Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/ffxK3GkpNW8wkZEgnYxd12s8K8E.roa
File: ffxK3GkpNW8wkZEgnYxd12s8K8E.roa (raw, json)
Hash identifier: VIFwdob4pd2o19jdwVjcclB+0/v0jmHAs4YczElhm4w=
Subject key identifier: 7D:FC:4A:DC:69:29:35:6F:30:91:91:20:9D:8C:5D:D7:6B:3C:2B:C1
Certificate issuer: /CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
Certificate serial: 019CA8C3C729B07C3573C267B1FE53CA2562
Authority key identifier: 6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/ffxK3GkpNW8wkZEgnYxd12s8K8E.roa
Signing time: Sun 01 Mar 2026 09:38:48 +0000
ROA not before: Sun 01 Mar 2026 09:38:48 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43256
IP address blocks: 31.209.128.0/24 maxlen: 24
31.209.129.0/24 maxlen: 24
31.209.130.0/24 maxlen: 24
31.209.131.0/24 maxlen: 24
31.209.133.0/24 maxlen: 24
31.209.134.0/24 maxlen: 24
31.209.135.0/24 maxlen: 24
217.171.88.0/24 maxlen: 24
217.171.89.0/24 maxlen: 24
217.171.90.0/24 maxlen: 24
217.171.91.0/24 maxlen: 24
217.171.92.0/24 maxlen: 24
217.171.93.0/24 maxlen: 24
217.171.94.0/24 maxlen: 24
217.171.95.0/24 maxlen: 24
2a03:31c0::/40 maxlen: 40
2a03:31c0:100::/40 maxlen: 40
2a03:31c0:200::/40 maxlen: 40
2a03:31c0:300::/40 maxlen: 40
2a03:31c0:400::/40 maxlen: 40
2a03:31c0:500::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.mft
rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 12:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a8:c3:c7:29:b0:7c:35:73:c2:67:b1:fe:53:ca:25:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6dfc1438ee0815a9bf8b73f9a7ced094f21ac79e
Validity
Not Before: Mar 1 09:38:48 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7dfc4adc6929356f309191209d8c5dd76b3c2bc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:f5:a0:9b:1d:01:c7:4d:8a:db:73:86:f2:2e:
7d:f9:83:d8:e0:d1:26:ab:64:5c:87:34:6a:52:82:
7d:50:a7:7c:09:62:59:ff:eb:c3:3b:28:96:5e:41:
62:f4:bb:7e:3a:f5:1c:e1:6b:cb:1f:f8:76:8f:42:
28:45:23:f7:7a:26:4b:06:fc:13:1e:5e:8d:10:73:
77:b4:80:9e:a7:90:1e:02:19:eb:7c:f3:06:d9:d6:
fa:80:10:42:6b:54:b6:2b:38:2e:31:b6:3c:b7:94:
36:48:38:52:0f:f3:f9:8f:14:1e:94:7a:17:e7:e6:
90:c7:25:13:33:a1:7d:8f:bd:cf:b2:48:ae:90:5e:
b8:f6:61:fe:ef:d0:da:af:11:29:ea:57:43:29:e6:
ca:45:85:1e:fe:d3:61:47:85:61:f0:03:37:de:db:
e8:7a:a8:1d:18:d0:96:48:3b:0e:3e:46:35:36:3d:
c5:fb:11:01:a2:21:bb:d2:2d:7d:aa:3f:59:11:2b:
f2:3c:f4:c2:37:86:d7:ad:1a:be:32:53:2e:1d:50:
72:ba:e2:d7:2d:9c:f8:fb:d6:07:c8:92:32:f4:26:
5c:05:ab:9f:c8:fa:8d:fa:c9:bd:ad:d3:f5:f1:36:
ab:99:b3:a6:f4:d9:a5:b8:e8:b3:3c:39:60:0f:95:
fc:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:FC:4A:DC:69:29:35:6F:30:91:91:20:9D:8C:5D:D7:6B:3C:2B:C1
X509v3 Authority Key Identifier:
keyid:6D:FC:14:38:EE:08:15:A9:BF:8B:73:F9:A7:CE:D0:94:F2:1A:C7:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfwUOO4IFam_i3P5p87QlPIax54.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/ffxK3GkpNW8wkZEgnYxd12s8K8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2f98cb-6d94-48a1-8dba-d646767c5f13/1/bfwUOO4IFam_i3P5p87QlPIax54.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.209.128.0/22
31.209.133.0-31.209.135.255
217.171.88.0/21
IPv6:
2a03:31c0::-2a03:31c0:5ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8b:7c:ce:df:49:e6:5a:9d:46:4a:46:23:13:af:e1:20:bf:85:
a9:5e:ae:1c:89:8a:41:32:bf:fd:d3:25:05:67:af:f6:53:f1:
75:a1:0b:df:25:c3:0d:ae:6f:03:fa:60:18:79:be:d0:07:aa:
15:4b:fd:68:bc:cb:49:6a:92:68:d6:4c:69:bc:20:9d:ba:56:
ca:95:2d:ca:89:b6:e1:c8:11:db:0b:7f:42:de:1e:eb:ca:03:
1d:df:2d:f0:16:60:42:27:52:20:94:6c:e8:44:38:9c:6a:01:
e6:99:d8:c4:aa:db:af:be:9e:e7:8b:90:d8:03:97:72:19:76:
0e:4a:58:9d:76:fd:c3:90:ba:f2:de:ed:7c:e3:5e:bb:ef:8d:
bc:d9:10:d5:1c:b9:20:de:0a:2f:91:db:4b:34:da:80:32:4b:
27:c5:05:d3:a8:3c:4f:35:0c:11:11:3c:55:a2:70:0e:b1:96:
ef:a5:14:58:5e:ca:30:63:bb:c4:2b:89:ad:55:a4:29:17:05:
5e:cb:0d:fe:18:21:a3:bf:d6:ab:02:81:df:9d:a9:18:b2:73:
f5:f8:b0:7f:55:3a:9c:44:76:7f:82:23:2c:86:4f:f9:0c:f7:
50:84:37:8c:a6:7a:1b:b5:01:7d:22:b4:eb:39:ac:06:bb:54:
57:37:5a:94
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZyow8cpsHw1c8Jnsf5TyiViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZmMxNDM4ZWUwODE1YTliZjhiNzNmOWE3Y2VkMDk0ZjIx
YWM3OWUwHhcNMjYwMzAxMDkzODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGZjNGFkYzY5MjkzNTZmMzA5MTkxMjA5ZDhjNWRkNzZiM2MyYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PWgmx0Bx02K23OG8i59+YPY4NEm
q2RchzRqUoJ9UKd8CWJZ/+vDOyiWXkFi9Lt+OvUc4WvLH/h2j0IoRSP3eiZLBvwT
Hl6NEHN3tICep5AeAhnrfPMG2db6gBBCa1S2KzguMbY8t5Q2SDhSD/P5jxQelHoX
5+aQxyUTM6F9j73PskiukF649mH+79DarxEp6ldDKebKRYUe/tNhR4Vh8AM33tvo
eqgdGNCWSDsOPkY1Nj3F+xEBoiG70i19qj9ZESvyPPTCN4bXrRq+MlMuHVByuuLX
LZz4+9YHyJIy9CZcBaufyPqN+sm9rdP18TarmbOm9NmluOizPDlgD5X8QwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFH38StxpKTVvMJGRIJ2MXddrPCvBMB8GA1UdIwQY
MBaAFG38FDjuCBWpv4tz+afO0JTyGseeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEt
ZDY0Njc2N2M1ZjEzLzEvZmZ4SzNHa3BOVzh3a1pFZ25ZeGQxMnM4SzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yZjk4Y2ItNmQ5NC00OGExLThkYmEtZDY0Njc2N2M1ZjEz
LzEvYmZ3VU9PNElGYW1faTNQNXA4N1FsUElheDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAgBAIAATAaAwQCH9GAMAwD
BAAf0YUDBAMf0YADBAPZq1gwFwQCAAIwETAPAwUGKgMxwAMGASoDMcAEMA0GCSqG
SIb3DQEBCwUAA4IBAQCLfM7fSeZanUZKRiMTr+Egv4WpXq4ciYpBMr/90yUFZ6/2
U/F1oQvfJcMNrm8D+mAYeb7QB6oVS/1ovMtJapJo1kxpvCCdulbKlS3KibbhyBHb
C39C3h7rygMd3y3wFmBCJ1IglGzoRDicagHmmdjEqtuvvp7ni5DYA5dyGXYOSlid
dv3DkLry3u18416774282RDVHLkg3govkdtLNNqAMksnxQXTqDxPNQwRETxVonAO
sZbvpRRYXsowY7vEK4mtVaQpFwVeyw3+GCGjv9arAoHfnakYsnP1+LB/VTqcRHZ/
giMshk/5DPdQhDeMpnobtQF9IrTrOawGu1RXN1qU
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:58:57 2026 by rpki-client