Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/L5_unh529i58nHmZAjNCCDTTMaU.roa
File: L5_unh529i58nHmZAjNCCDTTMaU.roa (raw, json)
Hash identifier: qQcPL/NgHTpZq+oCc1W6yia0OiAi1EFrp1sUUhTpDRc=
Subject key identifier: 2F:9F:EE:9E:1E:76:F6:2E:7C:9C:79:99:02:33:42:08:34:D3:31:A5
Certificate issuer: /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial: 01977E0082F22321024FA224782477A92F8C
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/L5_unh529i58nHmZAjNCCDTTMaU.roa
Signing time: Tue 17 Jun 2025 13:07:31 +0000
ROA not before: Tue 17 Jun 2025 13:07:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215384
IP address blocks: 31.220.14.0/24 maxlen: 24
45.12.52.0/23 maxlen: 23
45.12.91.0/24 maxlen: 24
185.238.249.0/24 maxlen: 24
185.238.251.0/24 maxlen: 24
193.9.45.0/24 maxlen: 24
2a14:640:2::/48 maxlen: 48
2a14:640:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:7e:00:82:f2:23:21:02:4f:a2:24:78:24:77:a9:2f:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Validity
Not Before: Jun 17 13:07:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f9fee9e1e76f62e7c9c79990233420834d331a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:45:77:63:07:3e:f7:f9:db:de:e5:8f:f4:2c:
77:7d:23:f5:3c:13:8e:0a:3b:2c:d8:67:84:21:e7:
9d:b0:87:b3:a1:16:a9:c9:fc:1a:d7:85:a3:9f:f2:
3d:db:ae:a9:cc:27:a3:da:ea:c2:bd:36:8c:9e:a0:
39:4a:84:5c:f4:ce:b6:8c:a5:43:9f:9c:81:76:09:
37:0d:5a:27:cc:12:15:49:85:71:63:b2:51:c1:60:
4c:cf:87:12:14:d8:40:21:a4:31:e2:63:9f:37:09:
4c:1c:83:ea:03:50:5f:64:74:e5:81:45:83:f5:58:
b8:c0:cc:c7:06:63:4d:f4:75:31:9f:48:fe:69:86:
2a:df:06:d4:df:de:04:4b:49:b4:6d:4a:0f:f9:2f:
92:29:e2:63:82:e7:23:cc:9c:25:4a:e4:1c:c8:70:
e9:d1:34:5f:e4:91:db:d8:30:75:ba:2d:18:a3:3b:
31:3d:f3:50:9f:88:69:d2:4b:6d:a3:e3:f0:4b:79:
d4:78:74:5d:2f:91:49:c6:f6:19:61:0e:13:3d:9b:
16:3c:4c:67:02:c1:8e:21:53:14:a5:55:8f:0b:6f:
11:cb:21:ca:58:25:04:ad:57:af:f8:00:b1:42:70:
5e:f3:f6:13:fb:a0:ba:51:af:17:05:c2:a8:65:29:
45:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:9F:EE:9E:1E:76:F6:2E:7C:9C:79:99:02:33:42:08:34:D3:31:A5
X509v3 Authority Key Identifier:
keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/L5_unh529i58nHmZAjNCCDTTMaU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.14.0/24
45.12.52.0/23
45.12.91.0/24
185.238.249.0/24
185.238.251.0/24
193.9.45.0/24
IPv6:
2a14:640:2::/48
2a14:640:4::/48
Signature Algorithm: sha256WithRSAEncryption
1c:61:42:1a:11:08:c6:0b:19:e6:4c:38:7b:68:2a:39:35:46:
b1:c5:23:eb:0d:7b:c7:56:a4:f4:f1:b6:fd:b0:9f:32:ae:a4:
21:df:13:10:a4:15:19:5b:67:b1:48:d3:4d:c7:7e:76:ac:4a:
9c:7f:50:17:dc:4b:5e:33:d5:cb:23:6f:01:34:95:ed:d2:f2:
0e:54:7c:f0:4e:b4:e1:2f:6a:5b:f7:51:0d:0e:d5:ff:d6:c7:
03:8e:75:1d:e6:69:b1:63:8e:f9:56:e4:fa:e1:55:5b:b3:a2:
20:b7:3f:33:4c:08:e0:ec:ce:0a:ad:e3:d6:65:63:80:18:6d:
e3:47:a0:1c:b2:51:5c:1e:f7:99:16:7b:db:0f:ba:21:bc:a2:
c1:19:fa:d9:26:9b:a7:76:ca:db:de:df:a7:fb:17:8c:f6:e9:
51:20:54:43:c3:bd:ad:2a:e5:db:45:52:be:a2:a0:9e:89:a5:
73:69:e2:26:8e:5b:04:07:a1:d0:cc:14:63:77:54:fe:6d:32:
31:26:cd:d8:55:c7:27:87:af:b8:60:ba:da:25:88:8d:57:d4:
a4:98:56:d7:87:e4:b9:93:30:6b:34:55:4c:dc:89:d5:67:8c:
1c:cc:12:2e:06:8c:a5:2b:b5:e4:65:e1:22:e6:fc:66:46:2b:
f3:3d:ac:a0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZd+AILyIyECT6IkeCR3qS+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwNjE3MTMwNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjlmZWU5ZTFlNzZmNjJlN2M5Yzc5OTkwMjMzNDIwODM0ZDMzMWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEV3Ywc+9/nb3uWP9Cx3fSP1PBOO
Cjss2GeEIeedsIezoRapyfwa14Wjn/I9266pzCej2urCvTaMnqA5SoRc9M62jKVD
n5yBdgk3DVonzBIVSYVxY7JRwWBMz4cSFNhAIaQx4mOfNwlMHIPqA1BfZHTlgUWD
9Vi4wMzHBmNN9HUxn0j+aYYq3wbU394ES0m0bUoP+S+SKeJjgucjzJwlSuQcyHDp
0TRf5JHb2DB1ui0YozsxPfNQn4hp0ktto+PwS3nUeHRdL5FJxvYZYQ4TPZsWPExn
AsGOIVMUpVWPC28RyyHKWCUErVev+ACxQnBe8/YT+6C6Ua8XBcKoZSlFRwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFC+f7p4edvYufJx5mQIzQgg00zGlMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvTDVfdW5oNTI5aTU4bkhtWkFqTkNDRFRUTWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAH9wOAwQB
LQw0AwQALQxbAwQAue75AwQAue77AwQAwQktMBgEAgACMBIDBwAqFAZAAAIDBwAq
FAZAAAQwDQYJKoZIhvcNAQELBQADggEBABxhQhoRCMYLGeZMOHtoKjk1RrHFI+sN
e8dWpPTxtv2wnzKupCHfExCkFRlbZ7FI003HfnasSpx/UBfcS14z1csjbwE0le3S
8g5UfPBOtOEvalv3UQ0O1f/WxwOOdR3mabFjjvlW5PrhVVuzoiC3PzNMCODszgqt
49ZlY4AYbeNHoByyUVwe95kWe9sPuiG8osEZ+tkmm6d2ytve36f7F4z26VEgVEPD
va0q5dtFUr6ioJ6JpXNp4iaOWwQHodDMFGN3VP5tMjEmzdhVxyeHr7hgutoliI1X
1KSYVteH5LmTMGs0VUzcidVnjBzMEi4GjKUrteRl4SLm/GZGK/M9rKA=
-----END CERTIFICATE-----
Generated at Thu Jun 19 10:04:32 2025 by rpki-client