Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/pdDAC4RaXrbm_Y20ponPOmuH4cU.roa
File: pdDAC4RaXrbm_Y20ponPOmuH4cU.roa (raw, json)
Hash identifier: crXsciUxHHD0O6gi4/173eJHNFK3gsfUEVM1Ws7r3mc=
Subject key identifier: A5:D0:C0:0B:84:5A:5E:B6:E6:FD:8D:B4:A6:89:CF:3A:6B:87:E1:C5
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 0194266C78797E6E19F9864228A18D14D252
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/pdDAC4RaXrbm_Y20ponPOmuH4cU.roa
Signing time: Thu 02 Jan 2025 09:50:30 +0000
ROA not before: Thu 02 Jan 2025 09:50:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42610
IP address blocks: 5.228.0.0/16 maxlen: 16
5.228.80.0/23 maxlen: 23
5.228.82.0/23 maxlen: 23
5.228.112.0/23 maxlen: 23
5.228.114.0/23 maxlen: 23
5.228.116.0/23 maxlen: 23
5.228.118.0/23 maxlen: 23
37.110.0.0/17 maxlen: 17
37.110.128.0/19 maxlen: 19
37.204.0.0/16 maxlen: 16
46.242.0.0/17 maxlen: 17
46.242.8.0/22 maxlen: 22
46.242.12.0/22 maxlen: 22
77.37.128.0/17 maxlen: 17
83.166.227.0/24 maxlen: 24
84.253.64.0/18 maxlen: 18
85.30.192.0/18 maxlen: 18
85.172.171.0/24 maxlen: 24
90.154.64.0/18 maxlen: 18
90.154.70.0/23 maxlen: 23
90.154.72.0/23 maxlen: 23
90.156.172.0/22 maxlen: 22
95.84.128.0/18 maxlen: 18
95.84.192.0/18 maxlen: 18
109.173.0.0/17 maxlen: 17
178.140.0.0/16 maxlen: 16
185.19.20.0/22 maxlen: 22
188.32.0.0/16 maxlen: 16
188.255.0.0/17 maxlen: 17
217.12.41.0/24 maxlen: 24
2a02:2168::/29 maxlen: 29
2a02:2168::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 14 Mar 2025 00:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:78:79:7e:6e:19:f9:86:42:28:a1:8d:14:d2:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jan 2 09:50:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5d0c00b845a5eb6e6fd8db4a689cf3a6b87e1c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:18:39:51:ab:fd:53:4c:be:c9:96:a0:d7:7c:
50:5f:af:a6:be:14:57:24:45:6d:2a:60:89:ad:ca:
f3:c6:0c:94:c4:f5:30:86:a2:99:2d:0e:9d:27:a3:
bc:99:98:81:63:08:de:44:cb:a9:77:ab:59:cb:5f:
00:a6:12:f5:75:83:43:af:23:92:e6:7b:15:09:3e:
7d:a2:b5:d3:04:2c:5a:6a:b8:53:b6:6e:42:6e:87:
c8:c2:34:eb:f8:24:60:c3:d1:b5:f5:de:7a:de:7c:
5c:b6:ef:d1:5c:58:41:92:dc:e3:b8:00:3b:4c:4c:
e5:5c:6f:71:d8:ad:9d:2f:5d:5a:d9:b5:db:e7:5a:
f3:dc:0f:19:2f:f2:e9:a7:76:9a:05:16:a2:a6:7c:
08:51:3a:15:29:66:63:7d:ce:4f:23:b3:8c:b5:b8:
2a:0d:6c:8d:66:5c:69:83:05:fc:72:3e:55:74:37:
85:1c:5c:ff:18:16:b3:bb:7b:da:fb:97:e8:74:99:
03:76:36:19:65:59:f4:fd:68:07:a9:70:d5:ea:bf:
2c:a6:36:27:14:f4:00:55:59:59:00:5a:bd:50:85:
94:0d:fa:65:f1:50:26:46:a1:89:59:77:57:cc:b1:
65:0e:ef:23:f1:b0:ba:9e:fe:92:6c:c7:cd:75:e3:
3b:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:D0:C0:0B:84:5A:5E:B6:E6:FD:8D:B4:A6:89:CF:3A:6B:87:E1:C5
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/pdDAC4RaXrbm_Y20ponPOmuH4cU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.228.0.0/16
37.110.0.0-37.110.159.255
37.204.0.0/16
46.242.0.0/17
77.37.128.0/17
83.166.227.0/24
84.253.64.0/18
85.30.192.0/18
85.172.171.0/24
90.154.64.0/18
90.156.172.0/22
95.84.128.0/17
109.173.0.0/17
178.140.0.0/16
185.19.20.0/22
188.32.0.0/16
188.255.0.0/17
217.12.41.0/24
IPv6:
2a02:2168::/29
Signature Algorithm: sha256WithRSAEncryption
18:ac:de:91:8e:88:78:84:d2:bf:f5:5f:01:ff:dd:c7:f4:a2:
23:ca:3d:97:e6:82:80:d5:21:a9:dd:3f:54:05:4f:ba:e1:09:
37:cc:76:57:aa:b1:3f:8c:14:9f:b1:3a:f3:f6:00:70:d6:f5:
2a:a2:c5:b1:0a:87:84:6a:bf:01:87:12:80:26:35:06:2a:f2:
26:bd:e9:22:dd:52:83:e8:7a:c1:61:91:76:e3:fa:a7:0e:a0:
85:72:27:ca:4d:65:9e:75:49:e8:29:45:fa:46:3a:38:93:43:
d4:17:e1:e7:45:f5:3b:92:2b:44:df:bf:b2:d3:3e:98:c9:ec:
35:05:b5:b3:2f:26:fa:80:8d:0b:61:82:ed:80:58:46:92:5a:
4c:9a:0b:8e:45:c9:10:13:9c:42:ec:06:c4:36:3e:b9:0e:26:
50:56:72:4e:b7:99:59:49:e8:fb:24:42:c8:c4:42:6d:0e:cd:
7a:b1:c5:da:6d:c7:13:5c:40:0d:85:45:89:a3:11:c8:9b:4c:
c7:f7:0b:f2:9e:6c:3e:a4:32:73:01:cf:b1:86:79:11:42:43:
73:3f:3d:bd:ff:53:e6:e6:42:85:1f:99:b0:a5:da:4b:19:8d:
43:33:6c:3a:90:fb:4e:78:2f:42:63:91:93:f6:81:40:9b:3b:
34:d4:4e:dc
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQmbHh5fm4Z+YZCKKGNFNJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQwYzAwYjg0NWE1ZWI2ZTZmZDhkYjRhNjg5Y2YzYTZiODdlMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xg5Uav9U0y+yZag13xQX6+mvhRX
JEVtKmCJrcrzxgyUxPUwhqKZLQ6dJ6O8mZiBYwjeRMupd6tZy18AphL1dYNDryOS
5nsVCT59orXTBCxaarhTtm5CbofIwjTr+CRgw9G19d563nxctu/RXFhBktzjuAA7
TEzlXG9x2K2dL11a2bXb51rz3A8ZL/Lpp3aaBRaipnwIUToVKWZjfc5PI7OMtbgq
DWyNZlxpgwX8cj5VdDeFHFz/GBazu3va+5fodJkDdjYZZVn0/WgHqXDV6r8spjYn
FPQAVVlZAFq9UIWUDfpl8VAmRqGJWXdXzLFlDu8j8bC6nv6SbMfNdeM79QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKXQwAuEWl625v2NtKaJzzprh+HFMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvcGREQUM0UmFYcmJtX1kyMHBvblBPbXVINGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjB1BAIAATBvAwMABeQw
CwMDASVuAwQFJW6AAwMAJcwDBAcu8gADBAdNJYADBABTpuMDBAZU/UADBAZVHsAD
BABVrKsDBAZamkADBAJanKwDBAdfVIADBAdtrQADAwCyjAMEArkTFAMDALwgAwQH
vP8AAwQA2QwpMA0EAgACMAcDBQMqAiFoMA0GCSqGSIb3DQEBCwUAA4IBAQAYrN6R
joh4hNK/9V8B/93H9KIjyj2X5oKA1SGp3T9UBU+64Qk3zHZXqrE/jBSfsTrz9gBw
1vUqosWxCoeEar8BhxKAJjUGKvImveki3VKD6HrBYZF24/qnDqCFcifKTWWedUno
KUX6Rjo4k0PUF+HnRfU7kitE37+y0z6Yyew1BbWzLyb6gI0LYYLtgFhGklpMmguO
RckQE5xC7AbENj65DiZQVnJOt5lZSej7JELIxEJtDs16scXabccTXEANhUWJoxHI
m0zH9wvynmw+pDJzAc+xhnkRQkNzPz29/1Pm5kKFH5mwpdpLGY1DM2w6kPtOeC9C
Y5GT9oFAmzs01E7c
-----END CERTIFICATE-----
Generated at Thu Mar 13 06:55:31 2025 by rpki-client