Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/4cnRWY5gtsfuxJysdz-vN0qrOUs.roa
File: 4cnRWY5gtsfuxJysdz-vN0qrOUs.roa (raw, json)
Hash identifier: 93jxXfokl+svyBU1O0Hr6w6zv+AavA15Ll9wQ0fHJCo=
Subject key identifier: E1:C9:D1:59:8E:60:B6:C7:EE:C4:9C:AC:77:3F:AF:37:4A:AB:39:4B
Certificate issuer: /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial: 0198CC4AE9AECC6E721699D57B58D4B51C83
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/4cnRWY5gtsfuxJysdz-vN0qrOUs.roa
Signing time: Thu 21 Aug 2025 11:01:58 +0000
ROA not before: Thu 21 Aug 2025 11:01:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15924
IP address blocks: 31.186.0.0/24 maxlen: 24
31.186.1.0/24 maxlen: 24
31.186.2.0/24 maxlen: 24
31.186.3.0/24 maxlen: 24
31.186.4.0/24 maxlen: 24
31.186.5.0/24 maxlen: 24
31.186.6.0/24 maxlen: 24
31.186.7.0/24 maxlen: 24
31.186.8.0/24 maxlen: 24
31.186.9.0/24 maxlen: 24
31.186.10.0/24 maxlen: 24
31.186.11.0/24 maxlen: 24
31.186.12.0/24 maxlen: 24
31.186.13.0/24 maxlen: 24
31.186.14.0/24 maxlen: 24
31.186.15.0/24 maxlen: 24
31.186.16.0/24 maxlen: 24
31.186.17.0/24 maxlen: 24
31.186.18.0/24 maxlen: 24
31.186.19.0/24 maxlen: 24
31.186.20.0/24 maxlen: 24
31.186.21.0/24 maxlen: 24
31.186.22.0/24 maxlen: 24
31.186.23.0/24 maxlen: 24
31.186.24.0/24 maxlen: 24
31.186.25.0/24 maxlen: 24
31.186.26.0/24 maxlen: 24
31.186.27.0/24 maxlen: 24
31.186.28.0/24 maxlen: 24
31.186.29.0/24 maxlen: 24
31.186.30.0/24 maxlen: 24
31.186.31.0/24 maxlen: 24
2a0d:a000:0:a00::/56 maxlen: 56
2a0d:a000:0:b00::/56 maxlen: 56
2a0d:a000:0:c00::/56 maxlen: 56
2a0d:a000:0:d00::/56 maxlen: 56
2a0d:a000:0:e00::/56 maxlen: 56
2a0d:a000:0:f00::/56 maxlen: 56
2a0d:a000:0:1000::/56 maxlen: 56
2a0d:a000:0:1100::/56 maxlen: 56
2a0d:a000:0:1200::/56 maxlen: 56
2a0d:a000:0:1300::/56 maxlen: 56
2a0d:a000:0:1400::/56 maxlen: 56
2a0d:a000:0:1500::/56 maxlen: 56
2a0d:a000:0:1600::/56 maxlen: 56
2a0d:a000:0:1700::/56 maxlen: 56
2a0d:a000:0:1800::/56 maxlen: 56
2a0d:a000:0:1900::/56 maxlen: 56
2a0d:a000:0:1a00::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.mft
rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 08:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cc:4a:e9:ae:cc:6e:72:16:99:d5:7b:58:d4:b5:1c:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Validity
Not Before: Aug 21 11:01:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e1c9d1598e60b6c7eec49cac773faf374aab394b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:c4:d9:f4:1c:9e:32:ba:d3:5c:92:66:10:36:
4f:86:fe:08:b8:3b:4e:a8:40:3c:6e:aa:21:e1:a8:
96:6e:36:9c:13:97:2f:d6:6d:fa:a8:15:0f:f7:98:
5e:3c:e9:1b:af:77:c7:08:c9:cc:c9:37:23:15:9a:
50:11:1b:d4:b7:07:f2:0f:ac:f6:fa:b8:64:63:3c:
c3:d9:c1:b7:96:3a:9f:fa:09:77:c7:3b:fe:b4:86:
73:9d:29:02:88:f6:20:2b:ee:76:d0:17:6f:ab:ab:
ad:9e:01:26:ce:c5:66:27:5b:f9:57:88:ab:16:23:
fc:53:10:f4:cc:79:bb:b5:a5:65:1e:3a:ae:96:c6:
1a:db:84:e5:87:85:bc:25:ef:a9:3c:ed:2a:ab:04:
4c:24:52:73:91:1c:46:16:cb:8c:36:04:c9:6b:56:
c2:bb:21:0e:c1:89:68:9a:60:51:b5:ac:6e:f1:4c:
0a:b3:54:2c:d5:18:fa:94:0e:dd:b6:b8:3a:f6:f4:
fc:69:da:b5:70:f0:75:cc:5a:d7:92:13:a0:59:1e:
bf:2f:7d:d7:c5:63:1a:95:25:59:8e:f9:77:b1:b9:
b7:af:a3:ef:5b:6a:e7:b3:a9:cc:1f:6f:86:ac:d8:
9e:b7:f4:b1:a2:99:e3:6e:1d:bc:91:e5:ca:c0:e8:
b0:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:C9:D1:59:8E:60:B6:C7:EE:C4:9C:AC:77:3F:AF:37:4A:AB:39:4B
X509v3 Authority Key Identifier:
keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/4cnRWY5gtsfuxJysdz-vN0qrOUs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.186.0.0/19
IPv6:
2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
90:f1:09:4f:c8:e9:e6:a0:c6:40:d4:69:92:a6:08:09:ee:11:
e6:6f:bc:65:18:86:ab:89:1b:d6:8c:af:e9:9f:da:36:6f:00:
d4:29:e8:06:12:f5:a2:86:98:60:7d:3b:f7:f5:47:e9:32:a6:
f7:ff:54:58:bf:61:8f:88:1b:fb:39:cf:5d:e6:52:84:b2:f4:
3f:a9:aa:97:85:5e:d8:b3:7b:de:1b:1e:48:13:fe:be:ee:4b:
ec:4c:7b:2e:85:83:ea:76:3e:69:b1:cf:4d:ea:48:bb:ae:f3:
42:15:7d:25:95:a7:47:8b:11:87:ca:ee:37:1e:38:f0:20:de:
d0:b5:91:58:36:10:04:50:ad:3c:38:e0:87:69:d7:fb:a5:bc:
4c:6f:bb:3b:f0:7a:bd:bc:91:bd:4e:04:c4:04:18:ce:a3:24:
8a:7b:d0:56:2a:63:3a:56:61:73:2a:b4:53:bf:bc:84:8e:34:
da:79:56:9c:e5:10:8f:65:89:80:ab:34:22:5b:e4:3d:c2:93:
bd:c4:f2:1b:0c:86:3e:82:17:cc:93:bc:bb:08:1c:9f:86:a5:
43:8b:df:84:6a:6f:92:0f:14:b8:14:88:87:fe:01:c2:82:87:
65:56:95:04:94:ad:df:f0:77:97:8b:5e:1d:cf:27:f4:ad:05:
40:a0:42:1d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZjMSumuzG5yFpnVe1jUtRyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWYyYzcxNjZiYjM0YTY5NmZkZTJmYmFjZWY0MDAxYjBh
OGU3ZTIwHhcNMjUwODIxMTEwMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWM5ZDE1OThlNjBiNmM3ZWVjNDljYWM3NzNmYWYzNzRhYWIzOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sTZ9ByeMrrTXJJmEDZPhv4IuDtO
qEA8bqoh4aiWbjacE5cv1m36qBUP95hePOkbr3fHCMnMyTcjFZpQERvUtwfyD6z2
+rhkYzzD2cG3ljqf+gl3xzv+tIZznSkCiPYgK+520Bdvq6utngEmzsVmJ1v5V4ir
FiP8UxD0zHm7taVlHjqulsYa24Tlh4W8Je+pPO0qqwRMJFJzkRxGFsuMNgTJa1bC
uyEOwYlommBRtaxu8UwKs1Qs1Rj6lA7dtrg69vT8adq1cPB1zFrXkhOgWR6/L33X
xWMalSVZjvl3sbm3r6PvW2rns6nMH2+GrNiet/Sxopnjbh28keXKwOiwgQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFOHJ0VmOYLbH7sScrHc/rzdKqzlLMB8GA1UdIwQY
MBaAFIavLHFmuzSmlv3i+6zvQAGwqOfiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEt
ZTRmNTg3MDQ4MDRlLzEvNGNuUldZNWd0c2Z1eEp5c2R6LXZOMHFyT1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEtZTRmNTg3MDQ4MDRl
LzEvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAMBAIAATAGAwQFH7oAMBwE
AgACMBYwFAMIASoNoAAAAAoDCAAqDaAAAAAaMA0GCSqGSIb3DQEBCwUAA4IBAQCQ
8QlPyOnmoMZA1GmSpggJ7hHmb7xlGIariRvWjK/pn9o2bwDUKegGEvWihphgfTv3
9UfpMqb3/1RYv2GPiBv7Oc9d5lKEsvQ/qaqXhV7Ys3veGx5IE/6+7kvsTHsuhYPq
dj5psc9N6ki7rvNCFX0lladHixGHyu43HjjwIN7QtZFYNhAEUK08OOCHadf7pbxM
b7s78Hq9vJG9TgTEBBjOoySKe9BWKmM6VmFzKrRTv7yEjjTaeVac5RCPZYmAqzQi
W+Q9wpO9xPIbDIY+ghfMk7y7CByfhqVDi9+Eam+SDxS4FIiH/gHCgodlVpUElK3f
8HeXi14dzyf0rQVAoEId
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:21:46 2025 by rpki-client