Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/TTyBFlONzzXm0ptuP31bT9pIB5A.roa
File: TTyBFlONzzXm0ptuP31bT9pIB5A.roa (raw, json)
Hash identifier: zH1LUEGdx1jyJvNkyIxUsXv1WR3LtQqIOtsInn9MhZY=
Subject key identifier: 4D:3C:81:16:53:8D:CF:35:E6:D2:9B:6E:3F:7D:5B:4F:DA:48:07:90
Certificate issuer: /CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Certificate serial: 0198C7CB456040A434B883C6D8F7816DD075
Authority key identifier: D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/TTyBFlONzzXm0ptuP31bT9pIB5A.roa
Signing time: Wed 20 Aug 2025 14:04:04 +0000
ROA not before: Wed 20 Aug 2025 14:04:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49544
IP address blocks: 5.180.216.0/23 maxlen: 23
5.180.218.0/23 maxlen: 23
5.200.0.0/19 maxlen: 24
31.204.128.0/19 maxlen: 24
31.204.132.0/22 maxlen: 22
31.204.136.0/23 maxlen: 23
31.204.140.0/22 maxlen: 22
31.204.144.0/24 maxlen: 24
31.204.156.0/23 maxlen: 23
89.104.168.0/23 maxlen: 23
89.104.170.0/23 maxlen: 23
89.104.172.0/22 maxlen: 22
89.104.176.0/23 maxlen: 23
89.104.178.0/23 maxlen: 23
91.195.234.0/23 maxlen: 23
91.198.152.0/24 maxlen: 24
91.216.207.0/24 maxlen: 24
104.153.84.0/22 maxlen: 22
109.200.192.0/19 maxlen: 24
109.200.194.0/23 maxlen: 23
109.200.208.0/22 maxlen: 22
138.128.136.0/22 maxlen: 22
138.128.140.0/22 maxlen: 22
146.247.76.0/22 maxlen: 22
162.244.52.0/22 maxlen: 23
162.245.204.0/22 maxlen: 22
185.41.140.0/22 maxlen: 22
185.50.104.0/22 maxlen: 22
185.52.12.0/22 maxlen: 24
185.179.200.0/23 maxlen: 24
185.179.202.0/23 maxlen: 24
185.197.24.0/22 maxlen: 23
188.122.64.0/19 maxlen: 24
193.43.218.0/23 maxlen: 23
212.19.224.0/22 maxlen: 22
213.163.64.0/19 maxlen: 24
213.179.192.0/19 maxlen: 19
213.179.192.0/22 maxlen: 22
213.179.196.0/22 maxlen: 22
213.179.200.0/22 maxlen: 22
213.179.204.0/22 maxlen: 22
213.179.209.0/24 maxlen: 24
213.179.210.0/23 maxlen: 23
213.179.212.0/22 maxlen: 22
213.179.216.0/22 maxlen: 22
213.179.220.0/23 maxlen: 23
2a00:1630::/29 maxlen: 32
2a00:1630::/32 maxlen: 48
2a00:1631::/32 maxlen: 32
2a00:1632::/32 maxlen: 32
2a00:1637::/32 maxlen: 32
2a00:1d20::/29 maxlen: 32
2a00:1d20::/34 maxlen: 34
2a00:1d20:4000::/34 maxlen: 34
2a00:1d26::/32 maxlen: 34
2a01:9580::/32 maxlen: 34
2a01:9580:c000::/34 maxlen: 34
2a04:c600::/29 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.mft
rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c7:cb:45:60:40:a4:34:b8:83:c6:d8:f7:81:6d:d0:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Validity
Not Before: Aug 20 14:04:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d3c8116538dcf35e6d29b6e3f7d5b4fda480790
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a0:1e:18:fe:e1:44:1b:99:8b:2d:87:54:ed:
44:91:d5:c0:a4:2f:cc:b4:16:1a:96:16:8c:b7:61:
d0:0f:c9:85:9d:67:2c:33:30:ad:59:74:88:9b:5a:
c7:b7:44:26:96:c5:ba:d9:32:d0:72:f7:19:3a:e3:
e8:65:90:43:f3:34:57:89:16:7d:07:f8:b6:8e:ef:
17:b1:7c:d7:d3:04:bf:26:74:8f:77:df:db:a9:58:
7f:5a:d3:fc:a6:63:68:46:98:be:73:9e:e2:be:2c:
24:fb:3d:7a:ce:3a:ee:1f:46:12:f9:4b:52:f1:b5:
bb:50:0c:38:02:81:8f:8d:77:51:59:5c:07:80:b1:
5b:6e:bd:f9:32:8e:59:4f:10:0b:51:6a:df:6f:25:
af:b7:0f:17:35:a5:0c:05:1c:84:95:e7:f2:5f:55:
2c:9d:ef:88:c6:fd:2b:5b:9f:c8:f0:f2:12:3b:2f:
51:fc:06:c3:32:cd:f4:16:f2:18:96:6f:27:b2:79:
8b:49:97:de:2d:34:6a:da:c4:dd:be:71:57:4b:3b:
21:ad:e8:ec:c7:2b:1d:a3:fe:c6:2f:dc:f0:35:26:
d4:0d:1f:7a:c9:ca:c8:6f:91:27:a2:9a:3c:f2:7b:
ca:d8:64:1c:38:91:5e:aa:fd:65:1b:81:5a:68:63:
e6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:3C:81:16:53:8D:CF:35:E6:D2:9B:6E:3F:7D:5B:4F:DA:48:07:90
X509v3 Authority Key Identifier:
keyid:D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/TTyBFlONzzXm0ptuP31bT9pIB5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.216.0/22
5.200.0.0/19
31.204.128.0/19
89.104.168.0-89.104.179.255
91.195.234.0/23
91.198.152.0/24
91.216.207.0/24
104.153.84.0/22
109.200.192.0/19
138.128.136.0/21
146.247.76.0/22
162.244.52.0/22
162.245.204.0/22
185.41.140.0/22
185.50.104.0/22
185.52.12.0/22
185.179.200.0/22
185.197.24.0/22
188.122.64.0/19
193.43.218.0/23
212.19.224.0/22
213.163.64.0/19
213.179.192.0/19
IPv6:
2a00:1630::/29
2a00:1d20::/29
2a01:9580::/32
2a04:c600::/29
Signature Algorithm: sha256WithRSAEncryption
5f:6b:46:1c:b5:6e:b7:e4:78:53:01:87:e7:7d:b1:36:9f:1d:
97:c5:5d:f0:80:3b:74:d6:49:67:cd:0c:d9:95:ba:6e:0b:fe:
ae:30:09:ac:6c:ec:77:5e:75:c3:11:93:e9:7b:66:e6:d2:b3:
9c:fa:59:09:e2:aa:b6:5f:9a:8d:d1:c1:96:70:06:d0:1a:2d:
58:ff:c0:36:20:bc:8e:c0:77:03:44:ea:be:e9:cd:5a:59:9d:
82:b1:09:61:6c:0f:87:6b:29:5d:85:ea:74:80:64:d4:6b:db:
b8:32:bd:27:d7:b3:03:d1:d2:2c:9f:d9:3e:60:87:41:a7:3f:
9b:95:2b:c1:66:db:60:6e:22:bb:8f:08:c5:56:9d:fa:99:86:
f5:00:8a:cd:11:dd:93:08:05:b5:4a:b7:9d:51:58:b2:16:aa:
ae:a8:74:75:11:70:04:a7:5d:7e:79:48:00:12:ea:a9:d4:5b:
12:6f:43:76:a4:dd:bf:df:8a:cb:fb:4d:a0:61:c3:d2:b9:24:
60:17:57:f3:ed:b5:00:44:9f:41:76:c5:a7:95:8c:bb:b8:85:
4e:b5:d9:e6:57:6e:96:52:76:28:a1:f0:41:ea:45:d3:15:33:
1f:bb:9a:ea:9d:cb:23:b2:ec:21:60:69:aa:26:09:a7:d5:f5:
bd:e5:b3:67
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAZjHy0VgQKQ0uIPG2PeBbdB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTcwM2RiMzAyMGNjMWVmMmZkNzEwOTFhNDY4ZjRhNjQ5
YzIzOGYwHhcNMjUwODIwMTQwNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDNjODExNjUzOGRjZjM1ZTZkMjliNmUzZjdkNWI0ZmRhNDgwNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKAeGP7hRBuZiy2HVO1EkdXApC/M
tBYalhaMt2HQD8mFnWcsMzCtWXSIm1rHt0QmlsW62TLQcvcZOuPoZZBD8zRXiRZ9
B/i2ju8XsXzX0wS/JnSPd9/bqVh/WtP8pmNoRpi+c57iviwk+z16zjruH0YS+UtS
8bW7UAw4AoGPjXdRWVwHgLFbbr35Mo5ZTxALUWrfbyWvtw8XNaUMBRyElefyX1Us
ne+Ixv0rW5/I8PISOy9R/AbDMs30FvIYlm8nsnmLSZfeLTRq2sTdvnFXSzshrejs
xysdo/7GL9zwNSbUDR96ycrIb5Enopo88nvK2GQcOJFeqv1lG4FaaGPmPQIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFE08gRZTjc815tKbbj99W0/aSAeQMB8GA1UdIwQY
MBaAFNQXA9swIMwe8v1xCRpGj0pknCOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYt
NDhkMzFjNzVmMzFlLzEvVFR5QkZsT056elhtMHB0dVAzMWJUOXBJQjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYtNDhkMzFjNzVmMzFl
LzEvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBmQQCAAEwgZIDBAIF
tNgDBAUFyAADBAUfzIAwDAMEA1loqAMEAllosAMEAVvD6gMEAFvGmAMEAFvYzwME
AmiZVAMEBW3IwAMEA4qAiAMEApL3TAMEAqL0NAMEAqL1zAMEArkpjAMEArkyaAME
Ark0DAMEArmzyAMEArnFGAMEBbx6QAMEAcEr2gMEAtQT4AMEBdWjQAMEBdWzwDAi
BAIAAjAcAwUDKgAWMAMFAyoAHSADBQAqAZWAAwUDKgTGADANBgkqhkiG9w0BAQsF
AAOCAQEAX2tGHLVut+R4UwGH532xNp8dl8Vd8IA7dNZJZ80M2ZW6bgv+rjAJrGzs
d151wxGT6Xtm5tKznPpZCeKqtl+ajdHBlnAG0BotWP/ANiC8jsB3A0TqvunNWlmd
grEJYWwPh2spXYXqdIBk1GvbuDK9J9ezA9HSLJ/ZPmCHQac/m5UrwWbbYG4iu48I
xVad+pmG9QCKzRHdkwgFtUq3nVFYshaqrqh0dRFwBKddfnlIABLqqdRbEm9DdqTd
v9+Ky/tNoGHD0rkkYBdX8+21AESfQXbFp5WMu7iFTrXZ5ldullJ2KKHwQepF0xUz
H7ua6p3LI7LsIWBpqiYJp9X1veWzZw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:02:38 2025 by rpki-client