Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/iWyUCDenyP7sO3X2ZNmWw2vxNiU.roa
File: iWyUCDenyP7sO3X2ZNmWw2vxNiU.roa (raw, json)
Hash identifier: SuW7y3a0m8QtOqMx30DnzAGflcKNV53yFhyAREa733g=
Subject key identifier: 89:6C:94:08:37:A7:C8:FE:EC:3B:75:F6:64:D9:96:C3:6B:F1:36:25
Certificate issuer: /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial: 0196AA2197BFEABFCC0F66FB47878B2DC46D
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/iWyUCDenyP7sO3X2ZNmWw2vxNiU.roa
Signing time: Wed 07 May 2025 09:44:10 +0000
ROA not before: Wed 07 May 2025 09:44:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31515
IP address blocks: 161.30.0.0/16 maxlen: 16
161.30.5.0/24 maxlen: 24
161.30.6.0/24 maxlen: 24
161.30.7.0/24 maxlen: 24
161.30.8.0/24 maxlen: 24
161.30.9.0/24 maxlen: 24
161.30.10.0/23 maxlen: 24
161.30.10.0/24 maxlen: 24
161.30.12.0/22 maxlen: 22
161.30.16.0/22 maxlen: 22
161.30.20.0/24 maxlen: 24
161.30.22.0/23 maxlen: 23
161.30.28.0/24 maxlen: 24
161.30.29.0/24 maxlen: 24
161.30.33.0/24 maxlen: 24
161.30.40.0/23 maxlen: 23
161.30.42.0/23 maxlen: 24
161.30.44.0/23 maxlen: 24
161.30.112.0/23 maxlen: 23
161.30.114.0/23 maxlen: 23
161.30.115.0/24 maxlen: 24
161.30.116.0/23 maxlen: 23
161.30.118.0/24 maxlen: 24
161.30.119.0/24 maxlen: 24
161.30.120.0/24 maxlen: 24
161.30.121.0/24 maxlen: 24
161.30.124.0/23 maxlen: 23
161.30.126.0/23 maxlen: 23
161.30.128.0/23 maxlen: 23
161.30.129.0/24 maxlen: 24
161.30.130.0/24 maxlen: 24
161.30.155.0/24 maxlen: 24
161.30.163.0/24 maxlen: 24
161.30.164.0/24 maxlen: 24
161.30.165.0/24 maxlen: 24
161.30.166.0/24 maxlen: 24
161.30.167.0/24 maxlen: 24
161.30.169.0/24 maxlen: 24
161.30.171.0/24 maxlen: 24
161.30.176.0/20 maxlen: 20
161.30.193.0/24 maxlen: 24
161.30.194.0/23 maxlen: 23
161.30.201.0/24 maxlen: 24
161.30.202.0/24 maxlen: 24
161.30.203.0/24 maxlen: 24
161.30.220.0/24 maxlen: 24
161.30.221.0/24 maxlen: 24
161.30.236.0/22 maxlen: 24
161.30.236.0/24 maxlen: 24
161.30.237.0/24 maxlen: 24
161.30.238.0/24 maxlen: 24
161.30.239.0/24 maxlen: 24
161.30.240.0/24 maxlen: 24
161.30.246.0/24 maxlen: 24
161.30.250.0/24 maxlen: 24
161.30.251.0/24 maxlen: 24
2a11:ae00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.mft
rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 18 May 2025 20:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:aa:21:97:bf:ea:bf:cc:0f:66:fb:47:87:8b:2d:c4:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
Validity
Not Before: May 7 09:44:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=896c940837a7c8feec3b75f664d996c36bf13625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:aa:7c:aa:37:a0:23:17:39:2e:a2:89:6d:20:
41:a1:42:21:ed:5f:cf:45:78:b3:3f:4d:85:53:04:
b4:25:16:f3:54:1b:72:17:24:a2:da:af:2d:c3:ea:
4f:93:ac:fd:bf:3e:cf:56:6e:27:0d:ee:2e:f7:9b:
38:af:b7:2f:55:3f:00:2c:b3:e2:4f:f5:34:55:1a:
ed:28:a1:de:27:77:1d:56:d5:c3:a8:99:7b:3b:e8:
76:77:73:b4:24:8d:94:bb:d6:b4:a4:dd:44:b6:21:
9b:bc:58:6e:4c:c8:12:9e:53:24:22:1f:90:72:3a:
e5:a7:43:df:dc:72:4c:96:c9:9b:29:eb:7a:07:c1:
9a:7f:af:e7:09:9b:cd:b2:63:ba:12:63:6f:ac:ae:
82:db:c5:46:de:f9:c3:77:62:b2:73:ff:32:92:4e:
61:25:01:fc:b9:ca:44:ee:b0:7f:55:e0:4d:83:77:
b0:1a:a3:58:f2:ca:f8:0a:bb:f9:f2:46:15:bc:07:
0e:2e:70:24:b8:fa:9f:73:9b:d9:bd:d2:27:e0:72:
4f:f0:6f:3a:b5:4f:37:d1:c7:f9:d6:20:37:a2:49:
bf:12:28:ca:a1:fc:52:7c:e1:16:e9:76:02:4d:58:
9a:d7:09:bf:8f:99:13:e1:06:27:6a:2f:a5:bd:23:
36:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:6C:94:08:37:A7:C8:FE:EC:3B:75:F6:64:D9:96:C3:6B:F1:36:25
X509v3 Authority Key Identifier:
keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/iWyUCDenyP7sO3X2ZNmWw2vxNiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
161.30.0.0/16
IPv6:
2a11:ae00::/32
Signature Algorithm: sha256WithRSAEncryption
48:b9:e5:ca:fc:c1:99:f9:7f:e1:71:f4:00:92:78:f4:64:b2:
7e:60:57:f4:28:14:30:f6:d5:aa:d0:7c:0f:78:46:ad:11:32:
ef:d5:b4:a7:1b:31:62:db:26:8e:38:14:f1:e3:b5:a2:c7:94:
15:40:f1:9f:cc:bd:de:38:e5:bd:21:22:73:ff:38:a2:cf:ff:
c0:de:b2:3c:72:5f:d4:7d:6b:b1:71:b1:8a:b1:e6:68:b6:d0:
88:25:8d:17:54:73:0d:34:bf:25:87:e1:9d:0d:7e:b3:0e:02:
4f:ce:13:43:bf:ba:3e:70:34:c4:56:d4:cb:30:6a:ab:d5:53:
3c:c4:48:34:96:d5:0a:a2:b4:0d:de:9e:42:bb:80:36:47:59:
d6:13:3d:07:41:5b:46:42:ff:46:ae:1c:28:f7:3e:bc:ba:da:
4e:58:70:a7:67:28:6d:14:8c:62:b4:e7:7d:e6:07:28:16:7a:
d7:6e:79:22:18:a6:4e:86:49:a0:37:c2:0a:f0:82:ca:af:1e:
1c:fb:88:c1:90:32:4a:76:23:d6:a1:73:2f:f0:04:62:34:ae:
72:64:40:6b:b2:67:e6:3b:30:d9:2e:a4:ab:5f:6e:4f:ea:f1:
92:5d:3b:35:89:cd:20:30:6d:03:21:d9:b6:9a:a8:78:ba:86:
69:47:6b:89
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZaqIZe/6r/MD2b7R4eLLcRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjUwNTA3MDk0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTZjOTQwODM3YTdjOGZlZWMzYjc1ZjY2NGQ5OTZjMzZiZjEzNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKp8qjegIxc5LqKJbSBBoUIh7V/P
RXizP02FUwS0JRbzVBtyFySi2q8tw+pPk6z9vz7PVm4nDe4u95s4r7cvVT8ALLPi
T/U0VRrtKKHeJ3cdVtXDqJl7O+h2d3O0JI2Uu9a0pN1EtiGbvFhuTMgSnlMkIh+Q
cjrlp0Pf3HJMlsmbKet6B8Gaf6/nCZvNsmO6EmNvrK6C28VG3vnDd2Kyc/8ykk5h
JQH8ucpE7rB/VeBNg3ewGqNY8sr4Crv58kYVvAcOLnAkuPqfc5vZvdIn4HJP8G86
tU830cf51iA3okm/EijKofxSfOEW6XYCTVia1wm/j5kT4QYnai+lvSM2fwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIlslAg3p8j+7Dt19mTZlsNr8TYlMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvaVd5VUNEZW55UDdzTzNYMlpObVd3MnZ4TmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoR4wDQQC
AAIwBwMFACoRrgAwDQYJKoZIhvcNAQELBQADggEBAEi55cr8wZn5f+Fx9ACSePRk
sn5gV/QoFDD21arQfA94Rq0RMu/VtKcbMWLbJo44FPHjtaLHlBVA8Z/Mvd445b0h
InP/OKLP/8DesjxyX9R9a7FxsYqx5mi20IgljRdUcw00vyWH4Z0NfrMOAk/OE0O/
uj5wNMRW1MswaqvVUzzESDSW1QqitA3enkK7gDZHWdYTPQdBW0ZC/0auHCj3Pry6
2k5YcKdnKG0UjGK0533mBygWetdueSIYpk6GSaA3wgrwgsqvHhz7iMGQMkp2I9ah
cy/wBGI0rnJkQGuyZ+Y7MNkupKtfbk/q8ZJdOzWJzSAwbQMh2baaqHi6hmlHa4k=
-----END CERTIFICATE-----
Generated at Sun May 18 03:45:31 2025 by rpki-client