Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1amZnk3rrIihDY9aBAHuwjDkYzY.roa
File: 1amZnk3rrIihDY9aBAHuwjDkYzY.roa (raw, json)
Hash identifier: NQShytN769YGun5KCTqK/83QXlCXAImZM6fjfBaDdtM=
Subject key identifier: D5:A9:99:9E:4D:EB:AC:88:A1:0D:8F:5A:04:01:EE:C2:30:E4:63:36
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019A3F3A6775CE489FD52F137CB78327EBFB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1amZnk3rrIihDY9aBAHuwjDkYzY.roa
Signing time: Sat 01 Nov 2025 11:43:03 +0000
ROA not before: Sat 01 Nov 2025 11:43:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2914
IP address blocks: 31.56.154.0/24 maxlen: 24
31.56.158.0/24 maxlen: 24
31.56.159.0/24 maxlen: 24
31.56.168.0/24 maxlen: 24
31.56.169.0/24 maxlen: 24
31.56.170.0/24 maxlen: 24
31.56.171.0/24 maxlen: 24
31.56.174.0/24 maxlen: 24
31.56.175.0/24 maxlen: 24
31.58.34.0/23 maxlen: 24
217.60.188.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 15:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3f:3a:67:75:ce:48:9f:d5:2f:13:7c:b7:83:27:eb:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Nov 1 11:43:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d5a9999e4debac88a10d8f5a0401eec230e46336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:26:1e:95:43:1c:2a:04:54:31:34:5d:59:d4:
58:69:d3:90:f1:cb:e7:28:f5:cc:5c:64:fc:8b:4c:
21:da:09:59:5b:4a:37:ae:94:e1:d9:8d:cb:73:3f:
3b:4a:04:b1:42:09:df:8e:93:fe:0d:ea:fd:df:ce:
82:54:82:a4:22:61:a5:8b:b4:36:17:f5:b3:d4:dc:
9d:48:dc:0f:55:19:8c:06:42:63:32:ee:29:fa:f5:
71:35:86:3b:3a:96:78:b9:d8:02:fa:1b:2f:47:93:
53:6d:09:91:09:04:23:c3:34:87:08:10:81:cf:d8:
d6:62:01:dc:e8:9c:d0:56:9d:fc:cd:8c:32:1b:87:
00:f0:38:2e:7a:eb:45:f7:d0:40:36:3d:05:5a:9b:
22:d4:ae:b9:a9:4e:75:eb:b2:da:f6:e1:cd:28:ac:
f6:9b:5a:b2:68:3c:aa:59:ad:2d:4d:58:4b:26:8e:
e1:47:cb:98:fe:d7:b5:c5:b7:76:4e:3b:80:f1:ef:
e2:eb:36:2e:c0:13:d8:92:b1:88:f7:f5:4d:02:6a:
18:99:c6:bb:bc:b2:73:d6:a8:ca:eb:b6:5d:02:2c:
d8:a4:dd:c4:fe:dc:26:fb:99:a1:13:49:e3:72:59:
f2:17:25:bf:b8:a5:7d:3f:13:1d:06:86:7e:94:a3:
1c:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:A9:99:9E:4D:EB:AC:88:A1:0D:8F:5A:04:01:EE:C2:30:E4:63:36
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1amZnk3rrIihDY9aBAHuwjDkYzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.154.0/24
31.56.158.0/23
31.56.168.0/22
31.56.174.0/23
31.58.34.0/23
217.60.188.0/22
Signature Algorithm: sha256WithRSAEncryption
84:11:7b:6c:1d:c7:9c:23:2d:49:ee:04:e7:9c:23:b6:d9:ca:
8d:b1:dd:41:8d:e1:ef:8b:c5:99:6b:7e:bb:1a:ea:f2:b8:0a:
d1:a0:cf:36:46:d1:11:52:a6:2d:ed:ef:51:e1:6d:cf:56:ab:
75:3c:4f:6c:83:06:fa:a8:49:ce:f1:a1:9b:c9:db:d0:bd:cd:
60:c9:df:4e:da:1e:6a:c2:b6:3b:5e:84:92:37:46:2e:c9:18:
cd:9e:d7:4c:70:e7:1a:ba:2c:8d:c4:16:c3:f5:e5:7a:34:02:
82:db:7d:61:9d:69:d8:8a:1e:a6:2e:e3:65:24:ca:9e:a3:3e:
50:b0:c7:fb:cf:e5:a0:9b:d9:0c:df:40:6e:6f:f0:b9:98:81:
70:ea:76:22:01:db:fa:ab:3d:ed:d0:6f:3d:83:6d:25:5d:93:
62:6e:67:71:29:df:40:2f:04:17:de:0f:d6:72:bf:9b:8a:2a:
63:83:47:b6:0f:70:d8:cf:dc:89:08:fe:fe:b7:1c:c7:66:f5:
e5:2c:73:01:b8:ad:c0:79:5c:74:9a:d1:03:78:4f:09:6d:dc:
72:1f:a4:69:a8:80:cd:e8:cc:66:e3:9e:9c:3e:fb:69:64:67:
5d:a8:85:17:68:35:f6:cd:97:33:36:47:b3:9f:f2:2e:30:0f:
90:fa:ea:9f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZo/Omd1zkif1S8TfLeDJ+v7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTAxMTE0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE5OTk5ZTRkZWJhYzg4YTEwZDhmNWEwNDAxZWVjMjMwZTQ2MzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSYelUMcKgRUMTRdWdRYadOQ8cvn
KPXMXGT8i0wh2glZW0o3rpTh2Y3Lcz87SgSxQgnfjpP+Der9386CVIKkImGli7Q2
F/Wz1NydSNwPVRmMBkJjMu4p+vVxNYY7OpZ4udgC+hsvR5NTbQmRCQQjwzSHCBCB
z9jWYgHc6JzQVp38zYwyG4cA8DgueutF99BANj0FWpsi1K65qU5167La9uHNKKz2
m1qyaDyqWa0tTVhLJo7hR8uY/te1xbd2TjuA8e/i6zYuwBPYkrGI9/VNAmoYmca7
vLJz1qjK67ZdAizYpN3E/twm+5mhE0njclnyFyW/uKV9PxMdBoZ+lKMcvwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNWpmZ5N66yIoQ2PWgQB7sIw5GM2MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMWFtWm5rM3JySWloRFk5YUJBSHV3akRrWXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAHziaAwQB
HzieAwQCHzioAwQBHziuAwQBHzoiAwQC2Ty8MA0GCSqGSIb3DQEBCwUAA4IBAQCE
EXtsHcecIy1J7gTnnCO22cqNsd1BjeHvi8WZa367GuryuArRoM82RtERUqYt7e9R
4W3PVqt1PE9sgwb6qEnO8aGbydvQvc1gyd9O2h5qwrY7XoSSN0YuyRjNntdMcOca
uiyNxBbD9eV6NAKC231hnWnYih6mLuNlJMqeoz5QsMf7z+Wgm9kM30Bub/C5mIFw
6nYiAdv6qz3t0G89g20lXZNibmdxKd9ALwQX3g/Wcr+biipjg0e2D3DYz9yJCP7+
txzHZvXlLHMBuK3AeVx0mtEDeE8JbdxyH6RpqIDN6Mxm456cPvtpZGddqIUXaDX2
zZczNkezn/IuMA+Q+uqf
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:46:42 2025 by rpki-client