Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-HUGU7EwslgA4L6ulvFQRdnOnAM.roa
File: 1-HUGU7EwslgA4L6ulvFQRdnOnAM.roa (raw, json)
Hash identifier: TePUxibD/HRHgcYuJCJR5kMRf/5PwkTcdGqV40KGT3k=
Subject key identifier: F8:75:06:53:B1:30:B2:58:00:E0:BE:AE:96:F1:50:45:D9:CE:9C:03
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0196A4C7F9015DCA9FF8750AD01B20D97924
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-HUGU7EwslgA4L6ulvFQRdnOnAM.roa
Signing time: Tue 06 May 2025 08:48:10 +0000
ROA not before: Tue 06 May 2025 08:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212742
IP address blocks: 31.56.176.0/22 maxlen: 24
31.56.182.0/23 maxlen: 24
31.56.184.0/22 maxlen: 24
31.56.188.0/23 maxlen: 24
31.56.208.0/23 maxlen: 24
31.56.228.0/23 maxlen: 24
31.58.180.0/22 maxlen: 24
31.58.184.0/21 maxlen: 24
31.58.192.0/22 maxlen: 24
31.58.196.0/22 maxlen: 24
31.58.204.0/22 maxlen: 24
31.58.208.0/23 maxlen: 24
31.58.232.0/23 maxlen: 24
31.59.36.0/22 maxlen: 24
31.59.44.0/22 maxlen: 24
31.59.84.0/22 maxlen: 24
31.59.90.0/23 maxlen: 24
31.59.92.0/22 maxlen: 24
31.59.101.0/24 maxlen: 24
31.59.102.0/23 maxlen: 24
31.59.104.0/23 maxlen: 24
31.59.106.0/24 maxlen: 24
217.60.8.0/22 maxlen: 24
217.60.32.0/22 maxlen: 24
217.60.44.0/22 maxlen: 24
217.60.48.0/22 maxlen: 24
217.60.52.0/22 maxlen: 24
217.60.56.0/22 maxlen: 24
217.60.128.0/19 maxlen: 24
217.60.160.0/20 maxlen: 24
217.60.176.0/21 maxlen: 24
217.60.184.0/23 maxlen: 24
217.60.186.0/24 maxlen: 24
217.60.200.0/21 maxlen: 24
217.60.208.0/20 maxlen: 24
217.60.224.0/21 maxlen: 24
217.60.232.0/22 maxlen: 24
217.60.250.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 10 May 2025 05:04:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a4:c7:f9:01:5d:ca:9f:f8:75:0a:d0:1b:20:d9:79:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: May 6 08:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8750653b130b25800e0beae96f15045d9ce9c03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:9d:be:17:1a:56:f6:71:7f:db:dd:47:a8:f5:
e6:ed:14:aa:bb:87:47:06:1f:00:f8:a4:d7:6d:dd:
64:01:d4:df:89:b5:18:40:c1:5a:d8:b0:d0:3a:ee:
2d:7f:4c:1a:48:df:67:16:a5:e1:5d:e8:c4:b0:51:
7a:35:81:ab:71:c7:1b:50:a5:d4:1b:65:2b:cc:94:
6f:6e:b6:4e:84:42:03:1a:e9:fa:ea:b3:15:58:08:
36:45:b6:2c:01:57:d1:0d:95:c2:9d:02:04:04:2c:
f4:51:f1:b8:a4:f9:5c:52:a4:8a:58:da:ec:d2:f7:
15:ee:cb:ba:75:8e:12:0f:66:cb:de:19:e3:c3:7d:
70:c8:c3:08:0e:66:6a:18:2c:c7:db:1a:1c:f4:45:
2c:bc:08:b6:09:99:9a:10:c9:29:40:49:45:cf:5c:
56:97:4f:46:a0:89:33:3a:fa:10:47:60:33:84:f4:
9f:f1:c9:5b:a3:51:63:4a:a9:13:b1:5a:f6:b0:bc:
42:81:7a:6c:55:f4:65:ca:0c:5a:18:a4:66:ab:8b:
6f:05:07:6b:c6:79:83:0d:2d:f9:20:34:06:22:b7:
60:a6:dc:c6:a6:2c:ef:7f:aa:40:b5:2b:96:62:54:
ed:6d:e3:c5:1d:7e:b8:62:4c:ab:04:32:e1:af:aa:
77:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:75:06:53:B1:30:B2:58:00:E0:BE:AE:96:F1:50:45:D9:CE:9C:03
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-HUGU7EwslgA4L6ulvFQRdnOnAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.176.0/22
31.56.182.0-31.56.189.255
31.56.208.0/23
31.56.228.0/23
31.58.180.0-31.58.199.255
31.58.204.0-31.58.209.255
31.58.232.0/23
31.59.36.0/22
31.59.44.0/22
31.59.84.0/22
31.59.90.0-31.59.95.255
31.59.101.0-31.59.106.255
217.60.8.0/22
217.60.32.0/22
217.60.44.0-217.60.59.255
217.60.128.0-217.60.186.255
217.60.200.0-217.60.235.255
217.60.250.0/24
Signature Algorithm: sha256WithRSAEncryption
bb:67:eb:0b:6c:fc:43:53:25:d6:d6:4d:cc:df:8d:7a:50:61:
02:8c:8b:6e:55:52:d3:d9:7c:ea:40:39:38:c3:7a:ce:ac:ce:
b8:23:92:9d:54:cc:10:5d:28:ed:5c:9f:da:e8:9b:a8:13:b0:
de:c0:7e:ea:ed:65:47:94:e1:fc:72:cf:95:55:ed:3c:69:2c:
19:6d:50:03:81:18:5d:04:23:9c:d3:ae:70:32:60:cb:64:cd:
25:bd:73:3a:cb:34:7f:b2:18:78:08:d1:2b:53:9b:80:92:59:
c1:ba:f6:9b:b2:5a:f8:e6:b6:9c:d2:cf:50:85:7f:5f:33:d6:
58:86:1c:18:4b:8f:59:c1:19:26:18:15:23:f4:d7:8a:53:2b:
2d:0a:57:c9:e8:da:40:8a:db:d1:95:46:e5:79:b1:62:13:80:
90:f3:ac:fb:a9:40:af:6d:1e:fc:69:c8:c8:e6:de:16:79:41:
1d:11:b5:8d:00:a4:ef:14:98:8b:0b:95:2b:e4:0a:89:b4:fa:
ee:f9:75:02:b7:c0:54:6e:11:bb:d9:50:8b:6e:27:79:16:57:
16:d3:68:df:59:25:64:cc:d5:39:27:4c:ed:6e:62:02:26:f5:
4d:28:45:1f:52:08:bf:98:8d:1b:7d:23:1a:29:fe:e8:40:35:
f5:75:91:a3
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZakx/kBXcqf+HUK0Bsg2XkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA2MDg0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc1MDY1M2IxMzBiMjU4MDBlMGJlYWU5NmYxNTA0NWQ5Y2U5YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZ2+FxpW9nF/291HqPXm7RSqu4dH
Bh8A+KTXbd1kAdTfibUYQMFa2LDQOu4tf0waSN9nFqXhXejEsFF6NYGrcccbUKXU
G2UrzJRvbrZOhEIDGun66rMVWAg2RbYsAVfRDZXCnQIEBCz0UfG4pPlcUqSKWNrs
0vcV7su6dY4SD2bL3hnjw31wyMMIDmZqGCzH2xoc9EUsvAi2CZmaEMkpQElFz1xW
l09GoIkzOvoQR2AzhPSf8clbo1FjSqkTsVr2sLxCgXpsVfRlygxaGKRmq4tvBQdr
xnmDDS35IDQGIrdgptzGpizvf6pAtSuWYlTtbePFHX64YkyrBDLhr6p30wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFPh1BlOxMLJYAOC+rpbxUEXZzpwDMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS1IVUdVN0V3c2xnQTRMNnVsdkZRUmRuT25BTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCByQYIKwYBBQUHAQcBAf8EgbkwgbYwgbMEAgABMIGsAwQC
HziwMAwDBAEfOLYDBAEfOLwDBAEfONADBAEfOOQwDAMEAh86tAMEAx86wDAMAwQC
HzrMAwQBHzrQAwQBHzroAwQCHzskAwQCHzssAwQCHztUMAwDBAEfO1oDBAUfO0Aw
DAMEAB87ZQMEAB87agMEAtk8CAMEAtk8IDAMAwQC2TwsAwQC2Tw4MAwDBAfZPIAD
BADZPLowDAMEA9k8yAMEAtk86AMEANk8+jANBgkqhkiG9w0BAQsFAAOCAQEAu2fr
C2z8Q1Ml1tZNzN+NelBhAoyLblVS09l86kA5OMN6zqzOuCOSnVTMEF0o7Vyf2uib
qBOw3sB+6u1lR5Th/HLPlVXtPGksGW1QA4EYXQQjnNOucDJgy2TNJb1zOss0f7IY
eAjRK1ObgJJZwbr2m7Ja+Oa2nNLPUIV/XzPWWIYcGEuPWcEZJhgVI/TXilMrLQpX
yejaQIrb0ZVG5XmxYhOAkPOs+6lAr20e/GnIyObeFnlBHRG1jQCk7xSYiwuVK+QK
ibT67vl1ArfAVG4Ru9lQi24neRZXFtNo31klZMzVOSdM7W5iAib1TShFH1IIv5iN
G30jGin+6EA19XWRow==
-----END CERTIFICATE-----
Generated at Fri May 9 14:01:41 2025 by rpki-client