Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/igZS5QD16n_qiKkVlzEX0Nd3KpQ.roa
File: igZS5QD16n_qiKkVlzEX0Nd3KpQ.roa (raw, json)
Hash identifier: s1QAXQBqaJ5SElDe9N3pzr6SkITHndqfwDSrBBBJ6v8=
Subject key identifier: 8A:06:52:E5:00:F5:EA:7F:EA:88:A9:15:97:31:17:D0:D7:77:2A:94
Certificate issuer: /CN=586936266e980dd203b2cbeb1c9c4570604b911b
Certificate serial: 019778CA5E8C270FABA4E9FB5AE0A57AE4E0
Authority key identifier: 58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/igZS5QD16n_qiKkVlzEX0Nd3KpQ.roa
Signing time: Mon 16 Jun 2025 12:50:17 +0000
ROA not before: Mon 16 Jun 2025 12:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49628
IP address blocks: 5.187.8.0/21 maxlen: 21
5.187.8.0/24 maxlen: 24
5.187.9.0/24 maxlen: 24
5.187.10.0/24 maxlen: 24
5.187.11.0/24 maxlen: 24
5.187.12.0/24 maxlen: 24
5.187.13.0/24 maxlen: 24
5.187.15.0/24 maxlen: 24
37.75.128.0/21 maxlen: 21
78.40.104.0/22 maxlen: 22
78.40.104.0/24 maxlen: 24
78.40.105.0/24 maxlen: 24
78.40.106.0/24 maxlen: 24
78.40.107.0/24 maxlen: 24
185.46.176.0/22 maxlen: 22
185.46.176.0/24 maxlen: 24
185.46.177.0/24 maxlen: 24
185.46.178.0/24 maxlen: 24
185.46.179.0/24 maxlen: 24
185.81.92.0/22 maxlen: 22
185.81.92.0/24 maxlen: 24
185.81.93.0/24 maxlen: 24
185.81.94.0/24 maxlen: 24
185.81.95.0/24 maxlen: 24
185.168.224.0/22 maxlen: 22
185.168.224.0/24 maxlen: 24
185.168.225.0/24 maxlen: 24
185.168.226.0/24 maxlen: 24
185.168.227.0/24 maxlen: 24
188.227.192.0/22 maxlen: 22
188.227.192.0/24 maxlen: 24
188.227.193.0/24 maxlen: 24
188.227.194.0/24 maxlen: 24
188.227.195.0/24 maxlen: 24
193.176.212.0/22 maxlen: 22
193.176.212.0/24 maxlen: 24
193.176.213.0/24 maxlen: 24
193.176.214.0/24 maxlen: 24
193.176.215.0/24 maxlen: 24
2a0a:2900::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.mft
rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 04:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:78:ca:5e:8c:27:0f:ab:a4:e9:fb:5a:e0:a5:7a:e4:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=586936266e980dd203b2cbeb1c9c4570604b911b
Validity
Not Before: Jun 16 12:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8a0652e500f5ea7fea88a915973117d0d7772a94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f9:cf:ab:c8:56:30:60:c7:3c:3e:55:bd:d0:
50:4b:9c:37:f5:00:a4:5c:67:18:7b:85:f9:b3:15:
c3:f9:48:5e:e0:c5:9f:1a:49:fd:29:5f:88:ab:c1:
43:44:1d:0b:2d:52:4d:72:08:95:88:17:85:ac:7e:
9c:4e:20:f4:e4:86:86:c2:c2:c9:67:71:6a:8a:58:
18:fa:26:97:86:4d:cf:b6:9d:e2:c9:88:5b:45:3a:
2c:ca:11:a6:bd:52:0a:61:cd:28:e3:8b:57:48:29:
77:67:4a:80:a8:e3:c6:bc:a2:72:0a:aa:9d:cd:b3:
f8:1e:eb:bd:9f:7d:6b:19:5c:4c:bc:f3:dd:7b:a8:
83:6f:61:6d:06:79:fe:78:44:ff:b1:b7:f2:dd:ea:
75:48:1d:f5:9d:11:21:56:e2:30:50:05:9e:7a:e8:
13:0a:6c:b0:06:82:ea:30:fb:cf:7b:b8:ff:89:f3:
41:74:48:a3:11:ee:3d:1b:29:19:1b:7a:15:18:10:
18:33:31:43:35:1f:b1:f7:5b:09:88:26:59:33:73:
9c:28:e9:ec:f1:c9:08:b2:18:2f:1f:a1:1b:e9:36:
c6:d2:1e:d8:3e:72:30:e4:c0:d4:7d:ae:75:15:99:
a6:38:89:6b:4d:c3:79:7e:21:bf:f6:93:1c:c1:58:
fe:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:06:52:E5:00:F5:EA:7F:EA:88:A9:15:97:31:17:D0:D7:77:2A:94
X509v3 Authority Key Identifier:
keyid:58:69:36:26:6E:98:0D:D2:03:B2:CB:EB:1C:9C:45:70:60:4B:91:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGk2Jm6YDdIDssvrHJxFcGBLkRs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/igZS5QD16n_qiKkVlzEX0Nd3KpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/4c66cc-fa9a-4f58-ad21-7da183eff115/1/WGk2Jm6YDdIDssvrHJxFcGBLkRs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.8.0/21
37.75.128.0/21
78.40.104.0/22
185.46.176.0/22
185.81.92.0/22
185.168.224.0/22
188.227.192.0/22
193.176.212.0/22
IPv6:
2a0a:2900::/29
Signature Algorithm: sha256WithRSAEncryption
a2:92:a3:ba:ac:18:64:bb:f7:a3:d8:b9:fd:58:6d:39:3d:46:
6a:36:77:64:21:74:fb:da:cb:ea:a7:a8:60:33:40:03:d6:0f:
92:38:6b:13:b6:d8:79:e3:9f:3b:92:d0:b6:88:8d:4c:7a:63:
ff:ca:85:d7:a4:d5:f8:2a:3f:67:d8:49:1a:07:2d:08:1a:d2:
7f:5e:9c:26:23:bf:4d:27:24:75:05:d4:d3:91:ad:93:1f:5f:
5b:38:26:c5:d5:11:04:bb:ae:74:02:21:0f:27:bd:6f:4f:e8:
11:ca:ab:f5:93:63:96:da:26:9e:c7:68:f1:ae:c5:95:ad:be:
69:61:8a:71:f8:71:e1:80:9a:ab:8f:d8:51:8c:5d:0b:9d:12:
25:4b:03:b2:a8:a2:01:69:0c:0e:66:87:ad:c9:1b:ef:c1:44:
70:1d:69:8d:cf:ea:95:32:d5:29:4a:cf:fc:4a:92:39:5b:08:
ea:eb:37:00:b0:c7:b4:51:46:48:bc:2a:ca:79:d5:5d:fe:8d:
bf:5a:69:47:cc:c0:d1:c4:25:a6:07:a9:d5:25:de:2e:cc:c7:
98:a9:3e:43:cc:6b:2c:6f:fc:36:85:09:92:4f:ba:10:bd:7e:
4a:26:16:cb:b1:86:be:8a:4c:cb:0f:41:ee:5d:11:9e:45:e9:
76:d3:6a:d6
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZd4yl6MJw+rpOn7WuCleuTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjkzNjI2NmU5ODBkZDIwM2IyY2JlYjFjOWM0NTcwNjA0
YjkxMWIwHhcNMjUwNjE2MTI1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA2NTJlNTAwZjVlYTdmZWE4OGE5MTU5NzMxMTdkMGQ3NzcyYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/nPq8hWMGDHPD5VvdBQS5w39QCk
XGcYe4X5sxXD+Uhe4MWfGkn9KV+Iq8FDRB0LLVJNcgiViBeFrH6cTiD05IaGwsLJ
Z3FqilgY+iaXhk3Ptp3iyYhbRTosyhGmvVIKYc0o44tXSCl3Z0qAqOPGvKJyCqqd
zbP4Huu9n31rGVxMvPPde6iDb2FtBnn+eET/sbfy3ep1SB31nREhVuIwUAWeeugT
CmywBoLqMPvPe7j/ifNBdEijEe49GykZG3oVGBAYMzFDNR+x91sJiCZZM3OcKOns
8ckIshgvH6Eb6TbG0h7YPnIw5MDUfa51FZmmOIlrTcN5fiG/9pMcwVj+jwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFIoGUuUA9ep/6oipFZcxF9DXdyqUMB8GA1UdIwQY
MBaAFFhpNiZumA3SA7LL6xycRXBgS5EbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEt
N2RhMTgzZWZmMTE1LzEvaWdaUzVRRDE2bl9xaUtrVmx6RVgwTmQzS3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS80YzY2Y2MtZmE5YS00ZjU4LWFkMjEtN2RhMTgzZWZmMTE1
LzEvV0drMkptNllEZElEc3N2ckhKeEZjR0JMa1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBbsIAwQD
JUuAAwQCTihoAwQCuS6wAwQCuVFcAwQCuajgAwQCvOPAAwQCwbDUMA0EAgACMAcD
BQMqCikAMA0GCSqGSIb3DQEBCwUAA4IBAQCikqO6rBhku/ej2Ln9WG05PUZqNndk
IXT72svqp6hgM0AD1g+SOGsTtth54587ktC2iI1MemP/yoXXpNX4Kj9n2EkaBy0I
GtJ/XpwmI79NJyR1BdTTka2TH19bOCbF1REEu650AiEPJ71vT+gRyqv1k2OW2iae
x2jxrsWVrb5pYYpx+HHhgJqrj9hRjF0LnRIlSwOyqKIBaQwOZoetyRvvwURwHWmN
z+qVMtUpSs/8SpI5Wwjq6zcAsMe0UUZIvCrKedVd/o2/WmlHzMDRxCWmB6nVJd4u
zMeYqT5DzGssb/w2hQmST7oQvX5KJhbLsYa+ikzLD0HuXRGeRel202rW
-----END CERTIFICATE-----
Generated at Tue Jul 1 11:06:10 2025 by rpki-client