Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/XgR8akpJkIXmtNYutT4OTp5quOo.roa
File: XgR8akpJkIXmtNYutT4OTp5quOo.roa (raw, json)
Hash identifier: J70lBDkMgy2Yl8b9o6aU3SeolN3Fw23mWFk4KOMdzQk=
Subject key identifier: 5E:04:7C:6A:4A:49:90:85:E6:B4:D6:2E:B5:3E:0E:4E:9E:6A:B8:EA
Certificate issuer: /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial: 01966BCD670E66564105C465390323849D33
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/XgR8akpJkIXmtNYutT4OTp5quOo.roa
Signing time: Fri 25 Apr 2025 07:15:45 +0000
ROA not before: Fri 25 Apr 2025 07:15:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49628
IP address blocks: 5.187.8.0/21 maxlen: 21
5.187.8.0/24 maxlen: 24
5.187.9.0/24 maxlen: 24
5.187.10.0/24 maxlen: 24
5.187.11.0/24 maxlen: 24
5.187.12.0/24 maxlen: 24
37.75.128.0/21 maxlen: 21
78.40.104.0/22 maxlen: 22
78.40.104.0/24 maxlen: 24
78.40.105.0/24 maxlen: 24
78.40.106.0/24 maxlen: 24
78.40.107.0/24 maxlen: 24
185.46.176.0/22 maxlen: 22
185.46.176.0/24 maxlen: 24
185.46.177.0/24 maxlen: 24
185.46.178.0/24 maxlen: 24
185.46.179.0/24 maxlen: 24
185.81.92.0/22 maxlen: 22
185.81.92.0/24 maxlen: 24
185.81.93.0/24 maxlen: 24
185.81.94.0/24 maxlen: 24
185.81.95.0/24 maxlen: 24
185.168.224.0/22 maxlen: 22
185.168.224.0/24 maxlen: 24
185.168.225.0/24 maxlen: 24
185.168.226.0/24 maxlen: 24
185.168.227.0/24 maxlen: 24
188.227.192.0/22 maxlen: 22
188.227.192.0/24 maxlen: 24
188.227.193.0/24 maxlen: 24
188.227.194.0/24 maxlen: 24
188.227.195.0/24 maxlen: 24
193.176.212.0/22 maxlen: 22
193.176.212.0/24 maxlen: 24
193.176.213.0/24 maxlen: 24
193.176.214.0/24 maxlen: 24
193.176.215.0/24 maxlen: 24
2a0a:2900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.mft
rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 07:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6b:cd:67:0e:66:56:41:05:c4:65:39:03:23:84:9d:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
Validity
Not Before: Apr 25 07:15:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e047c6a4a499085e6b4d62eb53e0e4e9e6ab8ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:14:fd:91:d0:dc:88:15:1f:f6:5e:28:9b:2e:
62:22:9e:d7:20:d1:f5:4a:93:a1:77:f1:74:ae:e1:
3d:61:90:89:c1:e2:f3:69:46:92:93:83:65:dd:eb:
a3:c2:ef:f7:aa:fb:2b:f0:45:d0:b6:94:0e:ac:ca:
ea:44:ac:c0:bb:3a:af:8f:f1:5c:54:b7:b2:7f:21:
e8:95:0f:8a:6d:88:e5:a5:90:5b:bd:fd:12:59:bf:
8e:17:8d:77:84:07:29:1f:69:f4:c3:47:bb:7f:04:
57:bd:d8:56:60:3b:fa:31:32:c1:be:95:6d:af:bd:
5f:22:ff:39:86:2c:e1:1b:05:38:e5:75:90:92:4e:
0f:11:33:38:68:01:0f:fd:2a:e1:f2:78:4a:7d:ef:
d8:70:59:aa:a7:f9:3c:24:62:29:0c:2a:89:09:d5:
41:79:49:44:ec:c0:8c:95:6d:40:5a:03:a2:4b:09:
86:ca:e7:e9:a5:9d:a0:69:6c:7a:5a:76:94:6c:b7:
87:87:09:58:32:12:d1:8e:7c:41:cb:3e:fd:eb:ec:
c6:32:bf:06:60:77:36:73:08:90:45:8d:42:b4:95:
92:9d:38:fa:c1:50:0e:55:4e:c3:72:2a:26:bd:6c:
86:48:b6:80:a1:73:33:a8:36:fb:9b:f4:83:42:b5:
c3:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:04:7C:6A:4A:49:90:85:E6:B4:D6:2E:B5:3E:0E:4E:9E:6A:B8:EA
X509v3 Authority Key Identifier:
keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/XgR8akpJkIXmtNYutT4OTp5quOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.8.0/21
37.75.128.0/21
78.40.104.0/22
185.46.176.0/22
185.81.92.0/22
185.168.224.0/22
188.227.192.0/22
193.176.212.0/22
IPv6:
2a0a:2900::/29
Signature Algorithm: sha256WithRSAEncryption
51:53:41:49:fc:5c:b0:48:68:5e:8d:78:e1:84:6b:54:a0:10:
f1:4f:d8:3d:23:5b:9a:52:1a:20:60:5f:49:f1:c7:6a:e9:0c:
e3:8b:62:e8:60:e0:97:fe:33:b5:8e:6d:30:13:a8:b2:36:72:
35:33:e1:e0:4b:1b:4a:f9:f5:a5:ab:8a:9f:73:c7:48:e0:b0:
f8:ac:25:c7:96:19:b2:df:1e:8a:80:f0:5f:5b:65:a5:70:22:
d8:ef:11:a8:6f:84:2c:a2:2c:22:61:79:55:18:99:86:44:68:
3f:4b:8f:1b:b3:a0:75:f7:61:69:c4:91:33:d2:68:9a:57:f6:
63:2f:a0:e3:b7:65:51:22:a8:d7:24:80:e6:19:06:d2:fe:11:
99:57:68:8a:96:dd:db:c2:7b:fa:6e:de:5b:21:c0:f7:eb:79:
b1:67:b8:31:c0:e6:15:d8:d8:8b:10:00:48:a4:f3:53:f8:d3:
33:c4:f7:ed:f3:57:58:6f:6b:8c:ea:4c:24:7d:7e:72:18:a6:
7d:14:b8:fc:45:2a:cd:dc:ed:00:d3:b0:51:82:66:e5:94:bf:
a0:2c:4e:fe:f0:bd:11:9e:51:73:3e:91:d1:d6:0c:8b:88:20:
f4:58:f0:c3:23:1d:c7:91:ea:f9:de:d4:ce:98:45:dc:b7:98:
a0:11:ef:f9
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZZrzWcOZlZBBcRlOQMjhJ0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjkzNjI2NmU5ODBkZDIwM2IyY2JlYjFjOWM0NTcwNjA0
YjkxMWIwHhcNMjUwNDI1MDcxNTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTA0N2M2YTRhNDk5MDg1ZTZiNGQ2MmViNTNlMGU0ZTllNmFiOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRT9kdDciBUf9l4omy5iIp7XINH1
SpOhd/F0ruE9YZCJweLzaUaSk4Nl3eujwu/3qvsr8EXQtpQOrMrqRKzAuzqvj/Fc
VLeyfyHolQ+KbYjlpZBbvf0SWb+OF413hAcpH2n0w0e7fwRXvdhWYDv6MTLBvpVt
r71fIv85hizhGwU45XWQkk4PETM4aAEP/Srh8nhKfe/YcFmqp/k8JGIpDCqJCdVB
eUlE7MCMlW1AWgOiSwmGyufppZ2gaWx6WnaUbLeHhwlYMhLRjnxByz796+zGMr8G
YHc2cwiQRY1CtJWSnTj6wVAOVU7DciomvWyGSLaAoXMzqDb7m/SDQrXDxwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFF4EfGpKSZCF5rTWLrU+Dk6earjqMB8GA1UdIwQY
MBaAFFhpNiZumA3SA7LL6xycRXBgS5EbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEt
N2RhMTgzZWZmMTE1LzEvWGdSOGFrcEprSVhtdE5ZdXRUNE9UcDVxdU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEtN2RhMTgzZWZmMTE1
LzEvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBbsIAwQD
JUuAAwQCTihoAwQCuS6wAwQCuVFcAwQCuajgAwQCvOPAAwQCwbDUMA0EAgACMAcD
BQMqCikAMA0GCSqGSIb3DQEBCwUAA4IBAQBRU0FJ/FywSGhejXjhhGtUoBDxT9g9
I1uaUhogYF9J8cdq6Qzji2LoYOCX/jO1jm0wE6iyNnI1M+HgSxtK+fWlq4qfc8dI
4LD4rCXHlhmy3x6KgPBfW2WlcCLY7xGob4QsoiwiYXlVGJmGRGg/S48bs6B192Fp
xJEz0miaV/ZjL6Djt2VRIqjXJIDmGQbS/hGZV2iKlt3bwnv6bt5bIcD363mxZ7gx
wOYV2NiLEABIpPNT+NMzxPft81dYb2uM6kwkfX5yGKZ9FLj8RSrN3O0A07BRgmbl
lL+gLE7+8L0RnlFzPpHR1gyLiCD0WPDDIx3Hker53tTOmEXct5igEe/5
-----END CERTIFICATE-----
Generated at Sun May 11 16:52:54 2025 by rpki-client