Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BDMf4US8nkLW88dukp67nqDdpOA.roa
File: BDMf4US8nkLW88dukp67nqDdpOA.roa (raw, json)
Hash identifier: 38/Hh8i/cavFGqBKQRkWTM2k47wSk7ODLAvB/Fw0Oj0=
Subject key identifier: 04:33:1F:E1:44:BC:9E:42:D6:F3:C7:6E:92:9E:BB:9E:A0:DD:A4:E0
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0199054B3013E595EEAC400F8A78AA84A407
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BDMf4US8nkLW88dukp67nqDdpOA.roa
Signing time: Mon 01 Sep 2025 12:40:37 +0000
ROA not before: Mon 01 Sep 2025 12:40:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 31.56.25.0/24 maxlen: 24
31.56.61.0/24 maxlen: 24
31.56.80.0/22 maxlen: 22
31.56.92.0/22 maxlen: 22
31.56.96.0/22 maxlen: 22
31.56.100.0/22 maxlen: 22
31.57.119.0/24 maxlen: 24
31.57.226.0/24 maxlen: 24
31.58.130.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Sep 2025 11:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:05:4b:30:13:e5:95:ee:ac:40:0f:8a:78:aa:84:a4:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Sep 1 12:40:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04331fe144bc9e42d6f3c76e929ebb9ea0dda4e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:66:35:e2:0c:7c:fb:40:93:59:e3:63:d0:cd:
20:2a:09:e4:23:fe:4d:ec:47:e3:92:f8:d4:12:d0:
a6:da:68:da:6c:99:9f:3a:4a:07:ed:4b:cc:d1:72:
cd:3d:f8:c0:a7:47:28:92:0e:fa:bc:9d:84:1f:41:
b2:d0:27:95:aa:c9:34:54:cc:f9:c4:b5:45:e2:84:
09:e5:3f:0a:3c:98:87:a7:32:2e:9a:05:25:5c:e2:
6d:2e:98:38:ac:07:1a:51:9f:f0:93:b9:73:fc:df:
57:37:a4:76:00:33:3e:97:9d:6e:38:e9:17:74:e5:
e0:f2:dc:f4:0d:d3:1e:f7:b1:60:ca:03:ff:0f:28:
97:79:bd:c2:24:06:41:93:1e:b2:fc:cd:11:0b:fd:
cc:06:d0:b9:67:9d:da:e5:06:5a:f4:60:11:d1:17:
72:b2:e7:df:d2:47:0d:25:7c:d8:38:07:09:8d:0e:
38:49:bd:48:63:38:d0:26:43:c2:99:1e:1a:60:ac:
af:0c:03:ec:c4:00:a4:4b:bf:11:f5:c6:9a:dc:35:
3c:2a:65:a4:e1:fd:f2:a5:66:96:da:63:12:a7:6a:
9e:dc:00:11:d9:8a:f5:a6:27:9a:0b:bc:25:53:1c:
42:42:65:c1:db:57:a3:36:ed:5b:64:95:d6:b2:27:
76:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:33:1F:E1:44:BC:9E:42:D6:F3:C7:6E:92:9E:BB:9E:A0:DD:A4:E0
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/BDMf4US8nkLW88dukp67nqDdpOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.25.0/24
31.56.61.0/24
31.56.80.0/22
31.56.92.0-31.56.103.255
31.57.119.0/24
31.57.226.0/24
31.58.130.0/24
Signature Algorithm: sha256WithRSAEncryption
08:c7:51:99:d8:9e:73:1b:09:e5:cf:4d:fa:22:bc:44:c7:3f:
3e:71:67:84:5e:6e:d9:3c:d2:7c:b0:c3:01:04:b2:39:5d:86:
f0:c4:5d:b1:76:44:ef:c0:88:0d:0d:7d:08:52:11:8f:ad:4b:
75:da:34:5f:ae:4a:16:c7:96:8a:2d:82:4b:b5:8b:38:c3:3f:
52:54:cd:e6:4e:e1:3e:17:32:37:11:b1:6c:90:ca:1f:a2:b9:
76:5e:e2:fd:9c:1e:c9:58:43:91:eb:83:ba:77:58:33:26:ab:
3f:87:55:78:28:c2:2e:2d:3e:16:fe:5d:18:c9:f5:05:3a:90:
72:1a:31:dc:9f:9f:30:82:c1:fa:7a:c2:16:96:3b:20:60:fd:
f0:d5:dd:ea:fb:db:96:a9:89:f2:f4:20:8d:45:fa:49:5d:29:
ae:6b:71:82:64:23:04:98:1c:24:83:e2:9a:64:d2:11:d4:f0:
d6:6f:e6:2b:f4:91:9a:f2:df:d0:33:fe:01:78:e7:cd:e8:23:
47:07:15:af:57:10:03:83:c0:39:2b:fe:a5:47:25:fc:5a:36:
df:f7:ba:66:ec:6b:d4:96:1f:bd:c5:4c:48:0d:cd:1d:7a:47:
e3:fc:87:6d:8e:9c:4f:94:31:95:fe:d8:35:df:55:13:48:6b:
ef:c3:a0:01
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZkFSzAT5ZXurEAPiniqhKQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTAxMTI0MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDMzMWZlMTQ0YmM5ZTQyZDZmM2M3NmU5MjllYmI5ZWEwZGRhNGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmY14gx8+0CTWeNj0M0gKgnkI/5N
7EfjkvjUEtCm2mjabJmfOkoH7UvM0XLNPfjAp0cokg76vJ2EH0Gy0CeVqsk0VMz5
xLVF4oQJ5T8KPJiHpzIumgUlXOJtLpg4rAcaUZ/wk7lz/N9XN6R2ADM+l51uOOkX
dOXg8tz0DdMe97FgygP/DyiXeb3CJAZBkx6y/M0RC/3MBtC5Z53a5QZa9GAR0Rdy
suff0kcNJXzYOAcJjQ44Sb1IYzjQJkPCmR4aYKyvDAPsxACkS78R9caa3DU8KmWk
4f3ypWaW2mMSp2qe3AAR2Yr1pieaC7wlUxxCQmXB21ejNu1bZJXWsid2SQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFAQzH+FEvJ5C1vPHbpKeu56g3aTgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQkRNZjRVUzhua0xXODhkdWtwNjducURkcE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAHzgZAwQA
Hzg9AwQCHzhQMAwDBAIfOFwDBAMfOGADBAAfOXcDBAAfOeIDBAAfOoIwDQYJKoZI
hvcNAQELBQADggEBAAjHUZnYnnMbCeXPTfoivETHPz5xZ4Rebtk80nywwwEEsjld
hvDEXbF2RO/AiA0NfQhSEY+tS3XaNF+uShbHlootgku1izjDP1JUzeZO4T4XMjcR
sWyQyh+iuXZe4v2cHslYQ5Hrg7p3WDMmqz+HVXgowi4tPhb+XRjJ9QU6kHIaMdyf
nzCCwfp6whaWOyBg/fDV3er725apifL0II1F+kldKa5rcYJkIwSYHCSD4ppk0hHU
8NZv5iv0kZry39Az/gF4583oI0cHFa9XEAODwDkr/qVHJfxaNt/3umbsa9SWH73F
TEgNzR16R+P8h22OnE+UMZX+2DXfVRNIa+/DoAE=
-----END CERTIFICATE-----
Generated at Sat Sep 13 20:32:45 2025 by rpki-client