Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Sh-0iTGJRRzBOqNwN0yU4KmiSxE.roa
File: Sh-0iTGJRRzBOqNwN0yU4KmiSxE.roa (raw, json)
Hash identifier: qQglIjtXliTNmVX5E4TiqqfPqP479fNQBjBeSP8SMfE=
Subject key identifier: 4A:1F:B4:89:31:89:45:1C:C1:3A:A3:70:37:4C:94:E0:A9:A2:4B:11
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019994916F5CE3641CBC09EFC0EEBE0B50B1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Sh-0iTGJRRzBOqNwN0yU4KmiSxE.roa
Signing time: Mon 29 Sep 2025 08:23:03 +0000
ROA not before: Mon 29 Sep 2025 08:23:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 31.56.86.0/24 maxlen: 24
31.57.122.0/24 maxlen: 24
31.57.124.0/24 maxlen: 24
31.57.125.0/24 maxlen: 24
31.57.140.0/24 maxlen: 24
31.57.162.0/23 maxlen: 24
31.57.164.0/23 maxlen: 24
31.57.180.0/24 maxlen: 24
31.57.221.0/24 maxlen: 24
31.58.42.0/24 maxlen: 24
31.58.48.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 Oct 2025 14:36:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:94:91:6f:5c:e3:64:1c:bc:09:ef:c0:ee:be:0b:50:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Sep 29 08:23:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4a1fb4893189451cc13aa370374c94e0a9a24b11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:8a:65:f1:fc:7f:81:ad:46:45:79:7c:07:f4:
a8:d8:62:7a:43:1e:77:56:0c:dd:a0:13:7d:7d:42:
cc:47:6f:34:81:21:1e:59:ee:22:83:f7:c7:48:78:
0a:c5:c2:6a:8a:ea:52:be:fd:21:64:1d:c4:26:fc:
32:0e:88:e0:7e:10:be:2e:93:83:b7:3f:33:37:87:
92:94:d1:e2:b4:b9:85:cb:84:fb:a7:ad:ba:6a:f8:
3c:95:84:01:1c:8e:05:6f:0a:6b:23:c8:e6:41:1d:
14:62:01:30:d3:5d:3b:29:e0:19:c6:62:26:5f:d1:
65:50:9d:6b:bf:7f:90:9a:cf:d2:dc:87:8b:c9:fb:
f1:e6:5f:a7:80:90:aa:bc:ee:0d:76:36:77:c0:c9:
ba:67:3f:b7:49:44:a7:b1:29:81:03:8b:41:af:d6:
d9:70:e3:c2:f1:ba:1a:c8:1d:0d:32:6a:50:c2:ee:
5a:2c:ba:ee:e8:54:be:ef:65:ad:0b:ee:29:2a:a9:
e1:ef:0a:e4:d1:2f:38:62:f3:9b:0b:a4:be:42:cc:
6d:02:03:6a:df:14:69:d0:a2:6d:e6:ef:bf:62:8f:
e3:39:85:d0:0d:45:1f:07:82:b8:49:7a:5b:2b:f2:
b8:42:1a:03:dd:fc:f3:59:d4:a4:59:50:f3:b8:ea:
07:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:1F:B4:89:31:89:45:1C:C1:3A:A3:70:37:4C:94:E0:A9:A2:4B:11
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Sh-0iTGJRRzBOqNwN0yU4KmiSxE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.86.0/24
31.57.122.0/24
31.57.124.0/23
31.57.140.0/24
31.57.162.0-31.57.165.255
31.57.180.0/24
31.57.221.0/24
31.58.42.0/24
31.58.48.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:d7:d6:1e:ed:9c:78:14:74:c4:32:a0:5d:0b:c5:e8:a0:4a:
18:1d:ae:53:1e:27:01:2c:a9:28:f3:76:fd:59:f0:52:cd:05:
c1:42:97:d9:f0:1b:2b:84:89:35:f3:a3:f5:af:18:b6:33:8a:
de:eb:b6:00:9f:eb:a0:d3:8b:84:32:7c:63:8b:5d:2f:27:3b:
7d:d6:62:06:6b:3d:2b:cb:3e:32:ae:36:6b:40:51:4b:64:a2:
45:bd:13:0a:1b:7d:e4:89:9b:9a:90:da:f0:87:1c:e9:22:88:
d4:f2:0d:d1:6e:57:b6:5c:6a:53:0d:88:34:b7:52:a2:9a:06:
9e:cd:dd:b1:0c:30:68:c6:1f:8c:d6:43:0b:0e:27:e3:63:54:
68:4d:38:69:ce:bb:00:22:b4:59:91:37:87:7c:21:97:90:a6:
10:30:fe:7c:d0:56:55:57:79:d1:df:41:ef:61:e4:74:ea:63:
14:4c:57:ba:6e:ab:42:86:a3:52:0e:3b:bb:50:12:fa:2f:6b:
97:7d:96:1c:1b:fd:5a:23:eb:69:d0:5e:c3:72:82:f3:4b:21:
f0:39:9d:c0:55:2c:75:6f:b5:5c:ad:3e:eb:19:a8:2b:0c:f6:
15:d8:f6:eb:5f:d2:cd:29:12:39:68:b9:27:ef:9a:e3:c3:77:
96:ec:d2:3f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZmUkW9c42QcvAnvwO6+C1CxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTI5MDgyMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTFmYjQ4OTMxODk0NTFjYzEzYWEzNzAzNzRjOTRlMGE5YTI0YjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ypl8fx/ga1GRXl8B/So2GJ6Qx53
VgzdoBN9fULMR280gSEeWe4ig/fHSHgKxcJqiupSvv0hZB3EJvwyDojgfhC+LpOD
tz8zN4eSlNHitLmFy4T7p626avg8lYQBHI4FbwprI8jmQR0UYgEw0107KeAZxmIm
X9FlUJ1rv3+Qms/S3IeLyfvx5l+ngJCqvO4NdjZ3wMm6Zz+3SUSnsSmBA4tBr9bZ
cOPC8boayB0NMmpQwu5aLLru6FS+72WtC+4pKqnh7wrk0S84YvObC6S+QsxtAgNq
3xRp0KJt5u+/Yo/jOYXQDUUfB4K4SXpbK/K4QhoD3fzzWdSkWVDzuOoHJQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEoftIkxiUUcwTqjcDdMlOCpoksRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvU2gtMGlUR0pSUnpCT3FOd04weVU0S21pU3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAHzhWAwQA
Hzl6AwQBHzl8AwQAHzmMMAwDBAEfOaIDBAEfOaQDBAAfObQDBAAfOd0DBAAfOioD
BAAfOjAwDQYJKoZIhvcNAQELBQADggEBAKTX1h7tnHgUdMQyoF0LxeigShgdrlMe
JwEsqSjzdv1Z8FLNBcFCl9nwGyuEiTXzo/WvGLYzit7rtgCf66DTi4QyfGOLXS8n
O33WYgZrPSvLPjKuNmtAUUtkokW9EwobfeSJm5qQ2vCHHOkiiNTyDdFuV7ZcalMN
iDS3UqKaBp7N3bEMMGjGH4zWQwsOJ+NjVGhNOGnOuwAitFmRN4d8IZeQphAw/nzQ
VlVXedHfQe9h5HTqYxRMV7puq0KGo1IOO7tQEvova5d9lhwb/Voj62nQXsNygvNL
IfA5ncBVLHVvtVytPusZqCsM9hXY9utf0s0pEjlouSfvmuPDd5bs0j8=
-----END CERTIFICATE-----
Generated at Mon Oct 13 22:06:15 2025 by rpki-client