Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/SwAuH7K0Fsen-EFDD0RumvTJT5k.roa
File: SwAuH7K0Fsen-EFDD0RumvTJT5k.roa (raw, json)
Hash identifier: PKyqUV7AQ655utV76AfoPJ+e59HNgzz1UKbSSMezmGE=
Subject key identifier: 4B:00:2E:1F:B2:B4:16:C7:A7:F8:41:43:0F:44:6E:9A:F4:C9:4F:99
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 019634220B5A3C0E16BE701BB2C188C96EC0
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/SwAuH7K0Fsen-EFDD0RumvTJT5k.roa
Signing time: Mon 14 Apr 2025 11:49:28 +0000
ROA not before: Mon 14 Apr 2025 11:49:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15468
IP address blocks: 5.143.176.0/20 maxlen: 21
5.143.176.0/21 maxlen: 21
5.143.184.0/21 maxlen: 21
31.172.192.0/19 maxlen: 19
31.172.192.0/20 maxlen: 20
31.172.192.0/21 maxlen: 21
31.172.200.0/21 maxlen: 21
31.172.208.0/20 maxlen: 20
31.172.208.0/21 maxlen: 21
31.172.216.0/21 maxlen: 21
62.148.128.0/19 maxlen: 19
62.148.128.0/20 maxlen: 20
62.148.144.0/20 maxlen: 20
94.242.128.0/18 maxlen: 18
94.242.128.0/19 maxlen: 19
94.242.128.0/20 maxlen: 20
94.242.144.0/20 maxlen: 20
94.242.144.0/24 maxlen: 24
94.242.145.0/24 maxlen: 24
94.242.146.0/24 maxlen: 24
94.242.147.0/24 maxlen: 24
94.242.148.0/24 maxlen: 24
94.242.149.0/24 maxlen: 24
94.242.150.0/24 maxlen: 24
94.242.151.0/24 maxlen: 24
94.242.160.0/19 maxlen: 19
94.242.160.0/20 maxlen: 20
94.242.176.0/20 maxlen: 20
95.107.16.0/20 maxlen: 20
95.107.16.0/21 maxlen: 21
95.107.24.0/21 maxlen: 21
95.107.112.0/20 maxlen: 20
95.107.112.0/21 maxlen: 21
95.107.120.0/21 maxlen: 21
109.225.0.0/18 maxlen: 18
109.225.0.0/19 maxlen: 19
109.225.0.0/20 maxlen: 20
109.225.16.0/20 maxlen: 20
109.225.32.0/19 maxlen: 20
109.225.40.0/22 maxlen: 22
212.106.32.0/19 maxlen: 19
212.106.32.0/20 maxlen: 20
212.106.32.0/21 maxlen: 21
212.106.40.0/21 maxlen: 21
212.106.48.0/20 maxlen: 20
212.106.48.0/21 maxlen: 21
212.106.56.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:34:22:0b:5a:3c:0e:16:be:70:1b:b2:c1:88:c9:6e:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Apr 14 11:49:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b002e1fb2b416c7a7f841430f446e9af4c94f99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:f1:99:49:41:dc:33:c6:8c:16:2b:82:ea:5b:
55:68:f6:37:e9:40:09:96:1c:d0:6a:e1:bd:2a:c0:
93:d8:c5:f6:bb:2c:f0:31:82:fd:86:f7:65:2c:bc:
ad:96:d8:5f:1d:c7:2a:63:1f:ab:52:b7:69:87:e2:
21:cf:aa:17:df:99:7d:48:13:3f:f6:d3:ae:2b:57:
b5:ce:f0:77:83:b4:20:ab:81:12:35:4b:a2:b4:93:
57:33:3a:ef:bc:2f:e5:d2:fd:2d:c2:d8:4e:5e:d1:
ff:b8:a9:e4:7b:18:b8:96:9b:98:db:9e:56:b7:75:
1d:31:66:4e:f8:22:a2:b1:29:c5:4b:af:bc:5a:57:
51:69:cf:f6:06:ae:3d:05:5f:f8:63:df:8f:38:b8:
a5:a4:8a:fa:95:8a:86:79:1c:80:d2:4a:e6:f5:3e:
c7:3e:79:86:97:4a:c1:0b:c3:39:69:fd:fa:49:1f:
9f:8d:3f:e4:47:1b:5f:7b:4e:64:33:d5:26:9f:44:
db:89:4e:04:ce:f8:6c:48:b1:e6:73:78:5d:63:10:
79:db:a5:5a:8f:d1:e7:eb:a3:ed:72:b2:90:bf:3b:
c5:18:a6:10:6c:b6:19:c4:a2:c5:ed:a8:c1:d6:6a:
a2:1d:c9:17:26:f4:87:73:62:74:4b:58:b7:fa:f9:
8c:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:00:2E:1F:B2:B4:16:C7:A7:F8:41:43:0F:44:6E:9A:F4:C9:4F:99
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/SwAuH7K0Fsen-EFDD0RumvTJT5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.143.176.0/20
31.172.192.0/19
62.148.128.0/19
94.242.128.0/18
95.107.16.0/20
95.107.112.0/20
109.225.0.0/18
212.106.32.0/19
Signature Algorithm: sha256WithRSAEncryption
51:b9:a5:86:78:b3:6c:3a:d9:28:21:bc:eb:d8:17:58:ee:d6:
e1:11:14:12:96:5a:a6:7a:65:58:e7:50:42:14:d3:6f:a1:a3:
e8:72:6f:39:6f:4c:12:18:25:58:28:d8:4e:cd:26:c9:8d:38:
48:fe:cd:40:a8:a4:63:0f:bc:17:ba:ed:55:6b:ee:18:f4:ee:
08:ab:0e:6b:60:ac:2c:ee:59:46:bd:3b:f8:c9:10:c7:2b:8d:
37:88:f8:bd:83:bf:5b:e9:57:47:5e:a1:b4:46:48:b9:aa:2f:
c6:ba:a3:f2:17:b6:87:36:79:2c:76:47:43:cb:8d:02:1e:e9:
c6:ee:74:2d:c6:3f:5c:aa:d2:2d:56:a4:b1:7b:46:b2:5f:a3:
9d:c4:a2:c8:ce:5b:1e:fc:db:8f:a2:33:bd:c0:a5:80:d6:b9:
f3:55:4d:79:c3:b9:23:69:d2:6f:8d:61:71:d7:f3:a3:95:c5:
93:b8:17:f3:60:6a:d1:f6:6b:1f:5d:f2:e9:b2:52:48:9c:50:
8d:9d:01:98:5e:93:be:5b:c3:66:1c:1e:1f:89:bd:f3:29:4b:
31:fd:62:ca:01:86:3b:b5:a5:08:cb:89:d1:79:b9:40:29:5c:
b4:25:d1:a3:f5:e1:9b:0e:ea:59:24:ea:3f:88:34:1d:61:62:
8f:3f:ae:c4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZY0IgtaPA4WvnAbssGIyW7AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNDE0MTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjAwMmUxZmIyYjQxNmM3YTdmODQxNDMwZjQ0NmU5YWY0Yzk0Zjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvGZSUHcM8aMFiuC6ltVaPY36UAJ
lhzQauG9KsCT2MX2uyzwMYL9hvdlLLytlthfHccqYx+rUrdph+Ihz6oX35l9SBM/
9tOuK1e1zvB3g7Qgq4ESNUuitJNXMzrvvC/l0v0twthOXtH/uKnkexi4lpuY255W
t3UdMWZO+CKisSnFS6+8WldRac/2Bq49BV/4Y9+POLilpIr6lYqGeRyA0krm9T7H
PnmGl0rBC8M5af36SR+fjT/kRxtfe05kM9Umn0TbiU4EzvhsSLHmc3hdYxB526Va
j9Hn66PtcrKQvzvFGKYQbLYZxKLF7ajB1mqiHckXJvSHc2J0S1i3+vmMdQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEsALh+ytBbHp/hBQw9Ebpr0yU+ZMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvU3dBdUg3SzBGc2VuLUVGREQwUnVtdlRKVDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBY+wAwQF
H6zAAwQFPpSAAwQGXvKAAwQEX2sQAwQEX2twAwQGbeEAAwQF1GogMA0GCSqGSIb3
DQEBCwUAA4IBAQBRuaWGeLNsOtkoIbzr2BdY7tbhERQSllqmemVY51BCFNNvoaPo
cm85b0wSGCVYKNhOzSbJjThI/s1AqKRjD7wXuu1Va+4Y9O4Iqw5rYKws7llGvTv4
yRDHK403iPi9g79b6VdHXqG0Rki5qi/GuqPyF7aHNnksdkdDy40CHunG7nQtxj9c
qtItVqSxe0ayX6OdxKLIzlse/NuPojO9wKWA1rnzVU15w7kjadJvjWFx1/OjlcWT
uBfzYGrR9msfXfLpslJInFCNnQGYXpO+W8NmHB4fib3zKUsx/WLKAYY7taUIy4nR
eblAKVy0JdGj9eGbDupZJOo/iDQdYWKPP67E
-----END CERTIFICATE-----
Generated at Wed Apr 23 00:58:14 2025 by rpki-client