Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IQu686nWkOodD4elmPtMrhv6dro.roa
File: IQu686nWkOodD4elmPtMrhv6dro.roa (raw, json)
Hash identifier: rqv7aXYklOzPH0Lhr09BqIatTnYxBJHeMlSQZQObldI=
Subject key identifier: 21:0B:BA:F3:A9:D6:90:EA:1D:0F:87:A5:98:FB:4C:AE:1B:FA:76:BA
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019CAAB2C428C437B300B5762706CE9EC90F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IQu686nWkOodD4elmPtMrhv6dro.roa
Signing time: Sun 01 Mar 2026 18:39:28 +0000
ROA not before: Sun 01 Mar 2026 18:39:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 133296
IP address blocks: 31.57.68.0/22 maxlen: 24
31.58.0.0/24 maxlen: 24
31.58.1.0/24 maxlen: 24
31.58.2.0/24 maxlen: 24
31.58.3.0/24 maxlen: 24
31.58.4.0/24 maxlen: 24
31.58.5.0/24 maxlen: 24
31.58.6.0/24 maxlen: 24
31.58.7.0/24 maxlen: 24
31.58.8.0/24 maxlen: 24
31.58.80.0/22 maxlen: 24
31.58.104.0/22 maxlen: 24
31.58.112.0/22 maxlen: 24
31.58.120.0/22 maxlen: 24
31.59.48.0/22 maxlen: 24
31.59.60.0/22 maxlen: 24
31.59.248.0/24 maxlen: 24
31.59.249.0/24 maxlen: 24
31.59.250.0/24 maxlen: 24
31.59.251.0/24 maxlen: 24
31.59.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:aa:b2:c4:28:c4:37:b3:00:b5:76:27:06:ce:9e:c9:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Mar 1 18:39:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=210bbaf3a9d690ea1d0f87a598fb4cae1bfa76ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:1f:e4:ac:5a:2d:b1:70:cc:7f:be:dc:83:b9:
9b:c7:02:a4:6e:e1:05:6e:62:81:db:d2:12:65:05:
91:6e:75:2a:5c:00:0e:24:e1:59:a3:b4:f3:e7:7a:
d6:fe:bc:68:42:99:09:af:fa:10:ff:dd:53:ba:50:
d5:e5:eb:51:9b:8d:a7:41:63:e3:50:96:02:22:fd:
c0:58:6c:1a:d1:28:da:55:f4:d0:3e:c7:5d:3d:a9:
97:e7:c2:33:dd:cd:1c:e8:d0:bd:81:c1:e5:b5:29:
91:9c:29:41:33:36:99:72:ce:63:ab:19:ca:88:0e:
c3:f3:b8:69:94:33:4d:86:8b:57:99:b0:df:4a:7f:
be:f2:4e:3a:ad:da:0c:23:6f:39:d1:05:60:ac:4c:
e8:fb:db:73:24:49:49:bb:09:e4:c0:fd:db:b3:fc:
a0:87:f0:1d:5b:e6:41:0e:38:09:37:21:8d:cc:b8:
50:bd:af:4d:1d:ad:78:d4:b9:8b:14:e4:21:5b:e8:
0e:30:6a:e6:8e:66:24:96:a6:d1:4c:d6:6c:55:86:
38:35:e3:ae:39:b8:04:b2:7b:9f:c8:fb:be:06:48:
03:65:e6:95:37:bd:18:ba:06:96:13:48:20:45:25:
54:1e:ad:db:fd:38:a6:d8:4c:0f:5e:2e:fe:d7:a7:
8b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:0B:BA:F3:A9:D6:90:EA:1D:0F:87:A5:98:FB:4C:AE:1B:FA:76:BA
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IQu686nWkOodD4elmPtMrhv6dro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.57.68.0/22
31.58.0.0-31.58.8.255
31.58.80.0/22
31.58.104.0/22
31.58.112.0/22
31.58.120.0/22
31.59.48.0/22
31.59.60.0/22
31.59.248.0-31.59.252.255
Signature Algorithm: sha256WithRSAEncryption
6e:70:f2:f0:7f:87:0f:95:54:07:29:f0:c7:a7:49:67:2b:a3:
c6:45:15:9d:cb:7b:47:3b:eb:06:e1:af:f1:c1:ca:4e:90:8d:
21:cd:84:01:32:d2:3c:19:f7:bf:e1:d9:0b:f0:b2:4e:af:23:
2d:09:4a:97:01:e5:cd:fb:c2:52:b5:e5:38:a3:61:f1:31:94:
d8:1e:f3:14:db:f6:20:ef:6e:a8:c2:d9:a0:9f:57:7e:04:17:
31:d3:08:20:d9:fd:ef:e4:fc:10:70:07:18:4c:ed:f4:01:07:
e9:c5:2c:af:ea:bb:19:0e:1e:84:3f:e1:91:31:15:2a:c0:e0:
03:81:02:50:bc:56:74:8d:a7:a3:53:ca:7d:d8:87:fa:0a:cc:
0f:02:82:f8:cb:47:93:54:57:d8:1e:78:38:61:f0:92:48:72:
f0:61:fb:4b:74:e2:b8:38:a2:d6:40:ef:83:33:37:a1:96:c8:
a8:2a:e6:6f:60:af:5c:da:df:27:6b:d6:4f:1d:44:aa:67:a4:
4b:a3:b1:d3:08:2e:8e:84:3e:9d:32:5e:f3:12:12:e5:08:a4:
a9:70:5a:13:99:6d:fd:c7:96:4c:e5:f0:45:11:a0:d7:d2:50:
15:44:a8:bb:6f:70:72:0f:65:8a:0a:03:67:b2:4f:e9:1e:db:
4d:aa:12:cb
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZyqssQoxDezALV2JwbOnskPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzAxMTgzOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBiYmFmM2E5ZDY5MGVhMWQwZjg3YTU5OGZiNGNhZTFiZmE3NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR/krFotsXDMf77cg7mbxwKkbuEF
bmKB29ISZQWRbnUqXAAOJOFZo7Tz53rW/rxoQpkJr/oQ/91TulDV5etRm42nQWPj
UJYCIv3AWGwa0SjaVfTQPsddPamX58Iz3c0c6NC9gcHltSmRnClBMzaZcs5jqxnK
iA7D87hplDNNhotXmbDfSn++8k46rdoMI2850QVgrEzo+9tzJElJuwnkwP3bs/yg
h/AdW+ZBDjgJNyGNzLhQva9NHa141LmLFOQhW+gOMGrmjmYklqbRTNZsVYY4NeOu
ObgEsnufyPu+BkgDZeaVN70YugaWE0ggRSVUHq3b/Tim2EwPXi7+16eLpQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCELuvOp1pDqHQ+HpZj7TK4b+na6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSVF1Njg2bldrT29kRDRlbG1QdE1yaHY2ZHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFAwQCHzlEMAsD
AwEfOgMEAB86CAMEAh86UAMEAh86aAMEAh86cAMEAh86eAMEAh87MAMEAh87PDAM
AwQDHzv4AwQAHzv8MA0GCSqGSIb3DQEBCwUAA4IBAQBucPLwf4cPlVQHKfDHp0ln
K6PGRRWdy3tHO+sG4a/xwcpOkI0hzYQBMtI8Gfe/4dkL8LJOryMtCUqXAeXN+8JS
teU4o2HxMZTYHvMU2/Yg726owtmgn1d+BBcx0wgg2f3v5PwQcAcYTO30AQfpxSyv
6rsZDh6EP+GRMRUqwOADgQJQvFZ0jaejU8p92If6CswPAoL4y0eTVFfYHng4YfCS
SHLwYftLdOK4OKLWQO+DMzehlsioKuZvYK9c2t8na9ZPHUSqZ6RLo7HTCC6OhD6d
Ml7zEhLlCKSpcFoTmW39x5ZM5fBFEaDX0lAVRKi7b3ByD2WKCgNnsk/pHttNqhLL
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:59:54 2026 by rpki-client