Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/ksCUkPPXGRQEiQCKOl3Wp67HpYk.roa
File: ksCUkPPXGRQEiQCKOl3Wp67HpYk.roa (raw, json)
Hash identifier: Fa0gD5gnN233i5uopk4/0YW9tKdVwYrJaJzPk4e1vT4=
Subject key identifier: 92:C0:94:90:F3:D7:19:14:04:89:00:8A:3A:5D:D6:A7:AE:C7:A5:89
Certificate issuer: /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial: 0197AC3D85BD88555AC3523EFBE9FB4C6338
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/ksCUkPPXGRQEiQCKOl3Wp67HpYk.roa
Signing time: Thu 26 Jun 2025 12:36:42 +0000
ROA not before: Thu 26 Jun 2025 12:36:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41564
IP address blocks: 5.153.236.0/24 maxlen: 24
5.153.239.0/24 maxlen: 24
5.157.8.0/24 maxlen: 24
5.157.13.0/24 maxlen: 24
5.157.14.0/24 maxlen: 24
5.157.17.0/24 maxlen: 24
5.157.22.0/24 maxlen: 24
5.157.27.0/24 maxlen: 24
5.157.41.0/24 maxlen: 24
5.157.42.0/24 maxlen: 24
5.157.45.0/24 maxlen: 24
5.157.56.0/24 maxlen: 24
5.157.58.0/24 maxlen: 24
5.157.59.0/24 maxlen: 24
5.157.60.0/24 maxlen: 24
5.157.61.0/24 maxlen: 24
5.157.62.0/24 maxlen: 24
5.157.63.0/24 maxlen: 24
23.92.127.0/24 maxlen: 24
104.160.2.0/24 maxlen: 24
104.160.4.0/24 maxlen: 24
104.160.6.0/24 maxlen: 24
104.160.10.0/24 maxlen: 24
151.237.186.0/24 maxlen: 24
192.40.88.0/24 maxlen: 24
2a02:5740::/48 maxlen: 48
2a02:5740:1::/48 maxlen: 48
2a02:5740:11::/48 maxlen: 48
2a02:5740:18::/48 maxlen: 48
2a02:5740:21::/48 maxlen: 48
2a02:5740:22::/48 maxlen: 48
2a02:5741:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 18:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ac:3d:85:bd:88:55:5a:c3:52:3e:fb:e9:fb:4c:63:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Validity
Not Before: Jun 26 12:36:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92c09490f3d719140489008a3a5dd6a7aec7a589
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:61:f1:47:7a:03:3a:b4:dc:36:9d:34:ca:8b:
d2:ee:fb:6c:bf:f7:10:41:9a:34:6d:d9:82:30:14:
40:df:a7:22:50:52:a2:87:3f:31:4b:df:5d:c9:94:
e2:c4:84:ec:93:23:3f:f0:d7:7e:1f:23:4d:4a:c7:
b0:ac:3a:90:aa:66:81:cc:5f:ea:6d:11:52:3c:83:
7f:3c:a6:58:93:c0:e4:22:10:7a:e3:50:78:bc:ed:
72:d3:85:41:89:93:9e:37:2c:36:7d:28:df:e0:73:
0a:ab:a0:8a:42:6e:12:c6:c4:7f:cd:9d:57:73:a0:
ef:1f:d2:f1:56:ea:21:d5:a5:38:19:e6:22:e9:4b:
58:9b:e0:db:bb:6e:be:c2:6b:43:6b:db:3a:88:be:
91:c3:a3:fe:9b:b5:b4:7d:fe:cc:0a:27:d2:e9:6d:
bb:99:da:ed:e2:85:28:27:a9:aa:9f:e8:d1:73:bb:
fd:b8:80:c5:86:fc:6d:77:7d:0f:3a:98:ed:cf:dc:
ae:a5:bf:68:02:f5:1a:c9:85:03:df:b8:b7:43:e1:
0f:d5:64:67:fe:92:8f:55:9e:d8:11:df:13:01:07:
32:2e:a7:6b:a8:7a:f0:98:a8:c2:10:32:fc:31:c0:
8f:7b:b7:94:31:04:e1:fc:1d:0c:34:04:d9:c5:24:
27:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:C0:94:90:F3:D7:19:14:04:89:00:8A:3A:5D:D6:A7:AE:C7:A5:89
X509v3 Authority Key Identifier:
keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/ksCUkPPXGRQEiQCKOl3Wp67HpYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.153.236.0/24
5.153.239.0/24
5.157.8.0/24
5.157.13.0-5.157.14.255
5.157.17.0/24
5.157.22.0/24
5.157.27.0/24
5.157.41.0-5.157.42.255
5.157.45.0/24
5.157.56.0/24
5.157.58.0-5.157.63.255
23.92.127.0/24
104.160.2.0/24
104.160.4.0/24
104.160.6.0/24
104.160.10.0/24
151.237.186.0/24
192.40.88.0/24
IPv6:
2a02:5740::/47
2a02:5740:11::/48
2a02:5740:18::/48
2a02:5740:21::-2a02:5740:22:ffff:ffff:ffff:ffff:ffff
2a02:5741:6::/48
Signature Algorithm: sha256WithRSAEncryption
57:f7:79:74:46:0e:e6:03:34:e5:2d:ff:4a:9f:22:c8:81:e8:
9b:1b:16:26:ef:aa:46:bf:24:40:69:29:dd:68:85:51:b2:76:
c6:65:b4:b5:94:27:3c:ec:03:4e:ce:bd:6a:3b:3b:63:d2:5f:
6d:97:ae:ab:11:db:9c:7e:7d:d0:65:3a:71:a6:ae:54:a7:f7:
41:58:91:3d:61:13:e7:ff:b8:4a:fd:f7:9a:57:9a:ee:75:cb:
40:04:16:2d:ca:88:8c:5e:3d:6d:a5:04:00:45:d0:7a:6f:5f:
01:5c:a2:7e:75:6e:a9:17:dc:fc:2d:bf:13:67:20:1d:dd:73:
30:04:50:fc:38:2a:61:a3:80:2b:aa:6e:59:c7:29:f3:9b:01:
ae:a7:1b:92:55:fa:75:04:4d:b3:6e:33:de:71:6d:62:03:93:
b4:b5:c9:c6:75:0c:d1:08:86:7a:b5:da:09:9e:d8:59:81:9c:
90:eb:90:e9:3a:6a:35:31:4c:b0:59:6c:88:77:f6:75:b2:e2:
bd:b2:75:43:91:3d:bc:12:96:8c:70:91:8c:09:72:69:7c:9b:
cd:8f:f9:c9:be:42:9e:52:fc:ac:c0:89:fd:e7:dd:e3:6b:3e:
92:45:79:0c:36:06:13:b8:bc:47:c5:9a:7c:d3:88:c9:68:a2:
d9:fc:c7:92
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZesPYW9iFVaw1I+++n7TGM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjUwNjI2MTIzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMwOTQ5MGYzZDcxOTE0MDQ4OTAwOGEzYTVkZDZhN2FlYzdhNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmHxR3oDOrTcNp00yovS7vtsv/cQ
QZo0bdmCMBRA36ciUFKihz8xS99dyZTixITskyM/8Nd+HyNNSsewrDqQqmaBzF/q
bRFSPIN/PKZYk8DkIhB641B4vO1y04VBiZOeNyw2fSjf4HMKq6CKQm4SxsR/zZ1X
c6DvH9LxVuoh1aU4GeYi6UtYm+Dbu26+wmtDa9s6iL6Rw6P+m7W0ff7MCifS6W27
mdrt4oUoJ6mqn+jRc7v9uIDFhvxtd30POpjtz9yupb9oAvUayYUD37i3Q+EP1WRn
/pKPVZ7YEd8TAQcyLqdrqHrwmKjCEDL8McCPe7eUMQTh/B0MNATZxSQnDQIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFJLAlJDz1xkUBIkAijpd1qeux6WJMB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEva3NDVWtQUFhHUlFFaVFDS09sM1dwNjdIcFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBiwQCAAEwgYQDBAAF
mewDBAAFme8DBAAFnQgwDAMEAAWdDQMEAAWdDgMEAAWdEQMEAAWdFgMEAAWdGzAM
AwQABZ0pAwQABZ0qAwQABZ0tAwQABZ04MAwDBAEFnToDBAYFnQADBAAXXH8DBABo
oAIDBABooAQDBABooAYDBABooAoDBACX7boDBADAKFgwPgQCAAIwOAMHASoCV0AA
AAMHACoCV0AAEQMHACoCV0AAGDASAwcAKgJXQAAhAwcAKgJXQAAiAwcAKgJXQQAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBX93l0Rg7mAzTlLf9KnyLIgeibGxYm76pGvyRA
aSndaIVRsnbGZbS1lCc87ANOzr1qOztj0l9tl66rEducfn3QZTpxpq5Up/dBWJE9
YRPn/7hK/feaV5rudctABBYtyoiMXj1tpQQARdB6b18BXKJ+dW6pF9z8Lb8TZyAd
3XMwBFD8OCpho4Arqm5ZxynzmwGupxuSVfp1BE2zbjPecW1iA5O0tcnGdQzRCIZ6
tdoJnthZgZyQ65DpOmo1MUywWWyId/Z1suK9snVDkT28EpaMcJGMCXJpfJvNj/nJ
vkKeUvyswIn9593jaz6SRXkMNgYTuLxHxZp804jJaKLZ/MeS
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:08:05 2025 by rpki-client