Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/3vOkms1tZ1ngilXRsF2AnSNXRpc.roa
File: 3vOkms1tZ1ngilXRsF2AnSNXRpc.roa (raw, json)
Hash identifier: /PiOxJIXqSLan9pb27DlpE7/naqh5TR5sTdBHisw3+w=
Subject key identifier: DE:F3:A4:9A:CD:6D:67:59:E0:8A:55:D1:B0:5D:80:9D:23:57:46:97
Certificate issuer: /CN=cdb63efa269a1411754e1cdaab848fb06fa08411
Certificate serial: 01990907E5B68FF66D83691D58E9C8658E5B
Authority key identifier: CD:B6:3E:FA:26:9A:14:11:75:4E:1C:DA:AB:84:8F:B0:6F:A0:84:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zbY--iaaFBF1Thzaq4SPsG-ghBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/3vOkms1tZ1ngilXRsF2AnSNXRpc.roa
Signing time: Tue 02 Sep 2025 06:05:36 +0000
ROA not before: Tue 02 Sep 2025 06:05:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42714
IP address blocks: 31.170.128.0/19 maxlen: 24
31.170.128.0/20 maxlen: 24
31.170.144.0/21 maxlen: 24
31.170.152.0/21 maxlen: 24
193.200.38.0/23 maxlen: 23
193.200.38.0/24 maxlen: 24
193.200.39.0/24 maxlen: 24
195.211.184.0/22 maxlen: 24
2a02:7640::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/zbY--iaaFBF1Thzaq4SPsG-ghBE.crl
rsync://rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/zbY--iaaFBF1Thzaq4SPsG-ghBE.mft
rsync://rpki.ripe.net/repository/DEFAULT/zbY--iaaFBF1Thzaq4SPsG-ghBE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 03:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:09:07:e5:b6:8f:f6:6d:83:69:1d:58:e9:c8:65:8e:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdb63efa269a1411754e1cdaab848fb06fa08411
Validity
Not Before: Sep 2 06:05:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=def3a49acd6d6759e08a55d1b05d809d23574697
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:94:8c:59:3b:13:a4:7e:ce:28:82:9d:51:87:
77:59:78:9c:f4:c6:26:45:7d:4a:38:48:6c:78:ca:
59:61:14:eb:74:e2:fa:3d:9d:8c:d5:10:ef:92:d4:
a1:56:fe:d7:bb:ea:bb:5f:be:6d:e7:99:5a:b0:b5:
30:5b:59:64:7f:de:5b:8a:fa:62:ae:59:1f:62:04:
68:07:a6:7e:28:de:f5:13:da:df:84:f8:69:88:23:
1f:25:6d:14:f9:ba:70:28:20:d3:1a:14:6c:e9:98:
9e:35:28:d3:33:7b:b0:ce:96:fc:24:68:52:01:df:
f1:c8:f3:4d:89:ca:fd:9d:95:cc:30:e3:79:16:c5:
1f:7e:e1:9f:38:cc:63:b5:35:10:6f:c2:fa:c1:8b:
13:c3:7b:51:af:f2:a2:0f:0b:9d:6e:a8:7e:19:1e:
fa:14:6c:b7:8e:da:f5:7c:4f:38:ea:3c:09:2d:65:
4c:8e:fa:ae:9a:1b:83:1b:64:10:45:b0:1a:b7:3b:
34:4b:3d:1e:83:4b:d1:66:af:09:e8:9d:58:ea:0b:
03:86:25:f4:ab:5e:b8:b2:23:2e:fc:99:2f:9e:28:
2e:3b:9c:6c:9f:5f:f1:85:39:97:b9:c6:76:59:72:
33:93:53:a4:4d:9b:fd:8a:61:40:56:d9:83:a8:10:
a7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:F3:A4:9A:CD:6D:67:59:E0:8A:55:D1:B0:5D:80:9D:23:57:46:97
X509v3 Authority Key Identifier:
keyid:CD:B6:3E:FA:26:9A:14:11:75:4E:1C:DA:AB:84:8F:B0:6F:A0:84:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbY--iaaFBF1Thzaq4SPsG-ghBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/3vOkms1tZ1ngilXRsF2AnSNXRpc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5005b4-301d-4a5b-9c96-43883487e492/1/zbY--iaaFBF1Thzaq4SPsG-ghBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.128.0/19
193.200.38.0/23
195.211.184.0/22
IPv6:
2a02:7640::/32
Signature Algorithm: sha256WithRSAEncryption
54:aa:d7:3e:c6:e2:c5:e0:a5:00:b4:29:f6:92:85:cf:e2:27:
d7:54:a6:46:ff:ed:55:89:c6:92:de:da:28:2c:56:b8:d1:50:
c8:31:6e:7f:b8:85:99:be:ed:8d:17:bc:4a:38:f6:1c:e7:6f:
18:b3:7e:c3:5b:9b:1f:cf:18:97:63:71:bd:0c:53:29:a5:df:
95:1e:4b:39:bb:15:7c:c7:36:2d:80:ca:68:ef:fe:35:79:7f:
7a:d4:91:cc:55:3c:e6:c5:a1:ad:4b:b0:09:c8:11:ba:69:bf:
0e:4e:12:d5:3b:72:2c:e8:87:3c:6c:2a:d5:9e:a1:63:16:8b:
d6:9c:df:ad:21:b9:a7:dc:6d:db:1b:10:9e:9d:20:10:1f:f3:
21:26:79:60:da:51:83:5c:dc:24:97:5f:75:46:08:8b:bc:6f:
35:a5:16:a6:a4:da:70:b3:32:6c:30:27:53:9f:f5:51:71:48:
65:b5:03:2d:e4:9d:3e:c6:f8:ed:03:f1:5c:4d:70:92:86:c4:
16:ea:ff:be:2b:c0:b5:f4:0b:e7:35:50:ca:dc:86:4d:8e:68:
3c:cb:44:b3:ba:5b:0a:d2:8d:40:ed:7f:14:b5:b2:2c:65:26:
35:9a:f0:75:4f:c2:06:d1:ad:a7:14:51:e1:c5:3b:40:42:08:
d5:6d:25:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZkJB+W2j/Ztg2kdWOnIZY5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjYzZWZhMjY5YTE0MTE3NTRlMWNkYWFiODQ4ZmIwNmZh
MDg0MTEwHhcNMjUwOTAyMDYwNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWYzYTQ5YWNkNmQ2NzU5ZTA4YTU1ZDFiMDVkODA5ZDIzNTc0Njk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZSMWTsTpH7OKIKdUYd3WXic9MYm
RX1KOEhseMpZYRTrdOL6PZ2M1RDvktShVv7Xu+q7X75t55lasLUwW1lkf95bivpi
rlkfYgRoB6Z+KN71E9rfhPhpiCMfJW0U+bpwKCDTGhRs6ZieNSjTM3uwzpb8JGhS
Ad/xyPNNicr9nZXMMON5FsUffuGfOMxjtTUQb8L6wYsTw3tRr/KiDwudbqh+GR76
FGy3jtr1fE846jwJLWVMjvqumhuDG2QQRbAatzs0Sz0eg0vRZq8J6J1Y6gsDhiX0
q164siMu/JkvniguO5xsn1/xhTmXucZ2WXIzk1OkTZv9imFAVtmDqBCnNQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN7zpJrNbWdZ4IpV0bBdgJ0jV0aXMB8GA1UdIwQY
MBaAFM22PvommhQRdU4c2quEj7BvoIQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJZLS1pYWFGQkYxVGh6YXE0U1BzRy1naEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS81MDA1YjQtMzAxZC00YTViLTljOTYt
NDM4ODM0ODdlNDkyLzEvM3ZPa21zMXRaMW5naWxYUnNGMkFuU05YUnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS81MDA1YjQtMzAxZC00YTViLTljOTYtNDM4ODM0ODdlNDky
LzEvemJZLS1pYWFGQkYxVGh6YXE0U1BzRy1naEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFH6qAAwQB
wcgmAwQCw9O4MA0EAgACMAcDBQAqAnZAMA0GCSqGSIb3DQEBCwUAA4IBAQBUqtc+
xuLF4KUAtCn2koXP4ifXVKZG/+1VicaS3tooLFa40VDIMW5/uIWZvu2NF7xKOPYc
528Ys37DW5sfzxiXY3G9DFMppd+VHks5uxV8xzYtgMpo7/41eX961JHMVTzmxaGt
S7AJyBG6ab8OThLVO3Is6Ic8bCrVnqFjFovWnN+tIbmn3G3bGxCenSAQH/MhJnlg
2lGDXNwkl191RgiLvG81pRampNpwszJsMCdTn/VRcUhltQMt5J0+xvjtA/FcTXCS
hsQW6v++K8C19AvnNVDK3IZNjmg8y0SzulsK0o1A7X8UtbIsZSY1mvB1T8IG0a2n
FFHhxTtAQgjVbSWr
-----END CERTIFICATE-----
Generated at Sun Sep 7 11:48:40 2025 by rpki-client