Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Lighzl11JbBfTq6Hi5vG8FTdoKM.roa
File: Lighzl11JbBfTq6Hi5vG8FTdoKM.roa (raw, json)
Hash identifier: YkC57EBEFbPtoZkLYXdNklRtxOaICvmsfIL0Y9fWfJ0=
Subject key identifier: 2E:28:21:CE:5D:75:25:B0:5F:4E:AE:87:8B:9B:C6:F0:54:DD:A0:A3
Certificate issuer: /CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Certificate serial: 0199763D2932FACB87FE98F3FE5F0218A971
Authority key identifier: EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Lighzl11JbBfTq6Hi5vG8FTdoKM.roa
Signing time: Tue 23 Sep 2025 11:02:23 +0000
ROA not before: Tue 23 Sep 2025 11:02:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15954
IP address blocks: 31.24.120.0/21 maxlen: 21
31.47.72.0/21 maxlen: 21
37.247.120.0/21 maxlen: 21
91.216.219.0/24 maxlen: 24
185.49.184.0/22 maxlen: 22
185.57.196.0/22 maxlen: 22
185.66.72.0/24 maxlen: 24
185.66.73.0/24 maxlen: 24
185.66.74.0/24 maxlen: 24
185.203.224.0/22 maxlen: 22
193.247.194.0/24 maxlen: 24
194.176.119.0/24 maxlen: 24
217.18.32.0/20 maxlen: 20
2a01:a940::/32 maxlen: 32
2a01:a941::/32 maxlen: 32
2a01:a942::/32 maxlen: 32
2a02:2810::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:76:3d:29:32:fa:cb:87:fe:98:f3:fe:5f:02:18:a9:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Validity
Not Before: Sep 23 11:02:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2e2821ce5d7525b05f4eae878b9bc6f054dda0a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:8c:e0:67:57:68:2e:f8:1b:3d:d7:0e:93:48:
61:9a:01:c5:c4:11:23:af:66:5e:0c:ef:98:3c:d2:
21:b3:7e:9e:24:70:ca:35:c6:b3:65:5d:f3:7f:c6:
29:39:ee:aa:12:3d:0f:3f:3a:ed:0f:2a:c5:2d:4a:
26:46:c9:1e:c1:b7:15:99:c6:b8:a2:ca:83:e9:0b:
5a:a9:60:69:13:dc:f3:52:a3:e4:98:0a:36:4c:89:
3a:7b:54:4b:b1:57:6a:08:e4:d1:9a:b2:cd:d7:7f:
94:39:1b:fe:d3:26:72:c0:7a:97:e2:b1:b0:09:2f:
57:e3:34:be:ad:59:b4:a6:b6:95:73:75:e7:ee:4f:
b6:d5:19:e8:2c:c9:5c:ee:30:7f:8b:db:05:59:3a:
33:33:7e:24:4d:7d:ed:f9:22:0c:f7:a5:cd:ad:dc:
ff:54:b1:3c:b8:ff:2d:b2:15:5c:5e:bf:c5:a1:57:
a3:55:b6:76:6f:57:24:2b:4d:44:e8:f3:33:0d:8e:
f7:25:5e:5e:8e:ff:b7:bf:72:51:14:24:b2:b9:b9:
02:5c:61:ac:99:23:81:aa:ad:31:37:6c:cf:05:7b:
c5:84:dd:a9:af:02:5e:ef:61:32:aa:c4:cd:1d:88:
92:be:d9:6b:ac:7f:46:67:3c:b5:f5:d0:7a:84:55:
53:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:28:21:CE:5D:75:25:B0:5F:4E:AE:87:8B:9B:C6:F0:54:DD:A0:A3
X509v3 Authority Key Identifier:
keyid:EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Lighzl11JbBfTq6Hi5vG8FTdoKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.120.0/21
31.47.72.0/21
37.247.120.0/21
91.216.219.0/24
185.49.184.0/22
185.57.196.0/22
185.66.72.0-185.66.74.255
185.203.224.0/22
193.247.194.0/24
194.176.119.0/24
217.18.32.0/20
IPv6:
2a01:a940::-2a01:a942:ffff:ffff:ffff:ffff:ffff:ffff
2a02:2810::/32
Signature Algorithm: sha256WithRSAEncryption
11:38:da:9a:19:04:f7:13:8e:9a:38:1c:6c:94:ab:34:56:94:
03:54:d1:46:2f:17:52:4c:33:a7:e3:73:7d:e2:3f:1a:e5:85:
6f:6e:23:c6:c1:15:9f:16:a7:4c:5a:d8:6a:24:19:c8:6d:5d:
4e:3e:5e:37:36:dc:cc:4f:09:84:41:73:b4:04:69:5f:b7:e2:
25:47:6c:5a:18:07:f3:ef:57:f3:84:d9:d3:d3:cf:5e:1f:d0:
e4:b4:07:d9:a7:74:08:a2:39:8c:34:63:b9:06:0f:17:37:ec:
0e:d2:77:c2:a2:0e:8a:32:28:4f:be:b4:29:54:6e:a2:66:c0:
8f:36:f0:a2:3a:51:cd:9a:8c:10:b5:63:e9:27:a0:7e:71:67:
57:9f:af:ec:41:d2:3e:22:a8:12:b5:77:fb:e4:96:bd:11:ef:
f3:98:2f:8b:37:d1:ed:05:87:88:af:3e:16:81:94:10:bb:8a:
b0:74:f0:f2:73:16:d0:2f:be:d5:63:03:79:78:8b:39:79:ac:
8c:ea:9d:d1:c3:7b:af:74:b4:42:88:78:08:52:94:34:85:0d:
39:f5:97:8f:41:35:6e:dd:d6:04:61:4e:db:09:f0:34:56:72:
c0:d1:e4:b1:b1:4e:64:e1:0a:18:24:9d:c7:1c:b6:d1:3a:0c:
68:8b:04:4a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZl2PSky+suH/pjz/l8CGKlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGY3ODk0NzM0MWNlNTU4ODhiN2ViZjM2OTAxNDNiMGNi
ZmYzZDYwHhcNMjUwOTIzMTEwMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTI4MjFjZTVkNzUyNWIwNWY0ZWFlODc4YjliYzZmMDU0ZGRhMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYzgZ1doLvgbPdcOk0hhmgHFxBEj
r2ZeDO+YPNIhs36eJHDKNcazZV3zf8YpOe6qEj0PPzrtDyrFLUomRskewbcVmca4
osqD6QtaqWBpE9zzUqPkmAo2TIk6e1RLsVdqCOTRmrLN13+UORv+0yZywHqX4rGw
CS9X4zS+rVm0praVc3Xn7k+21RnoLMlc7jB/i9sFWTozM34kTX3t+SIM96XNrdz/
VLE8uP8tshVcXr/FoVejVbZ2b1ckK01E6PMzDY73JV5ejv+3v3JRFCSyubkCXGGs
mSOBqq0xN2zPBXvFhN2prwJe72EyqsTNHYiSvtlrrH9GZzy19dB6hFVTiQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFC4oIc5ddSWwX06uh4ubxvBU3aCjMB8GA1UdIwQY
MBaAFO9PeJRzQc5ViIt+vzaQFDsMv/PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAt
OWJhYTY2Y2ExNDA0LzEvTGlnaHpsMTFKYkJmVHE2SGk1dkc4RlRkb0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAtOWJhYTY2Y2ExNDA0
LzEvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwUAQCAAEwSgMEAx8YeAME
Ax8vSAMEAyX3eAMEAFvY2wMEArkxuAMEArk5xDAMAwQDuUJIAwQAuUJKAwQCucvg
AwQAwffCAwQAwrB3AwQE2RIgMB0EAgACMBcwDgMFBioBqUADBQAqAalCAwUAKgIo
EDANBgkqhkiG9w0BAQsFAAOCAQEAETjamhkE9xOOmjgcbJSrNFaUA1TRRi8XUkwz
p+NzfeI/GuWFb24jxsEVnxanTFrYaiQZyG1dTj5eNzbczE8JhEFztARpX7fiJUds
WhgH8+9X84TZ09PPXh/Q5LQH2ad0CKI5jDRjuQYPFzfsDtJ3wqIOijIoT760KVRu
ombAjzbwojpRzZqMELVj6SegfnFnV5+v7EHSPiKoErV3++SWvRHv85gvizfR7QWH
iK8+FoGUELuKsHTw8nMW0C++1WMDeXiLOXmsjOqd0cN7r3S0Qoh4CFKUNIUNOfWX
j0E1bt3WBGFO2wnwNFZywNHksbFOZOEKGCSdxxy20ToMaIsESg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 21:09:13 2025 by rpki-client