Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/O1pBKU1pL9eeV8tixLk86OxSVqA.roa
File: O1pBKU1pL9eeV8tixLk86OxSVqA.roa (raw, json)
Hash identifier: YKrUCAgLPGb67GvolR70QCL3iiYVw+ofkeGBZfi/+Ko=
Subject key identifier: 3B:5A:41:29:4D:69:2F:D7:9E:57:CB:62:C4:B9:3C:E8:EC:52:56:A0
Certificate issuer: /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial: 0197C3BAB5B97BC4CA7C102B154E36D6647B
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/O1pBKU1pL9eeV8tixLk86OxSVqA.roa
Signing time: Tue 01 Jul 2025 02:04:42 +0000
ROA not before: Tue 01 Jul 2025 02:04:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215245
IP address blocks: 31.22.76.0/24 maxlen: 24
31.22.77.0/24 maxlen: 24
46.247.108.0/24 maxlen: 24
46.247.109.0/24 maxlen: 24
62.169.152.0/24 maxlen: 24
86.54.5.0/24 maxlen: 24
194.46.60.0/24 maxlen: 24
2a14:6780:4::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 20:00:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c3:ba:b5:b9:7b:c4:ca:7c:10:2b:15:4e:36:d6:64:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Validity
Not Before: Jul 1 02:04:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b5a41294d692fd79e57cb62c4b93ce8ec5256a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:a2:f7:2c:95:47:7d:fb:0b:a0:54:50:4f:1c:
59:10:c8:6d:66:b7:d6:82:11:24:48:68:1b:08:a6:
51:4f:73:95:bf:c4:35:f2:2e:a8:3d:11:ad:2c:5e:
f0:31:e5:ed:d9:23:66:51:85:ac:af:1b:ab:22:bb:
5b:31:1a:46:61:9e:b8:e7:99:54:7a:b7:33:54:45:
5a:e5:f0:d0:c6:de:36:1a:7b:92:db:58:8c:5c:26:
e3:16:54:f9:9c:e0:a3:d9:8b:bd:bb:01:35:5f:fe:
09:7d:f4:39:c5:16:c2:e7:58:68:c0:30:5f:7e:c8:
20:a1:6b:41:2b:5f:6c:e8:ae:80:7c:93:69:42:db:
3e:4c:7f:dd:46:df:e1:ab:3d:5d:ec:09:23:e9:a2:
1e:d3:3c:89:ed:dc:04:87:34:41:cf:52:da:47:d7:
da:ee:f7:d7:61:09:7c:0d:ac:fa:b6:89:94:d7:5c:
2b:72:0e:9d:71:79:87:f7:7a:f2:cf:80:11:99:c1:
0a:5d:38:e9:89:ff:19:25:ed:96:ee:09:31:0b:62:
71:d3:09:8a:c6:ed:45:d7:98:e6:1c:e7:48:e8:1e:
78:9b:b2:f9:58:93:9f:7f:d2:b9:ac:f2:83:4e:76:
70:cc:3d:33:a1:15:e3:d7:9f:b6:46:2a:24:38:c9:
40:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:5A:41:29:4D:69:2F:D7:9E:57:CB:62:C4:B9:3C:E8:EC:52:56:A0
X509v3 Authority Key Identifier:
keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/O1pBKU1pL9eeV8tixLk86OxSVqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.22.76.0/23
46.247.108.0/23
62.169.152.0/24
86.54.5.0/24
194.46.60.0/24
IPv6:
2a14:6780:4::/48
Signature Algorithm: sha256WithRSAEncryption
8c:2d:51:e7:7e:a6:42:69:92:a1:b9:9f:d2:41:8a:54:3d:e8:
9b:8a:1a:ea:f5:cc:ea:bd:54:09:9c:3e:87:db:e1:76:9f:34:
17:76:60:60:5f:6e:27:8b:dc:ea:a2:15:69:01:f7:74:64:55:
16:d2:a9:6c:94:68:88:e3:e8:dd:7d:f7:d5:be:09:e9:a6:f8:
74:ce:ff:5f:98:16:e6:d0:65:0b:51:a5:0d:65:54:d4:22:dc:
9b:7c:3d:c2:f4:19:a4:50:f2:b2:d6:c5:51:e0:39:93:da:24:
a2:87:25:77:78:2a:ff:b7:a7:7a:ce:e1:c1:8d:66:39:af:c9:
4b:64:be:dc:4d:55:e5:a9:b4:3e:24:97:96:cc:b4:2e:27:65:
1d:22:9f:fc:38:5b:ec:13:fe:48:96:a9:29:12:05:4f:9d:24:
7b:b3:8c:63:a9:f0:3d:b8:78:be:89:7b:8e:23:1e:73:b4:76:
2f:36:11:20:08:f7:4c:97:54:2b:11:0c:ef:54:a7:72:82:64:
db:fe:35:11:24:99:31:58:02:91:e3:83:78:4c:50:32:34:56:
7f:1c:3c:71:f0:38:84:32:b6:24:e1:4e:82:5b:cf:c0:f0:4b:
7d:b0:68:31:82:d3:6d:1e:d4:a2:15:93:9e:7a:d2:14:d0:cd:
71:6b:87:7e
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZfDurW5e8TKfBArFU421mR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwNzAxMDIwNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjVhNDEyOTRkNjkyZmQ3OWU1N2NiNjJjNGI5M2NlOGVjNTI1NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9aL3LJVHffsLoFRQTxxZEMhtZrfW
ghEkSGgbCKZRT3OVv8Q18i6oPRGtLF7wMeXt2SNmUYWsrxurIrtbMRpGYZ6455lU
erczVEVa5fDQxt42GnuS21iMXCbjFlT5nOCj2Yu9uwE1X/4JffQ5xRbC51howDBf
fsggoWtBK19s6K6AfJNpQts+TH/dRt/hqz1d7Akj6aIe0zyJ7dwEhzRBz1LaR9fa
7vfXYQl8Daz6tomU11wrcg6dcXmH93ryz4ARmcEKXTjpif8ZJe2W7gkxC2Jx0wmK
xu1F15jmHOdI6B54m7L5WJOff9K5rPKDTnZwzD0zoRXj15+2RiokOMlAbQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDtaQSlNaS/XnlfLYsS5POjsUlagMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvTzFwQktVMXBMOWVlVjh0aXhMazg2T3hTVnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQBHxZMAwQB
LvdsAwQAPqmYAwQAVjYFAwQAwi48MA8EAgACMAkDBwAqFGeAAAQwDQYJKoZIhvcN
AQELBQADggEBAIwtUed+pkJpkqG5n9JBilQ96JuKGur1zOq9VAmcPofb4XafNBd2
YGBfbieL3OqiFWkB93RkVRbSqWyUaIjj6N1999W+Cemm+HTO/1+YFubQZQtRpQ1l
VNQi3Jt8PcL0GaRQ8rLWxVHgOZPaJKKHJXd4Kv+3p3rO4cGNZjmvyUtkvtxNVeWp
tD4kl5bMtC4nZR0in/w4W+wT/kiWqSkSBU+dJHuzjGOp8D24eL6Je44jHnO0di82
ESAI90yXVCsRDO9Up3KCZNv+NREkmTFYApHjg3hMUDI0Vn8cPHHwOIQytiThToJb
z8DwS32waDGC020e1KIVk5560hTQzXFrh34=
-----END CERTIFICATE-----
Generated at Mon Jul 21 01:54:22 2025 by rpki-client