Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/cHMExnQg_NgXj9RSngWJiE0Ry9w.roa
File: cHMExnQg_NgXj9RSngWJiE0Ry9w.roa (raw, json)
Hash identifier: ccksNIEDmgp05yf3K+8vErJuvCl+xg8f85HZISEiov8=
Subject key identifier: 70:73:04:C6:74:20:FC:D8:17:8F:D4:52:9E:05:89:88:4D:11:CB:DC
Certificate issuer: /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial: 019A17159B6628D0888A7676CE1F7E95267C
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/cHMExnQg_NgXj9RSngWJiE0Ry9w.roa
Signing time: Fri 24 Oct 2025 16:38:03 +0000
ROA not before: Fri 24 Oct 2025 16:38:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56940
IP address blocks: 31.131.40.0/22 maxlen: 22
31.131.46.0/24 maxlen: 24
31.131.47.0/24 maxlen: 24
91.229.12.0/23 maxlen: 23
91.229.14.0/23 maxlen: 23
91.239.164.0/23 maxlen: 23
91.239.166.0/23 maxlen: 23
176.113.100.0/22 maxlen: 22
176.114.56.0/21 maxlen: 21
193.242.196.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:15:9b:66:28:d0:88:8a:76:76:ce:1f:7e:95:26:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Validity
Not Before: Oct 24 16:38:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=707304c67420fcd8178fd4529e0589884d11cbdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:91:e2:72:60:8e:ed:74:48:81:43:4d:04:aa:
19:f9:ee:91:e2:da:92:e5:ce:0c:79:46:0d:d7:e2:
d6:f5:2e:04:eb:b1:d6:9c:e7:e6:5c:52:03:60:d0:
2f:94:85:4b:1f:c5:46:77:99:eb:46:c7:46:27:fb:
19:8c:12:88:5c:4a:1a:56:64:48:f0:66:eb:eb:0b:
fa:cd:23:2f:00:a4:5b:fc:c3:66:46:ec:d3:f2:ba:
f8:f8:85:b5:5c:d0:52:30:d8:a6:66:eb:12:7c:b3:
26:0f:63:75:5a:e6:45:15:93:b9:a0:70:e4:0d:73:
48:38:cf:e3:06:21:8c:d4:a0:f5:4a:f2:4b:68:f1:
14:36:10:f1:0b:bf:55:96:b6:f2:c5:fa:2f:74:5b:
e3:ba:0b:92:19:58:b9:65:1e:d7:2c:d9:ea:23:f5:
d3:26:05:85:e3:ae:98:8e:84:13:14:11:6c:f1:22:
ba:49:08:64:a2:ec:f5:07:ab:0b:7b:34:51:50:de:
65:a4:f7:b9:8d:ba:32:71:83:cc:3e:c5:1c:7b:1a:
1a:01:78:6a:ae:36:0c:22:31:2b:ed:d3:35:f9:38:
8e:bd:50:f7:9e:c4:10:21:b3:49:a4:4e:72:0e:93:
ba:02:6d:12:42:5c:36:c8:ef:09:10:a2:07:fa:93:
11:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:73:04:C6:74:20:FC:D8:17:8F:D4:52:9E:05:89:88:4D:11:CB:DC
X509v3 Authority Key Identifier:
keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/cHMExnQg_NgXj9RSngWJiE0Ry9w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.131.40.0/22
31.131.46.0/23
91.229.12.0/22
91.239.164.0/22
176.113.100.0/22
176.114.56.0/21
193.242.196.0/22
Signature Algorithm: sha256WithRSAEncryption
82:95:2d:da:a1:69:50:1e:40:cd:97:10:0f:f0:fe:72:59:92:
81:16:23:38:2a:94:1d:14:7b:b9:c4:e5:10:27:33:6f:a7:07:
34:5d:0b:51:ec:24:d4:3c:a8:49:40:a6:5b:da:a6:27:e6:2a:
25:a5:9f:65:68:df:01:e6:9b:bf:1c:f9:73:0d:92:4d:21:df:
8f:fa:3e:87:13:ad:36:1b:0f:d8:c3:95:0e:e5:98:cb:b4:cb:
b1:a3:d8:9d:f2:ae:44:d9:03:65:f2:f2:75:3b:f9:a8:de:f7:
a4:51:f3:aa:4e:07:03:74:e4:c3:16:50:ce:82:90:f8:b1:e6:
a6:a7:d1:46:ba:8b:95:aa:f8:e8:1e:01:08:c8:03:2b:b7:38:
03:35:9a:de:eb:3f:f2:e9:c5:5a:89:80:1c:1e:78:62:84:fd:
d8:11:1c:08:15:f7:94:9b:a7:d8:d8:25:97:89:10:78:65:75:
84:0f:7e:4e:2b:1a:04:a3:f2:78:6b:09:8f:9c:c3:d0:6f:02:
7f:f0:2e:55:c8:d4:af:13:62:d6:e2:52:cc:b8:71:fc:80:bf:
d0:5f:03:8d:ac:bd:83:d8:e7:14:42:65:73:82:cd:88:f7:f6:
a9:a3:d0:ea:b8:ec:c4:f8:32:49:91:3e:51:dc:8f:4c:a1:1f:
a6:7c:8a:26
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZoXFZtmKNCIinZ2zh9+lSZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjUxMDI0MTYzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDczMDRjNjc0MjBmY2Q4MTc4ZmQ0NTI5ZTA1ODk4ODRkMTFjYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZHicmCO7XRIgUNNBKoZ+e6R4tqS
5c4MeUYN1+LW9S4E67HWnOfmXFIDYNAvlIVLH8VGd5nrRsdGJ/sZjBKIXEoaVmRI
8Gbr6wv6zSMvAKRb/MNmRuzT8rr4+IW1XNBSMNimZusSfLMmD2N1WuZFFZO5oHDk
DXNIOM/jBiGM1KD1SvJLaPEUNhDxC79VlrbyxfovdFvjuguSGVi5ZR7XLNnqI/XT
JgWF466YjoQTFBFs8SK6SQhkouz1B6sLezRRUN5lpPe5jboycYPMPsUcexoaAXhq
rjYMIjEr7dM1+TiOvVD3nsQQIbNJpE5yDpO6Am0SQlw2yO8JEKIH+pMRGwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFHBzBMZ0IPzYF4/UUp4FiYhNEcvcMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvY0hNRXhuUWdfTmdYajlSU25nV0ppRTBSeTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCH4MoAwQB
H4MuAwQCW+UMAwQCW++kAwQCsHFkAwQDsHI4AwQCwfLEMA0GCSqGSIb3DQEBCwUA
A4IBAQCClS3aoWlQHkDNlxAP8P5yWZKBFiM4KpQdFHu5xOUQJzNvpwc0XQtR7CTU
PKhJQKZb2qYn5iolpZ9laN8B5pu/HPlzDZJNId+P+j6HE602Gw/Yw5UO5ZjLtMux
o9id8q5E2QNl8vJ1O/mo3vekUfOqTgcDdOTDFlDOgpD4seamp9FGuouVqvjoHgEI
yAMrtzgDNZre6z/y6cVaiYAcHnhihP3YERwIFfeUm6fY2CWXiRB4ZXWED35OKxoE
o/J4awmPnMPQbwJ/8C5VyNSvE2LW4lLMuHH8gL/QXwONrL2D2OcUQmVzgs2I9/ap
o9DquOzE+DJJkT5R3I9MoR+mfIom
-----END CERTIFICATE-----
Generated at Tue Oct 28 02:34:56 2025 by rpki-client