Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/MDHeH3mF6BzD5foF9EEN13E4pk0.roa
File: MDHeH3mF6BzD5foF9EEN13E4pk0.roa (raw, json)
Hash identifier: CTN9QNIPQVl7OqBKDk6FewL6nuwFmnyy5yposQbSW0E=
Subject key identifier: 30:31:DE:1F:79:85:E8:1C:C3:E5:FA:05:F4:41:0D:D7:71:38:A6:4D
Certificate issuer: /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial: 0197638C23604F467FD4CF33A69D49DC0DF7
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/MDHeH3mF6BzD5foF9EEN13E4pk0.roa
Signing time: Thu 12 Jun 2025 09:50:17 +0000
ROA not before: Thu 12 Jun 2025 09:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9121
IP address blocks: 31.169.64.0/24 maxlen: 24
31.169.65.0/24 maxlen: 24
31.169.66.0/24 maxlen: 24
31.169.67.0/24 maxlen: 24
31.169.69.0/24 maxlen: 24
31.169.70.0/24 maxlen: 24
31.169.71.0/24 maxlen: 24
31.169.72.0/24 maxlen: 24
31.169.77.0/24 maxlen: 24
31.169.78.0/24 maxlen: 24
31.169.79.0/24 maxlen: 24
31.169.81.0/24 maxlen: 24
31.169.82.0/24 maxlen: 24
31.169.84.0/24 maxlen: 24
31.169.85.0/24 maxlen: 24
31.169.87.0/24 maxlen: 24
31.169.88.0/24 maxlen: 24
31.169.92.0/24 maxlen: 24
31.169.93.0/24 maxlen: 24
31.169.94.0/24 maxlen: 24
185.33.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:63:8c:23:60:4f:46:7f:d4:cf:33:a6:9d:49:dc:0d:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Validity
Not Before: Jun 12 09:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3031de1f7985e81cc3e5fa05f4410dd77138a64d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:42:5d:fd:7b:a1:10:75:14:7a:37:40:9f:49:
87:cb:2a:1b:d4:88:d6:78:b8:6c:82:85:06:81:4d:
46:89:f1:b2:d4:01:9f:3c:21:3a:30:74:66:46:a9:
b3:6d:48:db:d4:47:b7:71:ef:12:9b:a1:22:a7:76:
29:ee:5b:6e:01:3f:2c:f8:13:65:95:3f:17:4e:ee:
d9:46:34:34:b0:47:9e:d9:e5:00:89:02:7d:61:b0:
a5:38:d0:87:60:18:05:67:82:bd:c4:b6:63:d1:8d:
1d:46:99:2f:f3:76:73:10:16:03:2f:92:18:99:96:
99:95:9e:51:97:56:d0:33:9e:de:46:f1:db:bb:63:
e7:89:b9:68:14:da:bb:c9:70:e1:be:93:8a:28:0e:
d8:31:a6:79:5d:bb:d4:8f:7a:03:16:44:7e:e0:cb:
4d:dc:32:91:2e:a7:34:a9:b9:e9:f6:34:b4:a4:12:
4b:e6:4d:f3:7f:fc:ad:77:77:16:51:6e:c4:b0:37:
da:8d:11:43:1a:62:a7:22:5e:6a:28:2b:8b:cc:de:
db:dd:fc:5b:9e:ab:46:00:41:ad:86:17:81:00:c1:
1e:6d:2c:2e:98:d0:64:c0:d5:d3:d5:57:38:fa:cd:
10:2b:1f:ed:34:6c:1f:ab:86:5e:77:d1:74:25:84:
85:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:31:DE:1F:79:85:E8:1C:C3:E5:FA:05:F4:41:0D:D7:71:38:A6:4D
X509v3 Authority Key Identifier:
keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/MDHeH3mF6BzD5foF9EEN13E4pk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.169.64.0/22
31.169.69.0-31.169.72.255
31.169.77.0-31.169.79.255
31.169.81.0-31.169.82.255
31.169.84.0/23
31.169.87.0-31.169.88.255
31.169.92.0-31.169.94.255
185.33.63.0/24
Signature Algorithm: sha256WithRSAEncryption
65:e0:1c:17:6f:98:12:3c:56:df:83:a1:bd:12:05:bf:1c:9a:
51:cf:a4:83:53:0a:f7:f4:66:40:ac:41:84:2e:9a:c8:0b:34:
e0:04:0c:54:5a:b9:76:4c:00:42:36:50:5f:47:9f:e5:57:1b:
38:3c:10:13:b8:dc:90:3b:df:7e:9f:f4:1d:5c:bd:96:dc:4e:
d0:35:f0:e5:ca:87:a3:49:5e:fb:38:59:f9:41:39:72:cd:8b:
06:d6:e1:c5:f3:73:f1:9a:68:14:4b:b5:25:c8:ba:29:e3:e4:
1f:11:58:62:08:9d:0e:2f:1b:70:e4:87:84:1c:df:8a:c0:01:
f9:ef:78:2d:11:10:fd:08:7a:18:1f:52:3a:03:3e:16:a9:12:
2b:16:73:31:b3:5e:61:8a:76:a4:06:60:27:85:44:d3:51:75:
77:97:3c:fd:55:2c:b2:e3:79:69:ed:45:98:e8:7c:9f:28:99:
81:46:ad:aa:5f:3b:f3:32:e7:fd:1c:4d:ab:4d:e5:8d:eb:67:
f0:ea:89:24:2b:96:d1:eb:26:27:7e:f3:ae:96:2a:e0:c6:70:
a0:74:d0:0c:bf:f2:52:d1:2e:7e:17:cf:c4:23:91:2c:ed:b1:
e7:46:60:b6:3a:3d:c2:46:bb:fb:19:62:0f:05:63:ae:f5:f0:
dd:18:f0:8d
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZdjjCNgT0Z/1M8zpp1J3A33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjUwNjEyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMxZGUxZjc5ODVlODFjYzNlNWZhMDVmNDQxMGRkNzcxMzhhNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEJd/XuhEHUUejdAn0mHyyob1IjW
eLhsgoUGgU1GifGy1AGfPCE6MHRmRqmzbUjb1Ee3ce8Sm6Eip3Yp7ltuAT8s+BNl
lT8XTu7ZRjQ0sEee2eUAiQJ9YbClONCHYBgFZ4K9xLZj0Y0dRpkv83ZzEBYDL5IY
mZaZlZ5Rl1bQM57eRvHbu2PnibloFNq7yXDhvpOKKA7YMaZ5XbvUj3oDFkR+4MtN
3DKRLqc0qbnp9jS0pBJL5k3zf/ytd3cWUW7EsDfajRFDGmKnIl5qKCuLzN7b3fxb
nqtGAEGthheBAMEebSwumNBkwNXT1Vc4+s0QKx/tNGwfq4Zed9F0JYSFBwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFDAx3h95hegcw+X6BfRBDddxOKZNMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvTURIZUgzbUY2QnpENWZvRjlFRU4xM0U0cGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEBB+pQDAMAwQAH6lRAwQAH6lSAwQBH6lUMAwD
BAAfqVcDBAAfqVgwDAMEAh+pXAMEAB+pXgMEALkhPzANBgkqhkiG9w0BAQsFAAOC
AQEAZeAcF2+YEjxW34OhvRIFvxyaUc+kg1MK9/RmQKxBhC6ayAs04AQMVFq5dkwA
QjZQX0ef5VcbODwQE7jckDvffp/0HVy9ltxO0DXw5cqHo0le+zhZ+UE5cs2LBtbh
xfNz8ZpoFEu1Jci6KePkHxFYYgidDi8bcOSHhBzfisAB+e94LREQ/Qh6GB9SOgM+
FqkSKxZzMbNeYYp2pAZgJ4VE01F1d5c8/VUssuN5ae1FmOh8nyiZgUatql878zLn
/RxNq03ljetn8OqJJCuW0esmJ37zrpYq4MZwoHTQDL/yUtEufhfPxCORLO2x50Zg
tjo9wka7+xliDwVjrvXw3RjwjQ==
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:36:27 2025 by rpki-client