Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/s1Q0qtXEcmSCpHkyS5dxUKLDGqc.roa
File: s1Q0qtXEcmSCpHkyS5dxUKLDGqc.roa (raw, json)
Hash identifier: m5im4QAkEKH3ZcQvVveR67A54dKukg5xg4NJpZVVz4c=
Subject key identifier: B3:54:34:AA:D5:C4:72:64:82:A4:79:32:4B:97:71:50:A2:C3:1A:A7
Certificate issuer: /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial: 019687642953B19152E23E3DDC935DCCB1BE
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/s1Q0qtXEcmSCpHkyS5dxUKLDGqc.roa
Signing time: Wed 30 Apr 2025 15:50:10 +0000
ROA not before: Wed 30 Apr 2025 15:50:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42910
IP address blocks: 31.210.46.0/24 maxlen: 24
31.210.50.0/24 maxlen: 24
31.210.51.0/24 maxlen: 24
31.210.54.0/24 maxlen: 24
77.92.148.0/24 maxlen: 24
188.132.170.0/24 maxlen: 24
188.132.191.0/24 maxlen: 24
188.132.227.0/24 maxlen: 24
212.68.36.0/24 maxlen: 24
212.68.49.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 07 May 2025 04:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:87:64:29:53:b1:91:52:e2:3e:3d:dc:93:5d:cc:b1:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
Validity
Not Before: Apr 30 15:50:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b35434aad5c4726482a479324b977150a2c31aa7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f9:03:95:9b:49:3f:a5:01:00:3a:f5:2b:39:
32:15:97:94:ff:4a:9d:dd:8f:16:52:7f:b5:bb:91:
ba:4e:21:63:47:89:14:a1:7e:4d:6d:d6:47:84:7c:
67:b1:aa:f3:79:9e:b4:61:dd:88:46:f8:4d:9a:91:
86:27:30:0c:69:f6:5c:9d:f8:51:70:b3:0d:88:f4:
76:21:4b:f9:60:b0:9f:48:66:5a:bc:9b:2c:00:b9:
63:6b:27:61:f1:69:f8:57:a9:99:34:42:df:2c:eb:
56:fd:b2:fa:eb:85:c2:4d:1b:93:01:7f:1e:79:f5:
ad:68:76:5d:ba:c4:dc:08:c5:0a:02:28:b6:c7:34:
be:d6:a1:79:10:ea:b4:1e:a2:51:28:40:51:5d:57:
6d:36:44:a0:eb:a3:9d:f3:0a:5d:84:fb:10:89:28:
7f:d8:be:04:e2:19:b2:8f:e7:83:c0:72:05:85:b4:
57:74:45:b6:cd:10:b5:f7:61:9c:df:c6:64:91:d8:
65:b8:ef:56:6b:76:a4:51:5e:c1:8d:ce:a6:3d:e0:
0a:42:1e:0b:df:60:6e:43:2d:41:06:cd:07:0d:67:
23:7c:a9:a7:10:c4:34:96:f4:1d:54:69:da:7b:b6:
5c:f1:f8:ad:f2:0d:bd:61:4d:54:5f:56:69:f0:6d:
db:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:54:34:AA:D5:C4:72:64:82:A4:79:32:4B:97:71:50:A2:C3:1A:A7
X509v3 Authority Key Identifier:
keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/s1Q0qtXEcmSCpHkyS5dxUKLDGqc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.46.0/24
31.210.50.0/23
31.210.54.0/24
77.92.148.0/24
188.132.170.0/24
188.132.191.0/24
188.132.227.0/24
212.68.36.0/24
212.68.49.0/24
Signature Algorithm: sha256WithRSAEncryption
17:21:62:e9:0c:b3:74:13:14:82:f4:03:f1:7d:09:30:81:24:
be:40:c4:1f:09:cd:7e:eb:84:16:83:6b:b5:c7:01:b8:f9:b9:
79:71:cb:94:c3:4a:38:4a:5a:c6:e3:be:f9:ae:03:ad:4e:9f:
82:5b:2c:d9:11:95:44:50:ab:6a:b6:de:7a:9e:ad:eb:e1:10:
bf:34:04:d7:c0:41:e6:2a:5a:dc:83:94:2e:8c:89:bd:0c:02:
a0:a2:0a:44:a2:42:bf:2f:64:64:fd:3a:7e:4b:87:99:6b:e1:
f6:12:68:c0:e1:af:0b:78:ed:c4:a5:fb:36:b9:55:bf:af:38:
84:71:1a:1c:6a:d8:23:1b:f9:ec:bb:a4:98:eb:11:5f:8c:22:
b6:89:99:02:89:73:b1:fe:07:54:1d:a2:96:f8:ed:fb:22:63:
e8:1c:c5:77:08:3e:d8:52:3b:dd:c2:db:23:bf:5d:1e:70:d0:
ae:08:d0:e2:3a:15:66:36:eb:a7:69:ff:43:f9:58:c8:11:28:
7f:75:85:5b:c7:0e:9b:43:9a:6a:03:4a:50:07:5f:57:19:46:
bb:72:ca:fa:a9:22:2f:fb:49:2c:b7:29:0d:e4:fc:cd:59:2c:
b3:4c:0a:b8:5d:e5:93:fb:3e:f0:0b:8a:1a:2a:69:eb:ef:11:
93:d0:83:ba
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZaHZClTsZFS4j493JNdzLG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwNDMwMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzU0MzRhYWQ1YzQ3MjY0ODJhNDc5MzI0Yjk3NzE1MGEyYzMxYWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPkDlZtJP6UBADr1KzkyFZeU/0qd
3Y8WUn+1u5G6TiFjR4kUoX5NbdZHhHxnsarzeZ60Yd2IRvhNmpGGJzAMafZcnfhR
cLMNiPR2IUv5YLCfSGZavJssALljaydh8Wn4V6mZNELfLOtW/bL664XCTRuTAX8e
efWtaHZdusTcCMUKAii2xzS+1qF5EOq0HqJRKEBRXVdtNkSg66Od8wpdhPsQiSh/
2L4E4hmyj+eDwHIFhbRXdEW2zRC192Gc38ZkkdhluO9Wa3akUV7Bjc6mPeAKQh4L
32BuQy1BBs0HDWcjfKmnEMQ0lvQdVGnae7Zc8fit8g29YU1UX1Zp8G3bzwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLNUNKrVxHJkgqR5MkuXcVCiwxqnMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvczFRMHF0WEVjbVNDcEhreVM1ZHhVS0xER3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAH9IuAwQB
H9IyAwQAH9I2AwQATVyUAwQAvISqAwQAvIS/AwQAvITjAwQA1EQkAwQA1EQxMA0G
CSqGSIb3DQEBCwUAA4IBAQAXIWLpDLN0ExSC9APxfQkwgSS+QMQfCc1+64QWg2u1
xwG4+bl5ccuUw0o4SlrG4775rgOtTp+CWyzZEZVEUKtqtt56nq3r4RC/NATXwEHm
Klrcg5QujIm9DAKgogpEokK/L2Rk/Tp+S4eZa+H2EmjA4a8LeO3Epfs2uVW/rziE
cRocatgjG/nsu6SY6xFfjCK2iZkCiXOx/gdUHaKW+O37ImPoHMV3CD7YUjvdwtsj
v10ecNCuCNDiOhVmNuunaf9D+VjIESh/dYVbxw6bQ5pqA0pQB19XGUa7csr6qSIv
+0kstykN5PzNWSyzTAq4XeWT+z7wC4oaKmnr7xGT0IO6
-----END CERTIFICATE-----
Generated at Tue May 6 09:30:28 2025 by rpki-client