Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/xQ5C-mq8-mHSyfrn5JtEpDjdplw.roa
File: xQ5C-mq8-mHSyfrn5JtEpDjdplw.roa (raw, json)
Hash identifier: wJd8QphcgtBxMu9MMqDp1Ofvwa30TStFcRoo1rd2+MA=
Subject key identifier: C5:0E:42:FA:6A:BC:FA:61:D2:C9:FA:E7:E4:9B:44:A4:38:DD:A6:5C
Certificate issuer: /CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Certificate serial: 0198080604440CAB724E831020C3E8A7AF76
Authority key identifier: 96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/xQ5C-mq8-mHSyfrn5JtEpDjdplw.roa
Signing time: Mon 14 Jul 2025 08:21:08 +0000
ROA not before: Mon 14 Jul 2025 08:21:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58256
IP address blocks: 37.143.144.0/24 maxlen: 24
37.143.145.0/24 maxlen: 24
37.143.146.0/24 maxlen: 24
37.143.147.0/24 maxlen: 24
37.143.148.0/24 maxlen: 24
37.143.149.0/24 maxlen: 24
37.143.150.0/24 maxlen: 24
37.143.151.0/24 maxlen: 24
91.108.128.0/24 maxlen: 24
91.108.129.0/24 maxlen: 24
91.108.130.0/24 maxlen: 24
91.108.131.0/24 maxlen: 24
91.108.132.0/24 maxlen: 24
91.108.133.0/24 maxlen: 24
91.108.134.0/24 maxlen: 24
91.108.135.0/24 maxlen: 24
91.108.136.0/24 maxlen: 24
91.108.137.0/24 maxlen: 24
91.108.138.0/24 maxlen: 24
91.108.139.0/24 maxlen: 24
91.108.144.0/24 maxlen: 24
91.108.146.0/24 maxlen: 24
91.108.147.0/24 maxlen: 24
91.108.148.0/24 maxlen: 24
91.108.149.0/24 maxlen: 24
91.108.150.0/24 maxlen: 24
91.108.151.0/24 maxlen: 24
91.108.152.0/24 maxlen: 24
91.108.153.0/24 maxlen: 24
91.108.154.0/24 maxlen: 24
91.108.155.0/24 maxlen: 24
91.108.156.0/24 maxlen: 24
91.108.157.0/24 maxlen: 24
91.108.158.0/24 maxlen: 24
91.108.159.0/24 maxlen: 24
185.42.212.0/22 maxlen: 22
185.42.212.0/24 maxlen: 24
185.42.213.0/24 maxlen: 24
185.42.214.0/24 maxlen: 24
185.42.215.0/24 maxlen: 24
185.83.28.0/24 maxlen: 24
185.83.29.0/24 maxlen: 24
185.83.30.0/24 maxlen: 24
185.83.31.0/24 maxlen: 24
185.83.184.0/22 maxlen: 22
185.83.184.0/24 maxlen: 24
185.83.185.0/24 maxlen: 24
185.83.186.0/24 maxlen: 24
185.83.187.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl
rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.mft
rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 24 Jul 2025 08:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:08:06:04:44:0c:ab:72:4e:83:10:20:c3:e8:a7:af:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Validity
Not Before: Jul 14 08:21:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c50e42fa6abcfa61d2c9fae7e49b44a438dda65c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:68:dc:95:f7:16:cd:29:7a:ed:87:dc:9a:bf:
b6:b3:b7:bd:c5:04:ae:5a:f3:91:b7:ed:07:c2:ed:
8d:3e:19:46:f0:a6:ce:3b:8a:d3:54:d1:eb:15:4f:
80:20:ee:ee:ee:12:c2:d4:68:17:ad:77:e8:41:20:
7c:fb:32:45:6a:77:0e:bb:95:0c:85:15:39:44:0f:
3c:6b:20:d0:bb:81:2f:ed:51:59:4d:68:37:5b:80:
69:9f:3d:31:fb:fc:e2:bc:10:01:13:a6:3d:a7:e7:
ff:c7:dd:31:e3:df:db:f8:07:78:1d:2b:89:e1:b8:
e6:d6:11:48:33:89:22:d8:3d:1a:c1:13:28:e1:15:
9b:c2:25:53:da:08:d4:d0:b9:95:63:ec:2f:8b:f1:
4d:2e:f0:99:57:7b:29:8f:aa:d7:5f:38:ea:f7:17:
6a:9b:d6:a9:da:1a:31:47:f2:94:d1:55:53:ec:7f:
d7:fd:e3:8b:e3:18:d0:cc:e2:b4:cd:5f:ff:c2:60:
af:29:79:33:93:71:8e:20:53:7b:72:76:07:31:8b:
47:4e:11:84:d2:2a:63:ba:af:78:06:2b:52:e8:0e:
d5:33:38:d2:6d:fb:75:fd:ae:0a:eb:08:39:49:00:
0b:7b:8f:56:88:4e:c4:80:2b:66:25:12:52:48:4c:
44:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:0E:42:FA:6A:BC:FA:61:D2:C9:FA:E7:E4:9B:44:A4:38:DD:A6:5C
X509v3 Authority Key Identifier:
keyid:96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/xQ5C-mq8-mHSyfrn5JtEpDjdplw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.144.0/21
91.108.128.0-91.108.139.255
91.108.144.0/24
91.108.146.0-91.108.159.255
185.42.212.0/22
185.83.28.0/22
185.83.184.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:89:4d:89:08:07:fa:94:e4:f9:58:1b:e5:cd:46:75:ce:da:
29:5d:3b:82:80:64:15:d6:e5:f5:06:44:12:3e:7d:dc:d7:bd:
39:0b:8e:62:71:ca:9a:47:fe:89:ea:e4:13:64:27:ff:4a:c0:
69:57:9c:02:e2:9e:c4:d8:ff:d3:40:cd:6f:85:42:2f:a0:49:
1f:4d:91:ce:df:d6:a5:92:95:07:bf:af:dd:f2:f2:99:21:c6:
6c:46:a9:cf:fb:6d:d0:bd:43:33:42:23:0b:51:54:41:ab:94:
80:d5:92:b3:d0:bd:93:80:bc:55:36:58:ce:0c:12:53:37:41:
4c:37:8b:54:30:a4:73:07:7a:a4:60:6e:86:0f:9d:77:de:fb:
1f:50:fd:7d:22:64:fb:36:65:0c:4b:4a:54:c7:ec:96:f4:09:
f7:9a:2e:eb:b9:7d:12:3e:f8:e2:ff:07:dc:7b:34:5f:3b:bf:
9e:20:92:67:8a:15:cb:3c:4f:4e:40:36:29:0c:f6:90:fa:07:
bd:e7:06:90:5c:e7:87:31:43:d0:35:64:88:9c:aa:89:5b:c1:
a4:df:d3:28:2e:4d:a2:7d:2b:84:8c:1d:92:c4:2c:00:e8:bb:
6a:ea:c4:ec:45:03:3c:46:c0:43:68:c8:28:46:f5:cf:2f:7c:
e5:df:ab:92
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZgIBgREDKtyToMQIMPop692MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2Y2JjZjJlOTU3Y2E4ZDk0MjQ3MmE3YjAwNDQyODViMjZk
YjZiMjIwHhcNMjUwNzE0MDgyMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTBlNDJmYTZhYmNmYTYxZDJjOWZhZTdlNDliNDRhNDM4ZGRhNjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2jclfcWzSl67Yfcmr+2s7e9xQSu
WvORt+0Hwu2NPhlG8KbOO4rTVNHrFU+AIO7u7hLC1GgXrXfoQSB8+zJFancOu5UM
hRU5RA88ayDQu4Ev7VFZTWg3W4Bpnz0x+/zivBABE6Y9p+f/x90x49/b+Ad4HSuJ
4bjm1hFIM4ki2D0awRMo4RWbwiVT2gjU0LmVY+wvi/FNLvCZV3spj6rXXzjq9xdq
m9ap2hoxR/KU0VVT7H/X/eOL4xjQzOK0zV//wmCvKXkzk3GOIFN7cnYHMYtHThGE
0ipjuq94BitS6A7VMzjSbft1/a4K6wg5SQALe49WiE7EgCtmJRJSSExEPwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFMUOQvpqvPph0sn65+SbRKQ43aZcMB8GA1UdIwQY
MBaAFJbLzy6VfKjZQkcqewBEKFsm22siMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEt
MTNiNDMxMzQyYWI4LzEveFE1Qy1tcTgtbUhTeWZybjVKdEVwRGpkcGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEtMTNiNDMxMzQyYWI4
LzEvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQDJY+QMAwD
BAdbbIADBAJbbIgDBABbbJAwDAMEAVtskgMEBVtsgAMEArkq1AMEArlTHAMEArlT
uDANBgkqhkiG9w0BAQsFAAOCAQEAqIlNiQgH+pTk+Vgb5c1Gdc7aKV07goBkFdbl
9QZEEj593Ne9OQuOYnHKmkf+ierkE2Qn/0rAaVecAuKexNj/00DNb4VCL6BJH02R
zt/WpZKVB7+v3fLymSHGbEapz/tt0L1DM0IjC1FUQauUgNWSs9C9k4C8VTZYzgwS
UzdBTDeLVDCkcwd6pGBuhg+dd977H1D9fSJk+zZlDEtKVMfslvQJ95ou67l9Ej74
4v8H3Hs0Xzu/niCSZ4oVyzxPTkA2KQz2kPoHvecGkFznhzFD0DVkiJyqiVvBpN/T
KC5Non0rhIwdksQsAOi7aurE7EUDPEbAQ2jIKEb1zy985d+rkg==
-----END CERTIFICATE-----
Generated at Wed Jul 23 17:10:48 2025 by rpki-client