Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/DS5gBLYyptdZ9y27hbFJurp9kuI.roa
File: DS5gBLYyptdZ9y27hbFJurp9kuI.roa (raw, json)
Hash identifier: zoDKZtl19sULYhyiEZp0I4zijHRFp+OWa8jMMxoXiV0=
Subject key identifier: 0D:2E:60:04:B6:32:A6:D7:59:F7:2D:BB:85:B1:49:BA:BA:7D:92:E2
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 01971E007294C7BD01EC902E1482F5561CB6
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/DS5gBLYyptdZ9y27hbFJurp9kuI.roa
Signing time: Thu 29 May 2025 21:43:55 +0000
ROA not before: Thu 29 May 2025 21:43:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 5.182.185.0/24 maxlen: 24
5.182.196.0/24 maxlen: 24
5.182.197.0/24 maxlen: 24
78.31.205.0/24 maxlen: 24
79.98.183.0/24 maxlen: 24
92.249.29.0/24 maxlen: 24
94.154.171.0/24 maxlen: 24
94.154.178.0/24 maxlen: 24
103.130.176.0/24 maxlen: 24
103.130.177.0/24 maxlen: 24
103.210.13.0/24 maxlen: 24
103.210.14.0/24 maxlen: 24
103.210.15.0/24 maxlen: 24
103.216.196.0/24 maxlen: 24
103.216.198.0/24 maxlen: 24
104.232.36.0/24 maxlen: 24
147.78.207.0/24 maxlen: 24
162.218.93.0/24 maxlen: 24
185.52.138.0/24 maxlen: 24
185.52.139.0/24 maxlen: 24
185.161.190.0/24 maxlen: 24
185.187.214.0/24 maxlen: 24
185.187.215.0/24 maxlen: 24
185.198.89.0/24 maxlen: 24
185.198.90.0/24 maxlen: 24
185.198.91.0/24 maxlen: 24
185.201.42.0/24 maxlen: 24
185.208.152.0/24 maxlen: 24
185.208.153.0/24 maxlen: 24
185.208.154.0/24 maxlen: 24
185.230.121.0/24 maxlen: 24
185.253.120.0/24 maxlen: 24
185.253.121.0/24 maxlen: 24
192.145.70.0/24 maxlen: 24
212.60.13.0/24 maxlen: 24
2a0a:8f40:3::/48 maxlen: 48
2a0a:8f40:7::/48 maxlen: 48
2a0a:8f40:8::/48 maxlen: 48
2a0a:8f40:9::/48 maxlen: 48
2a0a:8f40:a::/48 maxlen: 48
2a0a:8f40:b::/48 maxlen: 48
2a0a:8f40:c::/48 maxlen: 48
2a0a:8f40:1c::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 04 Jun 2025 00:00:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:1e:00:72:94:c7:bd:01:ec:90:2e:14:82:f5:56:1c:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: May 29 21:43:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d2e6004b632a6d759f72dbb85b149baba7d92e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:0b:1d:20:8b:1c:5c:69:70:53:78:9e:2e:a0:
f5:97:de:23:9f:a4:31:5b:76:17:c8:fa:63:66:87:
3d:7b:d7:14:cd:b5:05:62:d4:ac:46:63:9b:e1:98:
b4:f1:8b:5d:a1:81:d7:8e:37:31:e8:82:57:84:02:
6a:2b:2a:87:cd:a2:de:13:12:cd:47:3f:73:94:6f:
1b:e1:e3:9d:b0:00:28:af:d9:da:03:09:fd:c0:35:
66:4a:b3:56:73:74:5c:41:f6:31:6f:89:72:25:b1:
f6:9b:1b:60:d8:9e:95:04:40:63:d4:67:dc:c6:cc:
40:12:a9:8c:50:24:3f:f7:9d:7b:29:f2:9b:a6:0e:
84:f6:1e:2f:a2:f0:57:cf:27:db:63:9e:fe:5c:b8:
41:73:d9:7a:21:ed:80:4b:e9:bb:65:7c:4b:dd:40:
68:d8:9e:8b:a9:40:56:e8:6a:b8:81:89:fe:4f:f3:
ec:18:4a:24:47:23:ab:36:31:46:16:6a:96:78:24:
89:eb:59:fc:d5:32:36:9e:bd:63:51:57:1e:3d:2c:
05:cd:a7:00:f8:0f:e9:58:d3:cb:75:3b:ea:87:fc:
63:9b:d6:3f:0c:87:a8:2a:9e:c5:11:ff:0b:97:14:
38:98:52:c1:54:e6:a6:eb:31:22:f6:b8:cc:f6:23:
b5:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:2E:60:04:B6:32:A6:D7:59:F7:2D:BB:85:B1:49:BA:BA:7D:92:E2
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/DS5gBLYyptdZ9y27hbFJurp9kuI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.185.0/24
5.182.196.0/23
78.31.205.0/24
79.98.183.0/24
92.249.29.0/24
94.154.171.0/24
94.154.178.0/24
103.130.176.0/23
103.210.13.0-103.210.15.255
103.216.196.0/24
103.216.198.0/24
104.232.36.0/24
147.78.207.0/24
162.218.93.0/24
185.52.138.0/23
185.161.190.0/24
185.187.214.0/23
185.198.89.0-185.198.91.255
185.201.42.0/24
185.208.152.0-185.208.154.255
185.230.121.0/24
185.253.120.0/23
192.145.70.0/24
212.60.13.0/24
IPv6:
2a0a:8f40:3::/48
2a0a:8f40:7::-2a0a:8f40:c:ffff:ffff:ffff:ffff:ffff
2a0a:8f40:1c::/48
Signature Algorithm: sha256WithRSAEncryption
1c:89:cc:0f:a1:16:70:bb:9c:6f:a0:01:11:77:ea:4d:04:7f:
85:b1:7d:cf:e3:91:19:b1:4b:22:69:2a:7f:4e:d0:c5:33:f4:
fd:31:9b:e4:fd:f5:02:1d:6b:d3:49:a4:e9:dd:d4:98:cf:55:
a5:94:6d:a7:bd:5b:09:3b:89:3e:e0:7a:24:d3:8c:0e:cd:ff:
50:cf:e0:d6:10:ed:c4:f7:6b:cb:14:77:55:d8:fa:74:72:9e:
27:90:c1:c4:98:6a:80:d1:80:1d:af:53:34:f0:21:5e:50:75:
c5:39:f8:e4:e0:c7:1f:5a:3a:de:47:77:ba:55:81:9b:ea:be:
36:f8:46:da:57:17:d9:1b:1b:89:5b:c9:73:5a:c2:de:e7:dc:
a7:e0:f8:10:6f:32:67:59:7d:f7:7f:13:d1:00:86:04:f1:59:
0d:15:3b:8b:a7:95:60:f0:41:b2:0c:f0:fb:60:3c:e4:ee:80:
c3:8a:59:8a:f9:30:88:6a:c0:5a:28:ab:84:d5:a5:4c:64:97:
87:5f:65:e9:83:3f:00:cd:c8:c3:54:4c:58:88:00:e8:40:c4:
ba:f9:1d:9e:88:06:af:1b:04:61:fc:29:35:2a:8f:92:d9:22:
ee:06:20:a6:58:82:25:57:9d:54:15:3f:97:f5:31:85:fd:34:
81:f3:67:83
-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgISAZceAHKUx70B7JAuFIL1Vhy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNTI5MjE0MzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDJlNjAwNGI2MzJhNmQ3NTlmNzJkYmI4NWIxNDliYWJhN2Q5MmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAsdIIscXGlwU3ieLqD1l94jn6Qx
W3YXyPpjZoc9e9cUzbUFYtSsRmOb4Zi08YtdoYHXjjcx6IJXhAJqKyqHzaLeExLN
Rz9zlG8b4eOdsAAor9naAwn9wDVmSrNWc3RcQfYxb4lyJbH2mxtg2J6VBEBj1Gfc
xsxAEqmMUCQ/9517KfKbpg6E9h4vovBXzyfbY57+XLhBc9l6Ie2AS+m7ZXxL3UBo
2J6LqUBW6Gq4gYn+T/PsGEokRyOrNjFGFmqWeCSJ61n81TI2nr1jUVcePSwFzacA
+A/pWNPLdTvqh/xjm9Y/DIeoKp7FEf8LlxQ4mFLBVOam6zEi9rjM9iO1BQIDAQAB
o4IC3jCCAtowHQYDVR0OBBYEFA0uYAS2MqbXWfctu4WxSbq6fZLiMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvRFM1Z0JMWXlwdGRaOXkyN2hiRkp1cnA5a3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHzBggrBgEFBQcBBwEB/wSB4zCB4DCBrwQCAAEwgagDBAAF
trkDBAEFtsQDBABOH80DBABPYrcDBABc+R0DBABemqsDBABemrIDBAFngrAwDAME
AGfSDQMEBGfSAAMEAGfYxAMEAGfYxgMEAGjoJAMEAJNOzwMEAKLaXQMEAbk0igME
ALmhvgMEAbm71jAMAwQAucZZAwQCucZYAwQAuckqMAwDBAO50JgDBAC50JoDBAC5
5nkDBAG5/XgDBADAkUYDBADUPA0wLAQCAAIwJgMHACoKj0AAAzASAwcAKgqPQAAH
AwcAKgqPQAAMAwcAKgqPQAAcMA0GCSqGSIb3DQEBCwUAA4IBAQAcicwPoRZwu5xv
oAERd+pNBH+FsX3P45EZsUsiaSp/TtDFM/T9MZvk/fUCHWvTSaTp3dSYz1WllG2n
vVsJO4k+4Hok04wOzf9Qz+DWEO3E92vLFHdV2Pp0cp4nkMHEmGqA0YAdr1M08CFe
UHXFOfjk4McfWjreR3e6VYGb6r42+EbaVxfZGxuJW8lzWsLe59yn4PgQbzJnWX33
fxPRAIYE8VkNFTuLp5Vg8EGyDPD7YDzk7oDDilmK+TCIasBaKKuE1aVMZJeHX2Xp
gz8AzcjDVExYiADoQMS6+R2eiAavGwRh/Ck1Ko+S2SLuBiCmWIIlV51UFT+X9TGF
/TSB82eD
-----END CERTIFICATE-----
Generated at Tue Jun 3 10:22:16 2025 by rpki-client