Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Dx0CXD5oSw61AQOrm06NcSnSSdo.roa
File: Dx0CXD5oSw61AQOrm06NcSnSSdo.roa (raw, json)
Hash identifier: 3760lBflYJm04ZGh+to9gl21uNqtogCeiwzVbcpH1jQ=
Subject key identifier: 0F:1D:02:5C:3E:68:4B:0E:B5:01:03:AB:9B:4E:8D:71:29:D2:49:DA
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 019864FE5527038D6C5D9A2E7314D5F0239D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Dx0CXD5oSw61AQOrm06NcSnSSdo.roa
Signing time: Fri 01 Aug 2025 09:37:26 +0000
ROA not before: Fri 01 Aug 2025 09:37:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 931
IP address blocks: 5.226.52.0/22 maxlen: 24
43.225.88.0/23 maxlen: 24
45.139.6.0/23 maxlen: 24
46.249.97.0/24 maxlen: 24
178.173.236.0/22 maxlen: 24
178.173.242.0/23 maxlen: 24
178.173.244.0/22 maxlen: 24
185.215.246.0/24 maxlen: 24
188.253.8.0/22 maxlen: 24
188.253.28.0/22 maxlen: 24
188.253.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 18:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:64:fe:55:27:03:8d:6c:5d:9a:2e:73:14:d5:f0:23:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Aug 1 09:37:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0f1d025c3e684b0eb50103ab9b4e8d7129d249da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:36:fb:10:54:d8:09:d0:02:d1:00:d3:61:25:
8d:c5:ea:70:b9:b8:ba:b0:1c:aa:69:33:44:ca:f0:
c6:64:03:c0:c7:3c:ec:00:df:bb:ec:4d:80:1b:5c:
a2:84:f2:62:6c:87:34:f7:30:84:0c:81:8f:2f:97:
10:2e:e1:1f:65:ee:cf:e6:47:b1:05:aa:46:92:ef:
c7:b4:0b:d3:55:fa:47:e3:41:73:b9:b7:61:3e:c0:
f6:63:3b:30:77:97:e9:01:0e:d9:bd:fe:ee:73:6f:
4b:10:0e:e2:a8:6f:d6:f0:05:06:88:c8:c8:9e:85:
18:4e:0a:e9:3c:eb:1c:01:45:fb:11:9e:2b:28:44:
a3:51:da:31:5c:a5:f5:a3:a8:f0:d0:65:16:ff:ba:
c6:1f:a0:99:bc:a0:c5:7d:1e:9b:d2:3b:40:28:a6:
ff:88:92:c5:4f:4e:46:aa:f5:bb:b1:20:38:48:92:
ca:53:d3:17:76:b2:23:68:9d:7e:4c:f1:57:ee:fc:
e4:fa:56:e1:a2:9d:b4:a1:7f:78:f7:a3:cf:e1:e9:
67:e7:f7:a1:d6:42:66:1f:c1:99:cb:e1:4d:10:c3:
23:fc:d7:03:7a:db:f4:df:ee:6b:1a:90:40:8b:0d:
b7:e5:8d:14:27:91:1c:5f:67:c0:74:ea:56:31:25:
2f:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:1D:02:5C:3E:68:4B:0E:B5:01:03:AB:9B:4E:8D:71:29:D2:49:DA
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Dx0CXD5oSw61AQOrm06NcSnSSdo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.52.0/22
43.225.88.0/23
45.139.6.0/23
46.249.97.0/24
178.173.236.0/22
178.173.242.0-178.173.247.255
185.215.246.0/24
188.253.8.0/22
188.253.28.0/22
188.253.104.0/21
Signature Algorithm: sha256WithRSAEncryption
95:56:09:7c:e5:fd:2a:c3:16:22:1e:3b:8e:b4:de:ce:70:c9:
d7:ca:f8:04:fc:0f:4a:7c:c1:79:30:5d:74:6d:41:25:9e:9b:
7c:25:0f:a3:56:c9:6a:5c:bf:4d:72:39:da:72:8e:14:2d:0b:
99:36:f4:c0:c8:73:5b:07:11:b7:8a:f4:93:a0:81:19:7c:ff:
0f:31:56:dc:3a:cb:78:32:5e:d9:a5:9f:18:e7:9b:73:a3:05:
1e:dc:bc:bb:4a:63:7c:55:1c:29:47:09:7b:24:7a:21:c4:0f:
70:dd:f9:ff:40:3e:d5:80:2e:68:c7:c2:62:a9:b4:1c:1f:df:
7a:a7:20:32:83:87:5f:73:33:05:98:f3:6a:fd:c3:ee:8e:be:
e8:2a:c1:d5:6f:c5:3b:49:cb:e7:48:14:55:c6:b1:b2:27:d7:
0b:0d:bc:74:ce:d9:07:8b:3e:c0:a1:5c:7c:81:61:dd:23:93:
3d:68:16:7b:e5:53:df:82:b7:bf:67:44:da:b9:0f:aa:93:67:
c9:52:b3:47:a0:f7:96:4b:9b:dc:98:67:62:c6:07:a5:b3:55:
71:89:de:66:c9:ba:e9:cf:80:ba:fd:d3:ca:12:07:15:0e:72:
0d:f1:11:81:de:87:4e:84:81:27:72:3f:50:59:7a:1e:18:6a:
bf:a0:fb:fb
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZhk/lUnA41sXZoucxTV8COdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODAxMDkzNzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFkMDI1YzNlNjg0YjBlYjUwMTAzYWI5YjRlOGQ3MTI5ZDI0OWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDb7EFTYCdAC0QDTYSWNxepwubi6
sByqaTNEyvDGZAPAxzzsAN+77E2AG1yihPJibIc09zCEDIGPL5cQLuEfZe7P5kex
BapGku/HtAvTVfpH40FzubdhPsD2Yzswd5fpAQ7Zvf7uc29LEA7iqG/W8AUGiMjI
noUYTgrpPOscAUX7EZ4rKESjUdoxXKX1o6jw0GUW/7rGH6CZvKDFfR6b0jtAKKb/
iJLFT05GqvW7sSA4SJLKU9MXdrIjaJ1+TPFX7vzk+lbhop20oX9496PP4eln5/eh
1kJmH8GZy+FNEMMj/NcDetv03+5rGpBAiw235Y0UJ5EcX2fAdOpWMSUv2QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFA8dAlw+aEsOtQEDq5tOjXEp0knaMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRHgwQ1hENW9TdzYxQVFPcm0wNk5jU25TU2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCBeI0AwQB
K+FYAwQBLYsGAwQALvlhAwQCsq3sMAwDBAGyrfIDBAOyrfADBAC51/YDBAK8/QgD
BAK8/RwDBAO8/WgwDQYJKoZIhvcNAQELBQADggEBAJVWCXzl/SrDFiIeO4603s5w
ydfK+AT8D0p8wXkwXXRtQSWem3wlD6NWyWpcv01yOdpyjhQtC5k29MDIc1sHEbeK
9JOggRl8/w8xVtw6y3gyXtmlnxjnm3OjBR7cvLtKY3xVHClHCXskeiHED3Dd+f9A
PtWALmjHwmKptBwf33qnIDKDh19zMwWY82r9w+6OvugqwdVvxTtJy+dIFFXGsbIn
1wsNvHTO2QeLPsChXHyBYd0jkz1oFnvlU9+Ct79nRNq5D6qTZ8lSs0eg95ZLm9yY
Z2LGB6WzVXGJ3mbJuunPgLr908oSBxUOcg3xEYHeh06EgSdyP1BZeh4Yar+g+/s=
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:53:16 2025 by rpki-client