Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Z9i6om7Xm-VJTFYr4Gx0uAR_icw.roa
File: Z9i6om7Xm-VJTFYr4Gx0uAR_icw.roa (raw, json)
Hash identifier: ANNmvdhb68U9bMYUn5YDoB+t5R72eGhNlvH1jCjqt5c=
Subject key identifier: 67:D8:BA:A2:6E:D7:9B:E5:49:4C:56:2B:E0:6C:74:B8:04:7F:89:CC
Certificate issuer: /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial: 019916406A8DDD8B97359A2DD03C8A83061E
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Z9i6om7Xm-VJTFYr4Gx0uAR_icw.roa
Signing time: Thu 04 Sep 2025 19:42:24 +0000
ROA not before: Thu 04 Sep 2025 19:42:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48847
IP address blocks: 109.233.16.0/21 maxlen: 21
109.233.16.0/24 maxlen: 24
109.233.17.0/24 maxlen: 24
109.233.17.192/26 maxlen: 26
109.233.18.0/24 maxlen: 24
109.233.19.0/24 maxlen: 24
109.233.19.56/29 maxlen: 29
109.233.19.128/25 maxlen: 25
109.233.19.128/30 maxlen: 30
109.233.20.0/24 maxlen: 24
109.233.20.196/30 maxlen: 30
109.233.21.0/24 maxlen: 24
109.233.21.92/30 maxlen: 30
109.233.21.100/30 maxlen: 30
109.233.22.0/24 maxlen: 24
109.233.22.200/30 maxlen: 30
109.233.23.0/24 maxlen: 24
109.233.23.0/30 maxlen: 30
109.233.23.152/29 maxlen: 29
185.12.220.0/22 maxlen: 22
185.12.221.0/24 maxlen: 24
185.12.221.152/29 maxlen: 29
185.12.222.0/24 maxlen: 24
185.12.223.0/24 maxlen: 24
2a03:6900::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl
rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.mft
rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Sep 2025 13:04:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:16:40:6a:8d:dd:8b:97:35:9a:2d:d0:3c:8a:83:06:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
Validity
Not Before: Sep 4 19:42:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67d8baa26ed79be5494c562be06c74b8047f89cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:e6:f6:fb:9f:83:f3:9d:76:d6:a9:0b:87:5d:
2b:15:2d:be:88:fd:a3:6a:a7:f0:e3:7f:15:ee:38:
8f:c6:8f:db:77:eb:55:9d:b4:37:f3:4b:c3:09:63:
a1:7c:10:f4:c7:05:df:55:6a:73:a9:63:b3:75:6f:
1b:17:69:47:35:74:c4:17:16:46:bb:90:ef:3e:3a:
4b:1b:40:14:b6:d3:64:f7:4f:61:1d:9f:ff:87:f6:
8b:0e:16:f1:e1:0d:ed:50:6e:6c:4f:9d:c2:bb:6a:
e8:46:53:54:1f:64:84:a4:66:65:2a:1d:09:6c:1f:
57:35:ed:6f:59:95:53:6a:e9:bf:7b:3b:74:af:41:
fe:82:88:53:1e:0a:cd:af:9b:e4:50:ab:c1:64:ad:
85:f7:96:3e:9c:e2:7c:e4:48:ae:8e:a0:12:d9:88:
45:67:30:0b:b7:63:91:69:38:37:2d:4f:b7:00:c7:
d1:a7:5a:3e:32:27:97:16:bd:cc:c3:92:8b:c5:e6:
ec:fa:71:bf:20:59:7f:f2:30:5a:0d:c9:f7:a7:7e:
11:fd:5f:f8:89:f0:3c:7e:41:ef:1a:21:6c:34:6e:
e4:80:2a:f6:3a:1c:bd:2d:37:aa:7a:51:9a:ec:7a:
ef:09:d7:a0:b5:71:bf:9c:48:94:2a:de:11:bf:ae:
79:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:D8:BA:A2:6E:D7:9B:E5:49:4C:56:2B:E0:6C:74:B8:04:7F:89:CC
X509v3 Authority Key Identifier:
keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Z9i6om7Xm-VJTFYr4Gx0uAR_icw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.233.16.0/21
185.12.220.0/22
IPv6:
2a03:6900::/32
Signature Algorithm: sha256WithRSAEncryption
15:55:b6:6a:22:cf:96:81:24:02:0c:f0:64:22:27:6e:be:f3:
c5:c6:52:af:e3:30:fb:00:2d:d7:30:2c:f2:9a:50:eb:f9:93:
20:c1:cb:6f:99:3e:4a:92:bd:62:c2:f9:98:19:7d:50:38:ea:
8e:5e:81:f9:c7:1d:45:d0:f8:02:62:46:f4:67:fb:59:b0:aa:
b5:91:2a:4b:7c:5b:f4:cd:21:1b:e2:07:cb:40:e2:5b:bb:ac:
88:a1:00:a2:27:78:2e:1b:31:30:9c:e7:c1:3a:4e:09:ec:b2:
1f:42:ba:32:7e:b2:64:88:63:c7:a9:35:29:5b:1d:96:78:04:
0a:ed:d7:a4:98:e0:f2:9e:e9:dd:ed:a8:5d:a6:1b:bf:32:30:
69:fa:cf:1b:4e:8b:aa:20:a2:ea:87:5c:7d:2e:9f:8d:2d:bc:
65:9b:34:39:b1:25:ad:48:be:37:c2:51:c2:68:c8:6b:52:66:
8d:37:6f:8b:6e:10:9f:5f:e7:b7:70:9b:f3:9d:28:09:cd:af:
5b:f3:55:23:cb:76:03:84:0a:bf:54:3a:d8:6c:fc:8d:7f:f7:
0c:aa:80:f9:dc:e1:44:74:9c:2f:32:bd:a1:59:ae:ae:a6:0d:
16:51:0c:7d:7e:e0:70:95:91:2f:68:f0:55:76:0a:37:6d:95:
5f:1f:04:5a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkWQGqN3YuXNZot0DyKgwYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjUwOTA0MTk0MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Q4YmFhMjZlZDc5YmU1NDk0YzU2MmJlMDZjNzRiODA0N2Y4OWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eb2+5+D85121qkLh10rFS2+iP2j
aqfw438V7jiPxo/bd+tVnbQ380vDCWOhfBD0xwXfVWpzqWOzdW8bF2lHNXTEFxZG
u5DvPjpLG0AUttNk909hHZ//h/aLDhbx4Q3tUG5sT53Cu2roRlNUH2SEpGZlKh0J
bB9XNe1vWZVTaum/ezt0r0H+gohTHgrNr5vkUKvBZK2F95Y+nOJ85EiujqAS2YhF
ZzALt2ORaTg3LU+3AMfRp1o+MieXFr3Mw5KLxebs+nG/IFl/8jBaDcn3p34R/V/4
ifA8fkHvGiFsNG7kgCr2Ohy9LTeqelGa7HrvCdegtXG/nEiUKt4Rv655HQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGfYuqJu15vlSUxWK+BsdLgEf4nMMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvWjlpNm9tN1htLVZKVEZZcjRHeDB1QVJfaWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQAVVbZqIs+WgSQC
DPBkIiduvvPFxlKv4zD7AC3XMCzymlDr+ZMgwctvmT5Kkr1iwvmYGX1QOOqOXoH5
xx1F0PgCYkb0Z/tZsKq1kSpLfFv0zSEb4gfLQOJbu6yIoQCiJ3guGzEwnOfBOk4J
7LIfQroyfrJkiGPHqTUpWx2WeAQK7dekmODynund7ahdphu/MjBp+s8bTouqIKLq
h1x9Lp+NLbxlmzQ5sSWtSL43wlHCaMhrUmaNN2+LbhCfX+e3cJvznSgJza9b81Uj
y3YDhAq/VDrYbPyNf/cMqoD53OFEdJwvMr2hWa6upg0WUQx9fuBwlZEvaPBVdgo3
bZVfHwRa
-----END CERTIFICATE-----
Generated at Thu Sep 11 18:34:47 2025 by rpki-client