Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/A9fopaXO-fVQpKdJ8LHIGXii_SU.roa
File: A9fopaXO-fVQpKdJ8LHIGXii_SU.roa (raw, json)
Hash identifier: 8zkX8M3Fk6VQlJpwJIcZtNmfIBhTghba03PireQiTxw=
Subject key identifier: 03:D7:E8:A5:A5:CE:F9:F5:50:A4:A7:49:F0:B1:C8:19:78:A2:FD:25
Certificate issuer: /CN=c1a190504b6d9ed9c18096840425b11d7b22dff4
Certificate serial: 019425215EB074103C421F1F07095EB04AFD
Authority key identifier: C1:A1:90:50:4B:6D:9E:D9:C1:80:96:84:04:25:B1:1D:7B:22:DF:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/A9fopaXO-fVQpKdJ8LHIGXii_SU.roa
Signing time: Thu 02 Jan 2025 03:48:51 +0000
ROA not before: Thu 02 Jan 2025 03:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42707
IP address blocks: 5.45.32.0/22 maxlen: 23
5.57.248.0/21 maxlen: 22
5.206.208.0/20 maxlen: 21
77.75.48.0/22 maxlen: 23
83.143.76.0/22 maxlen: 24
84.39.204.0/22 maxlen: 23
91.189.224.0/21 maxlen: 22
91.195.64.0/22 maxlen: 23
109.207.72.0/22 maxlen: 23
185.148.28.0/22 maxlen: 23
185.229.80.0/22 maxlen: 23
185.231.24.0/21 maxlen: 22
185.231.24.0/22 maxlen: 23
185.231.28.0/22 maxlen: 23
185.233.212.0/22 maxlen: 23
185.236.4.0/22 maxlen: 23
185.245.88.0/22 maxlen: 23
185.247.44.0/22 maxlen: 23
185.247.48.0/22 maxlen: 23
185.248.228.0/22 maxlen: 23
185.250.136.0/22 maxlen: 23
185.252.124.0/22 maxlen: 23
185.254.48.0/22 maxlen: 23
193.33.134.0/23 maxlen: 24
193.36.164.0/22 maxlen: 23
194.49.88.0/22 maxlen: 23
195.42.224.0/22 maxlen: 23
195.42.228.0/23 maxlen: 24
2a00:5140::/32 maxlen: 32
2a00:5141::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 21:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:5e:b0:74:10:3c:42:1f:1f:07:09:5e:b0:4a:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c1a190504b6d9ed9c18096840425b11d7b22dff4
Validity
Not Before: Jan 2 03:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=03d7e8a5a5cef9f550a4a749f0b1c81978a2fd25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:4e:1c:1b:42:ba:1d:c6:22:63:e4:51:75:7d:
07:bd:44:3b:81:8a:88:3f:5d:f2:eb:4f:64:29:81:
68:7f:ef:b0:5e:2e:d2:f2:6a:ff:29:9b:4c:4c:03:
06:fe:a2:cb:66:21:79:87:47:e8:4d:03:cb:b2:a4:
87:20:c0:13:35:a9:ad:ed:0b:85:a9:c3:1a:0c:59:
b6:82:53:06:cf:ea:98:82:18:66:3c:47:76:78:ac:
51:ce:b5:a4:ab:dd:46:02:0a:42:0d:02:54:cd:d0:
92:bf:63:1d:f2:1b:c3:ae:53:99:dc:71:bd:f2:fc:
0d:35:8a:43:d7:e8:4a:64:43:c2:3d:fd:5e:fa:40:
28:6e:ab:1d:6a:47:35:89:fa:6f:88:a9:e8:c0:04:
e2:c6:fb:b4:0b:2d:02:c3:f2:51:4f:5a:0b:67:1a:
03:5c:fd:e7:64:ab:69:33:05:18:a1:79:dc:66:0b:
e6:17:d5:41:db:cb:6c:a7:87:7f:95:03:05:0d:63:
de:35:60:de:15:92:09:0b:41:95:86:99:6e:4e:6f:
15:b8:8a:42:52:24:a9:54:ff:b5:79:50:43:54:e6:
25:0b:8b:50:10:fe:8f:0e:27:24:af:f5:b5:b7:e7:
fe:66:f9:b8:82:cd:b4:98:93:1e:4d:89:3c:97:31:
8a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:D7:E8:A5:A5:CE:F9:F5:50:A4:A7:49:F0:B1:C8:19:78:A2:FD:25
X509v3 Authority Key Identifier:
keyid:C1:A1:90:50:4B:6D:9E:D9:C1:80:96:84:04:25:B1:1D:7B:22:DF:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/A9fopaXO-fVQpKdJ8LHIGXii_SU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.32.0/22
5.57.248.0/21
5.206.208.0/20
77.75.48.0/22
83.143.76.0/22
84.39.204.0/22
91.189.224.0/21
91.195.64.0/22
109.207.72.0/22
185.148.28.0/22
185.229.80.0/22
185.231.24.0/21
185.233.212.0/22
185.236.4.0/22
185.245.88.0/22
185.247.44.0-185.247.51.255
185.248.228.0/22
185.250.136.0/22
185.252.124.0/22
185.254.48.0/22
193.33.134.0/23
193.36.164.0/22
194.49.88.0/22
195.42.224.0-195.42.229.255
IPv6:
2a00:5140::/31
Signature Algorithm: sha256WithRSAEncryption
02:bc:5a:60:96:10:5e:e8:09:6e:4b:ba:e3:d6:16:ad:15:be:
63:a8:a4:67:b9:81:69:bb:7f:f6:fb:6d:21:ff:2e:e0:98:df:
38:54:4f:01:f7:11:32:59:31:2b:e9:d9:20:5b:00:de:f8:0b:
4d:9f:f1:25:13:ee:34:fe:3b:6f:59:95:86:39:d3:d4:f9:4c:
c5:56:b0:af:71:91:24:ff:ce:98:57:23:3e:34:c0:1e:ca:a1:
d1:3c:5b:62:25:bb:18:26:03:2b:b4:57:35:b5:34:99:c6:ca:
38:08:30:c0:73:05:e5:6d:85:30:5a:24:3d:41:5e:db:ca:f8:
05:99:3e:86:5f:83:01:6b:b3:b3:6b:44:01:e2:93:e0:13:f0:
cb:8f:59:1b:bb:a0:5c:48:fa:e1:1d:51:35:b7:7c:0b:06:44:
83:e5:5b:fe:87:6f:57:25:f1:e4:2e:bf:bb:aa:60:d0:6f:0e:
09:d7:c7:18:cf:61:1e:60:1f:06:45:85:36:db:4b:30:87:5c:
24:0f:84:a6:b2:39:fa:ee:ce:66:b9:a5:3e:cd:47:43:90:f5:
76:70:bb:c1:63:e0:86:b0:6a:7e:ba:50:98:a4:ee:6a:a7:b5:
c7:a2:cb:f7:42:7c:de:53:b2:78:b7:9e:44:52:0e:09:52:d7:
60:f4:73:4f
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAZQlIV6wdBA8Qh8fBwlesEr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYTE5MDUwNGI2ZDllZDljMTgwOTY4NDA0MjViMTFkN2Iy
MmRmZjQwHhcNMjUwMTAyMDM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q3ZThhNWE1Y2VmOWY1NTBhNGE3NDlmMGIxYzgxOTc4YTJmZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmE4cG0K6HcYiY+RRdX0HvUQ7gYqI
P13y609kKYFof++wXi7S8mr/KZtMTAMG/qLLZiF5h0foTQPLsqSHIMATNamt7QuF
qcMaDFm2glMGz+qYghhmPEd2eKxRzrWkq91GAgpCDQJUzdCSv2Md8hvDrlOZ3HG9
8vwNNYpD1+hKZEPCPf1e+kAobqsdakc1ifpviKnowATixvu0Cy0Cw/JRT1oLZxoD
XP3nZKtpMwUYoXncZgvmF9VB28tsp4d/lQMFDWPeNWDeFZIJC0GVhpluTm8VuIpC
UiSpVP+1eVBDVOYlC4tQEP6PDickr/W1t+f+Zvm4gs20mJMeTYk8lzGKxQIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFAPX6KWlzvn1UKSnSfCxyBl4ov0lMB8GA1UdIwQY
MBaAFMGhkFBLbZ7ZwYCWhAQlsR17It/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2FHUVVFdHRudG5CZ0phRUJDV3hIWHNpM19RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zODdmMjEtMTAxYi00ODdlLThhMGYt
MGI4MzhhNTk5NjYyLzEvQTlmb3BhWE8tZlZRcEtkSjhMSElHWGlpX1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zODdmMjEtMTAxYi00ODdlLThhMGYtMGI4MzhhNTk5NjYy
LzEvd2FHUVVFdHRudG5CZ0phRUJDV3hIWHNpM19RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHMBggrBgEFBQcBBwEB/wSBvDCBuTCBpwQCAAEwgaADBAIF
LSADBAMFOfgDBAQFztADBAJNSzADBAJTj0wDBAJUJ8wDBANbveADBAJbw0ADBAJt
z0gDBAK5lBwDBAK55VADBAO55xgDBAK56dQDBAK57AQDBAK59VgwDAMEArn3LAME
Arn3MAMEArn45AMEArn6iAMEArn8fAMEArn+MAMEAcEhhgMEAsEkpAMEAsIxWDAM
AwQFwyrgAwQBwyrkMA0EAgACMAcDBQEqAFFAMA0GCSqGSIb3DQEBCwUAA4IBAQAC
vFpglhBe6AluS7rj1hatFb5jqKRnuYFpu3/2+20h/y7gmN84VE8B9xEyWTEr6dkg
WwDe+AtNn/ElE+40/jtvWZWGOdPU+UzFVrCvcZEk/86YVyM+NMAeyqHRPFtiJbsY
JgMrtFc1tTSZxso4CDDAcwXlbYUwWiQ9QV7byvgFmT6GX4MBa7Oza0QB4pPgE/DL
j1kbu6BcSPrhHVE1t3wLBkSD5Vv+h29XJfHkLr+7qmDQbw4J18cYz2EeYB8GRYU2
20swh1wkD4Smsjn67s5muaU+zUdDkPV2cLvBY+CGsGp+ulCYpO5qp7XHosv3Qnze
U7J4t55EUg4JUtdg9HNP
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:12:26 2025 by rpki-client