Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/n3c9qLIhM0llrQC6fq5JWHe_KlA.roa
File: n3c9qLIhM0llrQC6fq5JWHe_KlA.roa (raw, json)
Hash identifier: nA71HgAh3Ie43jdpcA7ejYsH/8ttZHymDeMQC0kqD80=
Subject key identifier: 9F:77:3D:A8:B2:21:33:49:65:AD:00:BA:7E:AE:49:58:77:BF:2A:50
Certificate issuer: /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial: 0197E12E130F254A3678733E2C81F2F6D108
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/n3c9qLIhM0llrQC6fq5JWHe_KlA.roa
Signing time: Sun 06 Jul 2025 19:19:42 +0000
ROA not before: Sun 06 Jul 2025 19:19:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34984
IP address blocks: 31.169.80.0/24 maxlen: 24
31.169.83.0/24 maxlen: 24
31.169.86.0/24 maxlen: 24
31.169.90.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 22:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e1:2e:13:0f:25:4a:36:78:73:3e:2c:81:f2:f6:d1:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Validity
Not Before: Jul 6 19:19:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9f773da8b221334965ad00ba7eae495877bf2a50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:3a:3d:54:f5:e0:ef:ce:70:8e:f5:8e:51:29:
39:77:ba:c9:59:53:da:a0:b3:42:92:ea:0b:03:06:
03:53:fe:be:10:8d:d4:40:e5:8f:2f:62:db:b1:73:
d4:c3:87:1f:4a:7a:f7:2c:f9:d0:d0:31:4c:10:54:
6b:29:a7:a5:df:a7:96:1c:81:56:49:ea:3f:da:5a:
e7:b0:42:12:c5:87:9c:4d:03:5e:ae:c3:9b:30:1a:
30:cb:b9:e4:b7:85:06:34:42:8f:1d:89:fa:db:69:
1b:74:89:ea:90:4d:1f:50:d2:81:43:39:a5:f4:44:
16:62:23:b2:db:be:8b:45:6b:c0:8d:ae:30:f8:93:
a6:f7:b1:96:85:cc:64:d0:af:c9:8d:80:ab:c8:6a:
1d:cb:16:33:fa:d7:75:7f:30:e0:b4:88:3f:a8:d1:
68:c0:71:ce:3d:67:b6:cd:85:e5:d8:59:ad:72:11:
79:d5:78:5d:76:c7:fe:c0:2b:02:95:fa:31:fb:99:
f0:b7:27:16:a7:dd:55:0e:6e:d7:34:e7:f3:80:f0:
a0:ea:53:bc:be:7e:4d:39:f6:69:b4:01:ed:8c:a7:
14:f3:ea:5b:36:35:6c:f6:07:2f:11:83:ce:d7:bc:
51:35:de:3d:cc:29:06:20:59:0a:e7:9b:9e:e4:b3:
61:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:77:3D:A8:B2:21:33:49:65:AD:00:BA:7E:AE:49:58:77:BF:2A:50
X509v3 Authority Key Identifier:
keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/n3c9qLIhM0llrQC6fq5JWHe_KlA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.169.80.0/24
31.169.83.0/24
31.169.86.0/24
31.169.90.0/24
Signature Algorithm: sha256WithRSAEncryption
84:41:92:c4:3d:ea:30:ea:7e:4b:fd:4e:d8:45:02:87:66:d9:
d0:f4:3d:c1:71:e4:c0:6f:d1:03:47:9c:4b:c6:43:d8:2e:60:
11:69:24:59:b2:5d:4c:1b:dd:26:cd:42:f0:ad:cb:74:42:ae:
7e:9f:c5:e1:07:19:1a:b7:25:f2:4b:cb:ba:18:a0:ac:f2:96:
d0:34:3c:da:7b:5f:00:69:2b:53:89:88:23:93:bb:18:9a:dd:
ee:03:84:79:43:f1:1e:1b:2b:fa:3c:c5:26:58:ff:48:7d:e2:
98:4a:71:37:f4:aa:ae:f5:b1:ec:6c:e7:3f:e0:92:57:57:df:
b1:5a:b6:02:e3:bb:17:bb:f3:78:3f:71:1a:a6:c7:6b:2b:72:
26:2d:ac:83:41:af:ae:0d:44:9a:5f:2a:4b:5a:f3:2b:3c:0c:
ea:8a:4d:13:3f:61:19:5c:ec:38:9a:99:7b:47:eb:74:f2:ec:
57:65:8f:6f:f4:64:8b:c8:6f:d1:61:64:ed:6d:d1:d4:41:a7:
9c:76:fb:02:0f:ba:7d:06:65:36:c9:7b:fb:7e:d9:56:c4:c1:
65:d6:15:25:cf:25:46:48:44:94:c9:6a:ab:a9:1b:f1:38:5c:
ea:ad:77:93:57:08:cd:5b:2f:11:97:bb:01:88:83:9b:2e:a4:
36:ba:c2:98
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZfhLhMPJUo2eHM+LIHy9tEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjUwNzA2MTkxOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc3M2RhOGIyMjEzMzQ5NjVhZDAwYmE3ZWFlNDk1ODc3YmYyYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTo9VPXg785wjvWOUSk5d7rJWVPa
oLNCkuoLAwYDU/6+EI3UQOWPL2LbsXPUw4cfSnr3LPnQ0DFMEFRrKael36eWHIFW
Seo/2lrnsEISxYecTQNersObMBowy7nkt4UGNEKPHYn622kbdInqkE0fUNKBQzml
9EQWYiOy276LRWvAja4w+JOm97GWhcxk0K/JjYCryGodyxYz+td1fzDgtIg/qNFo
wHHOPWe2zYXl2FmtchF51Xhddsf+wCsClfox+5nwtycWp91VDm7XNOfzgPCg6lO8
vn5NOfZptAHtjKcU8+pbNjVs9gcvEYPO17xRNd49zCkGIFkK55ue5LNhTQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ93PaiyITNJZa0Aun6uSVh3vypQMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvbjNjOXFMSWhNMGxsclFDNmZxNUpXSGVfS2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAH6lQAwQA
H6lTAwQAH6lWAwQAH6laMA0GCSqGSIb3DQEBCwUAA4IBAQCEQZLEPeow6n5L/U7Y
RQKHZtnQ9D3BceTAb9EDR5xLxkPYLmARaSRZsl1MG90mzULwrct0Qq5+n8XhBxka
tyXyS8u6GKCs8pbQNDzae18AaStTiYgjk7sYmt3uA4R5Q/EeGyv6PMUmWP9IfeKY
SnE39Kqu9bHsbOc/4JJXV9+xWrYC47sXu/N4P3EapsdrK3ImLayDQa+uDUSaXypL
WvMrPAzqik0TP2EZXOw4mpl7R+t08uxXZY9v9GSLyG/RYWTtbdHUQaecdvsCD7p9
BmU2yXv7ftlWxMFl1hUlzyVGSESUyWqrqRvxOFzqrXeTVwjNWy8Rl7sBiIObLqQ2
usKY
-----END CERTIFICATE-----
Generated at Wed Jul 23 06:07:21 2025 by rpki-client