Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/1h7x7glo7raaLY2_2McusPDR_aM.roa
File: 1h7x7glo7raaLY2_2McusPDR_aM.roa (raw, json)
Hash identifier: HMpq5ZxT3KuTaqPuHxdfR/p2+y/DB0HiuZsEYPl7Agw=
Subject key identifier: D6:1E:F1:EE:09:68:EE:B6:9A:2D:8D:BF:D8:C7:2E:B0:F0:D1:FD:A3
Certificate issuer: /CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
Certificate serial: 019897F7063D81715AB1A10CB130CDAF7ED6
Authority key identifier: A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/1h7x7glo7raaLY2_2McusPDR_aM.roa
Signing time: Mon 11 Aug 2025 07:10:04 +0000
ROA not before: Mon 11 Aug 2025 07:10:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197019
IP address blocks: 31.31.72.0/21 maxlen: 24
37.157.192.0/21 maxlen: 24
46.28.104.0/21 maxlen: 24
89.221.208.0/20 maxlen: 24
185.8.236.0/22 maxlen: 24
2a02:2b88::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.mft
rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 Aug 2025 01:02:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:97:f7:06:3d:81:71:5a:b1:a1:0c:b1:30:cd:af:7e:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
Validity
Not Before: Aug 11 07:10:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d61ef1ee0968eeb69a2d8dbfd8c72eb0f0d1fda3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:ee:83:5f:80:15:bd:68:be:29:c7:f8:12:71:
f6:89:c6:5a:c8:08:c8:f6:b1:e8:ab:82:cc:e2:f5:
7d:82:b2:17:81:0d:17:c9:4c:9a:b6:4a:09:0f:cf:
9e:2d:8b:9e:79:2f:26:ab:cd:c5:87:a1:1b:b4:96:
85:a0:19:0f:80:5c:12:e5:26:5c:48:d2:9d:42:b1:
b0:6a:40:20:0e:71:e3:96:e5:76:42:b4:67:6b:e2:
b9:60:c8:fe:4a:e9:95:89:e1:3d:d4:04:89:29:15:
e3:26:52:a7:a2:c6:b4:d1:2b:96:36:6c:b3:c8:ea:
e7:9a:c4:6f:64:78:a6:fe:e6:59:e6:4d:d2:4f:bd:
72:1e:24:bf:b8:37:33:ec:f7:16:e0:8c:8b:1f:a7:
af:2c:65:4c:bf:77:8c:b7:c3:12:c6:51:9d:74:10:
4c:c9:a2:dd:bd:8e:98:cd:a6:69:06:5c:01:7a:cd:
c5:bc:03:ac:95:bf:df:ae:f6:24:fa:76:f4:ab:fc:
30:57:f5:f3:0d:f4:b5:80:49:6a:96:c0:99:61:da:
fe:20:cf:08:16:10:f2:f6:56:d8:14:53:51:29:e8:
86:1d:e6:d4:ae:c3:b0:f4:ca:23:4b:62:1f:ad:58:
4e:0f:ac:72:5c:56:44:d9:49:3c:e0:c5:02:e4:b5:
50:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:1E:F1:EE:09:68:EE:B6:9A:2D:8D:BF:D8:C7:2E:B0:F0:D1:FD:A3
X509v3 Authority Key Identifier:
keyid:A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/1h7x7glo7raaLY2_2McusPDR_aM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.72.0/21
37.157.192.0/21
46.28.104.0/21
89.221.208.0/20
185.8.236.0/22
IPv6:
2a02:2b88::/32
Signature Algorithm: sha256WithRSAEncryption
19:5e:f6:a8:d3:0e:71:ef:9c:23:08:9e:87:62:b4:a9:cc:66:
8f:4d:a7:5e:3b:82:33:75:71:6c:ea:b6:d4:ad:f4:70:ba:1b:
f6:48:68:93:f9:d0:d8:63:17:9f:6f:3f:45:a0:63:4a:b7:30:
9e:17:2d:a7:41:40:0a:54:02:23:87:06:3e:18:01:bc:f8:60:
32:4f:10:dc:f9:c1:c0:d8:4c:5e:7f:f4:22:ca:a7:0c:65:1c:
58:d6:b7:d9:3d:ee:83:81:0a:f0:a9:83:6b:56:78:ea:e0:7d:
7c:3f:14:42:b2:c6:df:e3:81:ce:c2:78:7e:4c:18:37:b2:66:
99:51:6c:e6:c5:b4:59:d3:40:ff:06:c4:0c:1b:74:3d:f8:3f:
e6:08:6d:0a:75:74:ba:f0:5f:98:4a:ed:4d:a7:45:eb:df:26:
cb:a7:3a:3a:27:45:43:cd:69:07:fa:db:4a:84:5c:cb:61:1c:
82:ce:2b:07:14:04:6b:0f:a4:c1:bf:7f:a1:0f:95:20:19:21:
64:e4:3f:d8:13:1e:95:b8:28:e7:7a:1f:65:39:72:89:1e:b0:
23:62:57:b7:9f:1a:14:0f:87:cf:76:93:b8:40:9b:d4:7e:e6:
10:eb:94:2d:c0:7d:87:93:ea:7a:73:a4:9e:6e:7f:c6:0e:8c:
bb:05:f6:2b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZiX9wY9gXFasaEMsTDNr37WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjlkZjdlOThmNmYzOWZlMmJhNDAyMmRhMjc3ZDI4MTk4
MjgwMjEwHhcNMjUwODExMDcxMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjFlZjFlZTA5NjhlZWI2OWEyZDhkYmZkOGM3MmViMGYwZDFmZGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e6DX4AVvWi+Kcf4EnH2icZayAjI
9rHoq4LM4vV9grIXgQ0XyUyatkoJD8+eLYueeS8mq83Fh6EbtJaFoBkPgFwS5SZc
SNKdQrGwakAgDnHjluV2QrRna+K5YMj+SumVieE91ASJKRXjJlKnosa00SuWNmyz
yOrnmsRvZHim/uZZ5k3ST71yHiS/uDcz7PcW4IyLH6evLGVMv3eMt8MSxlGddBBM
yaLdvY6YzaZpBlwBes3FvAOslb/frvYk+nb0q/wwV/XzDfS1gElqlsCZYdr+IM8I
FhDy9lbYFFNRKeiGHebUrsOw9MojS2IfrVhOD6xyXFZE2Uk84MUC5LVQuQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFNYe8e4JaO62mi2Nv9jHLrDw0f2jMB8GA1UdIwQY
MBaAFKW5336Y9vOf4rpAItonfSgZgoAhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAt
MGFjN2I3ZWRlNDJiLzEvMWg3eDdnbG83cmFhTFkyXzJNY3VzUERSX2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAtMGFjN2I3ZWRlNDJi
LzEvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDHx9IAwQD
JZ3AAwQDLhxoAwQEWd3QAwQCuQjsMA0EAgACMAcDBQAqAiuIMA0GCSqGSIb3DQEB
CwUAA4IBAQAZXvao0w5x75wjCJ6HYrSpzGaPTadeO4IzdXFs6rbUrfRwuhv2SGiT
+dDYYxefbz9FoGNKtzCeFy2nQUAKVAIjhwY+GAG8+GAyTxDc+cHA2Exef/QiyqcM
ZRxY1rfZPe6DgQrwqYNrVnjq4H18PxRCssbf44HOwnh+TBg3smaZUWzmxbRZ00D/
BsQMG3Q9+D/mCG0KdXS68F+YSu1Np0Xr3ybLpzo6J0VDzWkH+ttKhFzLYRyCzisH
FARrD6TBv3+hD5UgGSFk5D/YEx6VuCjneh9lOXKJHrAjYle3nxoUD4fPdpO4QJvU
fuYQ65QtwH2Hk+p6c6Sebn/GDoy7BfYr
-----END CERTIFICATE-----
Generated at Sun Aug 24 10:51:47 2025 by rpki-client