Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hqCUzy4qbO0MZiapMaWUDyeofCo.roa
File: hqCUzy4qbO0MZiapMaWUDyeofCo.roa (raw, json)
Hash identifier: GqTj0AkxzwSa4NCxxIVPzu4RkSaTbFdhDRoXEQK/ZY8=
Subject key identifier: 86:A0:94:CF:2E:2A:6C:ED:0C:66:26:A9:31:A5:94:0F:27:A8:7C:2A
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 01994DF579704C08D5410783DE35B34349A8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hqCUzy4qbO0MZiapMaWUDyeofCo.roa
Signing time: Mon 15 Sep 2025 15:19:16 +0000
ROA not before: Mon 15 Sep 2025 15:19:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 31.56.25.0/24 maxlen: 24
31.56.61.0/24 maxlen: 24
31.56.80.0/22 maxlen: 22
31.56.92.0/22 maxlen: 22
31.56.96.0/22 maxlen: 22
31.56.100.0/22 maxlen: 22
31.57.226.0/24 maxlen: 24
31.58.130.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 21:38:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4d:f5:79:70:4c:08:d5:41:07:83:de:35:b3:43:49:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Sep 15 15:19:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86a094cf2e2a6ced0c6626a931a5940f27a87c2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:73:35:7b:c7:8a:37:22:c7:15:b5:90:7f:f4:
a1:e1:18:bc:1f:07:93:1f:83:59:c9:42:44:23:67:
cb:14:31:98:42:17:2d:77:6d:eb:0b:0e:28:74:38:
7b:18:0b:77:1f:71:78:0c:74:fc:90:2c:02:e0:54:
8e:d4:86:0e:7c:28:bb:6b:1e:18:6a:41:44:8b:3d:
bd:66:04:49:88:6b:c8:ac:5e:36:cf:19:9e:7a:ac:
30:97:d2:17:d2:93:67:ec:7d:6c:9d:ad:87:cf:72:
d3:80:58:22:b6:31:09:61:40:90:2a:9d:ed:fa:1b:
e2:0c:d5:e1:d0:f5:89:25:fb:44:e2:b8:75:79:07:
6b:b2:ab:c8:4e:b7:b8:c5:58:a0:f9:03:e9:ec:04:
23:5f:30:74:0a:7c:63:95:f9:96:5e:05:e3:8b:b2:
cb:21:71:af:3b:23:01:1c:90:e1:1d:ad:e7:4a:56:
ec:2b:dd:de:ff:b0:ab:e0:f7:9e:87:65:f4:d6:59:
87:73:6f:46:3f:83:5d:04:55:92:3c:ae:43:20:d6:
95:df:a1:fd:fb:d0:2e:87:49:d4:62:2e:f6:f7:f4:
3c:77:e7:e9:46:6c:0e:cd:f7:d4:9b:4a:b6:e0:80:
02:80:1e:17:8e:2d:7f:69:c1:39:10:2a:77:cc:81:
97:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:A0:94:CF:2E:2A:6C:ED:0C:66:26:A9:31:A5:94:0F:27:A8:7C:2A
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hqCUzy4qbO0MZiapMaWUDyeofCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.25.0/24
31.56.61.0/24
31.56.80.0/22
31.56.92.0-31.56.103.255
31.57.226.0/24
31.58.130.0/24
Signature Algorithm: sha256WithRSAEncryption
38:3b:a3:3e:20:a7:1d:c2:4c:62:87:3f:c3:d9:0e:26:8b:53:
e0:55:ad:1d:b7:eb:fc:20:a0:6e:2f:b0:be:c6:db:07:64:53:
53:cb:98:de:0d:7d:a3:38:7a:f7:a5:19:35:a6:2c:cf:10:68:
61:0e:40:87:b6:6a:64:2d:60:8d:96:f3:a2:a5:c8:6b:c1:f7:
17:85:ec:30:b8:ff:70:20:97:15:c1:80:83:2f:4e:ab:8b:33:
61:c9:80:da:10:b9:b7:8a:1b:63:4a:5f:54:57:45:87:ba:07:
4f:04:05:e8:74:19:bd:f4:d2:e6:34:3f:6f:4d:0a:95:87:94:
a3:43:2d:d4:1d:b0:46:1e:0e:f6:fc:29:ba:18:11:b0:02:a2:
d6:07:08:14:4c:94:11:fb:38:04:d5:5c:7c:64:f6:9f:b7:60:
33:3b:69:92:28:5d:f4:c8:fd:1e:15:54:59:9f:5d:ce:7d:05:
f9:93:2b:24:a6:80:32:eb:40:05:0a:6a:a4:a3:57:1b:15:fb:
81:e1:09:df:77:e8:b5:37:7a:3b:a2:d6:30:27:30:e3:d1:83:
1e:07:ce:3e:1e:18:8c:2d:b9:b0:72:c8:a4:f7:8d:8d:65:9d:
30:a0:02:84:cd:2c:80:f3:c2:b0:13:1a:62:b9:12:16:22:18:
9d:c1:54:18
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZlN9XlwTAjVQQeD3jWzQ0moMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTE1MTUxOTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmEwOTRjZjJlMmE2Y2VkMGM2NjI2YTkzMWE1OTQwZjI3YTg3YzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnM1e8eKNyLHFbWQf/Sh4Ri8HweT
H4NZyUJEI2fLFDGYQhctd23rCw4odDh7GAt3H3F4DHT8kCwC4FSO1IYOfCi7ax4Y
akFEiz29ZgRJiGvIrF42zxmeeqwwl9IX0pNn7H1sna2Hz3LTgFgitjEJYUCQKp3t
+hviDNXh0PWJJftE4rh1eQdrsqvITre4xVig+QPp7AQjXzB0CnxjlfmWXgXji7LL
IXGvOyMBHJDhHa3nSlbsK93e/7Cr4Peeh2X01lmHc29GP4NdBFWSPK5DINaV36H9
+9Auh0nUYi729/Q8d+fpRmwOzffUm0q24IACgB4Xji1/acE5ECp3zIGX/wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFIaglM8uKmztDGYmqTGllA8nqHwqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaHFDVXp5NHFiTzBNWmlhcE1hV1VEeWVvZkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAHzgZAwQA
Hzg9AwQCHzhQMAwDBAIfOFwDBAMfOGADBAAfOeIDBAAfOoIwDQYJKoZIhvcNAQEL
BQADggEBADg7oz4gpx3CTGKHP8PZDiaLU+BVrR236/wgoG4vsL7G2wdkU1PLmN4N
faM4evelGTWmLM8QaGEOQIe2amQtYI2W86KlyGvB9xeF7DC4/3AglxXBgIMvTquL
M2HJgNoQubeKG2NKX1RXRYe6B08EBeh0Gb300uY0P29NCpWHlKNDLdQdsEYeDvb8
KboYEbACotYHCBRMlBH7OATVXHxk9p+3YDM7aZIoXfTI/R4VVFmfXc59BfmTKySm
gDLrQAUKaqSjVxsV+4HhCd936LU3ejui1jAnMOPRgx4Hzj4eGIwtubByyKT3jY1l
nTCgAoTNLIDzwrATGmK5EhYiGJ3BVBg=
-----END CERTIFICATE-----
Generated at Thu Sep 18 05:11:20 2025 by rpki-client