Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/1-HJDRT0gD2nhMW6JUwz556mvKj8.roa
File: 1-HJDRT0gD2nhMW6JUwz556mvKj8.roa (raw, json)
Hash identifier: JYyO1+sMj5YlHliO+us6FbC+ChQWiYGalwTjRduJQ2E=
Subject key identifier: F8:72:43:45:3D:20:0F:69:E1:31:6E:89:53:0C:F9:E7:A9:AF:2A:3F
Certificate issuer: /CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
Certificate serial: 01983C204760405F3452386BF03C5F6BFCE4
Authority key identifier: 02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/1-HJDRT0gD2nhMW6JUwz556mvKj8.roa
Signing time: Thu 24 Jul 2025 11:10:05 +0000
ROA not before: Thu 24 Jul 2025 11:10:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41942
IP address blocks: 46.31.0.0/21 maxlen: 21
46.31.4.0/24 maxlen: 24
46.31.5.0/24 maxlen: 24
46.31.6.0/24 maxlen: 24
46.31.7.0/24 maxlen: 24
91.102.200.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.mft
rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 02:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3c:20:47:60:40:5f:34:52:38:6b:f0:3c:5f:6b:fc:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
Validity
Not Before: Jul 24 11:10:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f87243453d200f69e1316e89530cf9e7a9af2a3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d0:3f:2a:b0:c2:f7:21:2a:71:c6:41:5f:80:
a9:5e:98:6f:ca:88:2c:9a:fa:5d:3f:5a:2b:88:9e:
e7:5e:16:92:e1:14:0e:43:37:38:c1:1e:ac:f8:13:
05:72:fc:44:6d:17:e3:63:95:51:53:58:90:2a:4a:
cb:bb:8f:d9:0a:8a:4b:7f:e3:4a:ee:60:db:e3:c1:
9a:a8:ce:a9:67:ef:05:f4:8d:46:35:7d:3c:54:5c:
73:61:bf:8e:f9:de:0d:63:76:ce:2d:28:b0:85:5c:
0b:05:c4:21:e4:6b:14:ae:a6:d1:fb:9e:14:7d:7c:
7f:f3:ee:a2:c7:40:b8:9c:92:f1:8f:2c:5e:71:77:
af:ba:b1:ba:e2:37:87:8a:80:ee:c9:d1:7a:19:de:
5f:b2:76:6b:1c:a9:02:f6:4d:39:6a:ba:55:bc:9a:
39:57:e3:02:f0:0b:81:c5:46:ae:9b:1f:f8:34:b1:
93:f1:fb:ce:af:81:c0:40:c3:c2:8f:2e:0d:d9:e9:
70:59:03:5f:22:cb:ed:b8:d5:c8:de:b2:7d:f3:ba:
23:15:76:83:5e:e2:b2:52:8f:43:99:c7:1c:00:5b:
8a:a3:37:44:3c:e9:8f:5e:ca:13:65:16:ac:37:bd:
71:7b:69:62:d2:bd:c1:7e:a3:41:73:3c:58:61:5e:
76:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:72:43:45:3D:20:0F:69:E1:31:6E:89:53:0C:F9:E7:A9:AF:2A:3F
X509v3 Authority Key Identifier:
keyid:02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/1-HJDRT0gD2nhMW6JUwz556mvKj8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.31.0.0/21
91.102.200.0/21
Signature Algorithm: sha256WithRSAEncryption
27:6e:c9:83:7c:2c:59:c7:9d:d6:fa:49:af:43:f5:3c:5f:7c:
6c:6c:a6:83:02:24:d4:83:22:f8:0b:b5:76:98:48:1f:2d:2a:
cf:25:24:0c:88:7f:ba:dd:c2:90:02:a9:e5:9e:fa:d5:65:7c:
b5:24:19:4b:87:82:49:51:7c:a0:50:64:da:03:c7:19:a0:03:
64:a8:89:e6:cf:ca:1f:c6:60:b0:51:88:f6:31:07:c9:7c:6b:
03:15:a5:95:99:6e:2b:24:99:6a:ac:5b:13:ca:27:4e:1b:f8:
d4:28:74:b2:43:d1:da:3c:a6:eb:25:f9:47:8a:25:76:3a:20:
96:f3:ee:bf:b9:ec:56:94:f1:e8:3a:2d:28:ee:84:51:fb:d7:
36:47:da:ae:08:2a:ce:c8:68:fc:ef:c8:44:d3:5e:01:8b:8f:
72:4a:40:d9:79:f7:f6:67:63:2f:a4:0c:2d:f3:6e:f7:da:30:
94:6c:01:c5:9f:0f:41:9d:b3:08:5b:b8:07:3e:95:7b:0f:da:
00:63:4e:eb:5b:67:a6:c8:59:86:34:a0:fe:0f:f4:d9:42:66:
31:8a:7a:84:88:5f:2f:6c:4c:74:15:76:1a:f9:a5:28:71:e2:
7e:6a:91:75:7a:7e:0f:04:87:57:2a:b3:34:87:9e:7f:16:cf:
2b:bd:b9:44
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZg8IEdgQF80Ujhr8Dxfa/zkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZDBlODg4ODVlZjQ4YjIwYzg3Yjc2ZmQ4NWQ0MmU2ZWIz
ZDcxODMwHhcNMjUwNzI0MTExMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODcyNDM0NTNkMjAwZjY5ZTEzMTZlODk1MzBjZjllN2E5YWYyYTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9A/KrDC9yEqccZBX4CpXphvyogs
mvpdP1oriJ7nXhaS4RQOQzc4wR6s+BMFcvxEbRfjY5VRU1iQKkrLu4/ZCopLf+NK
7mDb48GaqM6pZ+8F9I1GNX08VFxzYb+O+d4NY3bOLSiwhVwLBcQh5GsUrqbR+54U
fXx/8+6ix0C4nJLxjyxecXevurG64jeHioDuydF6Gd5fsnZrHKkC9k05arpVvJo5
V+MC8AuBxUaumx/4NLGT8fvOr4HAQMPCjy4N2elwWQNfIsvtuNXI3rJ987ojFXaD
XuKyUo9DmcccAFuKozdEPOmPXsoTZRasN71xe2li0r3BfqNBczxYYV526QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPhyQ0U9IA9p4TFuiVMM+eepryo/MB8GA1UdIwQY
MBaAFALQ6IiF70iyDIe3b9hdQubrPXGDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXREb2lJWHZTTElNaDdkdjJGMUM1dXM5Y1lNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjRlYjYtNjAyNi00MDk4LTg4ZDct
OTUzYzY4NTA2ZDVjLzEvMS1ISkRSVDBnRDJuaE1XNkpVd3o1NTZtdktqOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2EvNWY0ZWI2LTYwMjYtNDA5OC04OGQ3LTk1M2M2ODUwNmQ1
Yy8xL0F0RG9pSVh2U0xJTWg3ZHYyRjFDNXVzOWNZTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAy4fAAME
A1tmyDANBgkqhkiG9w0BAQsFAAOCAQEAJ27Jg3wsWced1vpJr0P1PF98bGymgwIk
1IMi+Au1dphIHy0qzyUkDIh/ut3CkAKp5Z761WV8tSQZS4eCSVF8oFBk2gPHGaAD
ZKiJ5s/KH8ZgsFGI9jEHyXxrAxWllZluKySZaqxbE8onThv41Ch0skPR2jym6yX5
R4oldjoglvPuv7nsVpTx6DotKO6EUfvXNkfarggqzsho/O/IRNNeAYuPckpA2Xn3
9mdjL6QMLfNu99owlGwBxZ8PQZ2zCFu4Bz6Vew/aAGNO61tnpshZhjSg/g/02UJm
MYp6hIhfL2xMdBV2GvmlKHHifmqRdXp+DwSHVyqzNIeefxbPK725RA==
-----END CERTIFICATE-----
Generated at Sun Jul 27 10:31:44 2025 by rpki-client