.24.64.0/21
109.94.144.0/20
141.136.16.0/20
144.178.64.0-144.178.103.255
144.178.108.0-144.178.115.255
144.178.120.0/21
144.178.192.0-144.178.251.255
151.236.144.0/20
151.248.48.0/21
161.51.64.0/19
185.41.144.0/22
185.184.204.0/22
188.214.40.0/21
IPv6:
2a01:5620::/29
2a01:9bc0::/29
2a02:120::/29
2a02:fe8::/31
Signature Algorithm: sha256WithRSAEncryption
47:5f:b2:76:79:3e:10:c3:e2:7b:d5:53:aa:1a:a7:1b:16:db:
ab:29:01:02:57:ab:00:07:3a:e5:4b:b1:b2:fc:79:f3:37:4b:
fe:c7:3e:bb:58:4f:64:f1:d1:5b:ff:18:15:9f:a7:0a:64:84:
3a:24:90:1d:d5:fe:ff:d0:29:34:27:15:7b:be:e2:9d:09:57:
ae:ef:8d:84:54:47:b2:bb:8a:22:a4:1a:71:a8:54:ad:67:2a:
a1:ca:5e:2a:c1:8d:47:c4:6b:b7:0e:c2:74:b4:28:b1:16:4c:
4e:4d:3d:23:79:02:75:33:9b:a4:aa:ed:24:59:97:1b:f6:37:
9f:ee:a2:b3:38:cf:30:b1:a5:0d:c9:32:c8:e8:ba:f7:fc:9e:
61:bd:8f:3b:73:c1:44:04:89:de:ce:e9:8f:44:5d:60:b4:2d:
6b:ba:57:9e:53:69:b2:0b:29:40:9c:86:42:b9:e2:cf:bf:f8:
68:9d:ee:12:2b:00:66:73:11:21:a4:31:28:13:07:45:eb:4f:
2d:37:c8:84:2f:a8:bc:e1:dc:b3:30:2e:00:7a:97:02:f9:f5:
97:88:41:d2:4c:1c:d1:74:a6:4b:38:aa:dd:ac:55:37:c4:1d:
36:5c:1c:18:eb:ea:b3:58:dd:ad:d7:21:bf:7d:09:29:be:bd:
b1:0b:85:cb
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgISAZbIuQPHeOV45+Sod12+/ygkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjUwNTEzMDgxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc2ZjBjNjdjNmZlNjJlZmI2Y2YyOTczOGYzNjBkZTAyYzc0MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYzdDHNBl+DhCE8vZ5PEmtlJorIs
oEkMsPkFtHHGmWkCWXgJD89ga7FDEhr0kDrQJnpMBQuMd7O4aSIqUeDzrlSXbg2m
m7TL7aQrSbNtIxifX5eWUM3e6l9+Qdb/U119a0yFIBbrZsVH0DyZLS56+ysUHTdv
AZ+dfqWzom2Kc6ED4zj2XfNRZ6jcJX2i+mp6NsksvbhPj3TGtbCOW8N59NW9aVzA
sI3/hjZngrmGRi1y9XP12dkwNttiehXwVJo3fxL9N4Wi9qRQ8cGLN5MWd4b/e9uw
GSXuEI56+GwRJt1Hvkf0B2reGGAWKbyeSadqa+cu9NGpi9VC++Fj6fpoIQIDAQAB
o4IC7jCCAuowHQYDVR0OBBYEFEV28MZ8b+Yu+2zylzjzYN4Cx0NkMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvUlhid3hueHY1aTc3YlBLWE9QTmczZ0xIUTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAgYIKwYBBQUHAQcBAf8EgfIwge8wgcgEAgABMIHBMAwD
BAMfzwgDBAUfzwADBAQl+7ADBAMl+8gDBAMl+/ADBAItC6QDBAIuZpQDBAMu52gD
BAM+eigDBAVSlMADBAZUNUADBAVZFKADAwBakQMEAVvCCAMEA11f+AMEA14YQAME
BG1ekAMEBI2IEDAMAwQGkLJAAwQDkLJgMAwDBAKQsmwDBAKQsnADBAOQsngwDAME
BpCywAMEApCy+AMEBJfskAMEA5f4MAMEBaEzQAMEArkpkAMEArm4zAMEA7zWKDAi
BAIAAjAcAwUDKgFWIAMFAyoBm8ADBQMqAgEgAwUBKgIP6DANBgkqhkiG9w0BAQsF
AAOCAQEAR1+ydnk+EMPie9VTqhqnGxbbqykBAlerAAc65Uuxsvx58zdL/sc+u1hP
ZPHRW/8YFZ+nCmSEOiSQHdX+/9ApNCcVe77inQlXru+NhFRHsruKIqQacahUrWcq
ocpeKsGNR8Rrtw7CdLQosRZMTk09I3kCdTObpKrtJFmXG/Y3n+6iszjPMLGlDcky
yOi69/yeYb2PO3PBRASJ3s7pj0RdYLQta7pXnlNpsgspQJyGQrniz7/4aJ3uEisA
ZnMRIaQxKBMHRetPLTfIhC+ovOHcszAuAHqXAvn1l4hB0kwc0XSmSziq3axVN8Qd
NlwcGOvqs1jdrdchv30JKb69sQuFyw==
-----END CERTIFICATE-----
Generated at Tue Jun 10 16:09:06 2025 by rpki-client