Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/O_Wh7DXILbeq2pJ7lbo670WPHcI.roa
File: O_Wh7DXILbeq2pJ7lbo670WPHcI.roa (raw, json)
Hash identifier: 9coM5+TGNwqDkXBfhIBTqYZ9wRzRhg/kPk42ppbDqL4=
Subject key identifier: 3B:F5:A1:EC:35:C8:2D:B7:AA:DA:92:7B:95:BA:3A:EF:45:8F:1D:C2
Certificate issuer: /CN=83bce35561f541bda97e777e6879a1d704e7b42f
Certificate serial: 0197A222380CC5E59055DBEBAAB4D43743FB
Authority key identifier: 83:BC:E3:55:61:F5:41:BD:A9:7E:77:7E:68:79:A1:D7:04:E7:B4:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/O_Wh7DXILbeq2pJ7lbo670WPHcI.roa
Signing time: Tue 24 Jun 2025 13:30:40 +0000
ROA not before: Tue 24 Jun 2025 13:30:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44527
IP address blocks: 31.44.214.0/23 maxlen: 23
31.44.214.0/24 maxlen: 24
31.44.215.0/24 maxlen: 24
31.44.220.0/22 maxlen: 22
31.44.220.0/24 maxlen: 24
31.44.221.0/24 maxlen: 24
31.44.222.0/24 maxlen: 24
31.44.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.mft
rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 16:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:a2:22:38:0c:c5:e5:90:55:db:eb:aa:b4:d4:37:43:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=83bce35561f541bda97e777e6879a1d704e7b42f
Validity
Not Before: Jun 24 13:30:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3bf5a1ec35c82db7aada927b95ba3aef458f1dc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:51:7d:7f:05:d1:6d:72:00:15:9f:4e:39:a1:
34:37:bc:f2:83:3e:5d:c2:08:c6:0a:0f:27:ba:f3:
2a:70:e4:1a:b2:e5:9e:1f:35:c6:bf:dd:14:c1:e2:
42:b4:73:00:28:b9:1f:62:41:bb:09:8f:f1:cb:0b:
d9:56:65:61:d8:bf:7b:c7:3c:27:eb:22:df:df:e7:
71:a5:63:94:f2:96:a6:d7:61:35:f8:ed:c6:ec:ad:
b9:b4:cc:7f:92:ef:84:d6:44:34:49:df:37:03:e8:
f3:9b:89:aa:e6:1b:83:02:db:00:9c:06:e6:9b:08:
87:b6:d7:d4:a9:e9:3a:19:64:ac:20:ec:b7:c7:41:
04:e3:f1:5e:5c:22:2a:74:7a:2d:1f:e7:50:71:26:
6f:e6:9a:55:a3:0e:70:ff:fc:19:13:99:45:73:ca:
35:98:ea:39:84:06:df:1c:e3:c0:9b:c5:a7:fa:16:
58:3a:18:7a:f7:14:4e:4c:71:da:21:c2:e4:d5:2f:
9f:c6:8d:03:f1:8d:94:d5:7b:78:c9:62:a6:78:97:
80:bd:4c:62:56:4c:b1:4c:9b:9a:dd:4f:f7:d1:4e:
ab:45:79:7e:5f:34:76:f5:03:98:28:65:f6:44:a3:
c1:58:e4:fa:ee:a0:d5:11:1d:76:f7:1b:b4:3e:96:
a4:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:F5:A1:EC:35:C8:2D:B7:AA:DA:92:7B:95:BA:3A:EF:45:8F:1D:C2
X509v3 Authority Key Identifier:
keyid:83:BC:E3:55:61:F5:41:BD:A9:7E:77:7E:68:79:A1:D7:04:E7:B4:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/O_Wh7DXILbeq2pJ7lbo670WPHcI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.214.0/23
31.44.220.0/22
Signature Algorithm: sha256WithRSAEncryption
22:e9:62:c3:72:5f:c0:57:32:63:dd:fe:01:5d:a8:85:09:e6:
66:cc:20:8d:bc:98:d2:64:33:21:72:15:00:dd:fc:2e:1b:44:
3f:a6:0d:c2:cd:b7:33:32:e0:74:4b:7d:29:fa:8d:f6:c2:36:
3e:0d:1d:cd:1d:46:91:82:13:87:44:b8:5f:6f:c5:5d:2d:66:
bd:e8:4e:e5:f0:f8:48:6f:5e:8c:c9:1f:4a:15:47:0d:fb:9a:
70:e0:df:18:75:a1:2b:db:63:ca:24:cc:4f:12:72:ab:5b:c2:
71:ce:ea:0b:23:d1:dd:61:3f:07:9a:92:f8:a8:9f:57:38:2a:
f9:e7:d2:b7:0a:bd:d1:aa:ee:bc:a7:bb:a5:b9:a1:bb:de:2e:
b9:4a:75:31:e3:05:5d:42:81:f0:16:8c:df:16:9e:da:0c:36:
00:c3:d1:9f:90:0a:46:93:0b:12:2e:d1:2c:87:85:f4:85:fc:
c0:4f:46:11:46:f4:96:a7:75:90:6b:56:ff:5d:6f:ae:49:ba:
b5:21:f6:cc:3d:df:4d:56:da:ad:0a:50:f6:99:3e:ae:b2:d1:
d1:7d:f5:7f:fc:2f:43:0f:0a:8f:30:f2:2b:47:24:42:7f:b5:
09:b0:0c:d0:e2:48:1e:73:ec:89:61:23:1c:4e:18:35:7a:a8:
95:78:57:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeiIjgMxeWQVdvrqrTUN0P7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYmNlMzU1NjFmNTQxYmRhOTdlNzc3ZTY4NzlhMWQ3MDRl
N2I0MmYwHhcNMjUwNjI0MTMzMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY1YTFlYzM1YzgyZGI3YWFkYTkyN2I5NWJhM2FlZjQ1OGYxZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1F9fwXRbXIAFZ9OOaE0N7zygz5d
wgjGCg8nuvMqcOQasuWeHzXGv90UweJCtHMAKLkfYkG7CY/xywvZVmVh2L97xzwn
6yLf3+dxpWOU8pam12E1+O3G7K25tMx/ku+E1kQ0Sd83A+jzm4mq5huDAtsAnAbm
mwiHttfUqek6GWSsIOy3x0EE4/FeXCIqdHotH+dQcSZv5ppVow5w//wZE5lFc8o1
mOo5hAbfHOPAm8Wn+hZYOhh69xROTHHaIcLk1S+fxo0D8Y2U1Xt4yWKmeJeAvUxi
VkyxTJua3U/30U6rRXl+XzR29QOYKGX2RKPBWOT67qDVER129xu0Ppak4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDv1oew1yC23qtqSe5W6Ou9Fjx3CMB8GA1UdIwQY
MBaAFIO841Vh9UG9qX53fmh5odcE57QvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzd6alZXSDFRYjJwZm5kLWFIbWgxd1RudEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zNTA2NGItN2E1YS00Yzc0LTg3NDMt
ZmQ4NjYwYzRmZDZlLzEvT19XaDdEWElMYmVxMnBKN2xibzY3MFdQSGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zNTA2NGItN2E1YS00Yzc0LTg3NDMtZmQ4NjYwYzRmZDZl
LzEvZzd6alZXSDFRYjJwZm5kLWFIbWgxd1RudEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBHyzWAwQC
HyzcMA0GCSqGSIb3DQEBCwUAA4IBAQAi6WLDcl/AVzJj3f4BXaiFCeZmzCCNvJjS
ZDMhchUA3fwuG0Q/pg3CzbczMuB0S30p+o32wjY+DR3NHUaRghOHRLhfb8VdLWa9
6E7l8PhIb16MyR9KFUcN+5pw4N8YdaEr22PKJMxPEnKrW8JxzuoLI9HdYT8HmpL4
qJ9XOCr559K3Cr3Rqu68p7uluaG73i65SnUx4wVdQoHwFozfFp7aDDYAw9GfkApG
kwsSLtEsh4X0hfzAT0YRRvSWp3WQa1b/XW+uSbq1IfbMPd9NVtqtClD2mT6ustHR
ffV//C9DDwqPMPIrRyRCf7UJsAzQ4kgec+yJYSMcThg1eqiVeFco
-----END CERTIFICATE-----
Generated at Tue Jul 1 22:59:18 2025 by rpki-client