Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ish05UKX4fVrvzNMO61JWME5e60.roa
File: ish05UKX4fVrvzNMO61JWME5e60.roa (raw, json)
Hash identifier: fxTiebuae7o4USUXNJvSnTZr/R7II3bNdrJaYwaOaWw=
Subject key identifier: 8A:C8:74:E5:42:97:E1:F5:6B:BF:33:4C:3B:AD:49:58:C1:39:7B:AD
Certificate issuer: /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial: 01994D486AF9CD206870A673AFB129281228
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ish05UKX4fVrvzNMO61JWME5e60.roa
Signing time: Mon 15 Sep 2025 12:10:15 +0000
ROA not before: Mon 15 Sep 2025 12:10:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48635
IP address blocks: 2.57.57.0/24 maxlen: 24
5.157.80.0/21 maxlen: 21
31.25.96.0/21 maxlen: 21
31.25.98.0/24 maxlen: 24
31.186.168.0/21 maxlen: 21
46.17.0.0/21 maxlen: 21
62.84.240.0/21 maxlen: 21
62.221.248.0/21 maxlen: 21
62.221.250.0/24 maxlen: 24
77.94.248.0/21 maxlen: 24
79.99.128.0/21 maxlen: 21
91.198.106.0/24 maxlen: 24
91.238.176.0/23 maxlen: 24
92.63.168.0/21 maxlen: 21
92.63.168.0/24 maxlen: 24
93.180.64.0/21 maxlen: 21
93.187.220.0/22 maxlen: 22
109.70.0.0/21 maxlen: 21
109.72.80.0/20 maxlen: 20
109.106.160.0/20 maxlen: 20
109.106.176.0/21 maxlen: 21
128.140.216.0/21 maxlen: 21
145.131.0.0/20 maxlen: 24
145.131.16.0/20 maxlen: 24
145.131.32.0/20 maxlen: 24
176.117.58.0/23 maxlen: 24
185.27.140.0/22 maxlen: 22
185.27.172.0/22 maxlen: 22
185.28.56.0/22 maxlen: 24
185.37.68.0/22 maxlen: 22
185.56.144.0/22 maxlen: 22
185.66.248.0/22 maxlen: 22
185.87.184.0/22 maxlen: 22
185.89.4.0/22 maxlen: 22
185.94.228.0/24 maxlen: 24
185.94.230.0/23 maxlen: 23
185.95.31.0/24 maxlen: 24
185.103.156.0/22 maxlen: 22
185.103.240.0/22 maxlen: 22
185.103.242.0/23 maxlen: 23
185.107.212.0/22 maxlen: 22
185.107.224.0/23 maxlen: 23
185.109.216.0/22 maxlen: 22
185.159.240.0/22 maxlen: 22
185.175.200.0/22 maxlen: 22
185.182.56.0/22 maxlen: 22
185.182.56.0/24 maxlen: 24
185.187.12.0/22 maxlen: 22
185.223.32.0/22 maxlen: 22
185.224.88.0/22 maxlen: 22
185.231.200.0/22 maxlen: 22
185.232.248.0/22 maxlen: 24
193.23.143.0/24 maxlen: 24
193.164.192.0/23 maxlen: 24
194.247.30.0/23 maxlen: 24
195.20.8.0/22 maxlen: 24
195.238.74.0/23 maxlen: 23
2001:678:76c::/48 maxlen: 48
2001:67c:28fc::/48 maxlen: 48
2a00:f10::/29 maxlen: 29
2a00:f60::/32 maxlen: 48
2a00:9b60::/40 maxlen: 48
2a01:b940::/29 maxlen: 29
2a02:2968::/29 maxlen: 29
2a02:40c1::/32 maxlen: 32
2a03:3060::/29 maxlen: 29
2a04:6bc0::/36 maxlen: 36
2a05:1500::/29 maxlen: 29
2a05:1500:600::/40 maxlen: 40
2a06:4040::/29 maxlen: 48
2a0b:7280::/29 maxlen: 29
2a0b:8f80::/29 maxlen: 29
2a0c:84c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4d:48:6a:f9:cd:20:68:70:a6:73:af:b1:29:28:12:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Validity
Not Before: Sep 15 12:10:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ac874e54297e1f56bbf334c3bad4958c1397bad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:ef:b4:a0:ec:dd:b9:c8:98:6e:f5:75:2b:bc:
54:c6:c6:a7:68:3c:11:c2:22:c7:95:47:5b:e5:cf:
1a:f8:6f:6f:a5:84:00:ac:4f:dd:4c:3f:95:1f:49:
94:ec:28:be:27:fa:1c:b8:fd:81:0b:ca:3e:95:34:
66:bf:ec:05:a4:7b:41:ea:7a:6b:c1:75:66:74:1f:
81:ea:30:61:d9:c4:e5:6b:d9:ae:f6:16:88:ed:db:
01:e0:e4:f1:20:e4:e2:23:a3:9c:0d:8b:e7:02:3f:
68:aa:f7:fc:0b:88:27:bf:4a:10:c9:51:7a:f1:35:
3f:dd:3b:12:6a:7f:63:fc:ef:9c:76:ad:a0:f2:f2:
f6:38:cd:3b:32:2e:c7:9a:2a:8d:1f:d8:d4:da:52:
44:ab:bc:81:3c:11:d1:b6:10:1e:00:ba:0c:d5:00:
f2:65:6e:6b:bd:1b:8b:f6:62:cb:a7:7c:52:eb:53:
28:5c:ce:d1:b2:4c:4d:61:f3:c5:2d:5e:93:03:1a:
54:60:7e:28:2c:5e:7a:ad:c6:81:c5:5d:16:15:a7:
4f:81:ef:4b:80:27:9b:d1:c3:91:0e:eb:ec:33:dc:
b2:27:5c:f7:dd:ee:5a:58:07:5b:d3:2d:8f:32:cb:
78:4f:dc:ff:ca:b1:cb:06:e4:95:f2:a8:6c:dd:c0:
1c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:C8:74:E5:42:97:E1:F5:6B:BF:33:4C:3B:AD:49:58:C1:39:7B:AD
X509v3 Authority Key Identifier:
keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ish05UKX4fVrvzNMO61JWME5e60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.57.0/24
5.157.80.0/21
31.25.96.0/21
31.186.168.0/21
46.17.0.0/21
62.84.240.0/21
62.221.248.0/21
77.94.248.0/21
79.99.128.0/21
91.198.106.0/24
91.238.176.0/23
92.63.168.0/21
93.180.64.0/21
93.187.220.0/22
109.70.0.0/21
109.72.80.0/20
109.106.160.0-109.106.183.255
128.140.216.0/21
145.131.0.0-145.131.47.255
176.117.58.0/23
185.27.140.0/22
185.27.172.0/22
185.28.56.0/22
185.37.68.0/22
185.56.144.0/22
185.66.248.0/22
185.87.184.0/22
185.89.4.0/22
185.94.228.0/24
185.94.230.0/23
185.95.31.0/24
185.103.156.0/22
185.103.240.0/22
185.107.212.0/22
185.107.224.0/23
185.109.216.0/22
185.159.240.0/22
185.175.200.0/22
185.182.56.0/22
185.187.12.0/22
185.223.32.0/22
185.224.88.0/22
185.231.200.0/22
185.232.248.0/22
193.23.143.0/24
193.164.192.0/23
194.247.30.0/23
195.20.8.0/22
195.238.74.0/23
IPv6:
2001:678:76c::/48
2001:67c:28fc::/48
2a00:f10::/29
2a00:f60::/32
2a00:9b60::/40
2a01:b940::/29
2a02:2968::/29
2a02:40c1::/32
2a03:3060::/29
2a04:6bc0::/36
2a05:1500::/29
2a06:4040::/29
2a0b:7280::/29
2a0b:8f80::/29
2a0c:84c0::/29
Signature Algorithm: sha256WithRSAEncryption
1d:4b:e8:53:d1:6a:9d:1f:6a:4c:4a:ad:bb:28:c0:3d:ac:07:
7d:e1:95:c9:e9:38:3b:24:6b:2b:27:ef:06:fd:eb:ce:7d:8f:
c0:3f:47:70:87:6c:71:53:a7:63:e6:c6:22:18:68:c1:50:0b:
95:4a:59:ca:b6:da:5b:0f:6a:9b:76:17:ca:83:e7:6e:8e:59:
93:2e:64:1d:3e:d0:01:8a:1b:86:72:cb:f0:ad:de:2c:57:43:
48:89:ce:04:a7:f8:b5:5a:14:e1:d7:7d:c3:0f:53:d9:37:ca:
b9:7b:3a:b2:20:cd:de:f2:c2:3c:56:7c:d5:9b:66:10:4b:56:
88:20:bc:4d:80:4f:25:5c:91:3a:4a:a4:d1:b5:ec:65:25:0a:
45:92:af:11:c0:42:4a:26:ff:f8:df:f1:27:5d:35:d2:a0:d5:
6b:75:54:38:ad:f2:96:ff:ec:c7:78:4f:41:07:ee:c1:be:d9:
a9:3d:2a:34:c8:c2:2e:28:7b:f3:f6:c3:7a:51:6b:ae:09:19:
7c:f7:28:cb:b2:71:ba:15:d1:2f:c7:3b:e9:14:c8:97:84:8d:
3c:52:2c:4f:7f:47:91:8a:2c:48:e2:c1:ad:e5:e0:24:a8:23:
0e:a1:03:51:cd:6f:61:7a:65:c0:f3:42:4d:74:28:cc:58:43:
5d:53:07:77
-----BEGIN CERTIFICATE-----
MIIGrTCCBZWgAwIBAgISAZlNSGr5zSBocKZzr7EpKBIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwOTE1MTIxMDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWM4NzRlNTQyOTdlMWY1NmJiZjMzNGMzYmFkNDk1OGMxMzk3YmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy++0oOzduciYbvV1K7xUxsanaDwR
wiLHlUdb5c8a+G9vpYQArE/dTD+VH0mU7Ci+J/ocuP2BC8o+lTRmv+wFpHtB6npr
wXVmdB+B6jBh2cTla9mu9haI7dsB4OTxIOTiI6OcDYvnAj9oqvf8C4gnv0oQyVF6
8TU/3TsSan9j/O+cdq2g8vL2OM07Mi7HmiqNH9jU2lJEq7yBPBHRthAeALoM1QDy
ZW5rvRuL9mLLp3xS61MoXM7RskxNYfPFLV6TAxpUYH4oLF56rcaBxV0WFadPge9L
gCeb0cORDuvsM9yyJ1z33e5aWAdb0y2PMst4T9z/yrHLBuSV8qhs3cAcYQIDAQAB
o4IDuTCCA7UwHQYDVR0OBBYEFIrIdOVCl+H1a78zTDutSVjBOXutMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvaXNoMDVVS1g0ZlZydnpOTU82MUpXTUU1ZTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBzQYIKwYBBQUHAQcBAf8EggG8MIIBuDCCAT0EAgABMIIB
NQMEAAI5OQMEAwWdUAMEAx8ZYAMEAx+6qAMEAy4RAAMEAz5U8AMEAz7d+AMEA01e
+AMEA09jgAMEAFvGagMEAVvusAMEA1w/qAMEA120QAMEAl273AMEA21GAAMEBG1I
UDAMAwQFbWqgAwQDbWqwAwQDgIzYMAsDAwCRgwMEBJGDIAMEAbB1OgMEArkbjAME
ArkbrAMEArkcOAMEArklRAMEArk4kAMEArlC+AMEArlXuAMEArlZBAMEALle5AME
Able5gMEALlfHwMEArlnnAMEArln8AMEArlr1AMEAblr4AMEArlt2AMEArmf8AME
ArmvyAMEArm2OAMEArm7DAMEArnfIAMEArngWAMEArnnyAMEArno+AMEAMEXjwME
AcGkwAMEAcL3HgMEAsMUCAMEAcPuSjB1BAIAAjBvAwcAIAEGeAdsAwcAIAEGfCj8
AwUDKgAPEAMFACoAD2ADBgAqAJtgAAMFAyoBuUADBQMqAiloAwUAKgJAwQMFAyoD
MGADBgQqBGvAAAMFAyoFFQADBQMqBkBAAwUDKgtygAMFAyoLj4ADBQMqDITAMA0G
CSqGSIb3DQEBCwUAA4IBAQAdS+hT0WqdH2pMSq27KMA9rAd94ZXJ6Tg7JGsrJ+8G
/evOfY/AP0dwh2xxU6dj5sYiGGjBUAuVSlnKttpbD2qbdhfKg+dujlmTLmQdPtAB
ihuGcsvwrd4sV0NIic4Ep/i1WhTh133DD1PZN8q5ezqyIM3e8sI8VnzVm2YQS1aI
ILxNgE8lXJE6SqTRtexlJQpFkq8RwEJKJv/43/EnXTXSoNVrdVQ4rfKW/+zHeE9B
B+7BvtmpPSo0yMIuKHvz9sN6UWuuCRl89yjLsnG6FdEvxzvpFMiXhI08UixPf0eR
iixI4sGt5eAkqCMOoQNRzW9hemXA80JNdCjMWENdUwd3
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:58:55 2025 by rpki-client