Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/RKyzB9bUwZYi5TsxSj7CGxt394k.roa
File: RKyzB9bUwZYi5TsxSj7CGxt394k.roa (raw, json)
Hash identifier: Hh9WM4Bb/ik/WwsavUvg8LAp8Fn8QkXbUV4e4PeWt3s=
Subject key identifier: 44:AC:B3:07:D6:D4:C1:96:22:E5:3B:31:4A:3E:C2:1B:1B:77:F7:89
Certificate issuer: /CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
Certificate serial: 0198F5A87B7699AD16F6A3192CEEDA6BEFB8
Authority key identifier: 1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/RKyzB9bUwZYi5TsxSj7CGxt394k.roa
Signing time: Fri 29 Aug 2025 11:48:36 +0000
ROA not before: Fri 29 Aug 2025 11:48:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57910
IP address blocks: 31.214.176.0/20 maxlen: 24
37.10.72.0/21 maxlen: 24
37.152.88.0/21 maxlen: 24
45.149.228.0/22 maxlen: 24
46.18.72.0/21 maxlen: 24
82.198.48.0/20 maxlen: 20
87.117.96.0/20 maxlen: 24
91.132.116.0/22 maxlen: 24
95.214.0.0/22 maxlen: 24
109.69.48.0/21 maxlen: 24
185.11.236.0/22 maxlen: 24
185.161.12.0/22 maxlen: 24
185.226.236.0/22 maxlen: 24
193.57.36.0/22 maxlen: 24
194.56.236.0/22 maxlen: 24
194.127.158.0/23 maxlen: 24
194.127.162.0/23 maxlen: 24
2a00:b5c0::/32 maxlen: 32
2a02:2110::/32 maxlen: 32
2a0c:7a00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.crl
rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 07:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f5:a8:7b:76:99:ad:16:f6:a3:19:2c:ee:da:6b:ef:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e5aaf3d0683dc8a0d58c643826e166d3c28cca9
Validity
Not Before: Aug 29 11:48:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=44acb307d6d4c19622e53b314a3ec21b1b77f789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:9b:a5:a4:29:37:f4:89:1d:63:99:20:cd:d7:
a9:8b:36:fc:03:1e:79:8a:0f:17:56:1c:c4:e8:da:
4d:98:ed:a1:04:48:0d:3b:d5:34:e2:cc:c5:2d:ee:
f3:ec:ea:09:52:fe:b9:0f:fc:94:2e:9c:7a:90:5f:
7f:8e:f2:ef:22:d7:8e:21:b0:c3:85:bb:bb:93:a5:
36:15:7d:64:08:7c:f5:20:be:b7:7d:a4:f2:67:cc:
46:4b:4d:9c:5d:aa:10:c9:57:53:42:bb:9c:12:7c:
d2:76:56:91:ae:a3:47:d3:98:f7:48:8e:4e:d8:b6:
db:9f:95:90:3d:51:77:ce:9c:11:75:c6:40:e2:25:
ee:0f:c3:ac:6d:b5:4b:f9:d4:50:c9:18:e3:db:9d:
0e:32:92:ab:90:c8:5e:48:8d:ae:3b:8a:80:78:2e:
ae:a4:db:61:37:ad:d8:e7:8f:a2:4e:af:ec:b0:8f:
87:38:f7:df:7e:66:e9:0e:9d:76:e0:f5:3c:8a:31:
a4:20:ff:ea:f4:56:4c:44:59:a2:ec:ce:94:73:a6:
69:dc:94:6c:78:3f:ce:73:70:d7:2c:a8:95:cb:12:
29:cc:31:02:00:fd:ad:21:6f:1d:e8:2d:50:14:c7:
25:87:10:48:3d:72:3b:aa:f6:6a:6f:6d:01:26:df:
6b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:AC:B3:07:D6:D4:C1:96:22:E5:3B:31:4A:3E:C2:1B:1B:77:F7:89
X509v3 Authority Key Identifier:
keyid:1E:5A:AF:3D:06:83:DC:8A:0D:58:C6:43:82:6E:16:6D:3C:28:CC:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlqvPQaD3IoNWMZDgm4WbTwozKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/RKyzB9bUwZYi5TsxSj7CGxt394k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/83df5b-d153-4cb6-baf3-4cd38b758d5c/1/HlqvPQaD3IoNWMZDgm4WbTwozKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.176.0/20
37.10.72.0/21
37.152.88.0/21
45.149.228.0/22
46.18.72.0/21
82.198.48.0/20
87.117.96.0/20
91.132.116.0/22
95.214.0.0/22
109.69.48.0/21
185.11.236.0/22
185.161.12.0/22
185.226.236.0/22
193.57.36.0/22
194.56.236.0/22
194.127.158.0/23
194.127.162.0/23
IPv6:
2a00:b5c0::/32
2a02:2110::/32
2a0c:7a00::/29
Signature Algorithm: sha256WithRSAEncryption
31:16:c7:f8:28:d7:5a:28:db:57:85:c8:5c:79:61:ff:3e:5c:
3e:41:be:70:ab:2a:04:db:a0:db:f6:d4:58:16:84:7b:6f:da:
74:c3:59:1a:63:5f:d4:d1:59:49:12:74:bd:60:6e:ee:75:bd:
9b:c8:28:35:c0:2a:05:cb:8d:a0:b0:b4:8f:6e:01:52:20:db:
98:7c:6e:03:75:52:0d:5f:84:85:12:28:64:dc:3e:e5:5f:5b:
20:6d:d5:84:9a:2d:da:64:e5:bd:e8:3c:81:30:ee:ba:3a:f9:
81:03:92:26:8c:94:74:1e:4c:11:65:86:4b:91:d4:86:fe:af:
f8:60:0b:4e:38:e9:1d:ee:5d:c8:8e:25:a5:23:6a:71:fe:76:
6f:f4:50:25:ad:c8:19:c0:d5:2a:a4:6e:46:4e:09:35:a9:53:
60:67:03:22:3c:0a:3f:e0:dc:9c:db:0d:fa:ac:a8:d5:ae:af:
91:50:43:07:cf:b9:21:c4:38:a4:36:c3:35:79:06:86:75:1a:
1a:d7:2c:1a:74:87:47:53:c6:07:cc:53:87:55:07:f0:68:de:
bb:08:ff:af:5d:17:8b:56:93:9b:86:68:12:0c:13:b7:e8:f1:
76:06:5c:17:b5:48:18:e6:1e:7f:15:03:0c:e9:a6:13:26:35:
43:13:14:d0
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgISAZj1qHt2ma0W9qMZLO7aa++4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWFhZjNkMDY4M2RjOGEwZDU4YzY0MzgyNmUxNjZkM2My
OGNjYTkwHhcNMjUwODI5MTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFjYjMwN2Q2ZDRjMTk2MjJlNTNiMzE0YTNlYzIxYjFiNzdmNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pulpCk39IkdY5kgzdepizb8Ax55
ig8XVhzE6NpNmO2hBEgNO9U04szFLe7z7OoJUv65D/yULpx6kF9/jvLvIteOIbDD
hbu7k6U2FX1kCHz1IL63faTyZ8xGS02cXaoQyVdTQrucEnzSdlaRrqNH05j3SI5O
2Lbbn5WQPVF3zpwRdcZA4iXuD8OsbbVL+dRQyRjj250OMpKrkMheSI2uO4qAeC6u
pNthN63Y54+iTq/ssI+HOPfffmbpDp124PU8ijGkIP/q9FZMRFmi7M6Uc6Zp3JRs
eD/Oc3DXLKiVyxIpzDECAP2tIW8d6C1QFMclhxBIPXI7qvZqb20BJt9rHQIDAQAB
o4ICiTCCAoUwHQYDVR0OBBYEFESsswfW1MGWIuU7MUo+whsbd/eJMB8GA1UdIwQY
MBaAFB5arz0Gg9yKDVjGQ4JuFm08KMypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMt
NGNkMzhiNzU4ZDVjLzEvUkt5ekI5YlV3WllpNVRzeFNqN0NHeHQzOTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84M2RmNWItZDE1My00Y2I2LWJhZjMtNGNkMzhiNzU4ZDVj
LzEvSGxxdlBRYUQzSW9OV01aRGdtNFdiVHdvektrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGeBggrBgEFBQcBBwEB/wSBjjCBizBsBAIAATBmAwQEH9aw
AwQDJQpIAwQDJZhYAwQCLZXkAwQDLhJIAwQEUsYwAwQEV3VgAwQCW4R0AwQCX9YA
AwQDbUUwAwQCuQvsAwQCuaEMAwQCueLsAwQCwTkkAwQCwjjsAwQBwn+eAwQBwn+i
MBsEAgACMBUDBQAqALXAAwUAKgIhEAMFAyoMegAwDQYJKoZIhvcNAQELBQADggEB
ADEWx/go11oo21eFyFx5Yf8+XD5BvnCrKgTboNv21FgWhHtv2nTDWRpjX9TRWUkS
dL1gbu51vZvIKDXAKgXLjaCwtI9uAVIg25h8bgN1Ug1fhIUSKGTcPuVfWyBt1YSa
Ldpk5b3oPIEw7ro6+YEDkiaMlHQeTBFlhkuR1Ib+r/hgC0446R3uXciOJaUjanH+
dm/0UCWtyBnA1SqkbkZOCTWpU2BnAyI8Cj/g3JzbDfqsqNWur5FQQwfPuSHEOKQ2
wzV5BoZ1GhrXLBp0h0dTxgfMU4dVB/Bo3rsI/69dF4tWk5uGaBIME7fo8XYGXBe1
SBjmHn8VAwzpphMmNUMTFNA=
-----END CERTIFICATE-----
Generated at Sun Sep 7 14:57:43 2025 by rpki-client