Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/lg3As9QftSBug7tpmYrQWLTzXlw.roa
File: lg3As9QftSBug7tpmYrQWLTzXlw.roa (raw, json)
Hash identifier: Zav5DG+USj65sND09nTQM5cgapiwyx+unRcWKNxbfPM=
Subject key identifier: 96:0D:C0:B3:D4:1F:B5:20:6E:83:BB:69:99:8A:D0:58:B4:F3:5E:5C
Certificate issuer: /CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Certificate serial: 0198B37DD332EB9562C2520A21B49D6A4807
Authority key identifier: 44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/lg3As9QftSBug7tpmYrQWLTzXlw.roa
Signing time: Sat 16 Aug 2025 15:27:04 +0000
ROA not before: Sat 16 Aug 2025 15:27:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197501
IP address blocks: 31.129.231.0/24 maxlen: 24
31.129.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.mft
rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 09:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:b3:7d:d3:32:eb:95:62:c2:52:0a:21:b4:9d:6a:48:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Validity
Not Before: Aug 16 15:27:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=960dc0b3d41fb5206e83bb69998ad058b4f35e5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:00:47:dc:be:17:98:b6:9d:15:7c:65:b0:83:
6f:32:6e:53:6e:6f:94:06:a6:d3:c8:ea:52:ac:50:
21:1a:04:5e:25:eb:f7:5d:9f:fc:f3:66:0f:29:ce:
86:8e:99:90:1e:e4:9d:04:67:f4:d1:26:cc:4e:6d:
40:28:50:39:13:45:6f:cd:b2:2e:2b:17:04:e4:61:
d1:00:70:bf:49:ef:cf:cf:25:8e:a6:7b:02:15:63:
78:e0:12:23:4c:9c:1a:26:16:3f:e8:0b:45:f5:5f:
7d:11:5d:39:73:38:7e:e9:81:dc:d0:9d:9f:5a:96:
86:26:1d:6c:01:74:69:a2:5f:a7:61:eb:5d:86:07:
d6:00:cd:25:5f:1b:2c:55:76:ad:f5:b2:e6:49:ef:
a0:3f:dd:f8:1f:df:17:f1:94:b4:aa:88:cd:01:98:
e1:bf:f5:4b:ee:32:d0:f0:a6:9d:a5:db:79:2a:a2:
eb:4a:e6:b4:b9:a9:b1:0b:db:6a:8e:24:fb:b5:ac:
94:3e:cd:6f:03:6f:cc:12:00:3c:d5:ad:5a:08:3e:
7e:a3:71:66:c8:b4:83:90:5c:9b:7e:89:94:27:cf:
c4:be:41:d7:a6:ea:06:b7:fc:3f:e8:fe:1e:7a:0e:
e0:59:ed:5d:2f:ce:90:c7:df:5c:9b:de:2a:e5:ef:
9d:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:0D:C0:B3:D4:1F:B5:20:6E:83:BB:69:99:8A:D0:58:B4:F3:5E:5C
X509v3 Authority Key Identifier:
keyid:44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/lg3As9QftSBug7tpmYrQWLTzXlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.231.0/24
31.129.247.0/24
Signature Algorithm: sha256WithRSAEncryption
28:78:13:3d:a2:4e:29:e1:91:1d:ad:5a:b8:69:85:4b:18:2a:
37:bb:ae:69:a5:67:d1:36:2c:ab:8d:0f:73:d3:8b:ec:03:8b:
0f:78:f2:d0:eb:ee:36:a3:b5:63:28:04:ea:14:ee:6b:2d:88:
c4:cc:83:9c:06:05:a4:f6:12:b6:37:d7:e6:15:f5:9c:83:85:
0e:d6:4c:bf:9b:7f:14:eb:c6:a4:61:92:ae:eb:9c:03:58:20:
bb:aa:34:34:54:9e:2a:59:ca:19:5f:1f:1f:54:3c:3b:78:da:
c1:99:dc:8f:b6:c7:2c:43:c9:7b:a5:78:cb:8f:76:f7:d3:60:
df:fc:98:59:83:8d:57:12:08:10:bf:a8:27:f6:0a:11:dc:df:
03:72:b2:a0:d8:f1:f9:e0:f2:e7:e5:5d:1f:87:ae:50:5c:b9:
bd:c4:a7:b3:40:80:95:59:d1:85:86:fb:be:79:71:f6:79:ca:
db:7d:7e:ae:10:73:ba:c1:39:ef:8f:cc:d9:b7:1c:d0:9b:13:
d9:0e:a7:a4:91:49:e6:04:99:c3:8f:de:11:b0:4a:28:d4:42:
24:c5:1b:56:e6:ad:d9:61:4b:20:80:59:d5:a2:4e:a7:e0:ef:
82:d9:61:2d:93:ed:c8:32:53:96:0f:e9:0d:e0:da:b2:33:45:
71:89:ef:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZizfdMy65ViwlIKIbSdakgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NDRjN2MzYWQzNGI2OTc3ZmExOGEyMjM3Y2EzMDZiOWJl
ZTA4ZTAwHhcNMjUwODE2MTUyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBkYzBiM2Q0MWZiNTIwNmU4M2JiNjk5OThhZDA1OGI0ZjM1ZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QBH3L4XmLadFXxlsINvMm5Tbm+U
BqbTyOpSrFAhGgReJev3XZ/882YPKc6GjpmQHuSdBGf00SbMTm1AKFA5E0VvzbIu
KxcE5GHRAHC/Se/PzyWOpnsCFWN44BIjTJwaJhY/6AtF9V99EV05czh+6YHc0J2f
WpaGJh1sAXRpol+nYetdhgfWAM0lXxssVXat9bLmSe+gP934H98X8ZS0qojNAZjh
v/VL7jLQ8Kadpdt5KqLrSua0uamxC9tqjiT7tayUPs1vA2/MEgA81a1aCD5+o3Fm
yLSDkFybfomUJ8/EvkHXpuoGt/w/6P4eeg7gWe1dL86Qx99cm94q5e+dlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYNwLPUH7UgboO7aZmK0Fi0815cMB8GA1UdIwQY
MBaAFEREx8OtNLaXf6GKIjfKMGub7gjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEt
ODYzYzliM2QzMmIwLzEvbGczQXM5UWZ0U0J1Zzd0cG1ZclFXTFR6WGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jOWM5ZmMtNTg2NC00MTRlLWFlMmEtODYzYzliM2QzMmIw
LzEvUkVUSHc2MDB0cGRfb1lvaU44b3dhNXZ1Q09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4HnAwQA
H4H3MA0GCSqGSIb3DQEBCwUAA4IBAQAoeBM9ok4p4ZEdrVq4aYVLGCo3u65ppWfR
NiyrjQ9z04vsA4sPePLQ6+42o7VjKATqFO5rLYjEzIOcBgWk9hK2N9fmFfWcg4UO
1ky/m38U68akYZKu65wDWCC7qjQ0VJ4qWcoZXx8fVDw7eNrBmdyPtscsQ8l7pXjL
j3b302Df/JhZg41XEggQv6gn9goR3N8DcrKg2PH54PLn5V0fh65QXLm9xKezQICV
WdGFhvu+eXH2ecrbfX6uEHO6wTnvj8zZtxzQmxPZDqekkUnmBJnDj94RsEoo1EIk
xRtW5q3ZYUsggFnVok6n4O+C2WEtk+3IMlOWD+kN4NqyM0Vxie+A
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:36:49 2025 by rpki-client