Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TQTEz0ozbWSNqMlb6CAWJwMaq_U.roa
File: TQTEz0ozbWSNqMlb6CAWJwMaq_U.roa (raw, json)
Hash identifier: BMj+zAslBfn2STzimStPc43yXKr9eJCoDN+Nu6eAFJs=
Subject key identifier: 4D:04:C4:CF:4A:33:6D:64:8D:A8:C9:5B:E8:20:16:27:03:1A:AB:F5
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019A4D91AB6EABA945FE8D983D5D6D71AE21
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TQTEz0ozbWSNqMlb6CAWJwMaq_U.roa
Signing time: Tue 04 Nov 2025 06:33:03 +0000
ROA not before: Tue 04 Nov 2025 06:33:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 31.56.66.0/24 maxlen: 24
31.56.220.0/24 maxlen: 24
31.57.35.0/24 maxlen: 24
31.57.100.0/24 maxlen: 24
31.57.170.0/24 maxlen: 24
31.57.228.0/24 maxlen: 24
31.57.239.0/24 maxlen: 24
31.59.116.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 07 Nov 2025 06:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4d:91:ab:6e:ab:a9:45:fe:8d:98:3d:5d:6d:71:ae:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Nov 4 06:33:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4d04c4cf4a336d648da8c95be8201627031aabf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:5f:04:a2:bb:8b:9d:3b:ae:fe:53:21:f0:42:
d8:53:63:cd:3a:df:f9:31:d9:a3:e9:bf:d2:88:11:
6c:c6:a3:4c:d4:b7:ea:de:08:81:20:8f:36:1d:89:
5e:f8:cc:69:b3:f6:a7:a0:2c:05:08:7d:5e:54:3a:
b1:fa:29:73:c3:97:11:d3:a1:de:4f:e0:d0:d2:37:
76:56:cc:7e:e5:02:3a:33:87:3b:ef:34:f2:17:d2:
d6:07:48:47:d2:95:a7:cf:1d:b5:28:24:74:77:b4:
bf:15:dd:0d:1e:7f:23:f6:15:14:ce:37:b6:54:4d:
29:72:12:98:13:8e:da:0b:0a:a4:cc:b3:0f:81:3c:
02:b6:cf:ad:46:01:8d:04:f5:96:87:36:6d:2c:c7:
18:8d:a8:59:da:8f:a7:6d:ee:e1:cc:24:49:d1:3d:
df:bc:6f:88:fa:8a:3e:f0:a9:e1:2e:86:8e:ad:7c:
4b:1a:cb:bf:04:8c:80:fc:a4:05:0d:26:d6:b7:a4:
16:10:56:3b:2c:24:d2:c6:3d:7a:a5:94:c8:3b:58:
3e:79:20:34:9d:94:55:86:ac:ac:c5:90:84:d0:60:
fc:f7:8e:9b:a2:0e:ed:08:6b:fd:be:9c:30:58:0d:
a6:a0:99:3a:ab:eb:3d:51:b3:04:7f:15:8b:75:15:
8a:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:04:C4:CF:4A:33:6D:64:8D:A8:C9:5B:E8:20:16:27:03:1A:AB:F5
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TQTEz0ozbWSNqMlb6CAWJwMaq_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.66.0/24
31.56.220.0/24
31.57.35.0/24
31.57.100.0/24
31.57.170.0/24
31.57.228.0/24
31.57.239.0/24
31.59.116.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:7d:63:a6:26:2c:53:85:75:be:9c:49:64:30:88:c5:c5:ea:
7d:77:64:74:d8:a6:29:0d:6a:b6:29:f8:50:2a:d2:ee:1a:b9:
7c:c9:2d:4f:b3:5e:9c:ce:33:f3:5d:02:f5:b5:fd:21:66:78:
23:ae:8c:05:8a:01:7e:3b:d5:e1:77:9b:b9:2a:f6:1a:73:fb:
7b:06:6c:b5:e5:15:37:53:8e:e9:55:ae:cd:e4:04:b7:58:29:
84:c2:ad:81:1c:bd:a2:10:43:e8:11:12:fe:72:79:ac:36:b5:
ac:2f:51:61:e4:97:29:00:be:51:9f:ca:29:4b:2a:e0:6f:f5:
65:59:cd:ac:31:9a:0e:39:0c:2f:90:fb:bf:8c:67:0f:c6:14:
4d:7b:ff:f8:37:b7:59:47:3d:64:6b:31:25:37:16:99:79:46:
66:b0:26:4a:e4:db:98:e2:3a:1b:c5:a2:8a:2d:c7:32:05:39:
7b:43:49:8a:49:2d:f6:fa:a3:f5:83:39:e5:af:cb:8c:0f:68:
32:da:a8:08:86:df:b9:08:79:9a:c9:24:fc:69:a3:39:1f:66:
a9:5a:43:de:a1:a9:de:37:ca:67:94:a9:06:1f:ba:e2:b2:e3:
8a:db:82:5a:0f:92:b0:93:79:ff:da:02:e0:eb:39:38:3b:0f:
83:e4:27:d0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZpNkatuq6lF/o2YPV1tca4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTA0MDYzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDA0YzRjZjRhMzM2ZDY0OGRhOGM5NWJlODIwMTYyNzAzMWFhYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7F8EoruLnTuu/lMh8ELYU2PNOt/5
Mdmj6b/SiBFsxqNM1Lfq3giBII82HYle+Mxps/anoCwFCH1eVDqx+ilzw5cR06He
T+DQ0jd2Vsx+5QI6M4c77zTyF9LWB0hH0pWnzx21KCR0d7S/Fd0NHn8j9hUUzje2
VE0pchKYE47aCwqkzLMPgTwCts+tRgGNBPWWhzZtLMcYjahZ2o+nbe7hzCRJ0T3f
vG+I+oo+8KnhLoaOrXxLGsu/BIyA/KQFDSbWt6QWEFY7LCTSxj16pZTIO1g+eSA0
nZRVhqysxZCE0GD8946bog7tCGv9vpwwWA2moJk6q+s9UbMEfxWLdRWKVwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFE0ExM9KM21kjajJW+ggFicDGqv1MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVFFURXowb3piV1NOcU1sYjZDQVdKd01hcV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAHzhCAwQA
HzjcAwQAHzkjAwQAHzlkAwQAHzmqAwQAHznkAwQAHznvAwQAHzt0MA0GCSqGSIb3
DQEBCwUAA4IBAQCafWOmJixThXW+nElkMIjFxep9d2R02KYpDWq2KfhQKtLuGrl8
yS1Ps16czjPzXQL1tf0hZngjrowFigF+O9Xhd5u5KvYac/t7Bmy15RU3U47pVa7N
5AS3WCmEwq2BHL2iEEPoERL+cnmsNrWsL1Fh5JcpAL5Rn8opSyrgb/VlWc2sMZoO
OQwvkPu/jGcPxhRNe//4N7dZRz1kazElNxaZeUZmsCZK5NuY4jobxaKKLccyBTl7
Q0mKSS32+qP1gznlr8uMD2gy2qgIht+5CHmayST8aaM5H2apWkPeoaneN8pnlKkG
H7risuOK24JaD5Kwk3n/2gLg6zk4Ow+D5CfQ
-----END CERTIFICATE-----
Generated at Thu Nov 6 09:42:47 2025 by rpki-client