Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iZZY-ElpRtTwXPdDESFhwVNhB-k.roa
File: iZZY-ElpRtTwXPdDESFhwVNhB-k.roa (raw, json)
Hash identifier: 9UCqiMX0/JQLQj/xb8WOo+26Eh6Bicp2rkXoCGyVUtQ=
Subject key identifier: 89:96:58:F8:49:69:46:D4:F0:5C:F7:43:11:21:61:C1:53:61:07:E9
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0199607A2D83422BAE087F6640A6DCAB8E33
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iZZY-ElpRtTwXPdDESFhwVNhB-k.roa
Signing time: Fri 19 Sep 2025 05:37:23 +0000
ROA not before: Fri 19 Sep 2025 05:37:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 163.5.86.0/24 maxlen: 24
163.5.111.0/24 maxlen: 24
163.5.142.0/24 maxlen: 24
163.5.155.0/24 maxlen: 24
163.5.156.0/24 maxlen: 24
163.5.170.0/24 maxlen: 24
163.5.177.0/24 maxlen: 24
163.5.219.0/24 maxlen: 24
163.5.230.0/24 maxlen: 24
163.5.242.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:60:7a:2d:83:42:2b:ae:08:7f:66:40:a6:dc:ab:8e:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Sep 19 05:37:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=899658f8496946d4f05cf743112161c1536107e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ab:f8:28:95:b0:19:9f:e9:5e:9b:c3:84:96:
2f:3f:da:a2:2b:92:d0:3f:96:12:ea:ab:a8:42:83:
e5:97:f3:b7:1f:73:1a:65:f2:6b:01:fc:af:5a:eb:
47:62:17:3b:f2:05:5c:1a:6f:19:a5:f8:d3:1d:98:
ea:c7:ea:3c:7b:3f:e1:58:1d:98:55:37:50:dc:be:
d9:fd:fc:5d:de:23:a1:24:c6:82:95:c6:04:3f:aa:
51:d9:39:c1:18:e4:40:5e:7d:16:42:6e:20:11:ae:
14:7a:c2:a3:63:a0:e1:73:f3:69:a0:e9:d0:5b:09:
70:7a:8f:51:3e:75:57:76:54:8f:1a:9c:5d:92:a6:
4a:04:4c:29:d3:b6:a7:e6:b0:5e:b5:f7:78:8a:d7:
19:25:f1:e0:14:2c:f7:1f:f1:48:e7:92:00:5b:71:
5d:5c:21:8e:b4:47:b8:dd:56:5c:f6:56:6e:6a:cb:
44:79:8d:9d:ce:6e:2e:7f:f3:40:79:bd:7e:5f:b8:
77:d5:0d:aa:4f:0b:ff:03:63:e5:e6:e0:e5:b0:7e:
0f:ef:ed:fd:c5:8f:72:3f:5b:75:e6:51:1a:00:94:
e2:2a:5d:5b:3b:63:26:0c:90:72:1f:92:d0:ef:de:
15:5e:ce:39:73:ee:cc:37:12:72:9b:2d:93:f5:ae:
63:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:96:58:F8:49:69:46:D4:F0:5C:F7:43:11:21:61:C1:53:61:07:E9
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/iZZY-ElpRtTwXPdDESFhwVNhB-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.86.0/24
163.5.111.0/24
163.5.142.0/24
163.5.155.0-163.5.156.255
163.5.170.0/24
163.5.177.0/24
163.5.219.0/24
163.5.230.0/24
163.5.242.0/24
Signature Algorithm: sha256WithRSAEncryption
72:43:03:29:20:68:dc:56:f8:a3:57:8e:0f:8c:d8:a0:b2:03:
69:3f:23:bf:eb:a0:b9:0c:5e:03:0d:c0:e2:17:ca:1d:57:21:
d4:7d:f5:0b:e0:b7:ec:79:75:e7:5e:c1:04:bc:84:d4:79:e5:
e5:75:52:ba:9a:34:1a:c3:82:5b:15:36:0e:13:0a:dc:1d:6d:
68:2c:53:bb:0b:29:8a:f8:b3:a6:49:49:73:30:8d:c0:b5:77:
87:4c:17:eb:2e:7b:21:dc:e1:5d:83:5f:15:75:4c:d1:22:84:
52:bf:c8:4a:95:b3:00:40:c0:58:0f:6f:ef:de:25:02:8c:fd:
02:99:20:a4:89:c2:4e:25:f8:2c:1a:24:57:45:00:fd:d9:11:
06:7b:61:74:ba:e1:5e:df:0d:76:80:16:00:76:29:2d:e4:b2:
69:22:72:66:25:40:b5:4a:84:f1:4d:f8:54:11:50:c7:ae:d6:
31:ab:24:87:cb:ea:2f:30:c0:87:37:ee:23:41:56:f8:25:f7:
d4:2c:5c:5b:c4:82:5f:41:90:47:51:31:5a:5c:6d:5b:87:01:
0e:1a:84:f7:c8:26:60:61:81:15:70:74:d5:73:b8:b4:7a:d6:
f8:fb:41:71:88:df:b7:64:b9:e2:f8:60:ba:e8:68:0e:67:db:
ea:fd:02:ba
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZlgei2DQiuuCH9mQKbcq44zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwOTE5MDUzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTk2NThmODQ5Njk0NmQ0ZjA1Y2Y3NDMxMTIxNjFjMTUzNjEwN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6v4KJWwGZ/pXpvDhJYvP9qiK5LQ
P5YS6quoQoPll/O3H3MaZfJrAfyvWutHYhc78gVcGm8ZpfjTHZjqx+o8ez/hWB2Y
VTdQ3L7Z/fxd3iOhJMaClcYEP6pR2TnBGORAXn0WQm4gEa4UesKjY6Dhc/NpoOnQ
Wwlweo9RPnVXdlSPGpxdkqZKBEwp07an5rBetfd4itcZJfHgFCz3H/FI55IAW3Fd
XCGOtEe43VZc9lZuastEeY2dzm4uf/NAeb1+X7h31Q2qTwv/A2Pl5uDlsH4P7+39
xY9yP1t15lEaAJTiKl1bO2MmDJByH5LQ794VXs45c+7MNxJymy2T9a5jyQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFImWWPhJaUbU8Fz3QxEhYcFTYQfpMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvaVpaWS1FbHBSdFR3WFBkREVTRmh3Vk5oQi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowVWAwQA
owVvAwQAowWOMAwDBACjBZsDBACjBZwDBACjBaoDBACjBbEDBACjBdsDBACjBeYD
BACjBfIwDQYJKoZIhvcNAQELBQADggEBAHJDAykgaNxW+KNXjg+M2KCyA2k/I7/r
oLkMXgMNwOIXyh1XIdR99Qvgt+x5dedewQS8hNR55eV1UrqaNBrDglsVNg4TCtwd
bWgsU7sLKYr4s6ZJSXMwjcC1d4dMF+sueyHc4V2DXxV1TNEihFK/yEqVswBAwFgP
b+/eJQKM/QKZIKSJwk4l+CwaJFdFAP3ZEQZ7YXS64V7fDXaAFgB2KS3ksmkicmYl
QLVKhPFN+FQRUMeu1jGrJIfL6i8wwIc37iNBVvgl99QsXFvEgl9BkEdRMVpcbVuH
AQ4ahPfIJmBhgRVwdNVzuLR61vj7QXGI37dkueL4YLroaA5n2+r9Aro=
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:31:19 2025 by rpki-client