Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/vUAfXYF9TFNLnOrzGOBoj2EvRGM.roa
File: vUAfXYF9TFNLnOrzGOBoj2EvRGM.roa (raw, json)
Hash identifier: qsEDepbRFwFuvWf4t9/SaCwgVj17b+21naMELXmYJ28=
Subject key identifier: BD:40:1F:5D:81:7D:4C:53:4B:9C:EA:F3:18:E0:68:8F:61:2F:44:63
Certificate issuer: /CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Certificate serial: 01993D2010248CBC35317F8006596E0A01D4
Authority key identifier: 70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/vUAfXYF9TFNLnOrzGOBoj2EvRGM.roa
Signing time: Fri 12 Sep 2025 08:52:15 +0000
ROA not before: Fri 12 Sep 2025 08:52:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31721
IP address blocks: 5.191.0.0/20 maxlen: 20
5.191.16.0/20 maxlen: 20
5.191.32.0/20 maxlen: 20
5.191.33.0/24 maxlen: 24
5.191.34.0/24 maxlen: 24
5.191.48.0/20 maxlen: 20
5.191.64.0/20 maxlen: 20
5.191.80.0/20 maxlen: 20
5.191.90.0/24 maxlen: 24
5.191.96.0/20 maxlen: 20
5.191.100.0/24 maxlen: 24
5.191.101.0/24 maxlen: 24
5.191.102.0/24 maxlen: 24
5.191.103.0/24 maxlen: 24
5.191.104.0/24 maxlen: 24
5.191.105.0/24 maxlen: 24
5.191.106.0/24 maxlen: 24
5.191.107.0/24 maxlen: 24
5.191.108.0/24 maxlen: 24
5.191.109.0/24 maxlen: 24
5.191.110.0/24 maxlen: 24
5.191.111.0/24 maxlen: 24
5.191.112.0/20 maxlen: 20
5.191.112.0/24 maxlen: 24
5.191.113.0/24 maxlen: 24
5.191.114.0/24 maxlen: 24
5.191.115.0/24 maxlen: 24
5.191.116.0/24 maxlen: 24
5.191.117.0/24 maxlen: 24
5.191.118.0/24 maxlen: 24
5.191.119.0/24 maxlen: 24
5.191.120.0/24 maxlen: 24
5.191.121.0/24 maxlen: 24
5.191.122.0/24 maxlen: 24
5.191.123.0/24 maxlen: 24
5.191.124.0/24 maxlen: 24
5.191.125.0/24 maxlen: 24
5.191.126.0/24 maxlen: 24
5.191.127.0/24 maxlen: 24
5.191.128.0/20 maxlen: 20
5.191.128.0/24 maxlen: 24
5.191.129.0/24 maxlen: 24
5.191.130.0/24 maxlen: 24
5.191.131.0/24 maxlen: 24
5.191.132.0/24 maxlen: 24
5.191.133.0/24 maxlen: 24
5.191.134.0/24 maxlen: 24
5.191.135.0/24 maxlen: 24
5.191.136.0/24 maxlen: 24
5.191.137.0/24 maxlen: 24
5.191.138.0/24 maxlen: 24
5.191.139.0/24 maxlen: 24
5.191.140.0/24 maxlen: 24
5.191.141.0/24 maxlen: 24
5.191.142.0/24 maxlen: 24
5.191.144.0/20 maxlen: 20
5.191.160.0/20 maxlen: 20
5.191.176.0/20 maxlen: 20
5.191.191.0/24 maxlen: 24
5.191.192.0/20 maxlen: 20
5.191.208.0/20 maxlen: 20
5.191.208.0/24 maxlen: 24
5.191.224.0/20 maxlen: 20
217.168.176.0/20 maxlen: 20
217.168.176.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.mft
rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:3d:20:10:24:8c:bc:35:31:7f:80:06:59:6e:0a:01:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7028ec9ccd6d861f5f1afdad0046f33c9103ba06
Validity
Not Before: Sep 12 08:52:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bd401f5d817d4c534b9ceaf318e0688f612f4463
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:f5:74:5a:1d:e1:3b:2a:87:6e:45:d9:11:06:
2e:72:4f:00:f9:86:3f:2e:d2:b6:37:61:ae:dc:63:
7e:cd:dc:22:b9:43:fc:aa:ee:39:f1:ef:0c:c7:3b:
cd:e3:6a:d5:6f:6e:c2:3e:1c:25:1f:99:d1:e6:ec:
bd:de:04:4e:ec:e0:0c:4f:75:38:d5:01:b6:78:0b:
0f:1f:04:68:e7:4c:f6:c1:5e:5f:ef:1b:0b:e9:21:
4b:6d:79:c1:aa:37:c2:8a:a2:26:d7:3c:d8:e4:e7:
ba:cf:ef:90:a9:8b:1b:a3:9f:63:07:40:96:47:2f:
62:f7:36:5c:33:49:f1:4d:83:42:23:a4:db:1b:00:
48:ac:29:b9:c3:79:65:8d:4c:fd:e7:35:2e:b9:9c:
96:8b:70:ed:ff:75:89:92:b4:61:d3:0c:4e:e5:95:
2f:30:f8:43:e4:57:04:c4:6e:f1:41:5a:90:72:fc:
42:cc:c4:dc:2c:9e:7c:33:75:89:2d:10:84:01:13:
1e:e9:ba:ae:f1:90:25:7e:64:3b:1d:1c:ac:42:e0:
a3:68:33:b7:41:2c:5b:68:d4:91:60:d5:96:e1:5b:
83:44:79:ba:9a:63:11:77:e9:71:b4:70:59:dd:10:
e0:4c:b1:dd:07:dd:c1:52:1b:5d:ec:cc:8c:b5:96:
ea:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:40:1F:5D:81:7D:4C:53:4B:9C:EA:F3:18:E0:68:8F:61:2F:44:63
X509v3 Authority Key Identifier:
keyid:70:28:EC:9C:CD:6D:86:1F:5F:1A:FD:AD:00:46:F3:3C:91:03:BA:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCjsnM1thh9fGv2tAEbzPJEDugY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/vUAfXYF9TFNLnOrzGOBoj2EvRGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/3c3154-7803-4ec6-bf70-ccdd06563a5f/1/cCjsnM1thh9fGv2tAEbzPJEDugY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.191.0.0-5.191.239.255
217.168.176.0/20
Signature Algorithm: sha256WithRSAEncryption
99:bf:9a:60:9e:72:11:ec:8a:23:b2:cf:b0:1d:f9:f2:c2:a2:
81:63:fc:a8:a3:58:6b:24:81:c9:cb:df:b3:10:75:bb:63:e2:
49:73:fd:8c:1a:57:cd:5e:63:24:6e:e7:59:47:39:20:33:a0:
9e:11:27:7e:df:e6:c6:41:6f:7b:ab:7f:79:5e:3a:ab:2f:15:
2e:85:d2:0f:e1:8e:0d:92:4a:28:9c:3b:21:f2:0c:cb:dd:bb:
3d:e1:04:ef:f5:cd:32:97:e5:ea:5a:78:03:05:2e:90:78:44:
51:0f:25:74:7b:ff:fe:51:4a:33:b9:af:fc:f1:40:6c:9f:ae:
10:8a:2f:1b:d5:3b:e7:b5:f6:42:6c:70:ac:2f:e1:29:6e:39:
74:f3:8c:5e:b6:3b:5f:d6:15:3f:54:69:20:bc:86:e5:b4:14:
a3:73:f2:b5:d2:99:95:49:69:40:bf:3b:a4:3a:c6:2c:4b:55:
4c:3b:a5:65:eb:86:59:ec:2d:ea:ee:84:a9:ef:6a:07:e5:10:
8b:e1:65:93:cc:40:d9:4f:2c:1e:e6:2c:ac:18:8c:9d:a0:36:
fd:8e:47:ad:4f:34:06:95:ea:c1:04:d5:ba:38:38:fd:37:85:
a3:cc:f6:ba:f1:d7:ed:78:ee:0a:2d:90:e4:12:33:0c:6c:61:
8d:04:68:6e
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZk9IBAkjLw1MX+ABlluCgHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjhlYzljY2Q2ZDg2MWY1ZjFhZmRhZDAwNDZmMzNjOTEw
M2JhMDYwHhcNMjUwOTEyMDg1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQwMWY1ZDgxN2Q0YzUzNGI5Y2VhZjMxOGUwNjg4ZjYxMmY0NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/V0Wh3hOyqHbkXZEQYuck8A+YY/
LtK2N2Gu3GN+zdwiuUP8qu458e8MxzvN42rVb27CPhwlH5nR5uy93gRO7OAMT3U4
1QG2eAsPHwRo50z2wV5f7xsL6SFLbXnBqjfCiqIm1zzY5Oe6z++QqYsbo59jB0CW
Ry9i9zZcM0nxTYNCI6TbGwBIrCm5w3lljUz95zUuuZyWi3Dt/3WJkrRh0wxO5ZUv
MPhD5FcExG7xQVqQcvxCzMTcLJ58M3WJLRCEARMe6bqu8ZAlfmQ7HRysQuCjaDO3
QSxbaNSRYNWW4VuDRHm6mmMRd+lxtHBZ3RDgTLHdB93BUhtd7MyMtZbqWwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFL1AH12BfUxTS5zq8xjgaI9hL0RjMB8GA1UdIwQY
MBaAFHAo7JzNbYYfXxr9rQBG8zyRA7oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAt
Y2NkZDA2NTYzYTVmLzEvdlVBZlhZRjlURk5Mbk9yekdPQm9qMkV2UkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zYzMxNTQtNzgwMy00ZWM2LWJmNzAtY2NkZDA2NTYzYTVm
LzEvY0Nqc25NMXRoaDlmR3YydEFFYnpQSkVEdWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwAFvwME
BAW/4AMEBNmosDANBgkqhkiG9w0BAQsFAAOCAQEAmb+aYJ5yEeyKI7LPsB358sKi
gWP8qKNYaySBycvfsxB1u2PiSXP9jBpXzV5jJG7nWUc5IDOgnhEnft/mxkFve6t/
eV46qy8VLoXSD+GODZJKKJw7IfIMy927PeEE7/XNMpfl6lp4AwUukHhEUQ8ldHv/
/lFKM7mv/PFAbJ+uEIovG9U757X2QmxwrC/hKW45dPOMXrY7X9YVP1RpILyG5bQU
o3PytdKZlUlpQL87pDrGLEtVTDulZeuGWewt6u6Eqe9qB+UQi+Flk8xA2U8sHuYs
rBiMnaA2/Y5HrU80BpXqwQTVujg4/TeFo8z2uvHX7XjuCi2Q5BIzDGxhjQRobg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:47:22 2025 by rpki-client