Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/IwZOTlalqEqW5_LsB_2xzUvcKwI.roa
File: IwZOTlalqEqW5_LsB_2xzUvcKwI.roa (raw, json)
Hash identifier: e+95vV5ztD2kfuNnsEBqK5C/RGyQsvvRym+jrlH4WK8=
Subject key identifier: 23:06:4E:4E:56:A5:A8:4A:96:E7:F2:EC:07:FD:B1:CD:4B:DC:2B:02
Certificate issuer: /CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Certificate serial: 0198D444A11AF432E557D22B8CF78D8AD9E8
Authority key identifier: 70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/IwZOTlalqEqW5_LsB_2xzUvcKwI.roa
Signing time: Sat 23 Aug 2025 00:12:04 +0000
ROA not before: Sat 23 Aug 2025 00:12:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31721
IP address blocks: 5.191.0.0/20 maxlen: 20
5.191.16.0/20 maxlen: 20
5.191.32.0/20 maxlen: 20
5.191.33.0/24 maxlen: 24
5.191.34.0/24 maxlen: 24
5.191.48.0/20 maxlen: 20
5.191.64.0/20 maxlen: 20
5.191.80.0/20 maxlen: 20
5.191.90.0/24 maxlen: 24
5.191.96.0/20 maxlen: 20
5.191.100.0/24 maxlen: 24
5.191.101.0/24 maxlen: 24
5.191.102.0/24 maxlen: 24
5.191.103.0/24 maxlen: 24
5.191.104.0/24 maxlen: 24
5.191.105.0/24 maxlen: 24
5.191.106.0/24 maxlen: 24
5.191.107.0/24 maxlen: 24
5.191.108.0/24 maxlen: 24
5.191.109.0/24 maxlen: 24
5.191.110.0/24 maxlen: 24
5.191.111.0/24 maxlen: 24
5.191.112.0/20 maxlen: 20
5.191.112.0/24 maxlen: 24
5.191.113.0/24 maxlen: 24
5.191.114.0/24 maxlen: 24
5.191.115.0/24 maxlen: 24
5.191.116.0/24 maxlen: 24
5.191.117.0/24 maxlen: 24
5.191.118.0/24 maxlen: 24
5.191.119.0/24 maxlen: 24
5.191.120.0/24 maxlen: 24
5.191.121.0/24 maxlen: 24
5.191.122.0/24 maxlen: 24
5.191.123.0/24 maxlen: 24
5.191.124.0/24 maxlen: 24
5.191.125.0/24 maxlen: 24
5.191.126.0/24 maxlen: 24
5.191.127.0/24 maxlen: 24
5.191.128.0/20 maxlen: 20
5.191.128.0/24 maxlen: 24
5.191.129.0/24 maxlen: 24
5.191.130.0/24 maxlen: 24
5.191.131.0/24 maxlen: 24
5.191.132.0/24 maxlen: 24
5.191.133.0/24 maxlen: 24
5.191.134.0/24 maxlen: 24
5.191.135.0/24 maxlen: 24
5.191.136.0/24 maxlen: 24
5.191.137.0/24 maxlen: 24
5.191.138.0/24 maxlen: 24
5.191.139.0/24 maxlen: 24
5.191.140.0/24 maxlen: 24
5.191.141.0/24 maxlen: 24
5.191.142.0/24 maxlen: 24
5.191.144.0/20 maxlen: 20
5.191.160.0/20 maxlen: 20
5.191.176.0/20 maxlen: 20
5.191.191.0/24 maxlen: 24
5.191.192.0/20 maxlen: 20
5.191.208.0/20 maxlen: 20
5.191.224.0/20 maxlen: 20
217.168.176.0/20 maxlen: 20
217.168.176.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.mft
rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 09:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d4:44:a1:1a:f4:32:e5:57:d2:2b:8c:f7:8d:8a:d9:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Validity
Not Before: Aug 23 00:12:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23064e4e56a5a84a96e7f2ec07fdb1cd4bdc2b02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:cb:b1:2d:b5:49:bc:32:6e:40:27:46:8c:41:
9d:8d:f1:c1:48:77:eb:09:fb:16:b6:0d:6a:8a:a8:
55:a2:95:87:ef:5c:5a:44:da:98:f9:72:ba:70:3b:
08:32:cc:91:fb:24:b3:e3:7b:1f:e0:43:43:e2:d2:
81:bb:cb:9d:c0:88:7e:93:43:fc:b9:7b:f3:d3:88:
dc:12:a4:e9:e3:e3:a9:0c:b4:2c:f8:c8:d8:9f:de:
a2:d4:66:13:e6:32:28:22:02:99:7d:38:a0:d0:d3:
d7:3b:fb:18:32:8c:e2:2a:0b:78:e4:89:b8:b2:a9:
44:01:92:ce:20:14:3d:a2:b8:96:62:3e:3f:a4:a9:
83:65:4b:ab:1a:9c:cd:fe:71:11:fc:fe:11:cb:bd:
91:b9:f8:4b:8d:85:48:a5:c1:fa:46:95:f3:f3:85:
ec:9d:bb:b0:f5:90:b1:b6:2c:63:6e:7e:bc:40:ce:
1f:79:fe:a9:ae:7f:7c:7c:cc:00:59:4e:ca:d6:db:
67:a5:3f:55:2b:bf:6f:7c:4c:4d:ee:f4:38:7f:a5:
14:01:60:57:e5:8b:73:7b:db:6d:e8:a9:ce:00:47:
2f:14:69:e6:ae:78:f6:41:8e:ad:51:08:30:9f:c1:
9c:c1:65:76:0c:be:00:3b:9f:57:52:1c:89:63:1d:
d7:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:06:4E:4E:56:A5:A8:4A:96:E7:F2:EC:07:FD:B1:CD:4B:DC:2B:02
X509v3 Authority Key Identifier:
keyid:70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/IwZOTlalqEqW5_LsB_2xzUvcKwI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.191.0.0-5.191.239.255
217.168.176.0/20
Signature Algorithm: sha256WithRSAEncryption
34:af:80:b7:5a:d5:55:2b:31:9a:51:c2:92:e3:92:f8:2f:6d:
29:95:5a:42:02:d1:68:c3:d6:f7:8b:d3:7b:9f:a4:20:e3:19:
ae:a7:79:44:4f:12:a3:af:72:ee:84:d9:e0:65:fd:29:99:f7:
17:95:5d:66:85:bc:81:19:ad:fc:ec:54:10:91:4f:a8:6f:3d:
ad:f5:35:6d:c2:a5:cc:33:0d:1a:51:29:3f:3b:78:80:6b:67:
f6:09:42:50:2a:ff:34:5d:86:26:e5:2b:6b:f9:3f:1e:2c:07:
98:8e:32:a4:5b:39:42:a0:aa:99:ce:a1:f4:39:4e:29:6f:0e:
b5:11:a8:4a:11:d6:21:c5:14:32:e6:00:a7:15:a0:89:8b:f8:
db:73:08:b7:f0:24:c0:30:f6:14:7e:bb:ee:3c:53:25:bb:b0:
63:b8:75:82:50:7c:37:f9:2a:1f:ff:4b:3b:be:51:74:62:3c:
11:bf:26:08:cf:20:30:51:82:0e:05:0d:fb:86:08:1d:34:94:
c6:b1:eb:35:4e:2d:4e:65:77:db:66:6b:21:39:5c:52:8c:55:
ec:77:04:f6:7d:64:35:74:ca:50:c0:27:7d:f2:7b:0e:8b:31:
0a:cd:29:84:d7:e2:d2:d5:2f:4b:d0:af:4c:f2:eb:a7:7c:46:
33:1b:6a:b8
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZjURKEa9DLlV9IrjPeNitnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjhlYzljY2Q2ZDg2MWY1ZjFhZmRhZDAwNDZmMzNjOTEw
M2JhMDYwHhcNMjUwODIzMDAxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzA2NGU0ZTU2YTVhODRhOTZlN2YyZWMwN2ZkYjFjZDRiZGMyYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8uxLbVJvDJuQCdGjEGdjfHBSHfr
CfsWtg1qiqhVopWH71xaRNqY+XK6cDsIMsyR+ySz43sf4END4tKBu8udwIh+k0P8
uXvz04jcEqTp4+OpDLQs+MjYn96i1GYT5jIoIgKZfTig0NPXO/sYMoziKgt45Im4
sqlEAZLOIBQ9oriWYj4/pKmDZUurGpzN/nER/P4Ry72RufhLjYVIpcH6RpXz84Xs
nbuw9ZCxtixjbn68QM4fef6prn98fMwAWU7K1ttnpT9VK79vfExN7vQ4f6UUAWBX
5Ytze9tt6KnOAEcvFGnmrnj2QY6tUQgwn8GcwWV2DL4AO59XUhyJYx3XjQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFCMGTk5WpahKlufy7Af9sc1L3CsCMB8GA1UdIwQY
MBaAFHAo7JzNbYYfXxr9rQBG8zyRA7oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAt
Y2NkZDA2NTYzYTVmLzEvSXdaT1RsYWxxRXFXNV9Mc0JfMnh6VXZjS3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAtY2NkZDA2NTYzYTVm
LzEvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwAFvwME
BAW/4AMEBNmosDANBgkqhkiG9w0BAQsFAAOCAQEANK+At1rVVSsxmlHCkuOS+C9t
KZVaQgLRaMPW94vTe5+kIOMZrqd5RE8So69y7oTZ4GX9KZn3F5VdZoW8gRmt/OxU
EJFPqG89rfU1bcKlzDMNGlEpPzt4gGtn9glCUCr/NF2GJuUra/k/HiwHmI4ypFs5
QqCqmc6h9DlOKW8OtRGoShHWIcUUMuYApxWgiYv423MIt/AkwDD2FH677jxTJbuw
Y7h1glB8N/kqH/9LO75RdGI8Eb8mCM8gMFGCDgUN+4YIHTSUxrHrNU4tTmV322Zr
ITlcUoxV7HcE9n1kNXTKUMAnffJ7DosxCs0phNfi0tUvS9CvTPLrp3xGMxtquA==
-----END CERTIFICATE-----
Generated at Sat Aug 23 19:25:51 2025 by rpki-client