Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/UJkgkdZDflLDM8Sv7O6kD5lIHQs.roa
File: UJkgkdZDflLDM8Sv7O6kD5lIHQs.roa (raw, json)
Hash identifier: pX1z+1kUoCvGFytibnsII/Eh3CoZC8NSq38jqzyhHR8=
Subject key identifier: 50:99:20:91:D6:43:7E:52:C3:33:C4:AF:EC:EE:A4:0F:99:48:1D:0B
Certificate issuer: /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial: 01965BA3996CF9C8D0279EF28A676D961159
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/UJkgkdZDflLDM8Sv7O6kD5lIHQs.roa
Signing time: Tue 22 Apr 2025 03:56:10 +0000
ROA not before: Tue 22 Apr 2025 03:56:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198102
IP address blocks: 5.133.48.0/22 maxlen: 22
78.111.224.0/20 maxlen: 24
86.105.236.0/22 maxlen: 24
89.35.168.0/22 maxlen: 24
89.45.212.0/22 maxlen: 24
91.231.62.0/24 maxlen: 24
128.65.200.0/21 maxlen: 21
134.255.164.0/22 maxlen: 24
134.255.168.0/22 maxlen: 24
185.85.192.0/22 maxlen: 22
195.28.8.0/23 maxlen: 24
195.210.40.0/23 maxlen: 24
195.225.40.0/23 maxlen: 24
195.238.80.0/23 maxlen: 24
213.225.240.0/20 maxlen: 24
2a00:4060::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.mft
rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 21:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5b:a3:99:6c:f9:c8:d0:27:9e:f2:8a:67:6d:96:11:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Validity
Not Before: Apr 22 03:56:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=50992091d6437e52c333c4afeceea40f99481d0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:5a:2b:c4:e0:09:7c:84:5d:45:74:f7:25:11:
be:bb:da:bf:cc:6d:4c:11:54:d7:6d:93:08:a7:97:
44:90:02:5a:6f:e9:2b:39:1c:01:5d:15:bd:4d:81:
c5:2b:ce:6f:5d:3d:49:90:af:5e:4b:17:aa:44:fa:
1a:e9:9e:9e:8b:9e:38:08:29:01:0b:b1:10:71:71:
f6:37:f2:f6:92:ca:b6:ba:f2:1c:ca:bf:a6:af:8b:
7d:16:d9:d6:fe:81:9e:8e:b3:f4:22:ab:2d:43:16:
f5:da:b4:3b:77:93:2c:42:78:97:94:a5:47:13:54:
ad:45:45:64:63:95:f4:0b:9a:c8:b9:23:aa:e0:ff:
1e:ce:f5:f3:46:60:42:7e:0e:5a:2b:ef:3b:da:f7:
6a:77:f6:bf:26:87:d0:a9:58:49:ff:9e:8b:21:c7:
97:74:51:50:eb:28:73:e4:34:4d:a6:3c:60:a0:6c:
a9:9d:2d:16:98:ec:7d:99:94:ab:6c:70:c3:55:7a:
42:d4:72:81:c1:51:2c:5c:a8:e1:2b:da:a4:02:4d:
f7:bf:43:de:c9:e1:4c:16:5b:e8:ab:b9:f5:f2:d7:
d2:2a:39:46:05:c4:1c:b4:1b:c3:5c:64:37:cc:3f:
12:03:cb:1a:ab:50:70:cd:66:d4:9e:9a:0d:b4:d1:
4f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:99:20:91:D6:43:7E:52:C3:33:C4:AF:EC:EE:A4:0F:99:48:1D:0B
X509v3 Authority Key Identifier:
keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/UJkgkdZDflLDM8Sv7O6kD5lIHQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.48.0/22
78.111.224.0/20
86.105.236.0/22
89.35.168.0/22
89.45.212.0/22
91.231.62.0/24
128.65.200.0/21
134.255.164.0-134.255.171.255
185.85.192.0/22
195.28.8.0/23
195.210.40.0/23
195.225.40.0/23
195.238.80.0/23
213.225.240.0/20
IPv6:
2a00:4060::/29
Signature Algorithm: sha256WithRSAEncryption
6d:a3:53:f0:7e:8b:10:00:f7:fa:1a:37:2b:46:35:9a:1a:54:
49:43:ff:2a:ba:81:97:6b:4d:52:57:b2:ae:53:d8:5b:57:11:
b8:15:47:9b:23:1f:74:1b:92:a1:19:7e:dc:35:83:47:8d:45:
6a:e5:1e:b6:0c:ab:b2:4e:3c:9f:ab:00:88:8a:51:85:f8:99:
a8:af:85:a7:14:f1:fc:3f:af:90:14:41:17:98:29:a3:d1:fb:
49:38:e1:1c:6d:66:9a:8d:53:84:f0:50:2d:df:6e:c1:4c:28:
20:87:38:77:a1:9c:6a:e4:fd:96:7f:af:48:5e:54:9e:6f:2a:
a1:e8:4d:2f:69:36:2d:1c:61:d3:49:a3:51:7f:33:d9:53:20:
15:81:4f:9c:fe:0a:bc:7b:4f:41:ac:c7:be:bb:b7:93:92:1e:
ad:94:44:66:78:1e:e5:ab:c5:28:b2:26:2e:45:e3:a1:74:b9:
dd:2e:36:d2:fc:a5:74:96:3c:e2:3f:a8:e5:46:bf:96:fc:5f:
5b:cc:d9:f0:77:46:79:cb:b5:04:e1:c2:45:55:20:16:63:52:
f9:cc:53:8e:c8:fa:63:07:49:3c:2c:af:a2:5d:e4:f7:34:21:
29:50:bc:1c:3d:a2:af:20:2a:97:a0:23:b4:35:80:50:0c:db:
a6:32:52:3c
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAZZbo5ls+cjQJ57yimdtlhFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNTE0NmJiNGUyMTk3NDRmNThjMjY4ZTllYzYyMWMxOGRk
MjI5YzMwHhcNMjUwNDIyMDM1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDk5MjA5MWQ2NDM3ZTUyYzMzM2M0YWZlY2VlYTQwZjk5NDgxZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1orxOAJfIRdRXT3JRG+u9q/zG1M
EVTXbZMIp5dEkAJab+krORwBXRW9TYHFK85vXT1JkK9eSxeqRPoa6Z6ei544CCkB
C7EQcXH2N/L2ksq2uvIcyr+mr4t9FtnW/oGejrP0IqstQxb12rQ7d5MsQniXlKVH
E1StRUVkY5X0C5rIuSOq4P8ezvXzRmBCfg5aK+872vdqd/a/JofQqVhJ/56LIceX
dFFQ6yhz5DRNpjxgoGypnS0WmOx9mZSrbHDDVXpC1HKBwVEsXKjhK9qkAk33v0Pe
yeFMFlvoq7n18tfSKjlGBcQctBvDXGQ3zD8SA8saq1BwzWbUnpoNtNFPOQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFFCZIJHWQ35SwzPEr+zupA+ZSB0LMB8GA1UdIwQY
MBaAFE5RRrtOIZdE9Ywmjp7GIcGN0inDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQt
YzkyMGM1MTdkNjAwLzEvVUprZ2tkWkRmbExETThTdjdPNmtENWxJSFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQtYzkyMGM1MTdkNjAw
LzEvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEAgWFMAME
BE5v4AMEAlZp7AMEAlkjqAMEAlkt1AMEAFvnPgMEA4BByDAMAwQChv+kAwQChv+o
AwQCuVXAAwQBwxwIAwQBw9IoAwQBw+EoAwQBw+5QAwQE1eHwMA0EAgACMAcDBQMq
AEBgMA0GCSqGSIb3DQEBCwUAA4IBAQBto1PwfosQAPf6GjcrRjWaGlRJQ/8quoGX
a01SV7KuU9hbVxG4FUebIx90G5KhGX7cNYNHjUVq5R62DKuyTjyfqwCIilGF+Jmo
r4WnFPH8P6+QFEEXmCmj0ftJOOEcbWaajVOE8FAt327BTCgghzh3oZxq5P2Wf69I
XlSebyqh6E0vaTYtHGHTSaNRfzPZUyAVgU+c/gq8e09BrMe+u7eTkh6tlERmeB7l
q8UosiYuReOhdLndLjbS/KV0ljziP6jlRr+W/F9bzNnwd0Z5y7UE4cJFVSAWY1L5
zFOOyPpjB0k8LK+iXeT3NCEpULwcPaKvICqXoCO0NYBQDNumMlI8
-----END CERTIFICATE-----
Generated at Tue Apr 29 05:03:50 2025 by rpki-client