Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q4G4_yEFkTFj3hKNzCZYLBot9nQ.roa
File: Q4G4_yEFkTFj3hKNzCZYLBot9nQ.roa (raw, json)
Hash identifier: WjuOg1njjbz/FB1mXQy3YfKEepkWFmBgesyO4PkFvN0=
Subject key identifier: 43:81:B8:FF:21:05:91:31:63:DE:12:8D:CC:26:58:2C:1A:2D:F6:74
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019A597DA6B3C895549DDCD0F40023809035
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q4G4_yEFkTFj3hKNzCZYLBot9nQ.roa
Signing time: Thu 06 Nov 2025 14:06:38 +0000
ROA not before: Thu 06 Nov 2025 14:06:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7029
IP address blocks: 31.56.160.0/21 maxlen: 24
217.60.128.0/19 maxlen: 24
217.60.160.0/20 maxlen: 24
217.60.176.0/21 maxlen: 24
217.60.184.0/23 maxlen: 24
217.60.200.0/21 maxlen: 24
217.60.208.0/20 maxlen: 24
217.60.224.0/21 maxlen: 24
217.60.232.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 07 Nov 2025 14:56:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:59:7d:a6:b3:c8:95:54:9d:dc:d0:f4:00:23:80:90:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Nov 6 14:06:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4381b8ff2105913163de128dcc26582c1a2df674
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:41:82:de:ea:00:30:b8:48:f8:17:ba:87:95:
5e:78:8e:cb:28:3d:dd:b2:54:3f:3a:61:40:ff:7b:
5b:13:45:20:bd:3e:93:dd:7f:54:c3:7d:a6:a3:10:
6a:24:65:64:d9:c9:18:fe:2f:21:c3:b2:a6:8a:02:
da:b9:e4:73:35:93:6c:3d:1e:f5:79:f3:42:22:3f:
dc:a1:6e:d4:af:f1:1e:be:c5:21:8a:2e:d5:2b:c1:
65:d0:f0:c0:8b:21:32:0d:87:65:cf:b7:a5:59:d4:
64:f9:43:21:bd:fa:19:f0:a4:c2:d1:ca:4c:ff:14:
9b:36:99:c5:d9:9c:f6:70:6f:cc:3d:50:e4:32:5f:
e0:d0:7f:fa:c6:f6:26:60:19:af:80:11:40:75:e3:
13:ac:e2:d5:3d:c6:17:10:ed:88:02:81:da:6d:b5:
ca:94:21:44:86:4b:41:ea:66:88:36:23:44:14:13:
60:b9:ab:88:57:ef:14:f7:6b:07:74:c9:49:c9:16:
bd:b3:fc:2e:7c:d0:e5:93:b7:4a:a5:28:1b:0d:97:
bf:8f:12:1c:d1:bd:89:90:a5:c1:3e:99:a8:40:70:
81:cf:4d:dd:97:93:c0:e2:81:81:7f:8f:11:b1:9e:
0b:c1:21:ac:48:2c:5a:98:da:b4:bf:e7:9b:c1:58:
95:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:81:B8:FF:21:05:91:31:63:DE:12:8D:CC:26:58:2C:1A:2D:F6:74
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Q4G4_yEFkTFj3hKNzCZYLBot9nQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.160.0/21
217.60.128.0-217.60.185.255
217.60.200.0-217.60.235.255
Signature Algorithm: sha256WithRSAEncryption
52:01:8f:91:29:bc:26:c3:8c:32:09:73:e4:1e:a1:1c:b6:53:
e6:30:09:47:2a:2f:fa:35:56:58:d8:59:36:ab:44:7c:28:e8:
d4:17:61:dc:56:fe:ac:76:0b:bc:28:d0:8d:0d:98:cc:f9:92:
eb:55:8b:39:6c:82:f1:3e:dd:65:38:73:3d:89:97:61:fd:38:
1d:03:8e:2c:22:9d:a0:9a:7e:e2:82:f7:0a:f0:db:70:48:cf:
01:7b:f4:63:9e:93:0c:20:8d:60:32:a0:60:3f:65:70:e4:37:
22:da:a3:93:31:c6:2c:cf:4c:89:28:e6:1c:46:50:2f:a7:49:
a8:6b:7f:ef:3d:8b:89:0e:01:ba:bb:d3:09:a7:f8:71:d9:8e:
6a:3d:4d:01:01:b7:0c:8d:14:9d:01:4f:80:55:5e:f9:fa:39:
29:da:05:f9:65:8d:8a:33:7f:d1:53:f7:b1:9f:dd:8c:94:e1:
cf:82:f1:2c:73:bf:e4:cb:ec:a3:57:d3:9f:cc:f2:68:96:80:
9a:14:19:0f:7f:00:ba:4a:5c:c3:30:f7:e0:2c:c4:13:e5:d4:
1a:58:3a:40:e1:71:d8:5e:d0:bd:5d:a0:8f:4e:1d:bc:67:69:
19:45:51:3c:78:81:81:0f:16:e2:49:b7:0b:b3:e9:c0:47:11:
b1:4c:47:9b
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZpZfaazyJVUndzQ9AAjgJA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTA2MTQwNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzgxYjhmZjIxMDU5MTMxNjNkZTEyOGRjYzI2NTgyYzFhMmRmNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00GC3uoAMLhI+Be6h5VeeI7LKD3d
slQ/OmFA/3tbE0UgvT6T3X9Uw32moxBqJGVk2ckY/i8hw7KmigLaueRzNZNsPR71
efNCIj/coW7Ur/EevsUhii7VK8Fl0PDAiyEyDYdlz7elWdRk+UMhvfoZ8KTC0cpM
/xSbNpnF2Zz2cG/MPVDkMl/g0H/6xvYmYBmvgBFAdeMTrOLVPcYXEO2IAoHabbXK
lCFEhktB6maINiNEFBNguauIV+8U92sHdMlJyRa9s/wufNDlk7dKpSgbDZe/jxIc
0b2JkKXBPpmoQHCBz03dl5PA4oGBf48RsZ4LwSGsSCxamNq0v+ebwViVMQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEOBuP8hBZExY94SjcwmWCwaLfZ0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUTRHNF95RUZrVEZqM2hLTnpDWllMQm90OW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQDHzigMAwD
BAfZPIADBAHZPLgwDAMEA9k8yAMEAtk86DANBgkqhkiG9w0BAQsFAAOCAQEAUgGP
kSm8JsOMMglz5B6hHLZT5jAJRyov+jVWWNhZNqtEfCjo1Bdh3Fb+rHYLvCjQjQ2Y
zPmS61WLOWyC8T7dZThzPYmXYf04HQOOLCKdoJp+4oL3CvDbcEjPAXv0Y56TDCCN
YDKgYD9lcOQ3ItqjkzHGLM9MiSjmHEZQL6dJqGt/7z2LiQ4BurvTCaf4cdmOaj1N
AQG3DI0UnQFPgFVe+fo5KdoF+WWNijN/0VP3sZ/djJThz4LxLHO/5Mvso1fTn8zy
aJaAmhQZD38AukpcwzD34CzEE+XUGlg6QOFx2F7QvV2gj04dvGdpGUVRPHiBgQ8W
4km3C7PpwEcRsUxHmw==
-----END CERTIFICATE-----
Generated at Thu Nov 6 19:47:10 2025 by rpki-client