Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/IPhgwX2J1W_WHqZwiQtgli6OPp0.roa
File: IPhgwX2J1W_WHqZwiQtgli6OPp0.roa (raw, json)
Hash identifier: uLYKsJDyBlsz0wPQt/BFvxYT4L2W5pr5QGJD/dNyz8Y=
Subject key identifier: 20:F8:60:C1:7D:89:D5:6F:D6:1E:A6:70:89:0B:60:96:2E:8E:3E:9D
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0198791D2F1F0ACDB030E4B2D4306B7A416A
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/IPhgwX2J1W_WHqZwiQtgli6OPp0.roa
Signing time: Tue 05 Aug 2025 07:23:32 +0000
ROA not before: Tue 05 Aug 2025 07:23:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 11 Aug 2025 22:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:79:1d:2f:1f:0a:cd:b0:30:e4:b2:d4:30:6b:7a:41:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Aug 5 07:23:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20f860c17d89d56fd61ea670890b60962e8e3e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:da:48:d4:57:6c:f2:9e:85:04:32:23:98:57:
de:02:d9:88:ea:da:8a:e9:e6:87:bc:f6:54:84:7c:
11:6d:48:1d:20:81:d2:d5:ff:06:cd:69:af:9f:bd:
35:a1:62:92:96:a1:bb:67:58:1d:1a:c8:5d:be:4a:
15:6f:9b:f4:b3:ec:26:db:d9:3d:3e:e1:41:c6:1d:
64:cf:2e:13:2c:73:21:3a:06:d7:a8:4d:cf:6d:b5:
c3:e6:56:4c:5e:87:7d:ba:8c:32:e0:e2:9a:11:e3:
e9:7e:22:ae:d1:ce:a1:d5:6e:a9:e9:5f:bf:99:5f:
f0:01:4f:7a:c7:e1:f9:98:18:61:29:cf:f9:bd:ad:
77:0e:68:8b:4a:ac:fd:14:ae:fc:b2:e2:4f:a7:40:
97:a5:a4:01:65:82:89:ae:c3:34:42:53:07:4a:69:
f8:24:cc:76:d0:10:6f:a2:b4:ae:c0:4c:c1:d5:c8:
b6:c0:57:f3:0e:9c:4d:50:f6:a8:40:93:c8:3d:83:
12:76:10:45:37:72:a1:de:5f:ea:ef:ff:fa:99:71:
2c:75:f7:82:6f:f7:39:bc:ee:5b:7d:cc:71:24:61:
e1:3b:3d:02:29:f3:12:60:a3:9a:23:74:11:ff:be:
9c:5f:60:0e:e6:a4:a1:c4:d2:b1:0e:ba:05:6c:72:
9d:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F8:60:C1:7D:89:D5:6F:D6:1E:A6:70:89:0B:60:96:2E:8E:3E:9D
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/IPhgwX2J1W_WHqZwiQtgli6OPp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
56:8f:2c:50:15:8a:c9:34:41:be:46:6e:5f:8e:49:1f:c8:9f:
e2:95:16:54:1b:a6:ed:7a:eb:61:c0:68:7c:49:f3:91:4a:9b:
3d:be:24:69:16:33:20:bf:c1:29:b3:98:f8:1b:91:74:05:9c:
73:13:94:c4:3c:0c:f4:e8:4b:1c:77:cd:71:e2:4a:a4:7b:42:
0c:77:70:72:44:20:44:d5:6b:0c:91:51:e1:20:fd:e0:7b:1b:
12:91:f6:ad:20:70:a4:41:2a:2b:85:4c:aa:7f:9c:b0:67:3a:
dc:1f:8f:3f:ca:02:d6:ed:a8:d1:4c:a3:86:15:81:4a:79:29:
fd:4d:d6:68:19:b4:9b:5e:b3:01:43:aa:54:f6:ec:f9:e8:79:
ba:76:24:f4:16:28:18:61:c1:9b:b2:16:0e:f1:db:c0:26:dd:
4c:5b:d2:13:81:68:33:4a:f8:a6:8c:05:f8:00:a0:dc:c2:09:
02:f0:e0:4d:06:71:c5:63:4d:e8:e8:e2:94:4d:74:24:8e:fa:
31:20:68:1f:65:e5:c1:0b:c1:c5:eb:ec:31:9f:5f:ee:7b:db:
bf:10:9f:f8:81:4c:09:39:22:39:4d:52:09:1a:a5:5a:c0:73:
d8:93:42:18:39:c3:0f:d2:28:0c:45:bf:75:be:b6:35:24:41:
7f:2e:39:c1
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZh5HS8fCs2wMOSy1DBrekFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwODA1MDcyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY4NjBjMTdkODlkNTZmZDYxZWE2NzA4OTBiNjA5NjJlOGUzZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNpI1Fds8p6FBDIjmFfeAtmI6tqK
6eaHvPZUhHwRbUgdIIHS1f8GzWmvn701oWKSlqG7Z1gdGshdvkoVb5v0s+wm29k9
PuFBxh1kzy4TLHMhOgbXqE3PbbXD5lZMXod9uowy4OKaEePpfiKu0c6h1W6p6V+/
mV/wAU96x+H5mBhhKc/5va13DmiLSqz9FK78suJPp0CXpaQBZYKJrsM0QlMHSmn4
JMx20BBvorSuwEzB1ci2wFfzDpxNUPaoQJPIPYMSdhBFN3Kh3l/q7//6mXEsdfeC
b/c5vO5bfcxxJGHhOz0CKfMSYKOaI3QR/76cX2AO5qShxNKxDroFbHKddwIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFCD4YMF9idVv1h6mcIkLYJYujj6dMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvSVBoZ3dYMkoxV19XSHFad2lRdGdsaTZPUHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEAbm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQBWjyxQFYrJNEG+Rm5fjkkfyJ/ilRZUG6bteuthwGh8SfOR
Sps9viRpFjMgv8Eps5j4G5F0BZxzE5TEPAz06Escd81x4kqke0IMd3ByRCBE1WsM
kVHhIP3gexsSkfatIHCkQSorhUyqf5ywZzrcH48/ygLW7ajRTKOGFYFKeSn9TdZo
GbSbXrMBQ6pU9uz56Hm6diT0FigYYcGbshYO8dvAJt1MW9ITgWgzSvimjAX4AKDc
wgkC8OBNBnHFY03o6OKUTXQkjvoxIGgfZeXBC8HF6+wxn1/ue9u/EJ/4gUwJOSI5
TVIJGqVawHPYk0IYOcMP0igMRb91vrY1JEF/LjnB
-----END CERTIFICATE-----
Generated at Mon Aug 11 07:26:05 2025 by rpki-client