Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/BqTGXwEy0NGO0YDBi2enWJEpe9k.roa
File: BqTGXwEy0NGO0YDBi2enWJEpe9k.roa (raw, json)
Hash identifier: NYaAEL0V4uNdZmz3A2gD5aCaRjRzazsS2Zn8GlYp1k0=
Subject key identifier: 06:A4:C6:5F:01:32:D0:D1:8E:D1:80:C1:8B:67:A7:58:91:29:7B:D9
Certificate issuer: /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial: 019423D6A90DC0FB27B632FA31B0A1CD9526
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/BqTGXwEy0NGO0YDBi2enWJEpe9k.roa
Signing time: Wed 01 Jan 2025 21:47:37 +0000
ROA not before: Wed 01 Jan 2025 21:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16347
IP address blocks: 5.182.252.0/22 maxlen: 24
37.18.160.0/20 maxlen: 24
37.58.128.0/17 maxlen: 24
37.157.8.0/23 maxlen: 24
37.157.10.0/24 maxlen: 24
37.157.12.0/22 maxlen: 24
37.157.60.0/22 maxlen: 24
45.142.172.0/22 maxlen: 24
45.145.124.0/22 maxlen: 24
46.20.160.0/20 maxlen: 24
62.102.224.0/19 maxlen: 24
62.244.70.0/23 maxlen: 24
62.244.72.0/22 maxlen: 24
62.244.80.0/23 maxlen: 24
62.244.90.0/23 maxlen: 24
62.244.92.0/23 maxlen: 24
79.98.96.0/21 maxlen: 24
81.22.216.0/21 maxlen: 24
91.103.232.0/21 maxlen: 24
91.205.156.0/24 maxlen: 24
91.206.156.0/23 maxlen: 24
91.217.94.0/23 maxlen: 24
91.229.230.0/23 maxlen: 24
92.61.72.0/21 maxlen: 24
94.127.8.0/21 maxlen: 24
103.73.172.0/22 maxlen: 24
103.77.32.0/22 maxlen: 24
103.229.36.0/23 maxlen: 24
103.232.172.0/22 maxlen: 24
109.69.192.0/21 maxlen: 24
109.237.240.0/20 maxlen: 24
128.127.128.0/20 maxlen: 24
146.247.88.0/21 maxlen: 24
149.255.136.0/21 maxlen: 24
178.249.160.0/21 maxlen: 24
185.15.128.0/22 maxlen: 24
185.42.132.0/22 maxlen: 24
185.49.120.0/23 maxlen: 24
185.49.122.0/24 maxlen: 24
185.65.224.0/22 maxlen: 24
185.67.88.0/22 maxlen: 24
185.79.148.0/22 maxlen: 24
185.90.96.0/22 maxlen: 24
185.95.120.0/22 maxlen: 24
185.138.104.0/22 maxlen: 24
185.149.8.0/22 maxlen: 24
185.172.16.0/22 maxlen: 24
185.196.248.0/22 maxlen: 24
185.204.140.0/22 maxlen: 24
185.208.248.0/22 maxlen: 24
185.247.248.0/22 maxlen: 24
188.66.56.0/22 maxlen: 24
193.27.194.0/23 maxlen: 24
193.41.95.0/24 maxlen: 24
193.47.139.0/24 maxlen: 24
193.84.100.0/24 maxlen: 24
193.108.197.0/24 maxlen: 24
193.222.142.0/23 maxlen: 24
193.222.188.0/23 maxlen: 24
194.177.32.0/19 maxlen: 24
195.214.240.0/21 maxlen: 24
212.51.160.0/19 maxlen: 24
213.108.64.0/21 maxlen: 24
213.151.166.0/24 maxlen: 24
213.151.168.0/23 maxlen: 24
213.151.171.0/24 maxlen: 24
213.151.172.0/23 maxlen: 24
213.151.174.0/24 maxlen: 24
213.151.175.0/24 maxlen: 24
2a00:bc80::/32 maxlen: 32
2a01:6d8::/32 maxlen: 32
2a01:728::/29 maxlen: 48
2a03:4c00::/29 maxlen: 48
2a03:bf40::/32 maxlen: 32
2a05:df00::/29 maxlen: 29
2a0d:4240::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.mft
rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a9:0d:c0:fb:27:b6:32:fa:31:b0:a1:cd:95:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
Validity
Not Before: Jan 1 21:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06a4c65f0132d0d18ed180c18b67a75891297bd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a4:43:dc:96:a7:1b:7e:a5:32:56:38:74:81:
d4:58:a9:5f:07:4b:48:1b:df:84:6c:a6:63:51:1e:
28:a6:9d:2b:c7:7f:2e:15:5f:6d:52:ca:92:50:1f:
81:1b:48:4a:f8:5d:b1:3e:c4:ea:21:64:15:24:17:
c6:02:a9:92:eb:a4:91:87:aa:39:c2:b3:c7:e8:46:
ef:0c:7b:3d:ba:a6:10:c3:2d:90:84:29:aa:20:fa:
9e:d7:4c:8b:14:89:1b:30:be:9a:d4:2f:36:22:7e:
5e:ab:06:3c:f5:9e:e3:c4:e9:5b:b3:44:0f:ca:69:
85:07:5f:d8:ff:88:27:9d:d6:b2:71:60:45:ce:3f:
cf:8f:a7:96:83:eb:5e:32:fe:2c:69:63:ae:c7:60:
56:84:fa:7b:ea:23:4f:49:c5:f7:2f:cf:73:09:c7:
5b:00:46:5f:18:fb:ae:ef:60:cc:e9:75:31:c2:bd:
5d:63:01:18:36:17:60:e9:68:b3:42:b2:a0:ad:17:
ec:30:8f:f0:05:54:5f:0f:d8:04:60:cf:82:27:08:
78:6f:16:37:f0:91:e8:6c:48:34:ea:4d:aa:6d:ab:
77:b9:44:c3:42:2a:30:b5:09:5b:35:2d:e7:86:ae:
96:13:d8:8c:a7:1e:e8:f8:bd:4a:96:95:41:7a:29:
5f:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:A4:C6:5F:01:32:D0:D1:8E:D1:80:C1:8B:67:A7:58:91:29:7B:D9
X509v3 Authority Key Identifier:
keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/BqTGXwEy0NGO0YDBi2enWJEpe9k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.252.0/22
37.18.160.0/20
37.58.128.0/17
37.157.8.0-37.157.10.255
37.157.12.0/22
37.157.60.0/22
45.142.172.0/22
45.145.124.0/22
46.20.160.0/20
62.102.224.0/19
62.244.70.0-62.244.75.255
62.244.80.0/23
62.244.90.0-62.244.93.255
79.98.96.0/21
81.22.216.0/21
91.103.232.0/21
91.205.156.0/24
91.206.156.0/23
91.217.94.0/23
91.229.230.0/23
92.61.72.0/21
94.127.8.0/21
103.73.172.0/22
103.77.32.0/22
103.229.36.0/23
103.232.172.0/22
109.69.192.0/21
109.237.240.0/20
128.127.128.0/20
146.247.88.0/21
149.255.136.0/21
178.249.160.0/21
185.15.128.0/22
185.42.132.0/22
185.49.120.0-185.49.122.255
185.65.224.0/22
185.67.88.0/22
185.79.148.0/22
185.90.96.0/22
185.95.120.0/22
185.138.104.0/22
185.149.8.0/22
185.172.16.0/22
185.196.248.0/22
185.204.140.0/22
185.208.248.0/22
185.247.248.0/22
188.66.56.0/22
193.27.194.0/23
193.41.95.0/24
193.47.139.0/24
193.84.100.0/24
193.108.197.0/24
193.222.142.0/23
193.222.188.0/23
194.177.32.0/19
195.214.240.0/21
212.51.160.0/19
213.108.64.0/21
213.151.166.0/24
213.151.168.0/23
213.151.171.0-213.151.175.255
IPv6:
2a00:bc80::/32
2a01:6d8::/32
2a01:728::/29
2a03:4c00::/29
2a03:bf40::/32
2a05:df00::/29
2a0d:4240::/29
Signature Algorithm: sha256WithRSAEncryption
19:41:ec:24:4a:0c:8b:75:7b:06:ca:3e:3f:48:7a:69:b8:07:
85:4c:b3:40:c4:87:ac:83:c9:fe:57:f0:7a:3c:a9:a2:9c:0a:
57:ea:2d:ad:2a:6b:86:94:bf:a5:9f:8b:76:3a:dc:71:e7:25:
8a:27:c3:43:d1:d9:a3:bf:ce:02:e9:b0:fb:03:40:2c:80:31:
19:ab:ad:ca:36:f2:0e:3e:fc:4d:63:8f:9e:69:37:7b:ca:9f:
c5:6c:ec:1c:f1:f4:07:0b:42:61:2e:60:17:5c:72:f2:6e:0d:
49:cb:43:79:28:df:05:36:b3:54:c0:1f:e6:80:3c:97:f4:9a:
d5:1c:d0:9e:e2:d8:9c:d4:68:7c:dc:50:9f:83:78:c6:03:d3:
9b:93:61:6b:24:0b:fa:cb:9d:1d:fa:69:6d:e6:6c:17:72:00:
8b:1a:2f:23:68:ad:25:7c:ea:a2:fd:9c:ea:05:9f:3b:34:44:
18:fe:f0:a8:e7:4e:4f:b1:62:f4:6d:20:a4:b1:90:e0:f8:e3:
2b:a9:2c:8d:f8:80:89:dd:02:87:cb:46:a2:88:d1:0e:fc:a7:
1d:92:6d:04:dc:b3:e0:e9:d4:29:e2:60:07:5f:0f:73:e1:ea:
47:ca:5b:41:cb:6c:bc:d0:8d:2a:d8:78:f7:0a:1d:2d:19:c9:
1c:2e:cd:1e
-----BEGIN CERTIFICATE-----
MIIG1jCCBb6gAwIBAgISAZQj1qkNwPsntjL6MbChzZUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE0YzY1ZjAxMzJkMGQxOGVkMTgwYzE4YjY3YTc1ODkxMjk3YmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6RD3JanG36lMlY4dIHUWKlfB0tI
G9+EbKZjUR4opp0rx38uFV9tUsqSUB+BG0hK+F2xPsTqIWQVJBfGAqmS66SRh6o5
wrPH6EbvDHs9uqYQwy2QhCmqIPqe10yLFIkbML6a1C82In5eqwY89Z7jxOlbs0QP
ymmFB1/Y/4gnndaycWBFzj/Pj6eWg+teMv4saWOux2BWhPp76iNPScX3L89zCcdb
AEZfGPuu72DM6XUxwr1dYwEYNhdg6WizQrKgrRfsMI/wBVRfD9gEYM+CJwh4bxY3
8JHobEg06k2qbat3uUTDQiowtQlbNS3nhq6WE9iMpx7o+L1KlpVBeilfkQIDAQAB
o4ID4jCCA94wHQYDVR0OBBYEFAakxl8BMtDRjtGAwYtnp1iRKXvZMB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvQnFUR1h3RXkwTkdPMFlEQmkyZW5XSkVwZTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB9gYIKwYBBQUHAQcBAf8EggHlMIIB4TCCAaQEAgABMIIB
nAMEAgW2/AMEBCUSoAMEByU6gDAMAwQDJZ0IAwQAJZ0KAwQCJZ0MAwQCJZ08AwQC
LY6sAwQCLZF8AwQELhSgAwQFPmbgMAwDBAE+9EYDBAI+9EgDBAE+9FAwDAMEAT70
WgMEAT70XAMEA09iYAMEA1EW2AMEA1tn6AMEAFvNnAMEAVvOnAMEAVvZXgMEAVvl
5gMEA1w9SAMEA15/CAMEAmdJrAMEAmdNIAMEAWflJAMEAmforAMEA21FwAMEBG3t
8AMEBIB/gAMEA5L3WAMEA5X/iAMEA7L5oAMEArkPgAMEArkqhDAMAwQDuTF4AwQA
uTF6AwQCuUHgAwQCuUNYAwQCuU+UAwQCuVpgAwQCuV94AwQCuYpoAwQCuZUIAwQC
uawQAwQCucT4AwQCucyMAwQCudD4AwQCuff4AwQCvEI4AwQBwRvCAwQAwSlfAwQA
wS+LAwQAwVRkAwQAwWzFAwQBwd6OAwQBwd68AwQFwrEgAwQDw9bwAwQF1DOgAwQD
1WxAAwQA1ZemAwQB1ZeoMAwDBADVl6sDBATVl6AwNwQCAAIwMQMFACoAvIADBQAq
AQbYAwUDKgEHKAMFAyoDTAADBQAqA79AAwUDKgXfAAMFAyoNQkAwDQYJKoZIhvcN
AQELBQADggEBABlB7CRKDIt1ewbKPj9Iemm4B4VMs0DEh6yDyf5X8Ho8qaKcClfq
La0qa4aUv6Wfi3Y63HHnJYonw0PR2aO/zgLpsPsDQCyAMRmrrco28g4+/E1jj55p
N3vKn8Vs7Bzx9AcLQmEuYBdccvJuDUnLQ3ko3wU2s1TAH+aAPJf0mtUc0J7i2JzU
aHzcUJ+DeMYD05uTYWskC/rLnR36aW3mbBdyAIsaLyNorSV86qL9nOoFnzs0RBj+
8KjnTk+xYvRtIKSxkOD44yupLI34gIndAofLRqKI0Q78px2SbQTcs+Dp1CniYAdf
D3Ph6kfKW0HLbLzQjSrYePcKHS0ZyRwuzR4=
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:16:34 2025 by rpki-client