Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UbEFaxz-WdkPFsUip9YZ1TN_50o.roa
File: UbEFaxz-WdkPFsUip9YZ1TN_50o.roa (raw, json)
Hash identifier: RazF0taHWYYGC6B2512Ao5pFZiNszphSkAIH5HtaIHo=
Subject key identifier: 51:B1:05:6B:1C:FE:59:D9:0F:16:C5:22:A7:D6:19:D5:33:7F:E7:4A
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 019792596DA1001DF83E6A201C54B08FA412
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UbEFaxz-WdkPFsUip9YZ1TN_50o.roa
Signing time: Sat 21 Jun 2025 11:57:03 +0000
ROA not before: Sat 21 Jun 2025 11:57:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15468
IP address blocks: 5.143.176.0/20 maxlen: 21
5.143.176.0/21 maxlen: 21
5.143.184.0/21 maxlen: 21
31.172.192.0/19 maxlen: 19
31.172.192.0/20 maxlen: 20
31.172.192.0/21 maxlen: 21
31.172.200.0/21 maxlen: 21
31.172.208.0/20 maxlen: 20
31.172.208.0/21 maxlen: 21
31.172.216.0/21 maxlen: 21
62.148.128.0/19 maxlen: 19
62.148.128.0/20 maxlen: 20
62.148.144.0/20 maxlen: 20
94.242.128.0/18 maxlen: 18
94.242.128.0/19 maxlen: 19
94.242.128.0/20 maxlen: 20
94.242.144.0/20 maxlen: 20
94.242.144.0/24 maxlen: 24
94.242.145.0/24 maxlen: 24
94.242.146.0/24 maxlen: 24
94.242.147.0/24 maxlen: 24
94.242.148.0/24 maxlen: 24
94.242.149.0/24 maxlen: 24
94.242.150.0/24 maxlen: 24
94.242.160.0/19 maxlen: 19
94.242.160.0/20 maxlen: 20
94.242.176.0/20 maxlen: 20
95.107.16.0/20 maxlen: 20
95.107.16.0/21 maxlen: 21
95.107.24.0/21 maxlen: 21
95.107.112.0/20 maxlen: 20
95.107.112.0/21 maxlen: 21
95.107.120.0/21 maxlen: 21
109.225.0.0/18 maxlen: 18
109.225.0.0/19 maxlen: 19
109.225.0.0/20 maxlen: 20
109.225.16.0/20 maxlen: 20
109.225.32.0/19 maxlen: 20
212.106.32.0/19 maxlen: 19
212.106.32.0/20 maxlen: 20
212.106.32.0/21 maxlen: 21
212.106.40.0/21 maxlen: 21
212.106.48.0/20 maxlen: 20
212.106.48.0/21 maxlen: 21
212.106.56.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 03 Jul 2025 20:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:92:59:6d:a1:00:1d:f8:3e:6a:20:1c:54:b0:8f:a4:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Jun 21 11:57:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=51b1056b1cfe59d90f16c522a7d619d5337fe74a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:71:61:83:31:33:ce:67:e0:e6:73:8e:ef:b1:
1d:13:55:13:86:f6:e5:fd:39:85:b9:33:9a:28:bd:
72:06:df:f5:e8:d6:ef:c1:0a:e1:c3:ad:3f:f1:10:
b7:c3:2e:a2:3b:7e:89:2f:d2:6a:2f:77:02:80:34:
80:44:dc:a9:9c:a0:da:ba:95:80:35:b3:68:87:ef:
c4:18:e1:fc:3a:08:fb:b7:d8:a1:07:cb:fb:49:6a:
18:70:3f:9d:ae:fb:2a:79:c3:29:bc:4f:0a:9a:74:
1f:86:b2:a9:fb:aa:9f:11:bb:1f:21:3d:fd:e4:ac:
e0:af:56:46:de:1e:a0:2e:15:54:c6:c8:ac:0f:f0:
cc:d0:d8:58:85:5f:ea:36:20:3e:d1:ec:20:d7:6a:
c5:12:3e:da:9e:74:0d:bc:e5:dd:86:7a:c8:29:90:
36:2d:21:7f:60:28:50:67:ef:df:ef:42:2f:e5:38:
30:da:73:d6:6f:6e:55:cd:6c:24:e6:d5:e9:2e:96:
30:ea:3f:1a:7a:dc:58:12:ec:ca:8c:e2:27:3b:b3:
ec:09:0d:14:a1:3e:50:17:2f:f1:53:90:ab:81:ac:
1c:2d:08:8f:31:7b:c5:2a:f7:1c:5a:ee:8c:f9:4f:
6a:05:bf:2d:62:c2:ff:45:14:93:99:fc:38:c5:f6:
38:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:B1:05:6B:1C:FE:59:D9:0F:16:C5:22:A7:D6:19:D5:33:7F:E7:4A
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UbEFaxz-WdkPFsUip9YZ1TN_50o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.143.176.0/20
31.172.192.0/19
62.148.128.0/19
94.242.128.0/18
95.107.16.0/20
95.107.112.0/20
109.225.0.0/18
212.106.32.0/19
Signature Algorithm: sha256WithRSAEncryption
77:7f:88:f0:83:7c:9f:81:99:9d:de:99:e4:3f:9c:1b:e1:a4:
0a:b6:65:20:69:15:5d:84:f7:e0:07:bb:49:a2:47:a0:66:b1:
e7:ca:d1:10:ad:5b:81:0c:95:3a:20:ce:d9:53:a2:dd:ae:8a:
16:ef:b7:fa:57:8e:94:c1:18:34:a4:7e:64:97:28:87:29:a0:
aa:b0:0e:82:cc:91:94:0a:ae:e5:41:c9:b1:1f:5a:70:7a:66:
e7:d8:d1:a3:9a:a9:46:0c:30:c0:d3:73:af:68:1a:98:42:f0:
4f:0f:bb:d2:05:f1:06:fd:f0:d3:23:87:e5:9c:9c:67:3c:eb:
19:4e:14:78:b1:1e:9a:e7:86:86:23:58:29:20:63:37:ea:9d:
97:51:6d:48:d7:18:99:50:1c:50:6e:c5:f3:d7:72:5c:ef:c4:
20:a4:da:69:9f:57:5b:b1:22:eb:a6:b0:82:8c:bc:39:6a:7d:
ab:cb:ca:b9:a0:9c:c0:9c:a7:bf:c7:8f:78:87:41:ee:50:64:
ba:93:2b:34:cc:9b:87:24:4e:fd:78:ea:75:a9:90:65:99:76:
0c:b0:b8:df:bd:c7:9c:53:92:df:5d:24:00:8f:be:fa:b0:9d:
ac:c0:6a:f2:ed:ad:2a:fd:78:dd:89:e2:48:b2:f0:fc:2e:5e:
57:df:ca:7d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZeSWW2hAB34PmogHFSwj6QSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwNjIxMTE1NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWIxMDU2YjFjZmU1OWQ5MGYxNmM1MjJhN2Q2MTlkNTMzN2ZlNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXFhgzEzzmfg5nOO77EdE1UThvbl
/TmFuTOaKL1yBt/16NbvwQrhw60/8RC3wy6iO36JL9JqL3cCgDSARNypnKDaupWA
NbNoh+/EGOH8Ogj7t9ihB8v7SWoYcD+drvsqecMpvE8KmnQfhrKp+6qfEbsfIT39
5Kzgr1ZG3h6gLhVUxsisD/DM0NhYhV/qNiA+0ewg12rFEj7annQNvOXdhnrIKZA2
LSF/YChQZ+/f70Iv5Tgw2nPWb25VzWwk5tXpLpYw6j8aetxYEuzKjOInO7PsCQ0U
oT5QFy/xU5CrgawcLQiPMXvFKvccWu6M+U9qBb8tYsL/RRSTmfw4xfY45QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFGxBWsc/lnZDxbFIqfWGdUzf+dKMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVWJFRmF4ei1XZGtQRnNVaXA5WVoxVE5fNTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBY+wAwQF
H6zAAwQFPpSAAwQGXvKAAwQEX2sQAwQEX2twAwQGbeEAAwQF1GogMA0GCSqGSIb3
DQEBCwUAA4IBAQB3f4jwg3yfgZmd3pnkP5wb4aQKtmUgaRVdhPfgB7tJokegZrHn
ytEQrVuBDJU6IM7ZU6LdrooW77f6V46UwRg0pH5klyiHKaCqsA6CzJGUCq7lQcmx
H1pwembn2NGjmqlGDDDA03OvaBqYQvBPD7vSBfEG/fDTI4flnJxnPOsZThR4sR6a
54aGI1gpIGM36p2XUW1I1xiZUBxQbsXz13Jc78QgpNppn1dbsSLrprCCjLw5an2r
y8q5oJzAnKe/x494h0HuUGS6kys0zJuHJE79eOp1qZBlmXYMsLjfvcecU5LfXSQA
j776sJ2swGry7a0q/XjdieJIsvD8Ll5X38p9
-----END CERTIFICATE-----
Generated at Thu Jul 3 00:33:05 2025 by rpki-client