Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d6do58bWzkG0O_I52hcW0x09I-I.roa
File: d6do58bWzkG0O_I52hcW0x09I-I.roa (raw, json)
Hash identifier: bbHlc41T8nrsf72AuaEOi47hZ80PFgoA5XcMlrb+JIM=
Subject key identifier: 77:A7:68:E7:C6:D6:CE:41:B4:3B:F2:39:DA:17:16:D3:1D:3D:23:E2
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019663DA918214EE890CEA651E0D836F5114
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d6do58bWzkG0O_I52hcW0x09I-I.roa
Signing time: Wed 23 Apr 2025 18:13:10 +0000
ROA not before: Wed 23 Apr 2025 18:13:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2914
IP address blocks: 31.56.154.0/24 maxlen: 24
31.56.158.0/24 maxlen: 24
31.56.159.0/24 maxlen: 24
31.56.168.0/24 maxlen: 24
31.56.169.0/24 maxlen: 24
31.56.170.0/24 maxlen: 24
31.56.171.0/24 maxlen: 24
31.56.174.0/24 maxlen: 24
31.56.175.0/24 maxlen: 24
31.57.24.0/22 maxlen: 24
31.57.28.0/22 maxlen: 24
31.57.48.0/22 maxlen: 24
31.57.52.0/22 maxlen: 24
31.57.56.0/22 maxlen: 24
31.57.60.0/22 maxlen: 24
31.58.34.0/23 maxlen: 24
31.58.196.0/22 maxlen: 24
31.58.204.0/22 maxlen: 24
31.58.212.0/22 maxlen: 24
217.60.0.0/21 maxlen: 24
217.60.0.0/24 maxlen: 24
217.60.1.0/24 maxlen: 24
217.60.2.0/24 maxlen: 24
217.60.4.0/24 maxlen: 24
217.60.5.0/24 maxlen: 24
217.60.6.0/24 maxlen: 24
217.60.8.0/21 maxlen: 24
217.60.8.0/24 maxlen: 24
217.60.10.0/24 maxlen: 24
217.60.11.0/24 maxlen: 24
217.60.12.0/24 maxlen: 24
217.60.13.0/24 maxlen: 24
217.60.14.0/24 maxlen: 24
217.60.24.0/22 maxlen: 24
217.60.32.0/21 maxlen: 24
217.60.44.0/22 maxlen: 24
217.60.56.0/21 maxlen: 24
217.60.56.0/24 maxlen: 24
217.60.57.0/24 maxlen: 24
217.60.58.0/24 maxlen: 24
217.60.59.0/24 maxlen: 24
217.60.60.0/24 maxlen: 24
217.60.61.0/24 maxlen: 24
217.60.62.0/24 maxlen: 24
217.60.63.0/24 maxlen: 24
217.60.188.0/22 maxlen: 24
217.60.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 10:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:63:da:91:82:14:ee:89:0c:ea:65:1e:0d:83:6f:51:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Apr 23 18:13:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=77a768e7c6d6ce41b43bf239da1716d31d3d23e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:c5:42:61:b3:79:b2:fa:df:ac:96:72:5e:56:
75:87:9c:eb:d7:1b:18:a5:60:29:ae:17:21:01:25:
83:7a:7a:f8:de:c2:31:90:1d:3c:23:71:c2:da:61:
bc:22:9b:5f:d2:35:19:5b:7f:96:7e:78:99:99:64:
9f:f2:9a:cf:b5:cf:ca:91:d9:7c:54:53:c7:62:84:
91:af:00:7f:e0:04:7d:0d:e9:64:fd:31:f5:51:23:
23:11:8c:dc:52:c7:92:0c:0f:4f:40:f8:4d:2f:9a:
d1:ca:ab:09:17:4c:67:f7:00:ba:bb:ec:be:8c:45:
20:a3:1b:c2:90:dc:7c:dc:65:2b:64:b2:5f:a7:40:
84:c5:4d:73:33:cd:86:5a:f1:4f:ae:a7:a6:b8:1f:
9d:9b:50:aa:48:19:d1:b3:05:74:6c:61:11:91:c0:
3c:23:f0:db:6f:3f:2a:2b:d5:00:57:34:08:9e:18:
65:6f:e1:ca:56:b7:96:33:6e:ca:31:b4:bd:ee:8c:
1d:9e:2c:8f:60:5e:c8:98:5e:a5:a0:b6:79:25:99:
cb:ae:5f:5b:1a:6c:ea:38:06:91:45:8e:64:62:ec:
33:99:52:d6:d2:2d:5c:4d:6d:e5:85:87:0f:8f:b4:
a0:d7:4a:e3:fd:b5:9d:1d:07:0c:d4:b4:94:4b:bf:
b5:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:A7:68:E7:C6:D6:CE:41:B4:3B:F2:39:DA:17:16:D3:1D:3D:23:E2
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/d6do58bWzkG0O_I52hcW0x09I-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.154.0/24
31.56.158.0/23
31.56.168.0/22
31.56.174.0/23
31.57.24.0/21
31.57.48.0/20
31.58.34.0/23
31.58.196.0/22
31.58.204.0/22
31.58.212.0/22
217.60.0.0/20
217.60.24.0/22
217.60.32.0/21
217.60.44.0/22
217.60.56.0/21
217.60.188.0-217.60.195.255
Signature Algorithm: sha256WithRSAEncryption
8d:b9:a7:b3:cf:33:4a:e5:77:b2:14:26:69:3b:53:4a:51:b6:
33:d1:13:71:59:71:ad:c0:36:6d:77:4b:7a:29:91:5f:17:fa:
c5:c9:e1:96:da:e5:31:71:f3:04:d9:34:f0:47:19:b0:30:1d:
71:04:7e:c7:02:29:5f:df:ce:9c:cb:78:43:4f:bd:90:68:8e:
d8:02:92:db:d9:0f:b9:e3:7b:f3:40:8b:99:40:25:4c:bb:c4:
25:9b:b4:36:c8:32:63:7d:2d:c9:f8:e9:ce:52:01:88:73:d3:
e6:5a:11:14:35:75:07:3c:30:d7:e8:90:77:19:aa:d9:9a:7f:
b1:6b:0a:55:05:48:57:32:73:a8:b0:cb:0c:a3:47:2a:b5:78:
99:8d:ed:6c:ad:31:cf:d6:ae:00:e8:f4:e4:d4:48:dc:13:b8:
39:fa:83:31:f6:e0:d0:a7:60:5b:24:ce:67:4b:48:85:52:b3:
23:23:dc:de:61:7e:8d:d0:43:c0:18:5b:58:a3:d1:25:a7:d2:
c1:a8:46:fd:c1:43:f4:5b:fe:48:d2:eb:02:6f:ce:5c:a8:7e:
89:bd:3f:dc:aa:fb:8c:52:a0:99:30:8c:9e:70:f7:86:b1:7b:
5f:ec:db:dc:69:3c:c8:90:0d:1c:53:9d:a2:81:d0:fb:1c:ed:
60:9a:56:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZZj2pGCFO6JDOplHg2Db1EUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDIzMTgxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2E3NjhlN2M2ZDZjZTQxYjQzYmYyMzlkYTE3MTZkMzFkM2QyM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MVCYbN5svrfrJZyXlZ1h5zr1xsY
pWAprhchASWDenr43sIxkB08I3HC2mG8Iptf0jUZW3+WfniZmWSf8prPtc/Kkdl8
VFPHYoSRrwB/4AR9Delk/TH1USMjEYzcUseSDA9PQPhNL5rRyqsJF0xn9wC6u+y+
jEUgoxvCkNx83GUrZLJfp0CExU1zM82GWvFPrqemuB+dm1CqSBnRswV0bGERkcA8
I/Dbbz8qK9UAVzQInhhlb+HKVreWM27KMbS97owdniyPYF7ImF6loLZ5JZnLrl9b
GmzqOAaRRY5kYuwzmVLW0i1cTW3lhYcPj7Sg10rj/bWdHQcM1LSUS7+1ywIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFHenaOfG1s5BtDvyOdoXFtMdPSPiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZDZkbzU4Yld6a0cwT19JNTJoY1cweDA5SS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAB84mgME
AR84ngMEAh84qAMEAR84rgMEAx85GAMEBB85MAMEAR86IgMEAh86xAMEAh86zAME
Ah861AMEBNk8AAMEAtk8GAMEA9k8IAMEAtk8LAMEA9k8ODAMAwQC2Ty8AwQC2TzA
MA0GCSqGSIb3DQEBCwUAA4IBAQCNuaezzzNK5XeyFCZpO1NKUbYz0RNxWXGtwDZt
d0t6KZFfF/rFyeGW2uUxcfME2TTwRxmwMB1xBH7HAilf386cy3hDT72QaI7YApLb
2Q+543vzQIuZQCVMu8Qlm7Q2yDJjfS3J+OnOUgGIc9PmWhEUNXUHPDDX6JB3GarZ
mn+xawpVBUhXMnOosMsMo0cqtXiZje1srTHP1q4A6PTk1EjcE7g5+oMx9uDQp2Bb
JM5nS0iFUrMjI9zeYX6N0EPAGFtYo9Elp9LBqEb9wUP0W/5I0usCb85cqH6JvT/c
qvuMUqCZMIyecPeGsXtf7NvcaTzIkA0cU52igdD7HO1gmlbb
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:53:36 2025 by rpki-client