Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/FXCR9Lc6KgRx_HPpZhjXnE6ILJY.roa
File: FXCR9Lc6KgRx_HPpZhjXnE6ILJY.roa (raw, json)
Hash identifier: TawwcEelbsmmDw/jX+MvcIQud2NnCnis9eNEGbrjubs=
Subject key identifier: 15:70:91:F4:B7:3A:2A:04:71:FC:73:E9:66:18:D7:9C:4E:88:2C:96
Certificate issuer: /CN=cb5799d8d05f4a020011dca8031762bea012255d
Certificate serial: 01970B7E9843673770DBDB548F8386A30495
Authority key identifier: CB:57:99:D8:D0:5F:4A:02:00:11:DC:A8:03:17:62:BE:A0:12:25:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/FXCR9Lc6KgRx_HPpZhjXnE6ILJY.roa
Signing time: Mon 26 May 2025 07:28:55 +0000
ROA not before: Mon 26 May 2025 07:28:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201975
IP address blocks: 31.210.19.0/24 maxlen: 24
45.86.176.0/22 maxlen: 24
86.58.208.0/21 maxlen: 24
93.90.64.0/22 maxlen: 24
157.97.112.0/21 maxlen: 24
185.54.180.0/22 maxlen: 24
193.148.20.0/22 maxlen: 24
2a02:4660::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.crl
rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.mft
rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 13 Jun 2025 04:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0b:7e:98:43:67:37:70:db:db:54:8f:83:86:a3:04:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb5799d8d05f4a020011dca8031762bea012255d
Validity
Not Before: May 26 07:28:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=157091f4b73a2a0471fc73e96618d79c4e882c96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:da:f7:b2:dc:1a:d7:05:ba:44:ef:e8:7e:ef:
81:29:7e:72:c0:e2:41:38:91:79:6d:f4:77:a8:4b:
20:b0:86:4f:a9:18:6a:5c:ad:12:72:28:ef:f9:d9:
d0:42:75:93:b6:09:0d:55:41:10:e2:51:c8:82:b3:
c1:de:7a:93:3f:e0:95:3f:a5:eb:d8:6a:66:fe:5f:
27:c9:0c:bc:76:c8:e4:0d:48:b9:1a:b3:48:97:43:
a9:f2:f0:34:db:24:8c:af:29:b7:eb:05:be:e6:de:
be:3f:52:58:41:97:77:61:f4:05:83:6e:9b:53:ae:
de:00:c8:ad:8b:b0:42:0c:4e:8e:47:26:72:b3:ac:
e5:73:d8:cf:51:be:0a:72:8d:78:08:d8:82:b6:97:
48:4d:50:9c:af:bc:6b:66:e9:d3:e7:4a:fc:90:22:
4a:5b:c9:40:76:c7:d9:2d:e0:3e:91:b9:5d:1a:f8:
d5:92:34:52:6e:b8:88:2a:cc:a1:8b:f2:ce:e6:ea:
31:23:b6:87:ff:2b:ac:52:84:01:7e:a8:e0:52:c0:
c9:fc:31:f2:cf:b0:62:d4:93:ab:78:88:fe:2e:c7:
f1:94:0a:28:e6:1c:8d:74:42:3d:9b:32:80:f9:63:
29:e8:56:90:58:76:48:7d:4b:b3:ff:76:41:a4:51:
ed:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:70:91:F4:B7:3A:2A:04:71:FC:73:E9:66:18:D7:9C:4E:88:2C:96
X509v3 Authority Key Identifier:
keyid:CB:57:99:D8:D0:5F:4A:02:00:11:DC:A8:03:17:62:BE:A0:12:25:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y1eZ2NBfSgIAEdyoAxdivqASJV0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/FXCR9Lc6KgRx_HPpZhjXnE6ILJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/c78020-fa32-4988-9e14-5c602fde963b/1/y1eZ2NBfSgIAEdyoAxdivqASJV0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.19.0/24
45.86.176.0/22
86.58.208.0/21
93.90.64.0/22
157.97.112.0/21
185.54.180.0/22
193.148.20.0/22
IPv6:
2a02:4660::/32
Signature Algorithm: sha256WithRSAEncryption
31:6e:21:1c:0e:f6:d6:2f:41:60:f7:46:ff:09:f8:ed:9f:82:
01:5f:c5:3a:50:4d:0a:19:11:c4:57:d7:7b:a5:12:61:c0:a5:
31:42:7c:90:43:fe:1c:cb:a6:15:0e:f4:8e:a0:e9:ef:79:08:
c8:77:d3:c6:19:50:2a:fa:a0:59:b4:47:5a:27:b9:74:de:2b:
24:24:3f:86:fd:25:3b:cb:04:8a:8b:0a:02:43:47:22:29:a1:
4d:58:b4:28:81:00:1e:49:0b:35:0e:58:37:5c:f9:3b:3b:59:
72:55:45:1d:3e:bf:33:44:40:ae:b4:c2:26:21:93:11:39:15:
39:48:40:a4:97:2b:7e:05:59:40:e5:8f:28:7e:bd:84:99:78:
85:d8:74:02:ba:45:0c:57:2c:6b:35:40:e4:cc:30:b9:bc:12:
83:36:08:a5:9a:b2:cf:5d:27:2a:56:a5:5b:1d:6c:38:38:49:
32:75:b5:38:42:ee:77:d9:75:91:92:8f:b5:f8:b3:bc:29:67:
65:bc:eb:b5:62:25:a1:9c:06:b4:8e:e0:69:de:c6:ad:9a:eb:
cc:e7:4e:71:3f:bc:23:3f:f1:86:00:4f:83:0a:42:0e:99:0c:
26:31:d3:0f:2e:75:fb:b1:83:f5:0b:6f:a4:fc:9a:b9:9f:9d:
f9:5a:3e:57
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZcLfphDZzdw29tUj4OGowSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNTc5OWQ4ZDA1ZjRhMDIwMDExZGNhODAzMTc2MmJlYTAx
MjI1NWQwHhcNMjUwNTI2MDcyODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTcwOTFmNGI3M2EyYTA0NzFmYzczZTk2NjE4ZDc5YzRlODgyYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtr3stwa1wW6RO/ofu+BKX5ywOJB
OJF5bfR3qEsgsIZPqRhqXK0Scijv+dnQQnWTtgkNVUEQ4lHIgrPB3nqTP+CVP6Xr
2Gpm/l8nyQy8dsjkDUi5GrNIl0Op8vA02ySMrym36wW+5t6+P1JYQZd3YfQFg26b
U67eAMiti7BCDE6ORyZys6zlc9jPUb4Kco14CNiCtpdITVCcr7xrZunT50r8kCJK
W8lAdsfZLeA+kbldGvjVkjRSbriIKsyhi/LO5uoxI7aH/yusUoQBfqjgUsDJ/DHy
z7Bi1JOreIj+LsfxlAoo5hyNdEI9mzKA+WMp6FaQWHZIfUuz/3ZBpFHtawIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBVwkfS3OioEcfxz6WYY15xOiCyWMB8GA1UdIwQY
MBaAFMtXmdjQX0oCABHcqAMXYr6gEiVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTFlWjJOQmZTZ0lBRWR5b0F4ZGl2cUFTSlYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9jNzgwMjAtZmEzMi00OTg4LTllMTQt
NWM2MDJmZGU5NjNiLzEvRlhDUjlMYzZLZ1J4X0hQcFpoalhuRTZJTEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9jNzgwMjAtZmEzMi00OTg4LTllMTQtNWM2MDJmZGU5NjNi
LzEveTFlWjJOQmZTZ0lBRWR5b0F4ZGl2cUFTSlYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAH9ITAwQC
LVawAwQDVjrQAwQCXVpAAwQDnWFwAwQCuTa0AwQCwZQUMA0EAgACMAcDBQAqAkZg
MA0GCSqGSIb3DQEBCwUAA4IBAQAxbiEcDvbWL0Fg90b/Cfjtn4IBX8U6UE0KGRHE
V9d7pRJhwKUxQnyQQ/4cy6YVDvSOoOnveQjId9PGGVAq+qBZtEdaJ7l03iskJD+G
/SU7ywSKiwoCQ0ciKaFNWLQogQAeSQs1Dlg3XPk7O1lyVUUdPr8zRECutMImIZMR
ORU5SECklyt+BVlA5Y8ofr2EmXiF2HQCukUMVyxrNUDkzDC5vBKDNgilmrLPXScq
VqVbHWw4OEkydbU4Qu532XWRko+1+LO8KWdlvOu1YiWhnAa0juBp3satmuvM505x
P7wjP/GGAE+DCkIOmQwmMdMPLnX7sYP1C2+k/Jq5n535Wj5X
-----END CERTIFICATE-----
Generated at Thu Jun 12 13:45:36 2025 by rpki-client