Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D_WnhDBylJktkPyu83WrXMagTFk.roa
File: D_WnhDBylJktkPyu83WrXMagTFk.roa (raw, json)
Hash identifier: tZBVp45j2B81TA1KrUFABvv0H/lfrf3ywRKBsMgGME8=
Subject key identifier: 0F:F5:A7:84:30:72:94:99:2D:90:FC:AE:F3:75:AB:5C:C6:A0:4C:59
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019A16E256E6F2EACFE737EB2BA8553328D7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D_WnhDBylJktkPyu83WrXMagTFk.roa
Signing time: Fri 24 Oct 2025 15:42:03 +0000
ROA not before: Fri 24 Oct 2025 15:42:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 31.56.5.0/24 maxlen: 24
31.56.119.0/24 maxlen: 24
31.56.128.0/24 maxlen: 24
31.56.129.0/24 maxlen: 24
31.56.130.0/24 maxlen: 24
31.56.131.0/24 maxlen: 24
31.56.132.0/24 maxlen: 24
31.56.133.0/24 maxlen: 24
31.56.134.0/24 maxlen: 24
31.56.135.0/24 maxlen: 24
31.56.136.0/24 maxlen: 24
31.56.137.0/24 maxlen: 24
31.56.207.0/24 maxlen: 24
31.56.246.0/24 maxlen: 24
31.56.247.0/24 maxlen: 24
31.56.248.0/24 maxlen: 24
31.56.249.0/24 maxlen: 24
31.56.250.0/24 maxlen: 24
31.56.251.0/24 maxlen: 24
31.56.252.0/24 maxlen: 24
31.56.253.0/24 maxlen: 24
31.56.254.0/24 maxlen: 24
31.56.255.0/24 maxlen: 24
31.57.41.0/24 maxlen: 24
31.57.42.0/24 maxlen: 24
31.57.82.0/24 maxlen: 24
31.58.96.0/22 maxlen: 24
31.58.116.0/22 maxlen: 24
31.59.0.0/24 maxlen: 24
31.59.1.0/24 maxlen: 24
31.59.2.0/24 maxlen: 24
31.59.3.0/24 maxlen: 24
31.59.4.0/24 maxlen: 24
31.59.5.0/24 maxlen: 24
31.59.6.0/24 maxlen: 24
31.59.7.0/24 maxlen: 24
31.59.8.0/24 maxlen: 24
31.59.9.0/24 maxlen: 24
31.59.52.0/22 maxlen: 24
31.59.246.0/24 maxlen: 24
31.59.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:16:e2:56:e6:f2:ea:cf:e7:37:eb:2b:a8:55:33:28:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Oct 24 15:42:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ff5a784307294992d90fcaef375ab5cc6a04c59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:39:6a:3e:6a:71:36:16:a1:45:4c:c9:94:e9:
e1:4c:c2:bd:30:6d:9d:a2:cb:54:73:e2:6b:ef:c0:
37:5f:ae:07:97:a8:30:50:c3:72:46:2b:aa:8e:51:
84:00:b3:77:d0:c7:1b:b3:c7:47:59:25:bc:7d:43:
7c:a0:81:d8:80:f5:90:8d:0e:39:e5:e7:c5:87:3c:
fd:70:f1:d0:2e:da:92:ff:70:c8:43:bc:cd:e2:61:
f0:fd:b4:b2:07:4d:88:1e:0d:9d:36:d6:b0:3d:03:
61:6d:c2:3f:a9:b6:64:cc:c3:02:c6:6d:e3:20:50:
73:72:26:ab:67:6e:13:78:3b:57:b4:6a:b8:b5:94:
68:59:35:a7:ec:9b:db:84:3b:ba:de:c0:d9:33:94:
a9:a1:18:e9:31:e6:6f:f7:70:bf:4d:af:9f:2f:af:
fd:92:bd:5e:35:5e:10:f7:c0:fa:b5:01:32:0a:f6:
c1:f2:ad:0d:2e:07:fa:53:75:ab:31:8b:b7:77:4e:
f9:bc:d4:ff:51:e3:a6:4d:ad:5e:e1:cd:99:d3:f7:
e9:16:b1:fd:69:01:ee:1f:a1:60:13:a0:b8:1e:cc:
76:93:af:6b:bd:18:a4:1e:41:cb:3d:8e:c9:10:ec:
ff:c8:36:87:8a:de:1b:55:58:aa:c1:18:55:e3:76:
aa:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:F5:A7:84:30:72:94:99:2D:90:FC:AE:F3:75:AB:5C:C6:A0:4C:59
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/D_WnhDBylJktkPyu83WrXMagTFk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.5.0/24
31.56.119.0/24
31.56.128.0-31.56.137.255
31.56.207.0/24
31.56.246.0-31.56.255.255
31.57.41.0-31.57.42.255
31.57.82.0/24
31.58.96.0/22
31.58.116.0/22
31.59.0.0-31.59.9.255
31.59.52.0/22
31.59.246.0/23
Signature Algorithm: sha256WithRSAEncryption
2f:82:96:02:ee:e2:f1:31:00:34:1c:1a:4e:f2:75:66:5d:22:
c1:f5:40:35:e1:6e:7a:be:6d:0c:eb:70:a6:4a:56:d6:94:2b:
66:84:90:31:13:b4:59:77:0f:65:44:80:48:15:e2:3c:40:00:
f4:ff:ff:a0:10:46:f9:13:d3:10:0c:8e:0c:e4:c9:27:94:76:
e9:a4:6c:2f:28:90:aa:8e:55:56:fa:6b:6e:75:c6:57:cd:6b:
8f:a3:b7:87:51:0c:73:c8:f8:2d:99:a4:6e:48:b2:f2:6f:59:
8f:5a:85:21:d5:d2:97:f9:30:dd:66:6a:6d:56:13:5d:ce:5f:
2c:8d:bd:49:81:e1:38:94:9a:84:22:df:a3:c7:3f:e7:67:5a:
3d:be:29:1f:53:0d:5d:53:b2:85:87:fe:3c:74:1a:44:b6:f4:
a1:99:6f:05:44:d0:8f:07:f3:f7:12:41:e4:67:13:92:7f:30:
32:eb:60:a9:6c:a2:12:57:03:84:ea:76:a9:5a:76:07:e8:53:
ef:60:ae:6e:52:fc:49:a9:61:e1:b7:1c:70:fe:46:70:48:50:
7c:c8:3c:92:fa:42:15:f2:73:a0:d2:70:51:35:2f:c6:09:fb:
d2:1c:d2:7d:f8:c1:19:91:28:f3:59:e8:af:c0:39:16:03:62:
47:93:f7:02
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZoW4lbm8urP5zfrK6hVMyjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDI0MTU0MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY1YTc4NDMwNzI5NDk5MmQ5MGZjYWVmMzc1YWI1Y2M2YTA0YzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzlqPmpxNhahRUzJlOnhTMK9MG2d
ostUc+Jr78A3X64Hl6gwUMNyRiuqjlGEALN30Mcbs8dHWSW8fUN8oIHYgPWQjQ45
5efFhzz9cPHQLtqS/3DIQ7zN4mHw/bSyB02IHg2dNtawPQNhbcI/qbZkzMMCxm3j
IFBzciarZ24TeDtXtGq4tZRoWTWn7JvbhDu63sDZM5SpoRjpMeZv93C/Ta+fL6/9
kr1eNV4Q98D6tQEyCvbB8q0NLgf6U3WrMYu3d075vNT/UeOmTa1e4c2Z0/fpFrH9
aQHuH6FgE6C4Hsx2k69rvRikHkHLPY7JEOz/yDaHit4bVViqwRhV43aqDwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFA/1p4QwcpSZLZD8rvN1q1zGoExZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRF9XbmhEQnlsSmt0a1B5dTgzV3JYTWFnVEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAHzgFAwQA
Hzh3MAwDBAcfOIADBAEfOIgDBAAfOM8wCwMEAR849gMDAB84MAwDBAAfOSkDBAAf
OSoDBAAfOVIDBAIfOmADBAIfOnQwCwMDAB87AwQBHzsIAwQCHzs0AwQBHzv2MA0G
CSqGSIb3DQEBCwUAA4IBAQAvgpYC7uLxMQA0HBpO8nVmXSLB9UA14W56vm0M63Cm
SlbWlCtmhJAxE7RZdw9lRIBIFeI8QAD0//+gEEb5E9MQDI4M5MknlHbppGwvKJCq
jlVW+mtudcZXzWuPo7eHUQxzyPgtmaRuSLLyb1mPWoUh1dKX+TDdZmptVhNdzl8s
jb1JgeE4lJqEIt+jxz/nZ1o9vikfUw1dU7KFh/48dBpEtvShmW8FRNCPB/P3EkHk
ZxOSfzAy62CpbKISVwOE6napWnYH6FPvYK5uUvxJqWHhtxxw/kZwSFB8yDyS+kIV
8nOg0nBRNS/GCfvSHNJ9+MEZkSjzWeivwDkWA2JHk/cC
-----END CERTIFICATE-----
Generated at Wed Nov 5 15:27:24 2025 by rpki-client