Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/CtcGrjprY92ynub5uVjfYjoVoQE.roa
File: CtcGrjprY92ynub5uVjfYjoVoQE.roa (raw, json)
Hash identifier: 7WR2arN6K4NgLaBcrUnNbllaflz0OooqzR4Ho5GGi+o=
Subject key identifier: 0A:D7:06:AE:3A:6B:63:DD:B2:9E:E6:F9:B9:58:DF:62:3A:15:A1:01
Certificate issuer: /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial: 019777B98A95645AC17384048F70897168BE
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/CtcGrjprY92ynub5uVjfYjoVoQE.roa
Signing time: Mon 16 Jun 2025 07:52:17 +0000
ROA not before: Mon 16 Jun 2025 07:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31216
IP address blocks: 31.217.128.0/19 maxlen: 24
46.18.168.0/21 maxlen: 24
83.243.16.0/21 maxlen: 24
89.30.0.0/17 maxlen: 24
89.30.58.0/24 maxlen: 24
89.30.68.0/22 maxlen: 24
91.196.184.0/22 maxlen: 24
185.55.16.0/22 maxlen: 24
185.143.244.0/22 maxlen: 22
194.126.217.0/24 maxlen: 24
2a01:8200::/32 maxlen: 64
2a02:27f0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 14:25:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:77:b9:8a:95:64:5a:c1:73:84:04:8f:70:89:71:68:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Validity
Not Before: Jun 16 07:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ad706ae3a6b63ddb29ee6f9b958df623a15a101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1b:1d:88:2c:d6:11:ce:42:f0:8b:60:dc:1c:
69:0b:6f:ed:31:69:45:01:59:bb:c2:e1:7c:4a:fe:
cf:e4:60:ba:75:b8:60:d0:5f:94:19:cc:49:3f:e2:
96:16:2f:89:fc:6e:4c:66:b9:e1:28:71:55:01:e5:
bd:fc:b1:d9:96:cb:be:81:f1:78:fa:f3:79:53:e1:
36:30:0b:90:4f:cb:73:11:08:aa:11:b2:4c:59:a9:
c0:d7:7e:1c:d8:b0:23:9c:0e:61:3d:64:66:b2:02:
6f:3b:f9:d6:0c:25:b0:98:27:d2:3e:63:2b:6e:f5:
38:ca:25:2e:f1:8e:48:f3:a7:7f:80:76:98:20:8c:
b4:6b:47:a1:da:37:54:61:eb:07:35:cc:15:f6:ab:
0c:d6:f2:49:fe:fb:4c:df:b0:2f:0b:d0:13:02:d7:
52:52:e6:8b:a5:f7:df:e6:6d:28:4c:53:ec:66:70:
99:f4:76:eb:a1:46:bd:9c:f0:a4:6b:86:c1:c6:d5:
25:b4:c5:8c:83:ff:8d:0b:ab:8b:fe:01:a5:cb:ae:
97:60:86:62:68:14:bd:fe:24:aa:ab:85:1a:e1:e6:
64:a6:fd:de:08:6a:56:86:2d:5c:71:38:9b:9e:8e:
98:32:21:1f:15:f0:92:88:e6:a1:e2:ed:49:78:8b:
44:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:D7:06:AE:3A:6B:63:DD:B2:9E:E6:F9:B9:58:DF:62:3A:15:A1:01
X509v3 Authority Key Identifier:
keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/CtcGrjprY92ynub5uVjfYjoVoQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.128.0/19
46.18.168.0/21
83.243.16.0/21
89.30.0.0/17
91.196.184.0/22
185.55.16.0/22
185.143.244.0/22
194.126.217.0/24
IPv6:
2a01:8200::/32
2a02:27f0::/32
Signature Algorithm: sha256WithRSAEncryption
8b:87:9d:7b:70:3d:d5:09:81:ce:35:cd:05:1a:8e:50:93:68:
cf:25:60:86:22:c2:83:c0:54:74:a4:27:bf:e3:41:a0:e7:18:
50:c7:b9:b3:b5:46:18:9e:d9:90:0c:62:27:ee:16:10:cc:db:
da:83:09:74:c6:37:36:ea:e7:6c:d0:8e:c4:81:32:fe:f4:74:
c1:35:35:06:3e:08:67:5b:b5:ae:1c:1b:18:f8:fb:dc:37:2f:
ee:7c:75:2a:de:f1:5f:54:9a:ab:ca:f8:4b:da:b6:2c:57:bf:
ac:69:6b:fe:e0:61:95:6e:db:97:7d:57:69:d3:7a:2f:0c:23:
97:fe:f8:56:68:4e:c1:cb:7a:b4:2b:c9:06:36:65:b4:19:36:
37:60:7e:ff:e8:63:da:65:b5:65:e5:a5:12:32:52:e3:ec:24:
61:c7:98:1a:72:74:5e:28:e1:48:67:0b:2a:8e:74:4a:fb:cb:
6f:4c:cd:86:a6:84:d5:8d:bd:6e:f2:84:59:aa:7b:f6:05:a1:
3d:ac:e2:30:39:b8:fd:88:3b:67:90:87:d7:f4:99:cb:d7:19:
11:0d:8b:9a:9d:21:09:04:af:37:9d:9e:1f:c1:a2:d7:32:28:
cc:57:50:d0:a9:b9:01:cf:ce:f5:26:1d:f1:f9:e5:99:fb:8b:
6e:b3:94:e1
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZd3uYqVZFrBc4QEj3CJcWi+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjUwNjE2MDc1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ3MDZhZTNhNmI2M2RkYjI5ZWU2ZjliOTU4ZGY2MjNhMTVhMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRsdiCzWEc5C8Itg3BxpC2/tMWlF
AVm7wuF8Sv7P5GC6dbhg0F+UGcxJP+KWFi+J/G5MZrnhKHFVAeW9/LHZlsu+gfF4
+vN5U+E2MAuQT8tzEQiqEbJMWanA134c2LAjnA5hPWRmsgJvO/nWDCWwmCfSPmMr
bvU4yiUu8Y5I86d/gHaYIIy0a0eh2jdUYesHNcwV9qsM1vJJ/vtM37AvC9ATAtdS
UuaLpfff5m0oTFPsZnCZ9HbroUa9nPCka4bBxtUltMWMg/+NC6uL/gGly66XYIZi
aBS9/iSqq4Ua4eZkpv3eCGpWhi1ccTibno6YMiEfFfCSiOah4u1JeItEgQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFArXBq46a2Pdsp7m+blY32I6FaEBMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvQ3RjR3JqcHJZOTJ5bnViNXVWamZZam9Wb1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQFH9mAAwQD
LhKoAwQDU/MQAwQHWR4AAwQCW8S4AwQCuTcQAwQCuY/0AwQAwn7ZMBQEAgACMA4D
BQAqAYIAAwUAKgIn8DANBgkqhkiG9w0BAQsFAAOCAQEAi4ede3A91QmBzjXNBRqO
UJNozyVghiLCg8BUdKQnv+NBoOcYUMe5s7VGGJ7ZkAxiJ+4WEMzb2oMJdMY3Nurn
bNCOxIEy/vR0wTU1Bj4IZ1u1rhwbGPj73Dcv7nx1Kt7xX1Saq8r4S9q2LFe/rGlr
/uBhlW7bl31XadN6Lwwjl/74VmhOwct6tCvJBjZltBk2N2B+/+hj2mW1ZeWlEjJS
4+wkYceYGnJ0XijhSGcLKo50SvvLb0zNhqaE1Y29bvKEWap79gWhPaziMDm4/Yg7
Z5CH1/SZy9cZEQ2Lmp0hCQSvN52eH8Gi1zIozFdQ0Km5Ac/O9SYd8fnlmfuLbrOU
4Q==
-----END CERTIFICATE-----
Generated at Mon Jun 16 21:42:13 2025 by rpki-client