Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/pBDB5dEoNoGI5z6b0bPqttsFG_4.roa
File: pBDB5dEoNoGI5z6b0bPqttsFG_4.roa (raw, json)
Hash identifier: 5Z8Z9vYKFLWRSaHZB0Lf5gl087k9mD/pQXqsfiZQPco=
Subject key identifier: A4:10:C1:E5:D1:28:36:81:88:E7:3E:9B:D1:B3:EA:B6:DB:05:1B:FE
Certificate issuer: /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial: 019769574C2EFEDE7AED519FC18E16E08A94
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/pBDB5dEoNoGI5z6b0bPqttsFG_4.roa
Signing time: Fri 13 Jun 2025 12:50:18 +0000
ROA not before: Fri 13 Jun 2025 12:50:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197720
IP address blocks: 31.186.2.0/24 maxlen: 24
31.186.3.0/24 maxlen: 24
31.186.4.0/24 maxlen: 24
31.186.5.0/24 maxlen: 24
31.186.6.0/24 maxlen: 24
31.186.7.0/24 maxlen: 24
31.186.8.0/24 maxlen: 24
31.186.9.0/24 maxlen: 24
31.186.10.0/24 maxlen: 24
31.186.11.0/24 maxlen: 24
31.186.12.0/24 maxlen: 24
31.186.13.0/24 maxlen: 24
31.186.14.0/24 maxlen: 24
31.186.15.0/24 maxlen: 24
31.186.16.0/24 maxlen: 24
31.186.17.0/24 maxlen: 24
31.186.18.0/24 maxlen: 24
31.186.19.0/24 maxlen: 24
31.186.20.0/24 maxlen: 24
31.186.21.0/24 maxlen: 24
31.186.23.0/24 maxlen: 24
31.186.24.0/24 maxlen: 24
31.186.28.0/24 maxlen: 24
31.186.29.0/24 maxlen: 24
31.186.30.0/24 maxlen: 24
31.186.31.0/24 maxlen: 24
2a0d:a000:0:a00::/56 maxlen: 56
2a0d:a000:0:b00::/56 maxlen: 56
2a0d:a000:0:c00::/56 maxlen: 56
2a0d:a000:0:d00::/56 maxlen: 56
2a0d:a000:0:e00::/56 maxlen: 56
2a0d:a000:0:f00::/56 maxlen: 56
2a0d:a000:0:1000::/56 maxlen: 56
2a0d:a000:0:1100::/56 maxlen: 56
2a0d:a000:0:1200::/56 maxlen: 56
2a0d:a000:0:1300::/56 maxlen: 56
2a0d:a000:0:1400::/56 maxlen: 56
2a0d:a000:0:1500::/56 maxlen: 56
2a0d:a000:0:1600::/56 maxlen: 56
2a0d:a000:0:1700::/56 maxlen: 56
2a0d:a000:0:1800::/56 maxlen: 56
2a0d:a000:0:1900::/56 maxlen: 56
2a0d:a000:0:1a00::/56 maxlen: 56
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.mft
rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Jun 2025 21:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:69:57:4c:2e:fe:de:7a:ed:51:9f:c1:8e:16:e0:8a:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Validity
Not Before: Jun 13 12:50:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a410c1e5d128368188e73e9bd1b3eab6db051bfe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:5d:26:d4:7f:ea:a8:a9:86:db:4c:05:57:11:
c9:3d:a7:99:fe:d8:61:cb:b3:51:cf:5a:74:5c:b4:
0b:9a:e7:e1:e3:58:21:cb:b1:b3:b9:3d:3d:b4:7f:
65:fb:58:df:80:e5:cd:6f:27:02:88:62:e5:78:f7:
87:bc:e4:cb:40:2b:d3:f6:8c:cf:6e:2e:5c:2f:7e:
e4:9e:0e:2c:70:50:2c:21:4f:0a:88:ea:b0:f6:93:
17:7d:39:23:74:3d:20:bf:49:63:ed:97:82:a9:70:
7a:c2:5b:ed:97:a9:48:93:18:be:48:7f:1f:b3:f3:
96:4d:c8:be:d2:69:77:72:12:cf:26:9f:4d:03:5b:
63:d3:6e:69:4e:85:7e:14:37:1b:74:25:11:79:6e:
46:d4:b2:9a:b9:61:c2:39:bd:aa:06:13:60:0d:7e:
49:7a:81:1e:13:ee:98:45:65:88:9f:4a:84:79:d7:
f3:65:c4:43:04:91:b2:ab:ed:5b:b7:90:0e:7b:27:
f1:0d:91:19:c6:0d:8e:02:24:27:09:4f:24:85:59:
e9:77:32:6e:21:b8:2e:f5:82:21:f8:76:b3:64:6f:
c4:08:8e:67:d3:ab:e3:cb:5d:44:fc:d4:ee:d4:3b:
8b:8b:91:54:26:a5:a5:2c:84:b7:b3:65:ea:e7:e0:
ba:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:10:C1:E5:D1:28:36:81:88:E7:3E:9B:D1:B3:EA:B6:DB:05:1B:FE
X509v3 Authority Key Identifier:
keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/pBDB5dEoNoGI5z6b0bPqttsFG_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.186.2.0-31.186.21.255
31.186.23.0-31.186.24.255
31.186.28.0/22
IPv6:
2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
47:c9:94:be:35:f2:46:d3:87:4e:3b:c9:a9:bd:76:8b:03:a8:
b8:6c:f1:a4:3a:b1:17:ed:a1:f8:de:dd:e4:3c:08:a8:e0:50:
28:c9:95:b7:40:98:9a:a4:3f:bf:0a:bb:ee:d8:72:e5:ee:0d:
bf:e2:38:20:e1:c4:3c:90:c8:ac:ed:1b:07:5d:fc:50:19:00:
27:90:9e:2f:8d:c6:34:e6:66:cb:25:53:97:17:b3:fa:e8:0d:
cf:b0:c2:bb:6c:d5:16:5d:9f:99:00:48:dd:98:37:c6:19:0f:
fb:03:93:dc:1d:3a:a3:12:05:10:58:41:a6:28:04:44:ba:d1:
7b:26:b9:a5:d9:62:54:dd:76:ac:0b:75:ab:f1:43:d2:31:3c:
ea:19:31:f0:db:94:56:71:d0:b7:b3:18:f1:44:60:7d:e1:88:
be:ce:4d:eb:2e:72:d3:a2:7d:0f:77:d1:f9:5a:9d:31:9e:48:
36:fc:96:08:a4:4c:92:fb:2a:d2:48:21:81:93:5d:ce:ca:39:
a5:42:0b:de:15:84:24:4a:72:41:da:94:12:ff:dc:a4:93:d8:
82:da:d8:36:f0:a8:b5:07:37:e1:28:97:13:23:4d:a7:01:6f:
d6:01:05:39:49:2e:98:e7:f1:bd:c6:51:5a:f7:77:c7:ae:d6:
33:0d:0c:8c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZdpV0wu/t567VGfwY4W4IqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWYyYzcxNjZiYjM0YTY5NmZkZTJmYmFjZWY0MDAxYjBh
OGU3ZTIwHhcNMjUwNjEzMTI1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDEwYzFlNWQxMjgzNjgxODhlNzNlOWJkMWIzZWFiNmRiMDUxYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol0m1H/qqKmG20wFVxHJPaeZ/thh
y7NRz1p0XLQLmufh41ghy7GzuT09tH9l+1jfgOXNbycCiGLlePeHvOTLQCvT9ozP
bi5cL37kng4scFAsIU8KiOqw9pMXfTkjdD0gv0lj7ZeCqXB6wlvtl6lIkxi+SH8f
s/OWTci+0ml3chLPJp9NA1tj025pToV+FDcbdCUReW5G1LKauWHCOb2qBhNgDX5J
eoEeE+6YRWWIn0qEedfzZcRDBJGyq+1bt5AOeyfxDZEZxg2OAiQnCU8khVnpdzJu
Ibgu9YIh+HazZG/ECI5n06vjy11E/NTu1DuLi5FUJqWlLIS3s2Xq5+C6CQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKQQweXRKDaBiOc+m9Gz6rbbBRv+MB8GA1UdIwQY
MBaAFIavLHFmuzSmlv3i+6zvQAGwqOfiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEt
ZTRmNTg3MDQ4MDRlLzEvcEJEQjVkRW9Ob0dJNXo2YjBiUHF0dHNGR180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEtZTRmNTg3MDQ4MDRl
LzEvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAoBAIAATAiMAwDBAEfugID
BAEfuhQwDAMEAB+6FwMEAB+6GAMEAh+6HDAcBAIAAjAWMBQDCAEqDaAAAAAKAwgA
Kg2gAAAAGjANBgkqhkiG9w0BAQsFAAOCAQEAR8mUvjXyRtOHTjvJqb12iwOouGzx
pDqxF+2h+N7d5DwIqOBQKMmVt0CYmqQ/vwq77thy5e4Nv+I4IOHEPJDIrO0bB138
UBkAJ5CeL43GNOZmyyVTlxez+ugNz7DCu2zVFl2fmQBI3Zg3xhkP+wOT3B06oxIF
EFhBpigERLrReya5pdliVN12rAt1q/FD0jE86hkx8NuUVnHQt7MY8URgfeGIvs5N
6y5y06J9D3fR+VqdMZ5INvyWCKRMkvsq0kghgZNdzso5pUIL3hWEJEpyQdqUEv/c
pJPYgtrYNvCotQc34SiXEyNNpwFv1gEFOUkumOfxvcZRWvd3x67WMw0MjA==
-----END CERTIFICATE-----
Generated at Tue Jun 17 04:53:27 2025 by rpki-client