Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NKtJmThTfOzwvMYBmtvYmC8aV0g.roa
File: NKtJmThTfOzwvMYBmtvYmC8aV0g.roa (raw, json)
Hash identifier: wNzgQF9djozkJqci5hguYSnHXCQqYg13HEOa07HTxds=
Subject key identifier: 34:AB:49:99:38:53:7C:EC:F0:BC:C6:01:9A:DB:D8:98:2F:1A:57:48
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 01991A84A5DEDC9E8E40604DF497A642A756
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NKtJmThTfOzwvMYBmtvYmC8aV0g.roa
Signing time: Fri 05 Sep 2025 15:35:24 +0000
ROA not before: Fri 05 Sep 2025 15:35:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 31.56.66.0/24 maxlen: 24
31.56.218.0/24 maxlen: 24
31.56.219.0/24 maxlen: 24
31.56.220.0/24 maxlen: 24
31.57.35.0/24 maxlen: 24
31.57.100.0/24 maxlen: 24
31.57.120.0/24 maxlen: 24
31.57.228.0/24 maxlen: 24
31.59.167.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 15 Sep 2025 05:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1a:84:a5:de:dc:9e:8e:40:60:4d:f4:97:a6:42:a7:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Sep 5 15:35:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34ab499938537cecf0bcc6019adbd8982f1a5748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:68:af:69:4b:95:00:e7:d8:31:a8:96:c1:0b:
a6:15:17:d5:39:1a:87:c0:a3:b5:b6:30:e5:3d:d5:
93:57:7e:df:57:96:f1:ed:ea:2d:65:4b:3d:53:61:
97:b8:41:96:cc:51:e5:9c:91:b5:25:7b:27:66:e8:
fd:cc:98:78:10:33:93:0c:b3:0e:9f:f2:6c:3e:05:
96:b4:5a:07:5f:0b:93:77:5a:02:e7:75:0d:b8:54:
20:4c:b9:5c:d6:bf:f9:78:62:cd:a2:8e:50:b2:b5:
be:d9:9d:50:ef:77:0b:22:18:71:48:9d:75:d0:70:
12:d3:e5:e9:87:78:ad:c7:13:b8:6d:5e:03:6b:c6:
cd:d3:32:94:af:cc:a2:1d:0b:c5:be:84:8c:aa:30:
93:d9:eb:b2:e3:7e:22:8f:af:dc:f6:e5:d6:75:fa:
a7:d6:c6:64:c4:1f:c2:f4:e9:76:89:e1:bf:aa:bf:
89:98:29:09:aa:b1:e8:af:af:f8:d1:7b:34:29:2c:
18:9b:79:6b:f7:3a:ce:59:db:ab:76:54:d9:28:40:
8e:d8:4d:41:e8:e1:b7:13:55:a1:3b:b1:d5:d5:45:
d0:e3:5b:99:66:ae:65:45:c8:0b:63:c3:4d:4b:40:
04:b0:e3:30:9c:b7:73:72:9d:5c:2a:97:69:f1:68:
dd:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:AB:49:99:38:53:7C:EC:F0:BC:C6:01:9A:DB:D8:98:2F:1A:57:48
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/NKtJmThTfOzwvMYBmtvYmC8aV0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.66.0/24
31.56.218.0-31.56.220.255
31.57.35.0/24
31.57.100.0/24
31.57.120.0/24
31.57.228.0/24
31.59.167.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:ac:00:c8:27:de:68:da:66:da:a5:a6:ba:58:88:77:1d:68:
78:0b:be:81:f0:5b:c7:58:29:ed:16:4d:c1:f9:35:c3:a8:29:
53:21:b1:23:51:99:7c:8a:41:85:ed:9a:43:13:a4:1c:8c:c7:
cf:28:d3:e9:de:74:90:c4:51:d7:8e:17:ac:f0:14:a5:12:bc:
28:88:3b:bd:4a:d2:87:0a:f2:ef:b4:80:24:50:55:01:45:1e:
60:8e:94:20:c6:fe:63:d7:9e:0b:17:10:eb:80:81:6b:94:35:
6d:10:c8:ad:f0:e7:84:15:52:83:1a:46:f9:64:27:a4:9d:76:
e9:39:f6:a9:95:03:c2:a5:7f:6f:46:7d:4e:11:24:2d:8e:a4:
3a:e0:fc:a8:f2:ad:b6:1f:e0:42:54:47:70:57:aa:5b:4e:c7:
48:a0:89:1b:b9:ae:0f:2f:8d:d6:69:43:57:de:7a:2b:99:04:
fb:f6:89:73:fa:a3:06:28:fb:d8:fe:10:8b:74:f2:29:93:41:
17:86:69:2f:ec:41:ae:45:c9:8f:a2:53:7d:0a:5d:a2:8f:94:
85:72:95:55:3e:56:3c:d0:24:0a:c8:6c:6e:8d:de:31:41:06:
92:a6:81:3b:20:04:fd:8c:35:cf:83:39:8f:b7:da:c7:3e:b8:
b3:83:0d:22
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZkahKXe3J6OQGBN9JemQqdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTA1MTUzNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFiNDk5OTM4NTM3Y2VjZjBiY2M2MDE5YWRiZDg5ODJmMWE1NzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumivaUuVAOfYMaiWwQumFRfVORqH
wKO1tjDlPdWTV37fV5bx7eotZUs9U2GXuEGWzFHlnJG1JXsnZuj9zJh4EDOTDLMO
n/JsPgWWtFoHXwuTd1oC53UNuFQgTLlc1r/5eGLNoo5QsrW+2Z1Q73cLIhhxSJ11
0HAS0+Xph3itxxO4bV4Da8bN0zKUr8yiHQvFvoSMqjCT2euy434ij6/c9uXWdfqn
1sZkxB/C9Ol2ieG/qr+JmCkJqrHor6/40Xs0KSwYm3lr9zrOWdurdlTZKECO2E1B
6OG3E1WhO7HV1UXQ41uZZq5lRcgLY8NNS0AEsOMwnLdzcp1cKpdp8WjdtwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDSrSZk4U3zs8LzGAZrb2JgvGldIMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTkt0Sm1UaFRmT3p3dk1ZQm10dlltQzhhVjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAHzhCMAwD
BAEfONoDBAAfONwDBAAfOSMDBAAfOWQDBAAfOXgDBAAfOeQDBAAfO6cwDQYJKoZI
hvcNAQELBQADggEBALqsAMgn3mjaZtqlprpYiHcdaHgLvoHwW8dYKe0WTcH5NcOo
KVMhsSNRmXyKQYXtmkMTpByMx88o0+nedJDEUdeOF6zwFKUSvCiIO71K0ocK8u+0
gCRQVQFFHmCOlCDG/mPXngsXEOuAgWuUNW0QyK3w54QVUoMaRvlkJ6Sdduk59qmV
A8Klf29GfU4RJC2OpDrg/KjyrbYf4EJUR3BXqltOx0igiRu5rg8vjdZpQ1feeiuZ
BPv2iXP6owYo+9j+EIt08imTQReGaS/sQa5FyY+iU30KXaKPlIVylVU+VjzQJArI
bG6N3jFBBpKmgTsgBP2MNc+DOY+32sc+uLODDSI=
-----END CERTIFICATE-----
Generated at Sun Sep 14 11:38:19 2025 by rpki-client