Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKq1Z0TITokSfMYPfJ-jf6kgkxA.roa
File: XKq1Z0TITokSfMYPfJ-jf6kgkxA.roa (raw, json)
Hash identifier: UhzJ0GWcLHlXK2RMPohqk4thjI+hHH4fFV6nYRa7lHg=
Subject key identifier: 5C:AA:B5:67:44:C8:4E:89:12:7C:C6:0F:7C:9F:A3:7F:A9:20:93:10
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01966BF17F68102C42697A2E1CF1536572B2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKq1Z0TITokSfMYPfJ-jf6kgkxA.roa
Signing time: Fri 25 Apr 2025 07:55:10 +0000
ROA not before: Fri 25 Apr 2025 07:55:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 10:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:6b:f1:7f:68:10:2c:42:69:7a:2e:1c:f1:53:65:72:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 25 07:55:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5caab56744c84e89127cc60f7c9fa37fa9209310
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:cd:6c:9a:51:86:87:6c:fc:c2:83:2f:2d:4b:
2c:9f:72:c7:07:b8:3d:85:16:f0:7d:98:b0:a8:3d:
0f:a8:44:02:8d:a2:07:77:ee:fd:9e:c0:48:df:3e:
ab:1b:db:6b:57:76:20:95:6c:5e:46:4c:a3:a3:17:
f4:f3:19:93:f4:9e:70:ea:b8:1f:69:46:dd:cc:07:
23:77:cd:a4:2a:ef:7f:9c:ba:69:a7:2a:5b:4e:51:
92:92:70:26:48:20:11:1f:d3:5b:0f:d7:33:61:f5:
69:ab:5d:6a:5b:b6:f9:40:c4:69:c3:3f:c6:13:89:
9e:5b:a2:a9:09:fe:d1:b6:a6:8f:52:b4:10:8b:6c:
f1:de:8a:f6:db:e6:bb:34:58:ab:ba:44:71:a3:12:
14:22:14:eb:82:13:12:4a:c1:48:dc:27:f5:b5:f7:
bd:60:5f:2e:6a:c3:cc:8b:b0:5d:29:47:d7:3c:47:
05:f4:99:30:cd:e0:fb:d4:f9:93:1b:4f:03:b2:56:
ea:93:ad:8d:b3:3d:fe:ab:29:4d:3c:b2:d6:92:74:
50:1f:f4:d5:95:7e:30:97:63:e5:0b:8f:67:a3:80:
8c:0b:cc:b6:7e:3e:f6:82:bc:4c:3a:45:bd:b7:5e:
a4:a6:47:23:97:df:b8:ec:07:dc:2f:3d:4f:e0:8d:
e3:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:AA:B5:67:44:C8:4E:89:12:7C:C6:0F:7C:9F:A3:7F:A9:20:93:10
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XKq1Z0TITokSfMYPfJ-jf6kgkxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.89.0/24
87.120.166.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.232.0/24
94.156.239.0/24
141.98.1.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:3a:f3:05:d5:56:9a:c3:db:16:16:6b:ed:54:cb:96:96:bb:
03:50:e1:a3:e3:af:dc:c9:78:6b:05:12:86:2c:74:f7:aa:17:
87:fc:a1:fa:14:49:bd:1f:e3:8a:9d:25:14:38:69:6c:5a:03:
36:e1:83:11:e7:a2:a6:f9:df:30:4a:82:89:63:16:6b:01:ad:
b1:b8:c2:7b:8a:a2:9d:ef:44:a1:28:ee:ac:fc:64:c7:37:5a:
d0:cf:52:a1:b1:6c:44:5e:85:e1:54:90:f9:e9:e3:10:82:7f:
b4:d5:30:84:64:ab:7e:1d:49:c6:8a:00:c6:11:5a:4a:f8:42:
f1:a3:7f:a6:68:28:76:7a:02:67:09:4c:85:40:2d:ab:9e:51:
df:04:7a:b1:20:6d:91:6a:5a:81:2b:57:6e:f6:1e:a8:4f:2d:
08:fc:56:ce:a4:16:62:88:46:bb:57:74:bb:16:68:a9:1a:73:
a5:e8:d2:2f:cd:ee:aa:f7:bf:5e:bd:8f:2d:a4:bd:23:23:c1:
b3:e2:e9:99:0e:63:e8:2f:84:4e:b4:c2:53:6f:3c:8c:27:0e:
49:c9:31:9c:3a:46:0b:e0:72:c4:84:7b:de:50:39:ae:84:da:
b6:c9:90:1e:e3:5f:2e:dd:e3:9c:5e:a3:a0:55:90:40:8d:fc:
0b:a5:19:e7
-----BEGIN CERTIFICATE-----
MIIGOzCCBSOgAwIBAgISAZZr8X9oECxCaXouHPFTZXKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDI1MDc1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FhYjU2NzQ0Yzg0ZTg5MTI3Y2M2MGY3YzlmYTM3ZmE5MjA5MzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM1smlGGh2z8woMvLUssn3LHB7g9
hRbwfZiwqD0PqEQCjaIHd+79nsBI3z6rG9trV3YglWxeRkyjoxf08xmT9J5w6rgf
aUbdzAcjd82kKu9/nLpppypbTlGSknAmSCARH9NbD9czYfVpq11qW7b5QMRpwz/G
E4meW6KpCf7RtqaPUrQQi2zx3or22+a7NFirukRxoxIUIhTrghMSSsFI3Cf1tfe9
YF8uasPMi7BdKUfXPEcF9JkwzeD71PmTG08Dslbqk62Nsz3+qylNPLLWknRQH/TV
lX4wl2PlC49no4CMC8y2fj72grxMOkW9t16kpkcjl9+47AfcLz1P4I3jPwIDAQAB
o4IDRzCCA0MwHQYDVR0OBBYEFFyqtWdEyE6JEnzGD3yfo3+pIJMQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWEtxMVowVElUb2tTZk1ZUGZKLWpmNmtna3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBWwYIKwYBBQUHAQcBAf8EggFKMIIBRjCCAUIEAgABMIIB
OgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAC1C5wMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4WQMEAFd4pgMEAFd5FgMEAFd5JgMEAFd5
LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEAFtcRgMEAFz5MgMEAF17LQMEAF17
LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5nfQMEAl6aoAMEA16cQAMEAF6c
aQMEAF6c6AMEAF6c7wMEAI1iAQMEAI1iBjAMAwQAqxZJAwQCqxZIAwQAstfjAwQC
udhUAwQAwRnYAwQAwSMSAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQAL
OvMF1Vaaw9sWFmvtVMuWlrsDUOGj46/cyXhrBRKGLHT3qheH/KH6FEm9H+OKnSUU
OGlsWgM24YMR56Km+d8wSoKJYxZrAa2xuMJ7iqKd70ShKO6s/GTHN1rQz1KhsWxE
XoXhVJD56eMQgn+01TCEZKt+HUnGigDGEVpK+ELxo3+maCh2egJnCUyFQC2rnlHf
BHqxIG2RalqBK1du9h6oTy0I/FbOpBZiiEa7V3S7FmipGnOl6NIvze6q979evY8t
pL0jI8Gz4umZDmPoL4ROtMJTbzyMJw5JyTGcOkYL4HLEhHveUDmuhNq2yZAe418u
3eOcXqOgVZBAjfwLpRnn
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:58:23 2025 by rpki-client