Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/NupZTHI0zu0d-fBVNaAL5lDWUDc.roa
File: NupZTHI0zu0d-fBVNaAL5lDWUDc.roa (raw, json)
Hash identifier: J/vo+zeN65pNJkR5UO47NyTz/xCwh91b8lTf48fFLIw=
Subject key identifier: 36:EA:59:4C:72:34:CE:ED:1D:F9:F0:55:35:A0:0B:E6:50:D6:50:37
Certificate issuer: /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial: 019DB47EAC39415098A3678CBA32FA230F71
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/NupZTHI0zu0d-fBVNaAL5lDWUDc.roa
Signing time: Wed 22 Apr 2026 09:21:33 +0000
ROA not before: Wed 22 Apr 2026 09:21:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34984
IP address blocks: 131.222.194.0/24 maxlen: 24
131.222.200.0/24 maxlen: 24
131.222.203.0/24 maxlen: 24
131.222.204.0/24 maxlen: 24
131.222.205.0/24 maxlen: 24
131.222.206.0/24 maxlen: 24
131.222.207.0/24 maxlen: 24
131.222.222.0/24 maxlen: 24
131.222.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 05:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b4:7e:ac:39:41:50:98:a3:67:8c:ba:32:fa:23:0f:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Validity
Not Before: Apr 22 09:21:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=36ea594c7234ceed1df9f05535a00be650d65037
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d6:96:c2:62:15:97:37:41:59:d0:5d:f6:34:
06:49:e1:a4:f6:1b:1e:05:0c:c7:66:2e:14:e8:31:
db:82:8e:ff:83:1a:6c:e9:77:97:e0:0f:f8:e2:de:
dd:4d:44:4e:1b:65:fb:ff:e4:3f:93:4a:34:00:23:
3e:34:12:81:4c:c0:5a:b3:13:0a:f8:b9:ea:4d:fb:
f3:56:bb:17:9c:8b:75:6e:43:91:e9:87:b6:7b:64:
c5:5d:5e:6f:99:66:8d:c1:d6:c7:8a:ac:73:ca:b2:
1d:94:04:53:fd:69:d0:2e:41:56:ac:9c:2b:0c:a4:
ab:23:6f:be:3b:62:be:ee:0b:7f:c5:f1:40:bf:a2:
a4:83:71:5a:6f:6e:24:13:c6:f2:00:c3:25:18:ca:
bc:00:6c:a0:04:7d:77:21:1d:ab:cf:6a:39:30:3f:
bd:53:30:14:15:26:ef:be:e8:bd:17:57:e8:16:38:
c8:40:20:d2:1a:c9:5c:12:fe:42:cc:59:a0:85:d3:
cf:e6:a4:c0:ab:09:ab:1a:5e:95:03:60:d7:bf:84:
81:db:bb:e2:72:d1:58:87:fc:01:9e:98:db:e7:05:
6e:90:5c:55:0f:d9:f4:e6:cc:ae:87:30:cf:1f:54:
30:58:5a:e4:e7:38:51:c0:d5:82:b8:1e:37:cd:cf:
f9:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:EA:59:4C:72:34:CE:ED:1D:F9:F0:55:35:A0:0B:E6:50:D6:50:37
X509v3 Authority Key Identifier:
keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/NupZTHI0zu0d-fBVNaAL5lDWUDc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
131.222.194.0/24
131.222.200.0/24
131.222.203.0-131.222.207.255
131.222.222.0/23
Signature Algorithm: sha256WithRSAEncryption
90:49:b3:96:a3:b5:79:c2:f9:3d:50:22:56:74:a4:2a:9b:fd:
67:52:5b:19:28:dd:42:00:20:6b:f2:f4:31:a4:7f:87:68:82:
26:d2:2b:4f:c6:4a:2c:ff:6e:21:b2:c2:4b:c4:b6:55:e2:24:
a8:1a:b7:95:d1:a5:72:59:6f:e3:3b:fd:40:a5:7e:ba:5f:4e:
cb:51:7d:a2:db:53:30:8b:4f:2c:d8:28:5a:19:80:83:ae:ba:
3c:40:a4:40:09:cb:ef:91:9b:75:43:81:ca:17:27:8f:ee:5b:
1f:14:c2:63:4c:fc:11:cf:97:c1:a9:73:3b:9d:4d:a2:9e:96:
2d:18:17:de:44:e6:b9:47:86:bc:47:81:1b:0c:35:68:26:f2:
cf:bf:92:0b:93:57:b3:f3:36:9a:1a:f4:4d:37:ed:20:5c:f0:
b1:d9:43:7a:0b:7c:dd:4f:fb:a3:f8:03:97:88:8d:09:6d:cf:
96:b5:51:08:c5:79:55:f5:0c:ab:ad:96:7e:61:b8:8e:be:62:
4a:66:40:0c:d7:ed:c5:05:da:26:82:bc:14:2b:fe:53:22:47:
cf:bf:72:43:22:6f:3d:78:00:8f:f5:f5:ac:4d:0e:18:1b:1d:
34:f8:d7:cd:6b:f5:e4:ad:73:d2:dc:3c:fa:6c:4f:c7:94:a0:
a1:a6:7c:f8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ20fqw5QVCYo2eMujL6Iw9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwNDIyMDkyMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVhNTk0YzcyMzRjZWVkMWRmOWYwNTUzNWEwMGJlNjUwZDY1MDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9aWwmIVlzdBWdBd9jQGSeGk9hse
BQzHZi4U6DHbgo7/gxps6XeX4A/44t7dTUROG2X7/+Q/k0o0ACM+NBKBTMBasxMK
+LnqTfvzVrsXnIt1bkOR6Ye2e2TFXV5vmWaNwdbHiqxzyrIdlART/WnQLkFWrJwr
DKSrI2++O2K+7gt/xfFAv6Kkg3Fab24kE8byAMMlGMq8AGygBH13IR2rz2o5MD+9
UzAUFSbvvui9F1foFjjIQCDSGslcEv5CzFmghdPP5qTAqwmrGl6VA2DXv4SB27vi
ctFYh/wBnpjb5wVukFxVD9n05syuhzDPH1QwWFrk5zhRwNWCuB43zc/5bwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDbqWUxyNM7tHfnwVTWgC+ZQ1lA3MB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvTnVwWlRISTB6dTBkLWZCVk5hQUw1bERXVURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAg97CAwQA
g97IMAwDBACD3ssDBASD3sADBAGD3t4wDQYJKoZIhvcNAQELBQADggEBAJBJs5aj
tXnC+T1QIlZ0pCqb/WdSWxko3UIAIGvy9DGkf4dogibSK0/GSiz/biGywkvEtlXi
JKgat5XRpXJZb+M7/UClfrpfTstRfaLbUzCLTyzYKFoZgIOuujxApEAJy++Rm3VD
gcoXJ4/uWx8UwmNM/BHPl8GpczudTaKeli0YF95E5rlHhrxHgRsMNWgm8s+/kguT
V7PzNpoa9E037SBc8LHZQ3oLfN1P+6P4A5eIjQltz5a1UQjFeVX1DKutln5huI6+
YkpmQAzX7cUF2iaCvBQr/lMiR8+/ckMibz14AI/19axNDhgbHTT4181r9eStc9Lc
PPpsT8eUoKGmfPg=
-----END CERTIFICATE-----
Generated at Mon Apr 27 13:18:46 2026 by rpki-client