Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/cOUnq0vuqxo-7tAHaSmMNpB4xjA.roa
File: cOUnq0vuqxo-7tAHaSmMNpB4xjA.roa (raw, json)
Hash identifier: wsxzS6oiT3Fp4m4xvinb8fl886ODt+8izctjh085880=
Subject key identifier: 70:E5:27:AB:4B:EE:AB:1A:3E:EE:D0:07:69:29:8C:36:90:78:C6:30
Certificate issuer: /CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Certificate serial: 0198EB7E0FEEF05481E9547C71C677630F95
Authority key identifier: D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/cOUnq0vuqxo-7tAHaSmMNpB4xjA.roa
Signing time: Wed 27 Aug 2025 12:26:04 +0000
ROA not before: Wed 27 Aug 2025 12:26:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49544
IP address blocks: 5.180.216.0/23 maxlen: 23
5.180.218.0/23 maxlen: 23
5.200.0.0/19 maxlen: 24
31.204.128.0/19 maxlen: 24
31.204.132.0/22 maxlen: 22
31.204.136.0/23 maxlen: 23
31.204.140.0/22 maxlen: 22
31.204.144.0/24 maxlen: 24
31.204.156.0/23 maxlen: 23
89.104.168.0/23 maxlen: 23
89.104.170.0/23 maxlen: 23
89.104.172.0/22 maxlen: 22
89.104.176.0/23 maxlen: 23
89.104.178.0/23 maxlen: 23
91.195.234.0/23 maxlen: 23
91.198.152.0/24 maxlen: 24
91.216.207.0/24 maxlen: 24
104.153.84.0/22 maxlen: 22
109.200.192.0/19 maxlen: 24
109.200.194.0/23 maxlen: 23
109.200.208.0/22 maxlen: 22
138.128.136.0/22 maxlen: 22
138.128.140.0/22 maxlen: 22
146.247.76.0/22 maxlen: 22
162.244.52.0/22 maxlen: 23
162.245.204.0/22 maxlen: 22
185.41.140.0/22 maxlen: 22
185.50.104.0/22 maxlen: 22
185.52.12.0/22 maxlen: 24
185.179.200.0/23 maxlen: 24
185.179.202.0/23 maxlen: 24
185.197.24.0/22 maxlen: 23
188.122.64.0/19 maxlen: 24
193.43.218.0/23 maxlen: 23
193.43.218.0/24 maxlen: 24
212.19.224.0/22 maxlen: 22
213.163.64.0/19 maxlen: 24
213.179.192.0/19 maxlen: 19
213.179.192.0/22 maxlen: 22
213.179.196.0/22 maxlen: 22
213.179.200.0/22 maxlen: 22
213.179.204.0/22 maxlen: 22
213.179.209.0/24 maxlen: 24
213.179.210.0/23 maxlen: 23
213.179.212.0/22 maxlen: 22
213.179.216.0/22 maxlen: 22
213.179.220.0/23 maxlen: 23
2a00:1630::/29 maxlen: 32
2a00:1630::/32 maxlen: 48
2a00:1631::/32 maxlen: 32
2a00:1632::/32 maxlen: 32
2a00:1637::/32 maxlen: 32
2a00:1d20::/29 maxlen: 32
2a00:1d20::/34 maxlen: 34
2a00:1d20:4000::/34 maxlen: 34
2a00:1d26::/32 maxlen: 34
2a01:9580::/32 maxlen: 34
2a01:9580:c000::/34 maxlen: 34
2a04:c600::/29 maxlen: 34
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.mft
rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 10:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:eb:7e:0f:ee:f0:54:81:e9:54:7c:71:c6:77:63:0f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Validity
Not Before: Aug 27 12:26:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70e527ab4beeab1a3eeed00769298c369078c630
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:08:af:c5:5d:2a:ea:ae:3b:27:e6:54:d3:fe:
0e:62:0f:a5:8f:07:8d:c9:2a:01:b6:94:85:29:7d:
f0:15:c9:d3:9c:5f:32:78:9f:d4:ee:de:d7:79:35:
e9:88:78:a8:e6:3b:3b:52:e3:a5:73:ad:91:a5:e6:
5b:34:3e:aa:bc:ef:c9:bd:ae:86:a8:79:7d:17:61:
31:3e:e2:6c:41:cf:05:51:85:96:3e:a1:a4:4d:a7:
7a:e1:11:28:ed:4d:9f:ca:1b:1f:0e:7f:e9:b3:1a:
47:4d:f3:5e:e8:db:6a:1f:26:7d:2b:c4:d3:5c:e7:
2c:d2:45:3d:dd:1b:da:22:be:82:be:de:69:6a:8a:
f4:e7:8d:ce:de:e2:ee:cf:f7:f6:69:2e:34:7c:83:
b8:47:0c:4a:b3:c1:e4:45:ea:21:9f:dc:a1:b8:a2:
a0:da:46:16:5e:0e:c2:87:e0:f7:e3:c6:ee:44:9e:
c7:81:c8:5e:b6:43:50:96:a1:e2:89:74:c0:7c:3f:
44:45:46:1d:af:52:35:dd:42:8d:08:9e:37:5e:df:
81:48:8d:88:ca:0a:95:b2:6d:ab:a4:10:ca:af:3d:
96:3f:06:5f:0e:38:f3:f1:c1:9d:a7:9b:ed:e9:09:
d8:fb:7f:ae:4e:d1:70:bb:65:a3:a3:56:92:74:15:
1d:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:E5:27:AB:4B:EE:AB:1A:3E:EE:D0:07:69:29:8C:36:90:78:C6:30
X509v3 Authority Key Identifier:
keyid:D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/cOUnq0vuqxo-7tAHaSmMNpB4xjA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.216.0/22
5.200.0.0/19
31.204.128.0/19
89.104.168.0-89.104.179.255
91.195.234.0/23
91.198.152.0/24
91.216.207.0/24
104.153.84.0/22
109.200.192.0/19
138.128.136.0/21
146.247.76.0/22
162.244.52.0/22
162.245.204.0/22
185.41.140.0/22
185.50.104.0/22
185.52.12.0/22
185.179.200.0/22
185.197.24.0/22
188.122.64.0/19
193.43.218.0/23
212.19.224.0/22
213.163.64.0/19
213.179.192.0/19
IPv6:
2a00:1630::/29
2a00:1d20::/29
2a01:9580::/32
2a04:c600::/29
Signature Algorithm: sha256WithRSAEncryption
69:99:92:21:ec:3c:09:7b:5e:29:d2:a3:b4:1d:67:28:60:32:
b7:8f:b0:d5:17:b2:a8:ca:b9:21:43:94:59:c9:12:88:0a:d9:
ae:c5:a8:d5:87:2f:4c:e9:1d:c3:d9:02:14:54:6a:f7:e0:67:
f3:66:3e:fd:59:41:db:cc:34:f2:e2:93:b7:f1:62:1c:c6:c4:
bc:d0:d6:6b:dd:07:f5:3e:1d:b5:83:31:31:ef:6e:52:ac:0a:
32:ef:2e:73:a3:1f:06:13:53:d5:77:6d:fe:77:54:ee:50:d9:
46:15:41:22:46:e1:89:17:ab:33:2a:a9:ea:03:e3:fc:72:e4:
7b:fd:f3:5d:20:8a:ed:9c:a5:a5:f3:48:f0:e6:86:26:87:45:
a2:d3:30:16:e8:76:ae:ec:d2:62:e1:3f:a9:45:12:3b:25:44:
1a:47:fd:94:32:32:14:eb:8a:67:20:cd:b2:25:5c:50:6d:af:
f5:e1:c4:cc:87:ec:d4:d6:fc:bf:1e:24:09:96:4f:fa:80:de:
44:5b:7d:af:b6:20:a1:ae:e8:32:ff:19:77:b0:30:35:a3:62:
fd:96:e5:c0:d0:2f:3e:61:f2:0e:0d:29:34:25:7e:b6:bc:27:
89:41:46:7c:7f:35:49:4a:db:46:dd:7c:fd:fc:aa:a7:99:4d:
e8:ee:78:1b
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAZjrfg/u8FSB6VR8ccZ3Yw+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTcwM2RiMzAyMGNjMWVmMmZkNzEwOTFhNDY4ZjRhNjQ5
YzIzOGYwHhcNMjUwODI3MTIyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU1MjdhYjRiZWVhYjFhM2VlZWQwMDc2OTI5OGMzNjkwNzhjNjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AivxV0q6q47J+ZU0/4OYg+ljweN
ySoBtpSFKX3wFcnTnF8yeJ/U7t7XeTXpiHio5js7UuOlc62RpeZbND6qvO/Jva6G
qHl9F2ExPuJsQc8FUYWWPqGkTad64REo7U2fyhsfDn/psxpHTfNe6NtqHyZ9K8TT
XOcs0kU93RvaIr6Cvt5paor0543O3uLuz/f2aS40fIO4RwxKs8HkReohn9yhuKKg
2kYWXg7Ch+D348buRJ7HgchetkNQlqHiiXTAfD9ERUYdr1I13UKNCJ43Xt+BSI2I
ygqVsm2rpBDKrz2WPwZfDjjz8cGdp5vt6QnY+3+uTtFwu2Wjo1aSdBUd5QIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFHDlJ6tL7qsaPu7QB2kpjDaQeMYwMB8GA1UdIwQY
MBaAFNQXA9swIMwe8v1xCRpGj0pknCOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYt
NDhkMzFjNzVmMzFlLzEvY09VbnEwdnVxeG8tN3RBSGFTbU1OcEI0eGpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYtNDhkMzFjNzVmMzFl
LzEvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBmQQCAAEwgZIDBAIF
tNgDBAUFyAADBAUfzIAwDAMEA1loqAMEAllosAMEAVvD6gMEAFvGmAMEAFvYzwME
AmiZVAMEBW3IwAMEA4qAiAMEApL3TAMEAqL0NAMEAqL1zAMEArkpjAMEArkyaAME
Ark0DAMEArmzyAMEArnFGAMEBbx6QAMEAcEr2gMEAtQT4AMEBdWjQAMEBdWzwDAi
BAIAAjAcAwUDKgAWMAMFAyoAHSADBQAqAZWAAwUDKgTGADANBgkqhkiG9w0BAQsF
AAOCAQEAaZmSIew8CXteKdKjtB1nKGAyt4+w1ReyqMq5IUOUWckSiArZrsWo1Ycv
TOkdw9kCFFRq9+Bn82Y+/VlB28w08uKTt/FiHMbEvNDWa90H9T4dtYMxMe9uUqwK
Mu8uc6MfBhNT1Xdt/ndU7lDZRhVBIkbhiRerMyqp6gPj/HLke/3zXSCK7ZylpfNI
8OaGJodFotMwFuh2ruzSYuE/qUUSOyVEGkf9lDIyFOuKZyDNsiVcUG2v9eHEzIfs
1Nb8vx4kCZZP+oDeRFt9r7Ygoa7oMv8Zd7AwNaNi/ZblwNAvPmHyDg0pNCV+trwn
iUFGfH81SUrbRt18/fyqp5lN6O54Gw==
-----END CERTIFICATE-----
Generated at Fri Sep 5 16:54:47 2025 by rpki-client