Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/kd8fzAlaw81aCGqKN5QtBjI0J4E.roa
File: kd8fzAlaw81aCGqKN5QtBjI0J4E.roa (raw, json)
Hash identifier: p993cNExBl5IgU+Cp2GhYLJTssAtzIk61HCuCPXtcgY=
Subject key identifier: 91:DF:1F:CC:09:5A:C3:CD:5A:08:6A:8A:37:94:2D:06:32:34:27:81
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 01956B6F70744BDB7610837FD80BE0D72A47
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/kd8fzAlaw81aCGqKN5QtBjI0J4E.roa
Signing time: Thu 06 Mar 2025 12:30:20 +0000
ROA not before: Thu 06 Mar 2025 12:30:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12668
IP address blocks: 5.141.234.0/23 maxlen: 23
31.192.169.0/24 maxlen: 24
31.192.171.0/24 maxlen: 24
31.192.179.0/24 maxlen: 24
31.192.180.0/24 maxlen: 24
31.192.181.0/24 maxlen: 24
31.192.187.0/24 maxlen: 24
31.192.188.0/24 maxlen: 24
46.229.96.0/20 maxlen: 20
87.224.185.0/24 maxlen: 24
87.224.249.0/24 maxlen: 24
87.224.251.0/24 maxlen: 24
90.157.3.0/24 maxlen: 24
90.157.5.0/24 maxlen: 24
90.157.16.0/24 maxlen: 24
90.157.24.0/24 maxlen: 24
90.157.30.0/24 maxlen: 24
90.157.34.0/24 maxlen: 24
90.157.41.0/24 maxlen: 24
90.157.49.0/24 maxlen: 24
90.157.54.0/24 maxlen: 24
90.157.58.0/24 maxlen: 24
90.157.64.0/23 maxlen: 23
90.157.66.0/23 maxlen: 23
90.157.68.0/23 maxlen: 23
90.157.70.0/23 maxlen: 23
90.157.78.0/23 maxlen: 23
90.157.80.0/23 maxlen: 23
90.157.82.0/23 maxlen: 23
90.157.109.0/24 maxlen: 24
90.157.110.0/24 maxlen: 24
90.157.115.0/24 maxlen: 24
92.54.69.0/24 maxlen: 24
92.54.90.0/24 maxlen: 24
92.54.117.0/24 maxlen: 24
94.31.134.0/24 maxlen: 24
94.31.135.0/24 maxlen: 24
94.31.136.0/24 maxlen: 24
94.31.140.0/24 maxlen: 24
94.31.141.0/24 maxlen: 24
94.31.143.0/24 maxlen: 24
94.31.145.0/24 maxlen: 24
94.31.147.0/24 maxlen: 24
94.31.148.0/24 maxlen: 24
94.31.151.0/24 maxlen: 24
94.31.158.0/24 maxlen: 24
94.31.159.0/24 maxlen: 24
94.31.171.0/24 maxlen: 24
94.31.176.0/24 maxlen: 24
94.31.178.0/23 maxlen: 23
94.31.184.0/23 maxlen: 23
94.31.192.0/24 maxlen: 24
94.31.193.0/24 maxlen: 24
94.31.194.0/24 maxlen: 24
94.31.195.0/24 maxlen: 24
94.31.196.0/24 maxlen: 24
94.31.198.0/24 maxlen: 24
94.31.199.0/24 maxlen: 24
94.31.202.0/24 maxlen: 24
94.31.206.0/23 maxlen: 23
94.31.207.0/24 maxlen: 24
94.31.210.0/24 maxlen: 24
94.31.212.0/24 maxlen: 24
94.31.216.0/24 maxlen: 24
94.31.217.0/24 maxlen: 24
94.31.221.0/24 maxlen: 24
94.31.224.0/24 maxlen: 24
94.31.226.0/24 maxlen: 24
94.31.229.0/24 maxlen: 24
94.31.233.0/24 maxlen: 24
94.31.234.0/24 maxlen: 24
94.31.240.0/24 maxlen: 24
94.31.241.0/24 maxlen: 24
94.31.243.0/24 maxlen: 24
94.31.246.0/23 maxlen: 23
94.31.250.0/24 maxlen: 24
94.31.253.0/24 maxlen: 24
94.31.255.0/24 maxlen: 24
94.51.232.0/21 maxlen: 21
188.17.116.0/23 maxlen: 23
188.18.112.0/24 maxlen: 24
188.18.113.0/24 maxlen: 24
188.18.116.0/24 maxlen: 24
188.73.131.0/24 maxlen: 24
188.73.136.0/24 maxlen: 24
188.73.137.0/24 maxlen: 24
188.73.139.0/24 maxlen: 24
188.73.141.0/24 maxlen: 24
188.73.142.0/24 maxlen: 24
188.73.144.0/23 maxlen: 23
188.73.144.0/24 maxlen: 24
188.73.147.0/24 maxlen: 24
188.73.149.0/24 maxlen: 24
188.73.151.0/24 maxlen: 24
188.73.154.0/24 maxlen: 24
188.73.156.0/24 maxlen: 24
188.73.158.0/24 maxlen: 24
188.73.162.0/24 maxlen: 24
188.73.168.0/24 maxlen: 24
188.73.170.0/23 maxlen: 23
188.73.174.0/23 maxlen: 23
188.73.183.0/24 maxlen: 24
188.73.185.0/24 maxlen: 24
213.142.34.0/24 maxlen: 24
213.142.35.0/24 maxlen: 24
213.142.37.0/24 maxlen: 24
213.142.40.0/24 maxlen: 24
213.142.41.0/24 maxlen: 24
213.142.57.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 13 Mar 2025 20:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:6b:6f:70:74:4b:db:76:10:83:7f:d8:0b:e0:d7:2a:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Mar 6 12:30:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91df1fcc095ac3cd5a086a8a37942d0632342781
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:5b:6e:f4:e4:7e:4c:b4:13:2a:0c:6d:5c:42:
e8:0c:db:23:5c:8f:75:66:f6:48:84:11:0a:94:f4:
fe:9c:1a:d6:bf:08:14:85:41:46:1f:2d:14:8c:58:
9e:d5:89:bc:d4:7e:63:2d:6a:52:d6:27:86:72:9d:
60:69:43:ab:57:6d:bb:10:f2:fb:f2:b2:1a:12:03:
01:c6:c5:77:98:4f:a1:70:f3:dc:f4:cf:c4:f0:c3:
72:26:19:88:f7:69:8d:fc:ca:bf:3e:1a:10:0d:5d:
c4:73:a9:3a:4c:4f:e0:a8:3d:c1:02:85:e4:48:d5:
d5:57:b5:09:03:03:ef:a1:50:68:7a:91:38:c9:b2:
9a:48:17:2d:99:8d:15:5e:a3:46:30:9e:fe:d5:56:
07:24:30:61:71:d9:c2:05:c1:bd:5e:b0:c0:9a:20:
ea:69:c5:65:d1:e0:c3:bb:7f:2d:96:7b:51:95:d0:
a6:ef:70:35:45:de:07:65:15:3e:78:2a:08:d8:7c:
fb:e6:60:be:39:21:5b:ef:35:a5:33:89:5a:99:02:
4f:72:13:fc:8f:85:23:5f:10:86:14:0b:bb:21:3c:
43:43:d2:a1:8b:9e:38:26:cb:4c:42:c3:d8:0c:2d:
50:40:b8:88:01:c5:a0:3c:5e:56:99:9f:29:68:d4:
01:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:DF:1F:CC:09:5A:C3:CD:5A:08:6A:8A:37:94:2D:06:32:34:27:81
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/kd8fzAlaw81aCGqKN5QtBjI0J4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.141.234.0/23
31.192.169.0/24
31.192.171.0/24
31.192.179.0-31.192.181.255
31.192.187.0-31.192.188.255
46.229.96.0/20
87.224.185.0/24
87.224.249.0/24
87.224.251.0/24
90.157.3.0/24
90.157.5.0/24
90.157.16.0/24
90.157.24.0/24
90.157.30.0/24
90.157.34.0/24
90.157.41.0/24
90.157.49.0/24
90.157.54.0/24
90.157.58.0/24
90.157.64.0/21
90.157.78.0-90.157.83.255
90.157.109.0-90.157.110.255
90.157.115.0/24
92.54.69.0/24
92.54.90.0/24
92.54.117.0/24
94.31.134.0-94.31.136.255
94.31.140.0/23
94.31.143.0/24
94.31.145.0/24
94.31.147.0-94.31.148.255
94.31.151.0/24
94.31.158.0/23
94.31.171.0/24
94.31.176.0/24
94.31.178.0/23
94.31.184.0/23
94.31.192.0-94.31.196.255
94.31.198.0/23
94.31.202.0/24
94.31.206.0/23
94.31.210.0/24
94.31.212.0/24
94.31.216.0/23
94.31.221.0/24
94.31.224.0/24
94.31.226.0/24
94.31.229.0/24
94.31.233.0-94.31.234.255
94.31.240.0/23
94.31.243.0/24
94.31.246.0/23
94.31.250.0/24
94.31.253.0/24
94.31.255.0/24
94.51.232.0/21
188.17.116.0/23
188.18.112.0/23
188.18.116.0/24
188.73.131.0/24
188.73.136.0/23
188.73.139.0/24
188.73.141.0-188.73.142.255
188.73.144.0/23
188.73.147.0/24
188.73.149.0/24
188.73.151.0/24
188.73.154.0/24
188.73.156.0/24
188.73.158.0/24
188.73.162.0/24
188.73.168.0/24
188.73.170.0/23
188.73.174.0/23
188.73.183.0/24
188.73.185.0/24
213.142.34.0/23
213.142.37.0/24
213.142.40.0/23
213.142.57.0/24
Signature Algorithm: sha256WithRSAEncryption
00:2f:f9:03:8f:a8:07:35:de:8b:09:26:fa:0b:52:63:9b:a2:
0b:36:91:10:f8:f1:67:6c:3f:f4:76:d4:57:c1:f7:21:75:a4:
e4:dc:ee:db:03:c3:5f:a7:35:73:da:39:a5:15:05:3f:49:5e:
6e:c7:ef:13:cf:69:28:3f:2d:39:df:9e:9b:77:3c:f2:08:ca:
4d:06:24:4b:7d:55:b4:5e:28:97:4a:22:3b:48:0d:a3:f8:be:
eb:46:51:63:a3:ad:21:5a:ee:d0:32:4d:4b:ef:84:c4:da:64:
28:7b:bd:9b:e8:8b:6f:64:7c:33:47:ac:d3:38:e0:95:7e:d2:
7a:42:d1:d6:f9:72:8f:dc:1b:20:68:cc:93:f9:95:c1:00:1f:
83:a1:47:fe:42:5c:f6:fe:d7:37:6f:d7:2e:98:01:f1:02:05:
53:87:d9:1c:81:a0:8d:ab:7d:c1:73:ca:2f:b9:50:1d:96:ad:
87:d8:1d:b3:39:70:01:23:f8:16:21:c8:55:14:76:74:24:d1:
50:91:6a:6b:d0:c4:49:3d:60:14:07:50:25:c0:fb:3a:62:4e:
e8:97:94:e2:db:17:c9:0f:fb:07:6e:7b:82:b1:9a:43:1f:9e:
47:f0:7e:64:c4:46:ce:49:32:a3:55:da:cc:7c:32:b1:81:e0:
76:f2:1c:2d
-----BEGIN CERTIFICATE-----
MIIHKTCCBhGgAwIBAgISAZVrb3B0S9t2EIN/2Avg1ypHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMzA2MTIzMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRmMWZjYzA5NWFjM2NkNWEwODZhOGEzNzk0MmQwNjMyMzQyNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFtu9OR+TLQTKgxtXELoDNsjXI91
ZvZIhBEKlPT+nBrWvwgUhUFGHy0UjFie1Ym81H5jLWpS1ieGcp1gaUOrV227EPL7
8rIaEgMBxsV3mE+hcPPc9M/E8MNyJhmI92mN/Mq/PhoQDV3Ec6k6TE/gqD3BAoXk
SNXVV7UJAwPvoVBoepE4ybKaSBctmY0VXqNGMJ7+1VYHJDBhcdnCBcG9XrDAmiDq
acVl0eDDu38tlntRldCm73A1Rd4HZRU+eCoI2Hz75mC+OSFb7zWlM4lamQJPchP8
j4UjXxCGFAu7ITxDQ9Khi544JstMQsPYDC1QQLiIAcWgPF5WmZ8paNQBDQIDAQAB
o4IENTCCBDEwHQYDVR0OBBYEFJHfH8wJWsPNWghqijeULQYyNCeBMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEva2Q4ZnpBbGF3ODFhQ0dxS041UXRCakkwSjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICSQYIKwYBBQUHAQcBAf8EggI4MIICNDCCAjAEAgABMIIC
KAMEAQWN6gMEAB/AqQMEAB/AqzAMAwQAH8CzAwQBH8C0MAwDBAAfwLsDBAAfwLwD
BAQu5WADBABX4LkDBABX4PkDBABX4PsDBABanQMDBABanQUDBABanRADBABanRgD
BABanR4DBABanSIDBABanSkDBABanTEDBABanTYDBABanToDBANanUAwDAMEAVqd
TgMEAlqdUDAMAwQAWp1tAwQAWp1uAwQAWp1zAwQAXDZFAwQAXDZaAwQAXDZ1MAwD
BAFeH4YDBABeH4gDBAFeH4wDBABeH48DBABeH5EwDAMEAF4fkwMEAF4flAMEAF4f
lwMEAV4fngMEAF4fqwMEAF4fsAMEAV4fsgMEAV4fuDAMAwQGXh/AAwQAXh/EAwQB
Xh/GAwQAXh/KAwQBXh/OAwQAXh/SAwQAXh/UAwQBXh/YAwQAXh/dAwQAXh/gAwQA
Xh/iAwQAXh/lMAwDBABeH+kDBABeH+oDBAFeH/ADBABeH/MDBAFeH/YDBABeH/oD
BABeH/0DBABeH/8DBANeM+gDBAG8EXQDBAG8EnADBAC8EnQDBAC8SYMDBAG8SYgD
BAC8SYswDAMEALxJjQMEALxJjgMEAbxJkAMEALxJkwMEALxJlQMEALxJlwMEALxJ
mgMEALxJnAMEALxJngMEALxJogMEALxJqAMEAbxJqgMEAbxJrgMEALxJtwMEALxJ
uQMEAdWOIgMEANWOJQMEAdWOKAMEANWOOTANBgkqhkiG9w0BAQsFAAOCAQEAAC/5
A4+oBzXeiwkm+gtSY5uiCzaREPjxZ2w/9HbUV8H3IXWk5Nzu2wPDX6c1c9o5pRUF
P0lebsfvE89pKD8tOd+em3c88gjKTQYkS31VtF4ol0oiO0gNo/i+60ZRY6OtIVru
0DJNS++ExNpkKHu9m+iLb2R8M0es0zjglX7SekLR1vlyj9wbIGjMk/mVwQAfg6FH
/kJc9v7XN2/XLpgB8QIFU4fZHIGgjat9wXPKL7lQHZath9gdszlwASP4FiHIVRR2
dCTRUJFqa9DEST1gFAdQJcD7OmJO6JeU4tsXyQ/7B257grGaQx+eR/B+ZMRGzkky
o1XazHwysYHgdvIcLQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:33:00 2025 by rpki-client