Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/N2KDrXsXfLoSK2ut42Tlf6Gqknk.roa
File: N2KDrXsXfLoSK2ut42Tlf6Gqknk.roa (raw, json)
Hash identifier: o+7zLi+nAqreLIrK7jetd34lwzrF5To+yT8AikGoh0g=
Subject key identifier: 37:62:83:AD:7B:17:7C:BA:12:2B:6B:AD:E3:64:E5:7F:A1:AA:92:79
Certificate issuer: /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial: 01976958359FB593F63E92C8A76D9FF0888C
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/N2KDrXsXfLoSK2ut42Tlf6Gqknk.roa
Signing time: Fri 13 Jun 2025 12:51:18 +0000
ROA not before: Fri 13 Jun 2025 12:51:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15924
IP address blocks: 31.186.2.0/24 maxlen: 24
31.186.3.0/24 maxlen: 24
31.186.4.0/24 maxlen: 24
31.186.5.0/24 maxlen: 24
31.186.7.0/24 maxlen: 24
31.186.8.0/24 maxlen: 24
31.186.9.0/24 maxlen: 24
31.186.10.0/24 maxlen: 24
31.186.11.0/24 maxlen: 24
31.186.12.0/24 maxlen: 24
31.186.13.0/24 maxlen: 24
31.186.14.0/24 maxlen: 24
31.186.15.0/24 maxlen: 24
31.186.16.0/24 maxlen: 24
31.186.17.0/24 maxlen: 24
31.186.18.0/24 maxlen: 24
31.186.19.0/24 maxlen: 24
31.186.20.0/24 maxlen: 24
31.186.24.0/24 maxlen: 24
31.186.28.0/24 maxlen: 24
31.186.30.0/24 maxlen: 24
31.186.31.0/24 maxlen: 24
2a0d:a000:0:a00::/56 maxlen: 56
2a0d:a000:0:b00::/56 maxlen: 56
2a0d:a000:0:c00::/56 maxlen: 56
2a0d:a000:0:d00::/56 maxlen: 56
2a0d:a000:0:e00::/56 maxlen: 56
2a0d:a000:0:f00::/56 maxlen: 56
2a0d:a000:0:1000::/56 maxlen: 56
2a0d:a000:0:1100::/56 maxlen: 56
2a0d:a000:0:1200::/56 maxlen: 56
2a0d:a000:0:1300::/56 maxlen: 56
2a0d:a000:0:1400::/56 maxlen: 56
2a0d:a000:0:1500::/56 maxlen: 56
2a0d:a000:0:1600::/56 maxlen: 56
2a0d:a000:0:1700::/56 maxlen: 56
2a0d:a000:0:1800::/56 maxlen: 56
2a0d:a000:0:1900::/56 maxlen: 56
2a0d:a000:0:1a00::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.mft
rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 19 Jun 2025 18:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:69:58:35:9f:b5:93:f6:3e:92:c8:a7:6d:9f:f0:88:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Validity
Not Before: Jun 13 12:51:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=376283ad7b177cba122b6bade364e57fa1aa9279
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:fe:bb:d5:35:3d:bb:ca:81:71:54:5c:f6:3b:
18:dd:90:51:4f:13:ea:89:62:fa:8a:60:f6:e6:86:
13:9e:00:0d:4c:2d:4b:c0:df:10:5f:29:1c:eb:ef:
9b:de:30:12:32:87:b8:a5:c3:34:37:ac:e8:70:ce:
08:eb:fa:2f:33:e0:c2:52:83:c4:49:90:9e:b7:04:
e1:12:ff:ba:30:a1:dd:d9:33:a6:a2:1e:a5:ed:7e:
f5:97:6c:fe:b1:c2:57:44:80:9c:b3:39:e7:34:eb:
1b:f9:7c:e3:96:9f:a3:df:0d:d1:ba:f1:ec:78:a2:
a3:10:17:40:fb:03:59:bf:c4:3e:2d:c5:58:77:6c:
49:16:52:85:d2:54:36:38:8d:42:82:4e:8c:2d:d1:
2e:9e:59:b6:9b:70:24:b9:43:5a:fa:a8:73:52:a8:
35:c3:53:8f:db:7a:c1:c0:ea:ab:ac:72:2f:d2:d5:
19:ce:f0:22:76:0a:db:3b:1f:48:df:d9:e9:ee:ca:
96:6a:97:2a:bf:34:dc:2e:8c:a6:9f:b2:42:87:a8:
c9:c5:ca:41:40:29:45:b4:dd:98:10:43:30:e4:52:
bc:e5:5f:e1:66:f3:46:df:b4:eb:d8:35:6a:72:5f:
6d:72:38:c3:73:e5:23:1f:b0:f9:a9:9f:1b:b6:db:
a7:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:62:83:AD:7B:17:7C:BA:12:2B:6B:AD:E3:64:E5:7F:A1:AA:92:79
X509v3 Authority Key Identifier:
keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/N2KDrXsXfLoSK2ut42Tlf6Gqknk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.186.2.0-31.186.5.255
31.186.7.0-31.186.20.255
31.186.24.0/24
31.186.28.0/24
31.186.30.0/23
IPv6:
2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
a8:d4:28:41:05:87:87:8e:ef:86:fe:c2:84:2d:83:27:bf:0a:
bd:38:92:7c:c4:da:12:f7:41:d0:e0:1b:49:0b:ef:e0:67:0b:
d0:5f:d8:46:2d:ae:53:d2:a4:8f:87:b8:40:25:0a:9c:79:6c:
d1:87:43:9d:82:52:2e:49:32:ac:69:aa:45:03:48:6d:5c:65:
b3:b6:e2:d5:ff:38:30:e6:46:5b:8e:b5:68:da:1e:38:1a:a9:
95:01:fe:f9:cc:07:b7:5a:c1:9c:eb:0b:cc:87:af:d7:8b:93:
ae:11:41:d2:cd:0b:02:88:94:ce:23:64:66:ed:94:05:9d:42:
7f:0b:4e:ef:67:12:a7:21:19:32:7d:f2:10:ed:8d:7a:93:80:
ff:7b:0c:72:95:af:db:9c:b8:04:3a:5e:51:23:b4:89:23:90:
a4:a1:6b:70:3f:7e:d3:08:ac:43:46:b0:aa:b2:e4:10:12:65:
26:2d:64:fb:26:8b:4a:c3:10:45:ef:f2:b5:7b:b1:60:de:41:
08:67:85:20:83:25:3f:ab:23:09:8f:cd:ea:90:02:72:4c:16:
99:7a:90:85:d4:98:26:1e:4b:ad:bd:d1:af:44:e4:a6:69:40:
e7:82:6e:c8:64:37:64:ce:07:80:0f:33:7d:a9:0b:73:fc:79:
7c:c6:de:48
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZdpWDWftZP2PpLIp22f8IiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWYyYzcxNjZiYjM0YTY5NmZkZTJmYmFjZWY0MDAxYjBh
OGU3ZTIwHhcNMjUwNjEzMTI1MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzYyODNhZDdiMTc3Y2JhMTIyYjZiYWRlMzY0ZTU3ZmExYWE5Mjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjv671TU9u8qBcVRc9jsY3ZBRTxPq
iWL6imD25oYTngANTC1LwN8QXykc6++b3jASMoe4pcM0N6zocM4I6/ovM+DCUoPE
SZCetwThEv+6MKHd2TOmoh6l7X71l2z+scJXRICcsznnNOsb+Xzjlp+j3w3RuvHs
eKKjEBdA+wNZv8Q+LcVYd2xJFlKF0lQ2OI1Cgk6MLdEunlm2m3AkuUNa+qhzUqg1
w1OP23rBwOqrrHIv0tUZzvAidgrbOx9I39np7sqWapcqvzTcLoymn7JCh6jJxcpB
QClFtN2YEEMw5FK85V/hZvNG37Tr2DVqcl9tcjjDc+UjH7D5qZ8bttunSwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFDdig617F3y6EitrreNk5X+hqpJ5MB8GA1UdIwQY
MBaAFIavLHFmuzSmlv3i+6zvQAGwqOfiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEt
ZTRmNTg3MDQ4MDRlLzEvTjJLRHJYc1hmTG9TSzJ1dDQyVGxmNkdxa25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEtZTRmNTg3MDQ4MDRl
LzEvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA0BAIAATAuMAwDBAEfugID
BAEfugQwDAMEAB+6BwMEAB+6FAMEAB+6GAMEAB+6HAMEAR+6HjAcBAIAAjAWMBQD
CAEqDaAAAAAKAwgAKg2gAAAAGjANBgkqhkiG9w0BAQsFAAOCAQEAqNQoQQWHh47v
hv7ChC2DJ78KvTiSfMTaEvdB0OAbSQvv4GcL0F/YRi2uU9Kkj4e4QCUKnHls0YdD
nYJSLkkyrGmqRQNIbVxls7bi1f84MOZGW461aNoeOBqplQH++cwHt1rBnOsLzIev
14uTrhFB0s0LAoiUziNkZu2UBZ1CfwtO72cSpyEZMn3yEO2NepOA/3sMcpWv25y4
BDpeUSO0iSOQpKFrcD9+0wisQ0awqrLkEBJlJi1k+yaLSsMQRe/ytXuxYN5BCGeF
IIMlP6sjCY/N6pACckwWmXqQhdSYJh5Lrb3Rr0TkpmlA54JuyGQ3ZM4HgA8zfakL
c/x5fMbeSA==
-----END CERTIFICATE-----
Generated at Thu Jun 19 05:58:02 2025 by rpki-client