Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/Q4WmwtX1-yGfMV_as6mRHe0HLuE.roa
File: Q4WmwtX1-yGfMV_as6mRHe0HLuE.roa (raw, json)
Hash identifier: lXJnylFGx+vUF6zQkDGWs8PitK2htiJr+yqpDV9ObmE=
Subject key identifier: 43:85:A6:C2:D5:F5:FB:21:9F:31:5F:DA:B3:A9:91:1D:ED:07:2E:E1
Certificate issuer: /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial: 0196A4B2E87EE33803D427CCD049C8FDBB02
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/Q4WmwtX1-yGfMV_as6mRHe0HLuE.roa
Signing time: Tue 06 May 2025 08:25:10 +0000
ROA not before: Tue 06 May 2025 08:25:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20904
IP address blocks: 5.61.94.0/24 maxlen: 24
37.35.80.0/21 maxlen: 24
46.254.208.0/22 maxlen: 22
46.254.208.0/24 maxlen: 24
46.254.210.0/24 maxlen: 24
46.254.211.0/24 maxlen: 24
77.95.242.0/24 maxlen: 24
77.95.245.0/24 maxlen: 24
77.95.246.0/23 maxlen: 23
80.75.96.0/20 maxlen: 20
80.75.106.0/24 maxlen: 24
93.174.192.0/21 maxlen: 22
149.126.176.0/21 maxlen: 21
185.16.168.0/22 maxlen: 22
185.25.76.0/22 maxlen: 24
185.67.80.0/22 maxlen: 22
188.64.0.0/21 maxlen: 21
2a00:1a58::/32 maxlen: 32
2a00:74a0::/32 maxlen: 32
2a04:240::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 11 May 2025 11:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a4:b2:e8:7e:e3:38:03:d4:27:cc:d0:49:c8:fd:bb:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Validity
Not Before: May 6 08:25:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4385a6c2d5f5fb219f315fdab3a9911ded072ee1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:85:ff:3e:f9:f4:e8:7e:03:ca:9b:a9:d8:7d:
c6:0c:45:d0:6e:63:73:22:ef:1e:27:8d:38:7b:6f:
6c:e8:91:4b:e3:68:58:37:e2:2f:1f:27:b9:73:07:
94:94:ab:15:6b:78:00:7e:ad:15:73:7e:45:25:35:
7f:b0:42:db:ce:89:7e:88:ba:5b:86:a4:0b:d5:f9:
3e:06:80:87:64:36:bd:4f:a8:fb:16:58:6b:4c:67:
95:dc:cf:8d:30:fb:1a:c1:bc:af:85:c9:13:a0:c8:
e2:26:a7:48:88:b7:30:7e:13:c4:b0:b4:2a:f9:d2:
1a:d9:ba:a3:7c:1c:10:f8:ef:ff:44:01:8c:0a:cb:
6a:f6:3e:34:a7:5a:91:24:93:a6:1c:98:cc:dc:36:
1a:aa:72:1e:5e:d4:95:87:13:a8:6e:bd:eb:2e:15:
ca:fa:eb:74:20:88:ae:cc:67:a5:a9:8d:c7:3e:b6:
f1:57:c9:4f:a8:14:07:6e:6f:47:02:85:dc:4c:41:
a7:7b:79:58:e9:53:7e:52:de:4d:ed:13:dd:1f:6a:
11:6c:a8:7f:1e:a2:78:08:31:b8:1d:8c:69:d0:f9:
35:9c:ab:c6:91:0c:6f:2a:35:3f:96:ae:9c:20:94:
9b:79:fb:c1:2f:b9:91:b0:b2:f9:8d:ff:2d:12:8f:
50:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:85:A6:C2:D5:F5:FB:21:9F:31:5F:DA:B3:A9:91:1D:ED:07:2E:E1
X509v3 Authority Key Identifier:
keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/Q4WmwtX1-yGfMV_as6mRHe0HLuE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.94.0/24
37.35.80.0/21
46.254.208.0/22
77.95.242.0/24
77.95.245.0-77.95.247.255
80.75.96.0/20
93.174.192.0/21
149.126.176.0/21
185.16.168.0/22
185.25.76.0/22
185.67.80.0/22
188.64.0.0/21
IPv6:
2a00:1a58::/32
2a00:74a0::/32
2a04:240::/29
Signature Algorithm: sha256WithRSAEncryption
15:b6:6e:d2:80:70:3e:b8:86:ea:d1:dc:1f:31:0f:a4:a0:f8:
b8:24:ac:6f:18:a8:1a:db:61:d0:46:15:65:91:ef:30:13:7e:
65:dd:69:06:65:6e:25:22:c0:84:95:d8:65:56:9e:d2:d4:2a:
37:13:b0:23:c1:bf:3b:bb:12:56:84:5e:2d:18:c3:70:bb:a0:
f8:88:42:6e:15:32:61:8a:1e:c6:f0:76:79:54:40:02:4a:50:
dc:c2:f7:b1:bf:f0:4d:ba:5a:dd:97:36:60:89:d2:cd:3a:1e:
e1:05:92:5f:8f:03:c3:30:1b:d0:45:8b:d8:c4:a0:29:e4:84:
68:4e:1f:9b:f0:74:7a:ec:03:5a:be:4f:33:4e:8e:d5:ae:a7:
56:47:c6:d0:b4:03:bb:90:c9:24:1c:c9:7a:91:cc:d5:25:22:
23:ae:4e:ca:b4:3a:fd:a6:b7:08:90:56:76:e0:5f:46:59:22:
0c:63:0a:8c:53:21:84:af:22:e4:cd:9f:7c:c0:f2:19:e3:20:
ac:19:25:d3:3e:fb:72:0d:c9:ea:bc:7c:c7:8a:69:79:d2:20:
b2:c9:f4:b7:fa:68:d8:1e:b0:72:c9:43:85:eb:5a:12:10:c2:
df:ec:5e:0d:57:40:e4:7b:4b:56:af:a3:4f:8d:c2:68:92:45:
17:4b:94:17
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZaksuh+4zgD1CfM0EnI/bsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjUwNTA2MDgyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzg1YTZjMmQ1ZjVmYjIxOWYzMTVmZGFiM2E5OTExZGVkMDcyZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloX/Pvn06H4Dypup2H3GDEXQbmNz
Iu8eJ404e29s6JFL42hYN+IvHye5cweUlKsVa3gAfq0Vc35FJTV/sELbzol+iLpb
hqQL1fk+BoCHZDa9T6j7FlhrTGeV3M+NMPsawbyvhckToMjiJqdIiLcwfhPEsLQq
+dIa2bqjfBwQ+O//RAGMCstq9j40p1qRJJOmHJjM3DYaqnIeXtSVhxOobr3rLhXK
+ut0IIiuzGelqY3HPrbxV8lPqBQHbm9HAoXcTEGne3lY6VN+Ut5N7RPdH2oRbKh/
HqJ4CDG4HYxp0Pk1nKvGkQxvKjU/lq6cIJSbefvBL7mRsLL5jf8tEo9QuQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFEOFpsLV9fshnzFf2rOpkR3tBy7hMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvUTRXbXd0WDEteUdmTVZfYXM2bVJIZTBITHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwVgQCAAEwUAMEAAU9XgME
AyUjUAMEAi7+0AMEAE1f8jAMAwQATV/1AwQDTV/wAwQEUEtgAwQDXa7AAwQDlX6w
AwQCuRCoAwQCuRlMAwQCuUNQAwQDvEAAMBsEAgACMBUDBQAqABpYAwUAKgB0oAMF
AyoEAkAwDQYJKoZIhvcNAQELBQADggEBABW2btKAcD64hurR3B8xD6Sg+LgkrG8Y
qBrbYdBGFWWR7zATfmXdaQZlbiUiwISV2GVWntLUKjcTsCPBvzu7ElaEXi0Yw3C7
oPiIQm4VMmGKHsbwdnlUQAJKUNzC97G/8E26Wt2XNmCJ0s06HuEFkl+PA8MwG9BF
i9jEoCnkhGhOH5vwdHrsA1q+TzNOjtWup1ZHxtC0A7uQySQcyXqRzNUlIiOuTsq0
Ov2mtwiQVnbgX0ZZIgxjCoxTIYSvIuTNn3zA8hnjIKwZJdM++3INyeq8fMeKaXnS
ILLJ9Lf6aNgesHLJQ4XrWhIQwt/sXg1XQOR7S1avo0+NwmiSRRdLlBc=
-----END CERTIFICATE-----
Generated at Sat May 10 19:22:21 2025 by rpki-client