Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/awn_z8CioNFHb8FQiJMEgOUwatc.roa
File: awn_z8CioNFHb8FQiJMEgOUwatc.roa (raw, json)
Hash identifier: rkS5/9evwgoN1sb712/iqQlQi0v9dif/X1n4kK5pEGE=
Subject key identifier: 6B:09:FF:CF:C0:A2:A0:D1:47:6F:C1:50:88:93:04:80:E5:30:6A:D7
Certificate issuer: /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial: 019A0AE83CBBA6E791B2625911AFCA48C165
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/awn_z8CioNFHb8FQiJMEgOUwatc.roa
Signing time: Wed 22 Oct 2025 07:53:03 +0000
ROA not before: Wed 22 Oct 2025 07:53:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 5.157.132.0/22 maxlen: 22
5.157.136.0/24 maxlen: 24
5.157.139.0/24 maxlen: 24
5.157.152.0/21 maxlen: 21
5.157.160.0/22 maxlen: 22
5.157.168.0/22 maxlen: 24
5.157.172.0/22 maxlen: 24
5.157.192.0/22 maxlen: 22
5.157.196.0/22 maxlen: 22
5.157.200.0/21 maxlen: 21
5.157.208.0/21 maxlen: 21
5.157.216.0/22 maxlen: 24
5.157.220.0/22 maxlen: 24
5.157.228.0/22 maxlen: 22
5.157.232.0/21 maxlen: 21
5.157.248.0/21 maxlen: 21
37.35.48.0/22 maxlen: 22
37.35.52.0/24 maxlen: 24
62.216.72.0/22 maxlen: 22
62.216.72.0/24 maxlen: 24
62.216.73.0/24 maxlen: 24
62.216.74.0/24 maxlen: 24
62.216.75.0/24 maxlen: 24
62.216.80.0/22 maxlen: 22
62.216.80.0/24 maxlen: 24
62.216.81.0/24 maxlen: 24
62.216.82.0/24 maxlen: 24
62.216.83.0/24 maxlen: 24
62.216.92.0/24 maxlen: 24
62.216.93.0/24 maxlen: 24
62.216.94.0/24 maxlen: 24
62.216.95.0/24 maxlen: 24
91.225.14.0/24 maxlen: 24
91.235.123.0/24 maxlen: 24
178.157.68.0/22 maxlen: 22
178.157.76.0/24 maxlen: 24
178.157.94.0/24 maxlen: 24
178.157.100.0/24 maxlen: 24
178.157.101.0/24 maxlen: 24
178.157.108.0/24 maxlen: 24
178.157.112.0/21 maxlen: 21
178.157.120.0/22 maxlen: 22
185.76.60.0/24 maxlen: 24
185.76.62.0/24 maxlen: 24
188.74.128.0/24 maxlen: 24
188.74.144.0/22 maxlen: 22
188.74.148.0/22 maxlen: 22
188.74.155.0/24 maxlen: 24
188.74.160.0/21 maxlen: 21
188.74.171.0/24 maxlen: 24
188.74.180.0/24 maxlen: 24
188.74.184.0/22 maxlen: 22
188.74.192.0/21 maxlen: 21
188.74.200.0/21 maxlen: 21
188.74.212.0/22 maxlen: 22
188.74.216.0/21 maxlen: 21
188.74.224.0/21 maxlen: 21
188.74.232.0/21 maxlen: 21
188.74.248.0/21 maxlen: 21
188.119.128.0/20 maxlen: 24
188.119.168.0/21 maxlen: 21
188.119.184.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 02:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:0a:e8:3c:bb:a6:e7:91:b2:62:59:11:af:ca:48:c1:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Validity
Not Before: Oct 22 07:53:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6b09ffcfc0a2a0d1476fc15088930480e5306ad7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:f9:68:8b:9a:f2:16:6a:2a:70:03:ab:bc:c6:
5a:a9:2b:2d:54:5b:86:e5:95:c2:1c:9b:2c:a0:24:
23:71:a8:48:b4:ce:78:b2:57:d7:15:da:a0:a5:eb:
70:57:c4:85:fa:3b:2d:b9:01:9f:fd:73:80:90:a7:
38:b6:eb:07:fc:2c:9a:3e:70:d1:8a:f8:e2:ab:86:
04:b1:6c:b3:ee:7f:7b:66:9f:7c:58:45:50:98:06:
ba:4f:e1:e4:2f:77:36:b4:59:d0:b3:e3:79:95:d9:
a2:48:41:80:1e:92:5e:10:c7:b7:38:07:ef:ba:0d:
d4:3e:b5:32:9c:41:26:a8:75:73:bc:04:43:2d:60:
19:3f:2e:59:c1:5a:52:13:04:0f:22:df:f8:0e:c3:
48:dc:df:41:32:0e:a7:e3:ef:5a:2c:e1:72:eb:2b:
0e:a5:45:d4:69:30:d1:30:67:58:26:3b:99:f5:59:
bd:e2:7d:eb:66:ca:d0:bb:06:6b:d3:dd:70:37:44:
c0:36:0c:a6:6a:68:a0:15:09:4d:af:ad:e7:50:be:
2d:d5:34:57:85:8c:0f:06:a8:1a:36:38:19:5e:0d:
4c:f2:aa:b1:b1:bd:82:c7:14:33:14:d5:08:fa:b5:
9d:6b:a8:5e:8b:a1:f2:a6:0c:7b:6e:b1:d9:fc:fb:
c9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:09:FF:CF:C0:A2:A0:D1:47:6F:C1:50:88:93:04:80:E5:30:6A:D7
X509v3 Authority Key Identifier:
keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/awn_z8CioNFHb8FQiJMEgOUwatc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.157.132.0-5.157.136.255
5.157.139.0/24
5.157.152.0-5.157.163.255
5.157.168.0/21
5.157.192.0/19
5.157.228.0-5.157.239.255
5.157.248.0/21
37.35.48.0-37.35.52.255
62.216.72.0/22
62.216.80.0/22
62.216.92.0/22
91.225.14.0/24
91.235.123.0/24
178.157.68.0/22
178.157.76.0/24
178.157.94.0/24
178.157.100.0/23
178.157.108.0/24
178.157.112.0-178.157.123.255
185.76.60.0/24
185.76.62.0/24
188.74.128.0/24
188.74.144.0/21
188.74.155.0/24
188.74.160.0/21
188.74.171.0/24
188.74.180.0/24
188.74.184.0/22
188.74.192.0/20
188.74.212.0-188.74.239.255
188.74.248.0/21
188.119.128.0/20
188.119.168.0/21
188.119.184.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:27:85:f4:fe:64:b0:69:bb:af:0a:6b:b7:c1:da:de:6b:28:
af:cd:e3:73:4e:7f:1a:cf:d7:c8:4b:35:52:6f:e2:1f:a9:05:
e6:4b:d6:4c:1a:9c:ca:6b:a4:b1:e2:88:78:27:d6:ac:a4:92:
92:86:36:40:6d:f8:e4:db:a6:f4:2c:ef:2f:4d:e3:fe:88:86:
41:75:a9:9d:78:3b:bd:b4:6e:7c:30:aa:94:7f:48:72:a8:6c:
d1:41:64:32:ee:a8:83:a9:77:e4:85:8b:54:73:4e:f6:1d:5d:
88:95:ce:cd:5d:c0:a1:ef:ed:14:a1:a0:d8:89:02:de:f1:62:
87:cd:e4:c8:5f:3c:b9:8d:be:47:b0:8a:19:03:1f:8e:d3:8f:
d6:ba:37:46:86:3d:76:6e:5e:fb:9f:13:20:29:91:a4:ce:08:
be:fe:31:96:7c:83:bc:54:7b:21:7b:e8:a3:fb:8e:dd:f0:67:
fb:69:8c:5d:fc:45:94:24:d4:72:36:e8:98:bb:c6:ad:a4:f6:
38:b9:bc:28:76:c4:a7:e3:47:31:89:eb:06:eb:eb:93:8f:f7:
31:4e:a9:7f:1b:71:c9:d7:40:73:9a:e9:3c:6c:5b:05:62:8f:
9a:59:84:ca:ac:82:9f:6b:6a:da:e7:5a:fc:25:7e:1d:2c:09:
53:d2:5b:b5
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZoK6Dy7pueRsmJZEa/KSMFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjUxMDIyMDc1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA5ZmZjZmMwYTJhMGQxNDc2ZmMxNTA4ODkzMDQ4MGU1MzA2YWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPloi5ryFmoqcAOrvMZaqSstVFuG
5ZXCHJssoCQjcahItM54slfXFdqgpetwV8SF+jstuQGf/XOAkKc4tusH/CyaPnDR
ivjiq4YEsWyz7n97Zp98WEVQmAa6T+HkL3c2tFnQs+N5ldmiSEGAHpJeEMe3OAfv
ug3UPrUynEEmqHVzvARDLWAZPy5ZwVpSEwQPIt/4DsNI3N9BMg6n4+9aLOFy6ysO
pUXUaTDRMGdYJjuZ9Vm94n3rZsrQuwZr091wN0TANgymamigFQlNr63nUL4t1TRX
hYwPBqgaNjgZXg1M8qqxsb2CxxQzFNUI+rWda6hei6Hypgx7brHZ/PvJNwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFGsJ/8/AoqDRR2/BUIiTBIDlMGrXMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvYXduX3o4Q2lvTkZIYjhGUWlKTUVnT1V3YXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
MAwDBAIFnYQDBAAFnYgDBAAFnYswDAMEAwWdmAMEAgWdoAMEAwWdqAMEBQWdwDAM
AwQCBZ3kAwQEBZ3gAwQDBZ34MAwDBAQlIzADBAAlIzQDBAI+2EgDBAI+2FADBAI+
2FwDBABb4Q4DBABb63sDBAKynUQDBACynUwDBACynV4DBAGynWQDBACynWwwDAME
BLKdcAMEArKdeAMEALlMPAMEALlMPgMEALxKgAMEA7xKkAMEALxKmwMEA7xKoAME
ALxKqwMEALxKtAMEArxKuAMEBLxKwDAMAwQCvErUAwQEvErgAwQDvEr4AwQEvHeA
AwQDvHeoAwQCvHe4MA0GCSqGSIb3DQEBCwUAA4IBAQAPJ4X0/mSwabuvCmu3wdre
ayivzeNzTn8az9fISzVSb+IfqQXmS9ZMGpzKa6Sx4oh4J9aspJKShjZAbfjk26b0
LO8vTeP+iIZBdamdeDu9tG58MKqUf0hyqGzRQWQy7qiDqXfkhYtUc072HV2Ilc7N
XcCh7+0UoaDYiQLe8WKHzeTIXzy5jb5HsIoZAx+O04/WujdGhj12bl77nxMgKZGk
zgi+/jGWfIO8VHshe+ij+47d8Gf7aYxd/EWUJNRyNuiYu8atpPY4ubwodsSn40cx
iesG6+uTj/cxTql/G3HJ10Bzmuk8bFsFYo+aWYTKrIKfa2ra51r8JX4dLAlT0lu1
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:55:28 2025 by rpki-client