Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/lwRI9mm5qyu24MFL8f30gMVARXg.roa
File: lwRI9mm5qyu24MFL8f30gMVARXg.roa (raw, json)
Hash identifier: LgBGm8VtDVNkTQF8XtMo18//T9XGfdZHQSsryIeH5Yg=
Subject key identifier: 97:04:48:F6:69:B9:AB:2B:B6:E0:C1:4B:F1:FD:F4:80:C5:40:45:78
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0197EA17F7E912C55FFB2115F22D2E0A9D36
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/lwRI9mm5qyu24MFL8f30gMVARXg.roa
Signing time: Tue 08 Jul 2025 12:52:08 +0000
ROA not before: Tue 08 Jul 2025 12:52:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 931
IP address blocks: 5.226.52.0/22 maxlen: 24
43.225.88.0/23 maxlen: 24
45.139.6.0/23 maxlen: 24
46.249.97.0/24 maxlen: 24
178.173.236.0/22 maxlen: 24
178.173.242.0/23 maxlen: 24
178.173.244.0/22 maxlen: 24
185.215.246.0/24 maxlen: 24
188.253.28.0/22 maxlen: 24
188.253.104.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 23:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ea:17:f7:e9:12:c5:5f:fb:21:15:f2:2d:2e:0a:9d:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 8 12:52:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=970448f669b9ab2bb6e0c14bf1fdf480c5404578
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ed:24:f1:43:b7:25:fb:53:e8:cf:9f:49:36:
e2:72:0d:c2:4c:12:d2:16:de:1b:06:59:d3:70:a7:
87:4f:9a:71:ed:b1:ba:bb:ea:ba:9f:ba:ad:2f:76:
ae:d9:e1:c3:f7:3c:27:e5:e3:8c:e0:89:a7:35:22:
ae:88:6e:9a:9f:97:ca:25:7e:04:60:24:68:90:73:
99:4b:00:3c:25:1f:69:19:79:f4:a0:35:cf:41:08:
b8:e4:f7:67:65:4f:f0:e1:eb:c7:ed:13:70:9c:20:
e4:9f:4d:eb:c4:ca:7c:1e:d0:d6:e5:d9:15:34:a6:
b8:ff:bd:ec:fe:e2:57:71:60:ec:20:25:6d:8a:12:
00:0f:97:2e:48:f5:d6:69:44:9f:53:78:9b:f2:81:
10:a5:bd:c3:77:97:bc:5e:c3:e1:26:a7:25:13:8b:
37:71:95:82:a0:87:54:fc:83:06:5a:96:fb:f4:59:
10:c0:bd:58:66:d2:df:fa:37:d2:e2:e7:b5:ed:bc:
0d:ea:39:a2:2d:f9:73:db:82:de:62:a9:90:6f:16:
83:03:bc:0a:c4:f3:50:b9:74:c9:06:2f:7e:f4:56:
0f:06:a8:cf:1d:01:f1:58:d1:a7:2a:35:60:d4:8c:
bf:c8:fb:78:2d:c9:ed:f7:02:26:16:13:38:04:70:
72:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:04:48:F6:69:B9:AB:2B:B6:E0:C1:4B:F1:FD:F4:80:C5:40:45:78
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/lwRI9mm5qyu24MFL8f30gMVARXg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.52.0/22
43.225.88.0/23
45.139.6.0/23
46.249.97.0/24
178.173.236.0/22
178.173.242.0-178.173.247.255
185.215.246.0/24
188.253.28.0/22
188.253.104.0/21
Signature Algorithm: sha256WithRSAEncryption
c9:64:2a:ea:3e:04:f3:fd:35:8b:24:ce:37:96:c2:da:5c:fd:
7d:14:08:6c:cf:f9:37:4c:3b:87:73:0c:72:54:11:4d:82:2f:
2f:20:38:24:f6:8b:04:70:28:e1:bf:50:67:ad:87:98:f2:1b:
a7:37:26:f5:41:56:9c:06:64:bb:10:92:83:07:f4:26:c7:af:
9f:e0:d9:91:16:a7:8b:7b:47:7b:3f:94:e3:0e:c7:57:bf:89:
e1:cc:27:84:e3:c7:db:70:3f:8b:4b:5d:59:6f:56:1e:95:a4:
39:c1:56:d2:4c:e4:4d:b9:c1:12:f0:04:e8:cc:b3:b1:50:bb:
b0:b5:a0:cf:57:1e:1f:53:3a:0d:72:61:3f:aa:64:09:c3:c4:
df:84:2c:cd:af:44:28:67:af:94:cc:06:c7:34:7c:90:96:09:
ac:fe:6f:14:73:3b:84:4d:be:25:f7:4f:8b:f8:4a:07:4b:64:
ba:15:0e:4b:08:0d:44:64:27:c3:7d:bc:82:95:b6:8b:5c:a5:
38:31:34:92:68:c6:15:fd:5e:cb:65:9c:24:4b:c2:ec:30:26:
96:de:94:64:63:93:06:c3:4f:24:9e:8c:24:37:0e:6a:c2:50:
a7:7a:f2:26:4c:ca:cb:4e:4a:9d:79:1e:2a:dc:02:8f:7f:a4:
de:d6:37:8a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZfqF/fpEsVf+yEV8i0uCp02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNzA4MTI1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzA0NDhmNjY5YjlhYjJiYjZlMGMxNGJmMWZkZjQ4MGM1NDA0NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO0k8UO3JftT6M+fSTbicg3CTBLS
Ft4bBlnTcKeHT5px7bG6u+q6n7qtL3au2eHD9zwn5eOM4ImnNSKuiG6an5fKJX4E
YCRokHOZSwA8JR9pGXn0oDXPQQi45PdnZU/w4evH7RNwnCDkn03rxMp8HtDW5dkV
NKa4/73s/uJXcWDsICVtihIAD5cuSPXWaUSfU3ib8oEQpb3Dd5e8XsPhJqclE4s3
cZWCoIdU/IMGWpb79FkQwL1YZtLf+jfS4ue17bwN6jmiLflz24LeYqmQbxaDA7wK
xPNQuXTJBi9+9FYPBqjPHQHxWNGnKjVg1Iy/yPt4Lcnt9wImFhM4BHByhwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJcESPZpuasrtuDBS/H99IDFQEV4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvbHdSSTltbTVxeXUyNE1GTDhmMzBnTVZBUlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCBeI0AwQB
K+FYAwQBLYsGAwQALvlhAwQCsq3sMAwDBAGyrfIDBAOyrfADBAC51/YDBAK8/RwD
BAO8/WgwDQYJKoZIhvcNAQELBQADggEBAMlkKuo+BPP9NYskzjeWwtpc/X0UCGzP
+TdMO4dzDHJUEU2CLy8gOCT2iwRwKOG/UGeth5jyG6c3JvVBVpwGZLsQkoMH9CbH
r5/g2ZEWp4t7R3s/lOMOx1e/ieHMJ4Tjx9twP4tLXVlvVh6VpDnBVtJM5E25wRLw
BOjMs7FQu7C1oM9XHh9TOg1yYT+qZAnDxN+ELM2vRChnr5TMBsc0fJCWCaz+bxRz
O4RNviX3T4v4SgdLZLoVDksIDURkJ8N9vIKVtotcpTgxNJJoxhX9XstlnCRLwuww
JpbelGRjkwbDTySejCQ3DmrCUKd68iZMystOSp15HircAo9/pN7WN4o=
-----END CERTIFICATE-----
Generated at Thu Jul 24 05:06:21 2025 by rpki-client