Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/quf9fn3pTzT2FolEIzxcjjm4sh0.roa
File: quf9fn3pTzT2FolEIzxcjjm4sh0.roa (raw, json)
Hash identifier: xQq1BYKg4IGCsMnN+Jtcb8OIxEYI4SmzYrQCe851zbQ=
Subject key identifier: AA:E7:FD:7E:7D:E9:4F:34:F6:16:89:44:23:3C:5C:8E:39:B8:B2:1D
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 019777EF8FD21EC47A278449269E3DC67497
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/quf9fn3pTzT2FolEIzxcjjm4sh0.roa
Signing time: Mon 16 Jun 2025 08:51:17 +0000
ROA not before: Mon 16 Jun 2025 08:51:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42864
IP address blocks: 5.182.112.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/24 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.154.0/24 maxlen: 24
83.137.157.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
88.209.247.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
92.52.215.0/24 maxlen: 24
92.52.218.0/24 maxlen: 24
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
2a05:f5c0::/29 maxlen: 29
2a05:f5c0::/32 maxlen: 32
2a0c:f1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 14:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:77:ef:8f:d2:1e:c4:7a:27:84:49:26:9e:3d:c6:74:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jun 16 08:51:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aae7fd7e7de94f34f6168944233c5c8e39b8b21d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:41:f0:0c:e2:b6:f8:11:5b:14:08:ae:4a:16:
7d:4c:cd:76:cd:3c:07:bd:eb:2c:75:7c:a6:dc:c1:
aa:8a:03:94:66:0e:da:c4:bc:0a:95:db:f7:bd:1b:
83:f3:c5:ed:7e:3a:3c:72:b9:5b:73:21:27:1a:94:
9d:82:d5:48:66:ce:ad:c7:51:d7:16:50:10:99:ff:
80:d6:b6:77:c3:a4:58:09:80:d5:9e:fd:88:3a:eb:
b6:12:db:f9:9c:68:61:cf:ea:7d:19:69:b5:47:78:
56:79:47:b3:b9:1e:36:31:2a:2d:f4:85:54:e1:1d:
b1:9f:d2:3b:74:1c:39:1a:19:44:b1:fe:63:29:6b:
cf:b9:27:2c:01:5f:98:cd:16:fd:e3:da:7d:5c:09:
16:d0:0d:02:73:86:8f:b4:30:8b:ca:2d:08:6f:e1:
d6:4a:65:fb:7d:5d:ce:c9:61:83:00:a5:3b:06:18:
20:dd:a4:48:f3:52:e2:e0:f0:e9:31:3b:0a:e3:c0:
69:dd:fe:04:b5:4d:80:05:81:8f:b5:dd:03:f1:82:
ca:fe:c6:87:e9:50:10:30:a6:ac:09:73:d2:de:3d:
0b:aa:2d:a3:b3:7d:31:dc:cb:a6:bf:7c:80:02:b3:
92:55:9f:94:5d:0d:31:ab:86:7a:3a:79:ea:52:75:
56:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:E7:FD:7E:7D:E9:4F:34:F6:16:89:44:23:3C:5C:8E:39:B8:B2:1D
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/quf9fn3pTzT2FolEIzxcjjm4sh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.112.0/24
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0/24
77.242.148.0/24
77.242.151.0/24
77.242.154.0/24
83.137.157.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
88.209.219.0/24
88.209.247.0/24
92.52.208.0/21
92.52.218.0/24
178.248.200.0/21
193.138.125.0/24
194.41.47.0/24
IPv6:
2a00:1f40::/29
2a05:f5c0::/29
2a0c:f1c0::/29
Signature Algorithm: sha256WithRSAEncryption
86:a9:41:ee:fd:e2:73:4f:f3:82:fc:01:95:b8:47:48:6f:ef:
9b:e8:ac:61:02:a3:ad:ac:d1:be:bd:0f:6b:1d:13:f4:b3:d4:
d8:38:3e:0d:b1:f5:45:5f:9f:df:62:db:6c:8d:ff:f3:02:72:
92:3c:ee:1e:c5:9c:dd:dc:15:d7:38:06:d0:d5:ab:ad:44:c2:
d0:b6:fd:d2:fd:99:4f:7b:d3:db:35:e4:7c:a4:98:51:4c:ae:
14:a6:7a:a8:24:cf:d2:2f:cd:cd:33:cf:9c:0d:09:f5:f0:bc:
7e:60:47:9f:9f:28:b2:e5:04:8b:73:87:2e:f8:6c:91:f7:b7:
8c:0b:8d:69:4f:17:d7:10:0c:c3:5e:13:c2:9f:2c:bd:b1:ac:
79:d3:7d:2a:aa:e1:54:8b:14:f8:9b:b6:43:2c:3f:c1:f1:2c:
61:81:f4:e6:1e:d1:ac:22:60:9b:bf:27:8a:6a:59:ec:7c:16:
4d:ed:d3:a7:34:48:55:f7:35:88:d9:10:3a:fc:18:42:a1:8c:
9b:a5:0d:37:5f:12:05:00:c5:5d:05:a8:89:b9:ac:e6:5d:74:
34:d2:19:03:c1:22:3d:50:45:ef:51:93:94:ff:f6:b1:52:f1:
76:1b:ae:d1:aa:19:2f:de:0d:67:29:ac:87:1d:0e:0a:01:6a:
0c:90:83:92
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAZd374/SHsR6J4RJJp49xnSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNjE2MDg1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU3ZmQ3ZTdkZTk0ZjM0ZjYxNjg5NDQyMzNjNWM4ZTM5YjhiMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0HwDOK2+BFbFAiuShZ9TM12zTwH
vessdXym3MGqigOUZg7axLwKldv3vRuD88Xtfjo8crlbcyEnGpSdgtVIZs6tx1HX
FlAQmf+A1rZ3w6RYCYDVnv2IOuu2Etv5nGhhz+p9GWm1R3hWeUezuR42MSot9IVU
4R2xn9I7dBw5GhlEsf5jKWvPuScsAV+YzRb949p9XAkW0A0Cc4aPtDCLyi0Ib+HW
SmX7fV3OyWGDAKU7Bhgg3aRI81Li4PDpMTsK48Bp3f4EtU2ABYGPtd0D8YLK/saH
6VAQMKasCXPS3j0Lqi2js30x3Mumv3yAArOSVZ+UXQ0xq4Z6OnnqUnVW3wIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFKrn/X596U809haJRCM8XI45uLIdMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcXVmOWZuM3BUelQyRm9sRUl6eGNqam00c2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTCBjQQCAAEwgYYDBAAF
tnAwDAMEAC0JqQMEAi0JqAMEAS0OCgMEAC1YXQMEAE3ykAMEAE3ylAMEAE3ylwME
AE3ymgMEAFOJnQMEAFjRwQMEAFjRxAMEAFjR0AMEAFjR0gMEAljR1AMEAFjR2wME
AFjR9wMEA1w00AMEAFw02gMEA7L4yAMEAMGKfQMEAMIpLzAbBAIAAjAVAwUDKgAf
QAMFAyoF9cADBQMqDPHAMA0GCSqGSIb3DQEBCwUAA4IBAQCGqUHu/eJzT/OC/AGV
uEdIb++b6KxhAqOtrNG+vQ9rHRP0s9TYOD4NsfVFX5/fYttsjf/zAnKSPO4exZzd
3BXXOAbQ1autRMLQtv3S/ZlPe9PbNeR8pJhRTK4UpnqoJM/SL83NM8+cDQn18Lx+
YEefnyiy5QSLc4cu+GyR97eMC41pTxfXEAzDXhPCnyy9sax5030qquFUixT4m7ZD
LD/B8SxhgfTmHtGsImCbvyeKalnsfBZN7dOnNEhV9zWI2RA6/BhCoYybpQ03XxIF
AMVdBaiJuazmXXQ00hkDwSI9UEXvUZOU//axUvF2G67Rqhkv3g1nKayHHQ4KAWoM
kIOS
-----END CERTIFICATE-----
Generated at Mon Jun 16 20:55:10 2025 by rpki-client