Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/i9PMkFjZgddcdQkvP1yxnZzZAzQ.roa
File: i9PMkFjZgddcdQkvP1yxnZzZAzQ.roa (raw, json)
Hash identifier: AH1/HP90I2Jx2/ajhEGYd7uNt41g8Pva2Gq/dNXs1dY=
Subject key identifier: 8B:D3:CC:90:58:D9:81:D7:5C:75:09:2F:3F:5C:B1:9D:9C:D9:03:34
Certificate issuer: /CN=fa14e8153cd3f91c33397f9b7df91bf173c4d16b
Certificate serial: 01983DCAEA9B63E001C98593159D4CB955E6
Authority key identifier: FA:14:E8:15:3C:D3:F9:1C:33:39:7F:9B:7D:F9:1B:F1:73:C4:D1:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-hToFTzT-RwzOX-bffkb8XPE0Ws.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/i9PMkFjZgddcdQkvP1yxnZzZAzQ.roa
Signing time: Thu 24 Jul 2025 18:56:05 +0000
ROA not before: Thu 24 Jul 2025 18:56:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56566
IP address blocks: 31.31.224.0/19 maxlen: 24
91.224.64.0/23 maxlen: 24
91.224.100.0/23 maxlen: 24
2a00:de00::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/1-hToFTzT-RwzOX-bffkb8XPE0Ws.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/1-hToFTzT-RwzOX-bffkb8XPE0Ws.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-hToFTzT-RwzOX-bffkb8XPE0Ws.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 09:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:3d:ca:ea:9b:63:e0:01:c9:85:93:15:9d:4c:b9:55:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fa14e8153cd3f91c33397f9b7df91bf173c4d16b
Validity
Not Before: Jul 24 18:56:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8bd3cc9058d981d75c75092f3f5cb19d9cd90334
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:51:b9:f5:a4:ee:cd:f4:a9:56:07:f0:1e:c2:
02:38:36:f8:43:1b:a9:9e:7c:ef:83:04:42:5f:f3:
ca:73:0c:91:a1:da:64:4c:c7:9c:21:95:36:4d:1e:
79:e7:da:1e:77:dc:93:8d:c9:80:62:ca:31:be:20:
66:34:17:97:09:29:4c:2e:d6:e2:30:6d:e2:0f:a5:
5f:da:be:24:d3:27:34:e4:98:b7:5c:e3:d1:df:63:
3a:28:15:0a:b3:a5:84:25:12:33:90:95:55:c8:20:
d5:a6:69:75:60:bc:3b:48:06:76:05:11:04:b1:ef:
3a:86:7c:1c:a4:92:4a:70:68:ca:30:03:21:f8:4b:
ec:f5:b7:dd:08:ec:b6:20:79:9c:c2:3a:10:84:19:
40:ef:24:d8:14:9e:81:5e:8e:1d:5b:87:f9:c5:d9:
2e:9d:a5:2b:71:e7:ae:29:dd:53:07:6e:86:59:77:
5b:5c:ca:ce:b0:9e:0e:b1:dd:2c:90:01:3f:7a:f9:
06:a1:50:62:80:2d:80:fb:12:08:d5:69:f2:df:01:
20:0d:37:03:24:60:32:02:93:da:29:38:30:9e:45:
33:71:d5:0a:81:67:1d:b4:8c:f4:8d:af:99:cb:a5:
fb:df:54:ba:3b:bf:90:cd:58:1d:9f:4c:b9:e9:42:
73:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:D3:CC:90:58:D9:81:D7:5C:75:09:2F:3F:5C:B1:9D:9C:D9:03:34
X509v3 Authority Key Identifier:
keyid:FA:14:E8:15:3C:D3:F9:1C:33:39:7F:9B:7D:F9:1B:F1:73:C4:D1:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-hToFTzT-RwzOX-bffkb8XPE0Ws.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/i9PMkFjZgddcdQkvP1yxnZzZAzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/240780-8110-45d7-bd73-fdfd2d72b541/1/1-hToFTzT-RwzOX-bffkb8XPE0Ws.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.224.0/19
91.224.64.0/23
91.224.100.0/23
IPv6:
2a00:de00::/32
Signature Algorithm: sha256WithRSAEncryption
1b:a5:44:ad:59:02:a7:44:4b:f7:a6:4a:17:f7:b0:3f:15:25:
23:25:b5:51:71:4e:96:e2:a7:f6:41:1a:f6:41:f2:ff:06:ed:
5f:26:2b:4b:e7:9a:e9:20:f2:10:e1:04:f5:07:29:58:ce:a6:
b9:60:89:18:20:ae:a8:dc:39:2b:7f:4b:e2:04:82:0d:5a:4a:
9f:32:43:2d:2f:1d:b4:98:ac:73:21:ee:97:3a:39:39:48:76:
97:69:84:6d:23:9a:e5:a4:8e:f0:ba:e9:af:91:60:ac:0d:38:
16:99:97:79:c6:e3:60:de:25:8f:bf:5e:05:7b:50:c2:8d:42:
f6:6c:ba:20:0c:11:0d:d8:bf:15:b6:16:81:69:51:eb:a8:bf:
36:55:6a:db:82:d6:38:83:0b:bd:75:85:6d:33:b0:d6:9a:9a:
12:5a:2c:34:ed:52:ed:66:a9:c8:b5:d1:4a:83:f0:ed:57:02:
4c:63:7e:1b:2c:7d:4f:30:d5:6b:89:b7:66:c4:78:04:e7:8a:
cf:f4:6e:e0:e6:99:7b:77:e8:6d:87:1a:ef:3b:7c:c4:de:aa:
4a:56:fa:91:b1:55:81:4e:a5:86:ca:4e:ea:f9:c8:21:d3:84:
dd:f8:a6:89:9a:f4:dd:71:56:e7:d6:32:4c:f2:ed:78:2e:16:
4b:94:35:6b
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZg9yuqbY+AByYWTFZ1MuVXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMTRlODE1M2NkM2Y5MWMzMzM5N2Y5YjdkZjkxYmYxNzNj
NGQxNmIwHhcNMjUwNzI0MTg1NjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmQzY2M5MDU4ZDk4MWQ3NWM3NTA5MmYzZjVjYjE5ZDljZDkwMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFG59aTuzfSpVgfwHsICODb4Qxup
nnzvgwRCX/PKcwyRodpkTMecIZU2TR5559oed9yTjcmAYsoxviBmNBeXCSlMLtbi
MG3iD6Vf2r4k0yc05Ji3XOPR32M6KBUKs6WEJRIzkJVVyCDVpml1YLw7SAZ2BREE
se86hnwcpJJKcGjKMAMh+Evs9bfdCOy2IHmcwjoQhBlA7yTYFJ6BXo4dW4f5xdku
naUrceeuKd1TB26GWXdbXMrOsJ4Osd0skAE/evkGoVBigC2A+xII1Wny3wEgDTcD
JGAyApPaKTgwnkUzcdUKgWcdtIz0ja+Zy6X731S6O7+QzVgdn0y56UJz6QIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIvTzJBY2YHXXHUJLz9csZ2c2QM0MB8GA1UdIwQY
MBaAFPoU6BU80/kcMzl/m335G/FzxNFrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oVG9GVHpULVJ3ek9YLWJmZmtiOFhQRTBXcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvMjQwNzgwLTgxMTAtNDVkNy1iZDcz
LWZkZmQyZDcyYjU0MS8xL2k5UE1rRmpaZ2RkY2RRa3ZQMXl4blp6WkF6US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzcvMjQwNzgwLTgxMTAtNDVkNy1iZDczLWZkZmQyZDcyYjU0
MS8xLzEtaFRvRlR6VC1Sd3pPWC1iZmZrYjhYUEUwV3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOgYIKwYBBQUHAQcBAf8EKzApMBgEAgABMBIDBAUfH+AD
BAFb4EADBAFb4GQwDQQCAAIwBwMFACoA3gAwDQYJKoZIhvcNAQELBQADggEBABul
RK1ZAqdES/emShf3sD8VJSMltVFxTpbip/ZBGvZB8v8G7V8mK0vnmukg8hDhBPUH
KVjOprlgiRggrqjcOSt/S+IEgg1aSp8yQy0vHbSYrHMh7pc6OTlIdpdphG0jmuWk
jvC66a+RYKwNOBaZl3nG42DeJY+/XgV7UMKNQvZsuiAMEQ3YvxW2FoFpUeuovzZV
atuC1jiDC711hW0zsNaamhJaLDTtUu1mqci10UqD8O1XAkxjfhssfU8w1WuJt2bE
eATnis/0buDmmXt36G2HGu87fMTeqkpW+pGxVYFOpYbKTur5yCHThN34poma9N1x
VufWMkzy7XguFkuUNWs=
-----END CERTIFICATE-----
Generated at Sun Jul 27 16:38:46 2025 by rpki-client