Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/OnExh771ZtOXTYHIXE8BRYIv3I8.roa
File: OnExh771ZtOXTYHIXE8BRYIv3I8.roa (raw, json)
Hash identifier: iBanqCcjQhcLJzTqVwfRApVqXKWA6vIc0dQd8k0fLnI=
Subject key identifier: 3A:71:31:87:BE:F5:66:D3:97:4D:81:C8:5C:4F:01:45:82:2F:DC:8F
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 019E984B92AB9E8B567CE7B0577E63946D0B
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/OnExh771ZtOXTYHIXE8BRYIv3I8.roa
Signing time: Fri 05 Jun 2026 14:59:09 +0000
ROA not before: Fri 05 Jun 2026 14:59:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44559
IP address blocks: 138.124.0.0/24 maxlen: 24
138.124.1.0/24 maxlen: 24
138.124.5.0/24 maxlen: 24
138.124.11.0/24 maxlen: 24
138.124.12.0/24 maxlen: 24
138.124.62.0/24 maxlen: 24
138.124.63.0/24 maxlen: 24
138.124.64.0/24 maxlen: 24
138.124.65.0/24 maxlen: 24
138.124.66.0/24 maxlen: 24
138.124.67.0/24 maxlen: 24
138.124.68.0/24 maxlen: 24
138.124.69.0/24 maxlen: 24
138.124.70.0/24 maxlen: 24
138.124.71.0/24 maxlen: 24
138.124.72.0/24 maxlen: 24
138.124.73.0/24 maxlen: 24
138.124.74.0/24 maxlen: 24
138.124.75.0/24 maxlen: 24
138.124.76.0/24 maxlen: 24
138.124.77.0/24 maxlen: 24
138.124.79.0/24 maxlen: 24
138.124.80.0/24 maxlen: 24
138.124.83.0/24 maxlen: 24
138.124.88.0/24 maxlen: 24
138.124.94.0/24 maxlen: 24
138.124.95.0/24 maxlen: 24
138.124.96.0/24 maxlen: 24
138.124.100.0/24 maxlen: 24
138.124.104.0/24 maxlen: 24
138.124.105.0/24 maxlen: 24
138.124.106.0/24 maxlen: 24
138.124.120.0/24 maxlen: 24
138.124.122.0/24 maxlen: 24
138.124.228.0/24 maxlen: 24
138.124.229.0/24 maxlen: 24
138.124.230.0/24 maxlen: 24
138.124.231.0/24 maxlen: 24
138.124.240.0/24 maxlen: 24
138.124.241.0/24 maxlen: 24
138.124.243.0/24 maxlen: 24
138.124.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 00:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:98:4b:92:ab:9e:8b:56:7c:e7:b0:57:7e:63:94:6d:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jun 5 14:59:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3a713187bef566d3974d81c85c4f0145822fdc8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:92:27:c1:64:76:c6:cb:1b:61:47:c2:1e:aa:
36:f8:7b:44:c7:a0:f5:59:4d:8c:7e:a6:da:e7:32:
6b:ad:eb:09:60:eb:cf:21:18:d3:7e:8c:3e:b4:c7:
3b:01:be:92:8f:e0:81:40:82:c0:4d:56:fa:56:b6:
34:54:5b:2c:bb:a7:cf:48:06:dc:3e:d0:13:28:0a:
78:59:31:2b:98:86:df:7c:54:6c:16:ed:f8:c3:47:
a0:c4:1d:20:cd:55:25:50:d9:78:8e:00:2b:93:cd:
f4:2c:95:41:d4:2b:9b:d2:9f:c8:89:64:c2:b2:5b:
66:6f:8f:8f:fd:d4:8b:41:7f:ad:e8:73:77:e6:a1:
7d:b5:33:ca:0a:92:ae:2f:ee:a0:38:51:99:9a:f6:
24:1a:d3:ab:72:7e:e5:a9:88:49:f6:92:79:8a:a9:
8a:8c:07:ad:e5:6a:61:f7:55:d1:6e:10:9c:d0:46:
0a:74:da:d9:9e:ad:4b:67:ef:53:09:bb:0f:a6:3e:
56:f5:cc:83:8e:28:08:8b:d4:2a:3e:8b:25:7b:f5:
8b:97:dc:32:31:39:13:f0:59:4f:bd:e7:3d:36:81:
61:e6:19:08:d5:52:cc:f5:a5:d1:91:d2:46:48:50:
90:27:7a:37:df:20:aa:55:57:59:db:2f:e5:51:67:
3c:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:71:31:87:BE:F5:66:D3:97:4D:81:C8:5C:4F:01:45:82:2F:DC:8F
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/OnExh771ZtOXTYHIXE8BRYIv3I8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.0.0/23
138.124.5.0/24
138.124.11.0-138.124.12.255
138.124.62.0-138.124.77.255
138.124.79.0-138.124.80.255
138.124.83.0/24
138.124.88.0/24
138.124.94.0-138.124.96.255
138.124.100.0/24
138.124.104.0-138.124.106.255
138.124.120.0/24
138.124.122.0/24
138.124.228.0/22
138.124.240.0/23
138.124.243.0/24
138.124.253.0/24
Signature Algorithm: sha256WithRSAEncryption
19:2c:b0:bf:89:59:f1:89:7f:9d:4f:51:35:3b:d0:27:10:15:
71:2d:9e:a0:be:43:5c:3f:d2:ff:00:88:5c:75:bc:42:5d:a8:
cc:b0:e4:9b:2e:53:d6:fe:8e:fc:39:76:65:69:8a:c8:2e:48:
19:39:05:ff:45:cd:21:a2:36:26:c1:fc:e9:7a:14:16:9b:43:
d7:2f:e6:1e:52:a7:0f:40:3f:0d:3c:88:d0:f6:eb:de:bc:84:
28:d1:a0:f0:2f:6c:cf:1e:4e:1c:7f:2a:f1:11:3c:53:dd:c2:
53:ba:5d:2b:ce:b4:1e:f7:e7:9f:47:e1:d0:fb:8a:bb:89:e9:
19:10:a0:59:97:bf:48:e7:2b:44:a8:d0:7f:d7:11:ce:da:25:
b4:23:80:8d:8d:10:e8:72:7d:79:1e:a5:f3:ef:30:e1:6e:15:
9b:dc:83:65:08:a2:55:e2:ca:58:3b:7e:af:a4:4f:89:29:ce:
22:95:fe:40:03:ed:b4:83:2a:e4:03:5f:a7:b4:9b:fa:af:f5:
20:af:ec:de:e5:b6:c1:b2:7c:14:e0:96:ab:df:43:69:11:a1:
49:26:a4:64:43:5b:10:1a:62:cf:5f:b2:08:8f:1a:4e:87:33:
3e:0b:80:ab:c2:e7:9e:fb:b7:c3:15:35:6b:09:a2:3d:c7:c9:
16:8d:43:e6
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZ6YS5KrnotWfOewV35jlG0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwNjA1MTQ1OTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTcxMzE4N2JlZjU2NmQzOTc0ZDgxYzg1YzRmMDE0NTgyMmZkYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5InwWR2xssbYUfCHqo2+HtEx6D1
WU2Mfqba5zJrresJYOvPIRjTfow+tMc7Ab6Sj+CBQILATVb6VrY0VFssu6fPSAbc
PtATKAp4WTErmIbffFRsFu34w0egxB0gzVUlUNl4jgArk830LJVB1Cub0p/IiWTC
sltmb4+P/dSLQX+t6HN35qF9tTPKCpKuL+6gOFGZmvYkGtOrcn7lqYhJ9pJ5iqmK
jAet5Wph91XRbhCc0EYKdNrZnq1LZ+9TCbsPpj5W9cyDjigIi9QqPosle/WLl9wy
MTkT8FlPvec9NoFh5hkI1VLM9aXRkdJGSFCQJ3o33yCqVVdZ2y/lUWc8OwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFDpxMYe+9WbTl02ByFxPAUWCL9yPMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvT25FeGg3NzFadE9YVFlISVhFOEJSWUl2M0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAGK
fAADBACKfAUwDAMEAIp8CwMEAIp8DDAMAwQBinw+AwQBinxMMAwDBACKfE8DBACK
fFADBACKfFMDBACKfFgwDAMEAYp8XgMEAIp8YAMEAIp8ZDAMAwQDinxoAwQAinxq
AwQAinx4AwQAinx6AwQCinzkAwQBinzwAwQAinzzAwQAinz9MA0GCSqGSIb3DQEB
CwUAA4IBAQAZLLC/iVnxiX+dT1E1O9AnEBVxLZ6gvkNcP9L/AIhcdbxCXajMsOSb
LlPW/o78OXZlaYrILkgZOQX/Rc0hojYmwfzpehQWm0PXL+YeUqcPQD8NPIjQ9uve
vIQo0aDwL2zPHk4cfyrxETxT3cJTul0rzrQe9+efR+HQ+4q7iekZEKBZl79I5ytE
qNB/1xHO2iW0I4CNjRDocn15HqXz7zDhbhWb3INlCKJV4spYO36vpE+JKc4ilf5A
A+20gyrkA1+ntJv6r/Ugr+ze5bbBsnwU4Jar30NpEaFJJqRkQ1sQGmLPX7IIjxpO
hzM+C4Crwuee+7fDFTVrCaI9x8kWjUPm
-----END CERTIFICATE-----
Generated at Sat Jun 6 08:03:49 2026 by rpki-client