Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/KXu14c8LOhNhkdeiCluLeH8o738.roa
File: KXu14c8LOhNhkdeiCluLeH8o738.roa (raw, json)
Hash identifier: 144tYayDOtcIyd5HhvVaATEUXsIqLNra/F59LacFa+o=
Subject key identifier: 29:7B:B5:E1:CF:0B:3A:13:61:91:D7:A2:0A:5B:8B:78:7F:28:EF:7F
Certificate issuer: /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial: 019D7611EF407E0E2F04234416FCC3D2A8BE
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/KXu14c8LOhNhkdeiCluLeH8o738.roa
Signing time: Fri 10 Apr 2026 06:26:20 +0000
ROA not before: Fri 10 Apr 2026 06:26:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206977
IP address blocks: 31.170.232.0/24 maxlen: 24
31.170.233.0/24 maxlen: 24
31.170.234.0/24 maxlen: 24
31.170.235.0/24 maxlen: 24
31.170.236.0/24 maxlen: 24
31.170.237.0/24 maxlen: 24
31.170.238.0/24 maxlen: 24
31.170.239.0/24 maxlen: 24
31.171.112.0/24 maxlen: 24
31.171.113.0/24 maxlen: 24
31.171.114.0/24 maxlen: 24
31.171.115.0/24 maxlen: 24
85.132.24.0/24 maxlen: 24
85.132.26.0/24 maxlen: 24
85.132.27.0/24 maxlen: 24
85.132.58.0/24 maxlen: 24
85.132.65.0/24 maxlen: 24
85.132.66.0/24 maxlen: 24
85.132.70.0/24 maxlen: 24
85.132.121.0/24 maxlen: 24
85.132.122.0/24 maxlen: 24
94.20.63.0/24 maxlen: 24
94.20.157.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:76:11:ef:40:7e:0e:2f:04:23:44:16:fc:c3:d2:a8:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Validity
Not Before: Apr 10 06:26:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=297bb5e1cf0b3a136191d7a20a5b8b787f28ef7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:5f:53:25:b9:f3:a1:6c:c4:f6:68:f6:5b:05:
1a:5b:6b:8b:4f:3d:b3:73:50:63:d1:6f:11:30:94:
49:5d:31:83:8a:42:e6:63:04:64:d5:fb:88:73:74:
d9:ff:72:ea:02:11:f8:8b:8f:fb:61:c9:96:83:da:
0a:13:ce:13:3b:64:da:87:94:d6:e0:9d:24:b5:93:
5c:b6:2f:0f:44:76:95:49:f1:09:e1:90:a4:4d:a1:
4e:bd:1e:d2:6d:e8:ef:77:84:54:25:10:59:f2:9b:
d6:e5:6a:c9:aa:9c:37:8b:90:9b:d7:87:7d:20:7b:
48:b3:25:ac:77:d3:23:59:9e:1a:6f:43:aa:81:df:
96:d4:49:2f:6a:97:b8:dc:84:e5:24:6a:e4:8f:5a:
db:73:80:81:da:75:78:ef:c0:6d:ce:b5:d0:63:d1:
a3:e4:1e:3d:29:b4:70:f3:b6:32:df:9c:20:68:c2:
32:38:ee:e5:39:80:4e:09:83:2d:4c:b7:36:ca:e8:
5a:58:f3:06:5a:36:d3:7f:45:ed:47:5e:58:92:c1:
00:3b:a3:1d:b2:b1:63:61:5d:ac:78:ca:db:32:84:
b2:bd:10:9d:39:98:72:22:b8:6b:3b:73:ad:ef:fd:
70:91:b0:e9:6e:10:30:30:c6:dc:ab:c0:40:b9:a1:
c1:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:7B:B5:E1:CF:0B:3A:13:61:91:D7:A2:0A:5B:8B:78:7F:28:EF:7F
X509v3 Authority Key Identifier:
keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/KXu14c8LOhNhkdeiCluLeH8o738.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.232.0/21
31.171.112.0/22
85.132.24.0/24
85.132.26.0/23
85.132.58.0/24
85.132.65.0-85.132.66.255
85.132.70.0/24
85.132.121.0-85.132.122.255
94.20.63.0/24
94.20.157.0/24
Signature Algorithm: sha256WithRSAEncryption
84:dc:57:5e:20:bd:50:24:1a:70:79:d9:06:15:0c:d6:d1:cd:
fa:99:a2:ec:2e:e2:bf:6f:c6:c2:ef:1c:a6:60:c3:2f:1e:0a:
88:b4:67:08:c2:cf:94:0b:ed:eb:c8:d8:56:90:85:d6:d6:83:
88:9e:fb:99:6c:92:f0:77:17:4b:7f:69:88:74:d6:d8:10:03:
43:06:51:b2:14:79:2d:a7:52:4f:20:96:66:66:5d:c9:68:5a:
4a:39:93:1a:e6:a8:81:69:7c:6c:35:8a:d8:c0:06:f1:88:83:
15:b6:1c:6a:50:ff:bc:3a:52:17:96:8b:2c:4b:8c:ea:e0:c3:
57:c7:66:04:c9:a5:ca:69:a1:1d:b1:d1:84:80:9f:aa:16:5d:
e6:8e:e5:ca:3f:91:a0:53:44:1c:f3:97:fd:1e:1f:90:40:a9:
a7:41:00:88:e6:b4:eb:76:0f:87:a2:2e:6e:c2:fd:3b:58:90:
90:8a:fa:80:ca:cc:eb:ae:9a:eb:2a:fb:08:b2:5f:35:b3:ea:
cf:76:63:30:e1:4e:f9:9f:08:fa:84:af:e0:23:af:fc:39:d2:
2f:33:fc:26:c2:ef:3f:6e:dd:78:19:b2:eb:27:bd:a5:c7:3d:
a4:01:3c:1b:7c:58:d9:06:8b:42:ec:1d:e2:d9:4c:83:d7:9b:
c2:83:c3:f8
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZ12Ee9Afg4vBCNEFvzD0qi+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwNDEwMDYyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdiYjVlMWNmMGIzYTEzNjE5MWQ3YTIwYTViOGI3ODdmMjhlZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7F9TJbnzoWzE9mj2WwUaW2uLTz2z
c1Bj0W8RMJRJXTGDikLmYwRk1fuIc3TZ/3LqAhH4i4/7YcmWg9oKE84TO2Tah5TW
4J0ktZNcti8PRHaVSfEJ4ZCkTaFOvR7Sbejvd4RUJRBZ8pvW5WrJqpw3i5Cb14d9
IHtIsyWsd9MjWZ4ab0Oqgd+W1Ekvape43ITlJGrkj1rbc4CB2nV478BtzrXQY9Gj
5B49KbRw87Yy35wgaMIyOO7lOYBOCYMtTLc2yuhaWPMGWjbTf0XtR15YksEAO6Md
srFjYV2seMrbMoSyvRCdOZhyIrhrO3Ot7/1wkbDpbhAwMMbcq8BAuaHB7QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCl7teHPCzoTYZHXogpbi3h/KO9/MB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvS1h1MTRjOExPaE5oa2RlaUNsdUxlSDhvNzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQDH6roAwQC
H6twAwQAVYQYAwQBVYQaAwQAVYQ6MAwDBABVhEEDBABVhEIDBABVhEYwDAMEAFWE
eQMEAFWEegMEAF4UPwMEAF4UnTANBgkqhkiG9w0BAQsFAAOCAQEAhNxXXiC9UCQa
cHnZBhUM1tHN+pmi7C7iv2/Gwu8cpmDDLx4KiLRnCMLPlAvt68jYVpCF1taDiJ77
mWyS8HcXS39piHTW2BADQwZRshR5LadSTyCWZmZdyWhaSjmTGuaogWl8bDWK2MAG
8YiDFbYcalD/vDpSF5aLLEuM6uDDV8dmBMmlymmhHbHRhICfqhZd5o7lyj+RoFNE
HPOX/R4fkECpp0EAiOa063YPh6IubsL9O1iQkIr6gMrM666a6yr7CLJfNbPqz3Zj
MOFO+Z8I+oSv4COv/DnSLzP8JsLvP27deBmy6ye9pcc9pAE8G3xY2QaLQuwd4tlM
g9ebwoPD+A==
-----END CERTIFICATE-----
Generated at Fri Apr 17 22:11:23 2026 by rpki-client