Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/I-9Tpf97kHf-GvztS87HSZmgBuY.roa
File: I-9Tpf97kHf-GvztS87HSZmgBuY.roa (raw, json)
Hash identifier: 320Aem//4P5lEM+txy2iH8t6F4isw9J7RutBXPt3FIs=
Subject key identifier: 23:EF:53:A5:FF:7B:90:77:FE:1A:FC:ED:4B:CE:C7:49:99:A0:06:E6
Certificate issuer: /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial: 019831549E107BBC434169702A5050661F68
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/I-9Tpf97kHf-GvztS87HSZmgBuY.roa
Signing time: Tue 22 Jul 2025 08:51:25 +0000
ROA not before: Tue 22 Jul 2025 08:51:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47376
IP address blocks: 91.222.196.0/24 maxlen: 24
91.222.197.0/24 maxlen: 24
103.215.220.0/22 maxlen: 22
103.215.220.0/24 maxlen: 24
103.215.221.0/24 maxlen: 24
103.215.222.0/24 maxlen: 24
103.215.223.0/24 maxlen: 24
185.221.239.0/24 maxlen: 24
195.28.11.0/24 maxlen: 24
195.234.191.0/24 maxlen: 24
195.238.231.0/24 maxlen: 24
195.238.240.0/24 maxlen: 24
195.238.247.0/24 maxlen: 24
2a05:63c0::/29 maxlen: 29
2a05:63c0::/30 maxlen: 30
2a05:63c0::/48 maxlen: 48
2a0f:c040::/29 maxlen: 29
2a10:ef04:1001::/48 maxlen: 48
2a10:ef04:1002::/48 maxlen: 48
2a10:ef04:1003::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Jul 2025 02:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:31:54:9e:10:7b:bc:43:41:69:70:2a:50:50:66:1f:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
Validity
Not Before: Jul 22 08:51:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23ef53a5ff7b9077fe1afced4bcec74999a006e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:4f:6e:92:e1:cc:8f:08:a2:66:3e:53:5e:a5:
06:02:1c:9b:9f:8f:ae:15:32:9a:15:7e:e7:e7:e3:
fc:33:5b:5d:46:81:14:07:3e:ef:84:4a:21:12:52:
ab:39:77:36:af:54:28:a7:f7:80:e3:6a:a3:e6:59:
fe:97:5c:ec:fc:e9:d6:e0:37:69:59:ca:a5:37:ce:
24:7c:4c:de:85:82:25:49:67:47:5b:12:1e:9f:23:
42:7c:85:3d:46:24:63:49:57:c9:3e:1f:32:a5:6f:
cd:7c:3f:c1:b3:9c:45:35:bb:4c:b5:aa:e9:47:28:
79:45:e7:71:15:6a:f7:35:c7:22:df:de:76:94:4d:
42:bc:8c:60:6c:71:f8:1e:03:a7:93:dc:22:43:26:
a9:47:ba:4a:4c:29:31:67:05:2d:d4:27:95:71:2c:
bd:f4:61:4e:a0:3c:29:53:c8:5e:e0:17:89:a7:7d:
9d:c7:32:de:9c:55:76:46:1d:99:e4:35:ed:ab:af:
8e:b7:44:7e:d8:8c:c3:8a:c4:cf:9b:e1:a6:5c:c3:
31:f0:b8:2c:2f:bf:70:1c:a2:22:49:d2:81:d5:77:
b1:94:1a:ce:1a:12:7b:2c:85:55:30:29:82:7e:67:
1f:65:86:54:52:a3:b9:9e:d1:59:d8:8b:5f:f5:09:
49:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:EF:53:A5:FF:7B:90:77:FE:1A:FC:ED:4B:CE:C7:49:99:A0:06:E6
X509v3 Authority Key Identifier:
keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/I-9Tpf97kHf-GvztS87HSZmgBuY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.222.196.0/23
103.215.220.0/22
185.221.239.0/24
195.28.11.0/24
195.234.191.0/24
195.238.231.0/24
195.238.240.0/24
195.238.247.0/24
IPv6:
2a05:63c0::/29
2a0f:c040::/29
2a10:ef04:1001::-2a10:ef04:1003:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6b:2f:07:2a:84:28:5c:b5:31:a9:19:0b:24:5f:4b:07:67:cc:
2f:5b:07:38:65:b7:95:0a:f8:78:f9:6f:a8:5c:d6:19:d6:18:
30:32:63:ae:c0:c4:01:cd:ae:b4:f4:53:c4:94:30:fa:8b:1f:
5d:be:1c:36:b3:0d:db:91:b0:9a:7a:bf:95:b0:d0:43:cf:0f:
47:f5:f1:4a:95:c3:bd:37:b3:5e:d7:7d:92:34:a3:f4:c8:8b:
92:7e:e0:bf:7d:8f:ca:98:4a:d0:0e:e3:16:c1:e3:58:9a:88:
33:7c:2d:72:0b:07:82:73:08:eb:61:d0:c0:38:29:fe:25:6d:
25:6f:f8:5d:ce:f2:64:d2:55:ab:fc:c2:de:ac:f1:f1:60:b8:
96:a1:21:5f:e8:37:c6:48:ed:c9:13:7e:13:1f:be:64:2e:33:
e2:36:78:1c:b1:84:2b:01:89:5f:54:8c:d9:30:47:94:2a:74:
8b:85:6a:af:0e:c8:2e:e8:ab:7e:03:86:33:15:40:dd:22:6b:
bd:86:d9:a6:65:a1:8f:f4:6b:2a:8d:0b:1c:9c:17:fd:1b:fb:
3d:0b:5d:03:a6:fb:54:4f:70:74:ef:9f:39:2e:16:49:cc:ca:
55:4c:a0:43:f6:d6:41:30:bc:51:29:41:a7:6d:3c:86:3c:a2:
04:64:e1:04
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZgxVJ4Qe7xDQWlwKlBQZh9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwNzIyMDg1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VmNTNhNWZmN2I5MDc3ZmUxYWZjZWQ0YmNlYzc0OTk5YTAwNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm09ukuHMjwiiZj5TXqUGAhybn4+u
FTKaFX7n5+P8M1tdRoEUBz7vhEohElKrOXc2r1Qop/eA42qj5ln+l1zs/OnW4Ddp
WcqlN84kfEzehYIlSWdHWxIenyNCfIU9RiRjSVfJPh8ypW/NfD/Bs5xFNbtMtarp
Ryh5RedxFWr3Ncci3952lE1CvIxgbHH4HgOnk9wiQyapR7pKTCkxZwUt1CeVcSy9
9GFOoDwpU8he4BeJp32dxzLenFV2Rh2Z5DXtq6+Ot0R+2IzDisTPm+GmXMMx8Lgs
L79wHKIiSdKB1XexlBrOGhJ7LIVVMCmCfmcfZYZUUqO5ntFZ2Itf9QlJyQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFCPvU6X/e5B3/hr87UvOx0mZoAbmMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvSS05VHBmOTdrSGYtR3Z6dFM4N0hTWm1nQnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA2BAIAATAwAwQBW97EAwQC
Z9fcAwQAud3vAwQAwxwLAwQAw+q/AwQAw+7nAwQAw+7wAwQAw+73MCgEAgACMCID
BQMqBWPAAwUDKg/AQDASAwcAKhDvBBABAwcCKhDvBBAAMA0GCSqGSIb3DQEBCwUA
A4IBAQBrLwcqhChctTGpGQskX0sHZ8wvWwc4ZbeVCvh4+W+oXNYZ1hgwMmOuwMQB
za609FPElDD6ix9dvhw2sw3bkbCaer+VsNBDzw9H9fFKlcO9N7Ne132SNKP0yIuS
fuC/fY/KmErQDuMWweNYmogzfC1yCweCcwjrYdDAOCn+JW0lb/hdzvJk0lWr/MLe
rPHxYLiWoSFf6DfGSO3JE34TH75kLjPiNngcsYQrAYlfVIzZMEeUKnSLhWqvDsgu
6Kt+A4YzFUDdImu9htmmZaGP9GsqjQscnBf9G/s9C10DpvtUT3B07585LhZJzMpV
TKBD9tZBMLxRKUGnbTyGPKIEZOEE
-----END CERTIFICATE-----
Generated at Sat Jul 26 11:46:19 2025 by rpki-client