Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eH9NeYZ6476-_LV8hEYeX0fc0QI.roa
File: eH9NeYZ6476-_LV8hEYeX0fc0QI.roa (raw, json)
Hash identifier: qpYMUOd5FFvMlQNvSubLKokumQC5dpDSUWn6yu3Z38Q=
Subject key identifier: 78:7F:4D:79:86:7A:E3:BE:BE:FC:B5:7C:84:46:1E:5F:47:DC:D1:02
Certificate issuer: /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial: 01941F8C44DFCF4BDDEE0BA1A428148E90CF
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eH9NeYZ6476-_LV8hEYeX0fc0QI.roa
Signing time: Wed 01 Jan 2025 01:47:53 +0000
ROA not before: Wed 01 Jan 2025 01:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34918
IP address blocks: 5.202.0.0/20 maxlen: 20
5.202.0.0/24 maxlen: 24
5.202.1.0/24 maxlen: 24
5.202.2.0/24 maxlen: 24
5.202.3.0/24 maxlen: 24
5.202.4.0/24 maxlen: 24
5.202.5.0/24 maxlen: 24
5.202.6.0/24 maxlen: 24
5.202.7.0/24 maxlen: 24
5.202.8.0/24 maxlen: 24
5.202.9.0/24 maxlen: 24
5.202.10.0/24 maxlen: 24
5.202.11.0/24 maxlen: 24
5.202.12.0/24 maxlen: 24
5.202.13.0/24 maxlen: 24
5.202.14.0/24 maxlen: 24
5.202.15.0/24 maxlen: 24
85.9.96.0/20 maxlen: 20
85.9.96.0/21 maxlen: 21
85.9.96.0/22 maxlen: 22
85.9.100.0/22 maxlen: 22
85.9.104.0/21 maxlen: 21
85.9.105.0/24 maxlen: 24
85.9.106.0/24 maxlen: 24
85.9.107.0/24 maxlen: 24
85.9.108.0/24 maxlen: 24
85.9.109.0/24 maxlen: 24
85.9.110.0/24 maxlen: 24
85.9.111.0/24 maxlen: 24
85.9.112.0/22 maxlen: 22
85.9.112.0/24 maxlen: 24
85.9.113.0/24 maxlen: 24
85.9.114.0/24 maxlen: 24
85.9.115.0/24 maxlen: 24
85.9.120.0/21 maxlen: 21
85.9.120.0/22 maxlen: 22
85.9.124.0/22 maxlen: 22
185.126.0.0/20 maxlen: 20
185.126.0.0/21 maxlen: 21
185.126.0.0/22 maxlen: 22
185.126.0.0/24 maxlen: 24
185.126.1.0/24 maxlen: 24
185.126.2.0/24 maxlen: 24
185.126.3.0/24 maxlen: 24
185.126.4.0/24 maxlen: 24
185.126.5.0/24 maxlen: 24
185.126.6.0/24 maxlen: 24
185.126.7.0/24 maxlen: 24
185.126.8.0/21 maxlen: 21
185.126.8.0/24 maxlen: 24
185.126.9.0/24 maxlen: 24
185.126.10.0/24 maxlen: 24
185.126.11.0/24 maxlen: 24
185.126.12.0/24 maxlen: 24
185.126.13.0/24 maxlen: 24
185.126.14.0/24 maxlen: 24
185.126.15.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:44:df:cf:4b:dd:ee:0b:a1:a4:28:14:8e:90:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Validity
Not Before: Jan 1 01:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=787f4d79867ae3bebefcb57c84461e5f47dcd102
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:6c:00:6b:95:60:e8:fa:b7:ae:3b:fc:fe:96:
03:89:17:35:15:90:d3:b6:80:f0:2d:20:d5:3d:fd:
20:c5:39:14:9d:3d:34:ab:2e:65:15:45:9a:9a:55:
6d:a0:d0:23:0d:44:7d:98:3a:73:f0:b5:6c:b0:ee:
e3:95:13:d6:88:74:26:15:a4:13:42:2c:bc:fc:98:
86:fc:87:31:b7:a2:f3:c7:cc:15:9a:cb:85:76:28:
f2:dc:65:0f:be:26:67:b4:dd:20:8c:9f:ed:bb:92:
b7:83:e1:47:20:72:98:e8:4d:ea:53:09:de:b3:b7:
a0:9a:18:33:10:04:f9:37:11:af:1a:e1:71:8f:44:
61:3a:24:a4:d3:6e:af:c4:63:a2:b6:e0:60:af:de:
e7:c2:6c:98:ce:2c:ef:02:fb:86:1b:d8:46:9e:70:
35:9d:8c:46:4d:d6:55:14:8f:28:d2:0d:2a:42:7a:
3b:0c:6a:ac:84:1d:47:cc:aa:64:85:c8:ed:d2:66:
b5:df:ee:a8:bb:c4:31:f2:c2:27:57:31:a8:a3:89:
10:81:ff:bd:6e:16:ae:71:4f:3a:f8:0d:10:26:0b:
6e:b7:cb:80:5c:2e:b4:b8:ff:48:32:e2:bf:f5:0c:
ff:cb:57:e6:66:cd:92:bc:2c:cc:cb:76:f3:7d:28:
da:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:7F:4D:79:86:7A:E3:BE:BE:FC:B5:7C:84:46:1E:5F:47:DC:D1:02
X509v3 Authority Key Identifier:
keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eH9NeYZ6476-_LV8hEYeX0fc0QI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.202.0.0/20
85.9.96.0-85.9.115.255
85.9.120.0/21
185.126.0.0/20
Signature Algorithm: sha256WithRSAEncryption
03:df:85:04:67:da:45:b1:05:3b:5a:72:26:1f:2a:02:62:08:
e0:15:e3:11:63:ea:96:6c:81:03:a0:c2:57:42:2d:b8:63:b4:
55:36:bd:f1:2e:50:bd:3d:39:81:61:32:1c:1a:1c:5e:16:2b:
1a:cb:d5:8b:fa:aa:29:68:d5:5b:b1:25:74:29:2b:48:1a:9d:
bb:29:e8:67:b0:7c:ec:d8:93:d8:61:78:fc:48:db:5d:ab:25:
4b:ad:11:6b:9a:52:9b:84:da:f4:e8:da:90:d5:bf:82:28:24:
8f:fb:f0:89:17:76:51:1e:2d:72:19:9e:a3:ea:e8:c6:5a:c5:
a8:16:25:8a:ba:76:8c:db:22:49:26:4d:87:37:7e:12:ff:b0:
14:4c:d0:c6:14:3f:ea:cc:a5:42:6f:1b:e1:32:37:59:ef:01:
2b:89:3d:49:12:66:48:45:8d:61:0e:47:23:0b:66:64:02:fa:
46:c3:3e:68:78:b3:53:76:b3:69:f9:46:7f:40:ea:9c:b1:57:
98:2e:0c:54:29:0f:4a:df:50:1d:3d:36:eb:30:a1:00:2f:a5:
f3:02:18:fa:ad:e3:4c:4f:91:ca:02:c9:18:5f:5f:b0:d9:ff:
69:d2:c3:cc:18:57:e6:b7:90:9a:59:e2:2e:8f:e9:49:e9:6c:
70:f3:e8:e0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQfjETfz0vd7guhpCgUjpDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODdmNGQ3OTg2N2FlM2JlYmVmY2I1N2M4NDQ2MWU1ZjQ3ZGNkMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WwAa5Vg6Pq3rjv8/pYDiRc1FZDT
toDwLSDVPf0gxTkUnT00qy5lFUWamlVtoNAjDUR9mDpz8LVssO7jlRPWiHQmFaQT
Qiy8/JiG/Icxt6Lzx8wVmsuFdijy3GUPviZntN0gjJ/tu5K3g+FHIHKY6E3qUwne
s7egmhgzEAT5NxGvGuFxj0RhOiSk026vxGOituBgr97nwmyYzizvAvuGG9hGnnA1
nYxGTdZVFI8o0g0qQno7DGqshB1HzKpkhcjt0ma13+6ou8Qx8sInVzGoo4kQgf+9
bhaucU86+A0QJgtut8uAXC60uP9IMuK/9Qz/y1fmZs2SvCzMy3bzfSjaYwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHh/TXmGeuO+vvy1fIRGHl9H3NECMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvZUg5TmVZWjY0NzYtX0xWOGhFWWVYMGZjMFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEBcoAMAwD
BAVVCWADBAJVCXADBANVCXgDBAS5fgAwDQYJKoZIhvcNAQELBQADggEBAAPfhQRn
2kWxBTtaciYfKgJiCOAV4xFj6pZsgQOgwldCLbhjtFU2vfEuUL09OYFhMhwaHF4W
KxrL1Yv6qilo1VuxJXQpK0ganbsp6GewfOzYk9hhePxI212rJUutEWuaUpuE2vTo
2pDVv4IoJI/78IkXdlEeLXIZnqPq6MZaxagWJYq6dozbIkkmTYc3fhL/sBRM0MYU
P+rMpUJvG+EyN1nvASuJPUkSZkhFjWEORyMLZmQC+kbDPmh4s1N2s2n5Rn9A6pyx
V5guDFQpD0rfUB09NuswoQAvpfMCGPqt40xPkcoCyRhfX7DZ/2nSw8wYV+a3kJpZ
4i6P6UnpbHDz6OA=
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:34:42 2025 by rpki-client