Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2SqJ7suYQDvYZ30C1JqbYnrqZeA.roa
File: 2SqJ7suYQDvYZ30C1JqbYnrqZeA.roa (raw, json)
Hash identifier: 8/LpSTNnHhJrNlbUykZw2puq3ybg4qg6sjAjHddIJGo=
Subject key identifier: D9:2A:89:EE:CB:98:40:3B:D8:67:7D:02:D4:9A:9B:62:7A:EA:65:E0
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0195DBD16D876166BD653645BFDE849E3AD3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2SqJ7suYQDvYZ30C1JqbYnrqZeA.roa
Signing time: Fri 28 Mar 2025 08:14:50 +0000
ROA not before: Fri 28 Mar 2025 08:14:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2914
IP address blocks: 31.56.154.0/24 maxlen: 24
31.56.158.0/24 maxlen: 24
31.56.159.0/24 maxlen: 24
31.56.168.0/24 maxlen: 24
31.56.169.0/24 maxlen: 24
31.56.170.0/24 maxlen: 24
31.56.171.0/24 maxlen: 24
31.56.174.0/24 maxlen: 24
31.56.175.0/24 maxlen: 24
31.57.24.0/22 maxlen: 24
31.57.28.0/22 maxlen: 24
31.57.48.0/22 maxlen: 24
31.57.52.0/22 maxlen: 24
31.57.56.0/22 maxlen: 24
31.57.60.0/22 maxlen: 24
31.58.34.0/23 maxlen: 24
31.58.196.0/22 maxlen: 24
31.58.204.0/22 maxlen: 24
31.58.208.0/23 maxlen: 24
31.58.212.0/22 maxlen: 24
31.58.232.0/23 maxlen: 24
217.60.0.0/21 maxlen: 24
217.60.0.0/24 maxlen: 24
217.60.1.0/24 maxlen: 24
217.60.2.0/24 maxlen: 24
217.60.4.0/24 maxlen: 24
217.60.5.0/24 maxlen: 24
217.60.6.0/24 maxlen: 24
217.60.8.0/21 maxlen: 24
217.60.8.0/24 maxlen: 24
217.60.10.0/24 maxlen: 24
217.60.11.0/24 maxlen: 24
217.60.12.0/24 maxlen: 24
217.60.13.0/24 maxlen: 24
217.60.14.0/24 maxlen: 24
217.60.24.0/22 maxlen: 24
217.60.32.0/21 maxlen: 24
217.60.44.0/22 maxlen: 24
217.60.56.0/21 maxlen: 24
217.60.56.0/24 maxlen: 24
217.60.57.0/24 maxlen: 24
217.60.58.0/24 maxlen: 24
217.60.59.0/24 maxlen: 24
217.60.60.0/24 maxlen: 24
217.60.61.0/24 maxlen: 24
217.60.62.0/24 maxlen: 24
217.60.63.0/24 maxlen: 24
217.60.188.0/22 maxlen: 24
217.60.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:db:d1:6d:87:61:66:bd:65:36:45:bf:de:84:9e:3a:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Mar 28 08:14:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d92a89eecb98403bd8677d02d49a9b627aea65e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:59:5e:2d:1a:31:53:1d:16:eb:1d:d2:7e:d7:
9c:3b:08:0b:05:3b:6a:27:5f:cd:0a:62:1c:e5:e5:
ad:03:29:f2:2e:f3:06:a6:7a:53:a0:a8:ee:30:c8:
d7:3f:eb:81:b8:59:f3:29:ce:67:a7:01:f9:44:82:
86:e6:8b:b5:21:43:24:fa:f1:1e:c8:78:42:a3:03:
8a:cb:e3:85:52:cf:2b:7c:8f:8f:07:a1:e5:0c:39:
ec:55:d5:4b:b2:08:93:b4:87:0e:4d:86:ab:1b:8a:
31:f1:70:19:71:16:b7:7f:31:18:f8:78:03:28:d2:
8b:41:5f:e2:34:21:00:51:cb:6d:a6:7e:52:f7:af:
1a:48:af:c0:32:70:24:0f:74:37:cc:2b:21:b2:7f:
fb:fe:41:f6:53:ea:4e:20:55:36:b9:af:0f:bc:35:
08:a0:f5:82:4c:56:e5:1d:4b:95:46:f1:54:58:bd:
e9:a0:ce:16:df:66:03:40:24:79:b4:97:11:4f:86:
5b:9c:32:04:d4:7f:9d:d2:68:2a:51:bc:fc:b6:d5:
be:42:74:41:47:e0:ed:8f:5c:cf:2e:17:3b:c1:61:
13:67:c9:58:c4:9f:a9:93:35:75:b1:dc:8b:aa:ad:
57:2d:c4:a7:de:60:7a:bc:5d:34:d2:4a:21:8c:e7:
ec:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:2A:89:EE:CB:98:40:3B:D8:67:7D:02:D4:9A:9B:62:7A:EA:65:E0
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2SqJ7suYQDvYZ30C1JqbYnrqZeA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.154.0/24
31.56.158.0/23
31.56.168.0/22
31.56.174.0/23
31.57.24.0/21
31.57.48.0/20
31.58.34.0/23
31.58.196.0/22
31.58.204.0-31.58.209.255
31.58.212.0/22
31.58.232.0/23
217.60.0.0/20
217.60.24.0/22
217.60.32.0/21
217.60.44.0/22
217.60.56.0/21
217.60.188.0-217.60.195.255
Signature Algorithm: sha256WithRSAEncryption
ba:32:fe:42:44:5a:17:ba:7b:27:60:e7:7a:21:3b:2c:d3:8f:
25:7d:b0:1f:2d:f5:c2:e8:64:ae:8c:10:25:ed:f4:b5:cd:a6:
a8:98:54:a0:e0:0b:d7:81:3b:94:4b:98:14:95:91:60:98:a7:
81:90:65:51:0c:33:fa:ac:db:b9:94:c8:4f:a9:38:7f:e8:3c:
e9:e0:2a:4f:d5:b8:27:61:77:b0:27:21:1e:f9:df:c7:17:ef:
cb:28:a9:94:61:cd:0e:4a:01:f4:96:79:b4:7a:b9:6a:77:de:
3e:51:69:12:54:46:c9:4c:8e:c6:de:28:95:a3:3f:a2:b3:97:
b5:bb:99:b8:40:d1:bb:ee:86:32:39:93:fe:e3:a9:0f:94:36:
cd:c9:61:6b:86:45:59:fa:d1:8c:f5:db:1f:1c:dc:d5:d9:70:
df:84:fc:80:33:34:04:ba:74:a6:87:f9:dd:71:71:00:5d:20:
31:8f:c4:dc:8d:92:42:e1:0d:7a:a0:fe:2c:20:43:97:0a:80:
a0:3f:48:80:ce:47:e9:f7:3a:a8:f0:38:7c:05:f5:29:53:e1:
07:dc:fa:5b:01:6b:bd:d6:9a:e4:8f:59:a4:f2:6f:62:66:d8:
58:a6:63:db:92:03:b4:83:a6:55:0e:f8:79:86:dd:19:de:90:
f9:62:d0:cf
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZXb0W2HYWa9ZTZFv96EnjrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzI4MDgxNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTJhODllZWNiOTg0MDNiZDg2NzdkMDJkNDlhOWI2MjdhZWE2NWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1leLRoxUx0W6x3SftecOwgLBTtq
J1/NCmIc5eWtAynyLvMGpnpToKjuMMjXP+uBuFnzKc5npwH5RIKG5ou1IUMk+vEe
yHhCowOKy+OFUs8rfI+PB6HlDDnsVdVLsgiTtIcOTYarG4ox8XAZcRa3fzEY+HgD
KNKLQV/iNCEAUcttpn5S968aSK/AMnAkD3Q3zCshsn/7/kH2U+pOIFU2ua8PvDUI
oPWCTFblHUuVRvFUWL3poM4W32YDQCR5tJcRT4ZbnDIE1H+d0mgqUbz8ttW+QnRB
R+Dtj1zPLhc7wWETZ8lYxJ+pkzV1sdyLqq1XLcSn3mB6vF000kohjOfsOQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFNkqie7LmEA72Gd9AtSam2J66mXgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMlNxSjdzdVlRRHZZWjMwQzFKcWJZbnJxWmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAAfOJoD
BAEfOJ4DBAIfOKgDBAEfOK4DBAMfORgDBAQfOTADBAEfOiIDBAIfOsQwDAMEAh86
zAMEAR860AMEAh861AMEAR866AMEBNk8AAMEAtk8GAMEA9k8IAMEAtk8LAMEA9k8
ODAMAwQC2Ty8AwQC2TzAMA0GCSqGSIb3DQEBCwUAA4IBAQC6Mv5CRFoXunsnYOd6
ITss048lfbAfLfXC6GSujBAl7fS1zaaomFSg4AvXgTuUS5gUlZFgmKeBkGVRDDP6
rNu5lMhPqTh/6Dzp4CpP1bgnYXewJyEe+d/HF+/LKKmUYc0OSgH0lnm0erlqd94+
UWkSVEbJTI7G3iiVoz+is5e1u5m4QNG77oYyOZP+46kPlDbNyWFrhkVZ+tGM9dsf
HNzV2XDfhPyAMzQEunSmh/ndcXEAXSAxj8TcjZJC4Q16oP4sIEOXCoCgP0iAzkfp
9zqo8Dh8BfUpU+EH3PpbAWu91prkj1mk8m9iZthYpmPbkgO0g6ZVDvh5ht0Z3pD5
YtDP
-----END CERTIFICATE-----
Generated at Sat Apr 5 09:01:13 2025 by rpki-client