Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/eYEds7FDx_xUoPL2I316_VuKY8Q.roa
File: eYEds7FDx_xUoPL2I316_VuKY8Q.roa (raw, json)
Hash identifier: 6jycAZRy3tzHGHbqvOTBaF0biLwY1IgSfYJO3j2HlNo=
Subject key identifier: 79:81:1D:B3:B1:43:C7:FC:54:A0:F2:F6:23:7D:7A:FD:5B:8A:63:C4
Certificate issuer: /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial: 019423D724F4E26FB854E881112CE277D7AE
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/eYEds7FDx_xUoPL2I316_VuKY8Q.roa
Signing time: Wed 01 Jan 2025 21:48:09 +0000
ROA not before: Wed 01 Jan 2025 21:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15924
IP address blocks: 31.186.2.0/24 maxlen: 24
31.186.3.0/24 maxlen: 24
31.186.4.0/24 maxlen: 24
31.186.5.0/24 maxlen: 24
31.186.7.0/24 maxlen: 24
31.186.8.0/24 maxlen: 24
31.186.9.0/24 maxlen: 24
31.186.10.0/24 maxlen: 24
31.186.11.0/24 maxlen: 24
31.186.12.0/24 maxlen: 24
31.186.13.0/24 maxlen: 24
31.186.14.0/24 maxlen: 24
31.186.15.0/24 maxlen: 24
31.186.16.0/24 maxlen: 24
31.186.17.0/24 maxlen: 24
31.186.18.0/24 maxlen: 24
31.186.19.0/24 maxlen: 24
31.186.20.0/24 maxlen: 24
31.186.28.0/24 maxlen: 24
31.186.30.0/24 maxlen: 24
31.186.31.0/24 maxlen: 24
2a0d:a000:0:a00::/56 maxlen: 56
2a0d:a000:0:b00::/56 maxlen: 56
2a0d:a000:0:c00::/56 maxlen: 56
2a0d:a000:0:d00::/56 maxlen: 56
2a0d:a000:0:e00::/56 maxlen: 56
2a0d:a000:0:f00::/56 maxlen: 56
2a0d:a000:0:1000::/56 maxlen: 56
2a0d:a000:0:1100::/56 maxlen: 56
2a0d:a000:0:1200::/56 maxlen: 56
2a0d:a000:0:1300::/56 maxlen: 56
2a0d:a000:0:1400::/56 maxlen: 56
2a0d:a000:0:1500::/56 maxlen: 56
2a0d:a000:0:1600::/56 maxlen: 56
2a0d:a000:0:1700::/56 maxlen: 56
2a0d:a000:0:1800::/56 maxlen: 56
2a0d:a000:0:1900::/56 maxlen: 56
2a0d:a000:0:1a00::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.mft
rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 03:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:24:f4:e2:6f:b8:54:e8:81:11:2c:e2:77:d7:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Validity
Not Before: Jan 1 21:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=79811db3b143c7fc54a0f2f6237d7afd5b8a63c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:f5:ca:f7:cd:88:e3:6f:53:26:b1:92:ed:c5:
df:cb:9e:66:61:0e:a4:06:7a:79:6f:59:81:1e:e9:
64:04:c2:a5:21:84:a8:e2:6f:8e:a8:cd:69:21:7b:
b5:23:c9:17:62:6f:fd:91:79:77:4a:a4:22:c0:fb:
7b:71:3a:4c:45:9a:df:ed:6a:04:99:3a:4f:96:cb:
0f:bf:27:b8:30:50:0b:99:ca:8e:e3:7d:6a:a0:69:
ce:ce:aa:e1:2d:8f:12:40:6b:25:3d:89:2c:b2:17:
81:fe:60:c1:b6:c5:75:13:a3:bc:1e:ac:a2:b5:94:
29:cc:6b:42:de:22:5a:28:3c:f4:47:06:a7:c4:2c:
19:67:51:9b:f6:c7:bf:92:43:28:07:e8:86:a0:4c:
33:82:da:22:0b:f5:8c:f3:02:53:88:f2:8e:f4:01:
cf:a0:71:b3:d0:77:e0:e6:e8:48:68:19:64:32:a1:
27:e6:9e:da:32:bb:70:ec:12:fd:6e:2c:da:39:02:
68:2f:0b:59:70:24:00:18:c7:e1:26:ac:e3:f9:39:
94:ef:64:f4:ef:98:f3:83:f9:e1:ab:3d:44:02:41:
d0:4d:be:c1:67:76:37:fe:ef:cf:65:81:87:0e:6c:
45:d2:bc:1c:45:85:fc:7b:9d:69:e2:b2:1c:b6:08:
90:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:81:1D:B3:B1:43:C7:FC:54:A0:F2:F6:23:7D:7A:FD:5B:8A:63:C4
X509v3 Authority Key Identifier:
keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/eYEds7FDx_xUoPL2I316_VuKY8Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.186.2.0-31.186.5.255
31.186.7.0-31.186.20.255
31.186.28.0/24
31.186.30.0/23
IPv6:
2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
39:14:fe:ab:d6:fa:28:d8:7b:59:70:e8:f8:20:80:22:f6:81:
10:a1:e2:99:38:96:00:28:53:77:d2:52:6b:f7:4d:d3:26:ca:
19:7e:f6:60:21:24:d3:04:ae:5b:3b:2a:4c:a0:71:b0:e8:43:
a8:dd:bd:95:4f:19:1e:63:52:ec:2c:91:77:e0:a2:2b:75:27:
c3:21:3f:ea:d6:cf:3a:1d:bc:8b:3f:aa:a3:83:f0:a3:37:bb:
d9:34:7d:ed:eb:01:53:a3:f0:f4:64:f0:31:ad:76:f1:96:0f:
aa:0d:34:37:2e:1c:b6:ef:e7:29:20:52:bd:9f:3d:44:8d:2a:
35:5a:8f:44:fc:81:9b:4d:8f:04:c7:01:7c:71:ce:b5:ee:0a:
cf:40:48:73:ec:ad:ac:ed:e6:4e:9d:65:a1:87:71:3e:df:82:
e5:a9:ea:3d:46:a5:d7:c0:ae:e9:a3:2f:c1:c2:f2:55:25:71:
d9:e2:f2:60:4d:f3:07:d8:16:4e:24:13:67:0e:90:c2:6e:17:
2b:bd:dd:27:8b:e9:17:9d:83:d1:4b:3f:3f:29:20:49:b4:20:
d8:d4:aa:11:a1:b4:c7:83:9a:4b:0b:ad:75:39:4f:7b:3a:8d:
08:af:73:19:f6:09:c5:10:98:ae:b7:0b:4b:39:d6:2c:3e:55:
e9:a4:92:4e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZQj1yT04m+4VOiBESzid9euMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWYyYzcxNjZiYjM0YTY5NmZkZTJmYmFjZWY0MDAxYjBh
OGU3ZTIwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTgxMWRiM2IxNDNjN2ZjNTRhMGYyZjYyMzdkN2FmZDViOGE2M2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/XK982I429TJrGS7cXfy55mYQ6k
Bnp5b1mBHulkBMKlIYSo4m+OqM1pIXu1I8kXYm/9kXl3SqQiwPt7cTpMRZrf7WoE
mTpPlssPvye4MFALmcqO431qoGnOzqrhLY8SQGslPYkssheB/mDBtsV1E6O8Hqyi
tZQpzGtC3iJaKDz0RwanxCwZZ1Gb9se/kkMoB+iGoEwzgtoiC/WM8wJTiPKO9AHP
oHGz0Hfg5uhIaBlkMqEn5p7aMrtw7BL9bizaOQJoLwtZcCQAGMfhJqzj+TmU72T0
75jzg/nhqz1EAkHQTb7BZ3Y3/u/PZYGHDmxF0rwcRYX8e51p4rIctgiQvwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHmBHbOxQ8f8VKDy9iN9ev1bimPEMB8GA1UdIwQY
MBaAFIavLHFmuzSmlv3i+6zvQAGwqOfiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEt
ZTRmNTg3MDQ4MDRlLzEvZVlFZHM3RkR4X3hVb1BMMkkzMTZfVnVLWThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEtZTRmNTg3MDQ4MDRl
LzEvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAuBAIAATAoMAwDBAEfugID
BAEfugQwDAMEAB+6BwMEAB+6FAMEAB+6HAMEAR+6HjAcBAIAAjAWMBQDCAEqDaAA
AAAKAwgAKg2gAAAAGjANBgkqhkiG9w0BAQsFAAOCAQEAORT+q9b6KNh7WXDo+CCA
IvaBEKHimTiWAChTd9JSa/dN0ybKGX72YCEk0wSuWzsqTKBxsOhDqN29lU8ZHmNS
7CyRd+CiK3UnwyE/6tbPOh28iz+qo4Pwoze72TR97esBU6Pw9GTwMa128ZYPqg00
Ny4ctu/nKSBSvZ89RI0qNVqPRPyBm02PBMcBfHHOte4Kz0BIc+ytrO3mTp1loYdx
Pt+C5anqPUal18Cu6aMvwcLyVSVx2eLyYE3zB9gWTiQTZw6Qwm4XK73dJ4vpF52D
0Us/PykgSbQg2NSqEaG0x4OaSwutdTlPezqNCK9zGfYJxRCYrrcLSznWLD5V6aSS
Tg==
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:41:48 2025 by rpki-client