Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/oQAGdFifd-TKFIBS06405IGsyvA.roa
File: oQAGdFifd-TKFIBS06405IGsyvA.roa (raw, json)
Hash identifier: zpSW+ojYEzYzrGwuoKq30ePtiLpag8R8YWj5wxmdW5A=
Subject key identifier: A1:00:06:74:58:9F:77:E4:CA:14:80:52:D3:AE:34:E4:81:AC:CA:F0
Certificate issuer: /CN=da0589dce63981870a1850906c8c2d1d96740096
Certificate serial: 01990F98EC4159D68DEEA708492ECD3C5486
Authority key identifier: DA:05:89:DC:E6:39:81:87:0A:18:50:90:6C:8C:2D:1D:96:74:00:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/oQAGdFifd-TKFIBS06405IGsyvA.roa
Signing time: Wed 03 Sep 2025 12:41:44 +0000
ROA not before: Wed 03 Sep 2025 12:41:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203532
IP address blocks: 31.43.174.0/23 maxlen: 23
31.43.174.0/24 maxlen: 24
31.43.175.0/24 maxlen: 24
177.222.64.0/19 maxlen: 19
177.222.64.0/20 maxlen: 20
177.222.64.0/21 maxlen: 21
177.222.72.0/21 maxlen: 21
177.222.80.0/22 maxlen: 22
177.222.84.0/22 maxlen: 22
177.222.88.0/24 maxlen: 24
177.222.89.0/24 maxlen: 24
177.222.90.0/24 maxlen: 24
177.222.91.0/24 maxlen: 24
177.222.92.0/24 maxlen: 24
2a13:7500::/36 maxlen: 36
2a13:7500::/48 maxlen: 48
2a13:7500:200::/40 maxlen: 40
2a13:7500:241::/48 maxlen: 48
2a13:7500:242::/48 maxlen: 48
2a13:7500:248::/48 maxlen: 48
2a13:7500:320::/44 maxlen: 44
2a13:7500:8100::/44 maxlen: 44
2a13:7500:8100::/48 maxlen: 48
2a13:7500:8101::/48 maxlen: 48
2a13:7500:8102::/48 maxlen: 48
2a13:7500:8103::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.mft
rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0f:98:ec:41:59:d6:8d:ee:a7:08:49:2e:cd:3c:54:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da0589dce63981870a1850906c8c2d1d96740096
Validity
Not Before: Sep 3 12:41:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1000674589f77e4ca148052d3ae34e481accaf0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:95:46:e5:98:51:e3:cb:b5:7e:f9:0c:d5:18:
95:47:9e:3f:e1:9a:84:3f:eb:39:74:2f:29:55:1a:
ae:bd:4f:b7:29:ae:05:eb:90:f3:3c:a5:54:5d:55:
a5:3d:2d:02:85:62:0f:bc:f9:c6:db:a9:88:32:f8:
f4:26:cf:3f:3b:c4:60:84:38:c4:b2:3e:d3:5d:ef:
cf:a8:75:8b:ec:4a:b5:b0:f6:bf:77:41:75:7e:45:
be:90:2b:a3:4e:02:51:89:b9:5d:24:d8:c9:c7:b2:
33:8c:4e:d8:7d:98:3f:90:58:3e:d9:6e:eb:a8:f2:
16:1d:6d:33:30:85:3f:fe:73:1f:b4:aa:7c:ed:3d:
42:ee:54:92:9d:18:b8:53:ba:c3:b1:cb:89:c4:a4:
6c:79:12:63:61:f4:1c:b9:b5:73:0e:e5:71:68:25:
0f:45:96:2c:af:0e:da:d9:ae:c1:26:6b:10:84:63:
4c:aa:5c:02:74:5b:ea:c9:3f:6d:f8:18:93:d7:03:
3e:72:c1:2d:52:8c:53:83:f5:9e:82:58:8b:ce:b9:
20:68:6e:31:5e:34:0f:4b:f6:2c:30:d1:4e:0f:c2:
fd:4c:f2:94:60:bb:77:83:70:3c:8e:7d:99:96:f5:
d0:cf:3d:fd:f3:55:98:01:2c:75:da:6c:27:4b:89:
3f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:00:06:74:58:9F:77:E4:CA:14:80:52:D3:AE:34:E4:81:AC:CA:F0
X509v3 Authority Key Identifier:
keyid:DA:05:89:DC:E6:39:81:87:0A:18:50:90:6C:8C:2D:1D:96:74:00:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/oQAGdFifd-TKFIBS06405IGsyvA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6326bb-ba33-4339-b8c6-14e3c2017969/1/2gWJ3OY5gYcKGFCQbIwtHZZ0AJY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/23
177.222.64.0/19
IPv6:
2a13:7500::/36
2a13:7500:8100::/44
Signature Algorithm: sha256WithRSAEncryption
6e:c1:11:2f:08:09:a6:d5:2f:88:17:93:09:10:e7:f6:87:0e:
6b:b2:de:c6:74:1a:b8:4e:ed:c6:78:c9:5c:58:53:ef:15:ba:
5e:fd:85:e4:a3:38:3e:e5:f0:f0:c0:8e:cc:d1:ba:7b:65:46:
09:ba:f2:b6:b1:a0:90:6e:a1:a1:dc:2e:54:27:82:06:df:93:
74:57:2a:8c:7f:f1:4f:f4:8f:13:70:e6:24:dc:36:c5:3f:44:
69:70:f0:d8:19:e6:16:7f:ff:e5:81:73:fc:e0:04:17:6e:29:
66:d4:96:04:a5:ea:27:ee:70:0b:cd:c4:88:24:b9:ec:d1:7f:
fa:91:00:ff:ea:28:3c:51:aa:3b:38:34:f9:cb:86:18:ba:78:
28:5c:cb:d1:70:32:48:08:f2:02:52:42:de:0f:be:33:55:5f:
28:29:82:fe:bc:69:19:ee:1b:28:a2:55:92:23:21:9f:9e:10:
f3:f2:ed:75:f3:fe:17:87:f1:e4:30:4e:5b:56:56:90:37:e4:
7e:4b:18:de:8b:50:47:f7:e2:23:84:57:79:7e:9e:29:fd:f5:
92:aa:e1:78:dd:73:91:7e:0a:e1:82:cc:39:23:32:da:29:c9:
9e:ca:d0:2f:5b:7a:dc:b1:38:f6:22:d9:8d:c5:60:11:f9:1d:
2e:1e:ef:58
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZkPmOxBWdaN7qcISS7NPFSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDU4OWRjZTYzOTgxODcwYTE4NTA5MDZjOGMyZDFkOTY3
NDAwOTYwHhcNMjUwOTAzMTI0MTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTAwMDY3NDU4OWY3N2U0Y2ExNDgwNTJkM2FlMzRlNDgxYWNjYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZVG5ZhR48u1fvkM1RiVR54/4ZqE
P+s5dC8pVRquvU+3Ka4F65DzPKVUXVWlPS0ChWIPvPnG26mIMvj0Js8/O8RghDjE
sj7TXe/PqHWL7Eq1sPa/d0F1fkW+kCujTgJRibldJNjJx7IzjE7YfZg/kFg+2W7r
qPIWHW0zMIU//nMftKp87T1C7lSSnRi4U7rDscuJxKRseRJjYfQcubVzDuVxaCUP
RZYsrw7a2a7BJmsQhGNMqlwCdFvqyT9t+BiT1wM+csEtUoxTg/WegliLzrkgaG4x
XjQPS/YsMNFOD8L9TPKUYLt3g3A8jn2ZlvXQzz3981WYASx12mwnS4k/2wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFKEABnRYn3fkyhSAUtOuNOSBrMrwMB8GA1UdIwQY
MBaAFNoFidzmOYGHChhQkGyMLR2WdACWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdXSjNPWTVnWWNLR0ZDUWJJd3RIWlowQUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82MzI2YmItYmEzMy00MzM5LWI4YzYt
MTRlM2MyMDE3OTY5LzEvb1FBR2RGaWZkLVRLRklCUzA2NDA1SUdzeXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82MzI2YmItYmEzMy00MzM5LWI4YzYtMTRlM2MyMDE3OTY5
LzEvMmdXSjNPWTVnWWNLR0ZDUWJJd3RIWlowQUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQBHyuuAwQF
sd5AMBcEAgACMBEDBgQqE3UAAAMHBCoTdQCBADANBgkqhkiG9w0BAQsFAAOCAQEA
bsERLwgJptUviBeTCRDn9ocOa7LexnQauE7txnjJXFhT7xW6Xv2F5KM4PuXw8MCO
zNG6e2VGCbrytrGgkG6hodwuVCeCBt+TdFcqjH/xT/SPE3DmJNw2xT9EaXDw2Bnm
Fn//5YFz/OAEF24pZtSWBKXqJ+5wC83EiCS57NF/+pEA/+ooPFGqOzg0+cuGGLp4
KFzL0XAySAjyAlJC3g++M1VfKCmC/rxpGe4bKKJVkiMhn54Q8/LtdfP+F4fx5DBO
W1ZWkDfkfksY3otQR/fiI4RXeX6eKf31kqrheN1zkX4K4YLMOSMy2inJnsrQL1t6
3LE49iLZjcVgEfkdLh7vWA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:35:36 2025 by rpki-client