Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/XPvLi0bqmY_k2u06pIu7eV8Scso.roa
File: XPvLi0bqmY_k2u06pIu7eV8Scso.roa (raw, json)
Hash identifier: cGUciKP6su5n6iylbm0NI97lgXJjhdYVEAczVmErPeY=
Subject key identifier: 5C:FB:CB:8B:46:EA:99:8F:E4:DA:ED:3A:A4:8B:BB:79:5F:12:72:CA
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 019D9AFB1AAAE8A033BD5BB9E8A4C786A47B
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/XPvLi0bqmY_k2u06pIu7eV8Scso.roa
Signing time: Fri 17 Apr 2026 10:27:20 +0000
ROA not before: Fri 17 Apr 2026 10:27:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44559
IP address blocks: 138.124.0.0/24 maxlen: 24
138.124.1.0/24 maxlen: 24
138.124.5.0/24 maxlen: 24
138.124.11.0/24 maxlen: 24
138.124.12.0/24 maxlen: 24
138.124.62.0/24 maxlen: 24
138.124.63.0/24 maxlen: 24
138.124.64.0/24 maxlen: 24
138.124.65.0/24 maxlen: 24
138.124.66.0/24 maxlen: 24
138.124.67.0/24 maxlen: 24
138.124.68.0/24 maxlen: 24
138.124.69.0/24 maxlen: 24
138.124.70.0/24 maxlen: 24
138.124.71.0/24 maxlen: 24
138.124.72.0/24 maxlen: 24
138.124.73.0/24 maxlen: 24
138.124.74.0/24 maxlen: 24
138.124.75.0/24 maxlen: 24
138.124.76.0/24 maxlen: 24
138.124.77.0/24 maxlen: 24
138.124.79.0/24 maxlen: 24
138.124.80.0/24 maxlen: 24
138.124.83.0/24 maxlen: 24
138.124.88.0/24 maxlen: 24
138.124.94.0/24 maxlen: 24
138.124.95.0/24 maxlen: 24
138.124.96.0/24 maxlen: 24
138.124.100.0/24 maxlen: 24
138.124.104.0/24 maxlen: 24
138.124.105.0/24 maxlen: 24
138.124.106.0/24 maxlen: 24
138.124.120.0/24 maxlen: 24
138.124.122.0/24 maxlen: 24
138.124.228.0/24 maxlen: 24
138.124.229.0/24 maxlen: 24
138.124.230.0/24 maxlen: 24
138.124.231.0/24 maxlen: 24
138.124.240.0/24 maxlen: 24
138.124.241.0/24 maxlen: 24
138.124.243.0/24 maxlen: 24
138.124.251.0/24 maxlen: 24
138.124.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Apr 2026 07:01:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9a:fb:1a:aa:e8:a0:33:bd:5b:b9:e8:a4:c7:86:a4:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Apr 17 10:27:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5cfbcb8b46ea998fe4daed3aa48bbb795f1272ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:96:b7:cd:d4:4f:66:8e:e8:b6:38:03:47:0d:
66:09:e4:df:5b:c9:62:76:63:15:5f:b5:5d:1d:19:
c8:a9:18:02:c7:4e:36:09:d0:4a:8a:cd:47:14:fc:
9a:0f:ca:be:47:57:1b:e9:06:f8:c9:0f:6d:2a:6f:
f2:ea:09:c6:b2:57:c0:4d:0d:a8:1d:8f:6b:d7:3f:
d6:83:fd:e8:d1:e4:5d:67:08:a2:4a:26:dd:cc:ed:
3f:03:7e:0a:fc:f2:b8:58:dd:83:50:1c:62:90:d3:
09:65:14:04:a7:a5:d3:42:6b:49:fd:fd:33:b3:f5:
20:5f:be:05:fc:1c:83:a2:8a:2b:64:df:4f:cd:d9:
f7:97:ad:e4:99:bc:fd:53:b3:9a:f2:bb:4b:2c:95:
a7:d1:6b:15:de:aa:a2:28:a8:58:65:c7:56:b7:95:
db:44:78:15:c8:88:71:07:d2:28:c9:99:6b:4a:31:
d3:10:4a:f8:98:3a:0d:a0:f7:b1:c0:05:1c:88:25:
a4:c5:13:ec:16:6e:e8:d5:29:92:ec:ed:4f:2d:7d:
79:af:9b:70:51:5f:49:ab:44:84:0d:64:ab:a6:0b:
e4:81:08:4d:3e:d4:01:63:8e:05:68:aa:1a:9b:68:
ea:0b:1d:aa:0b:f4:ec:69:1f:b6:44:ad:b5:f2:39:
08:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:FB:CB:8B:46:EA:99:8F:E4:DA:ED:3A:A4:8B:BB:79:5F:12:72:CA
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/XPvLi0bqmY_k2u06pIu7eV8Scso.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.0.0/23
138.124.5.0/24
138.124.11.0-138.124.12.255
138.124.62.0-138.124.77.255
138.124.79.0-138.124.80.255
138.124.83.0/24
138.124.88.0/24
138.124.94.0-138.124.96.255
138.124.100.0/24
138.124.104.0-138.124.106.255
138.124.120.0/24
138.124.122.0/24
138.124.228.0/22
138.124.240.0/23
138.124.243.0/24
138.124.251.0/24
138.124.253.0/24
Signature Algorithm: sha256WithRSAEncryption
07:a0:9a:a4:7b:04:1f:cf:56:60:71:33:22:63:94:2a:d0:7d:
62:51:ac:0a:e5:5c:b4:fb:6a:be:d8:92:95:7f:79:2a:77:5f:
c4:12:98:32:f7:55:d3:87:fe:ac:d5:95:bb:7d:3b:dd:bc:c4:
39:b5:16:5b:1a:b4:13:75:32:04:a3:61:6d:a3:a1:f1:d8:68:
1b:23:17:6d:97:cb:1b:0b:04:d9:34:66:e5:f5:09:70:3d:6e:
01:8a:c8:3a:ff:f1:27:1e:5f:ae:af:e3:30:9c:04:0d:c1:58:
af:52:d9:a6:a0:87:a8:77:83:c0:2a:54:59:df:dd:df:62:b5:
9b:2a:90:fa:db:b0:0a:da:51:b0:a0:52:0e:bd:97:98:d4:26:
7f:dd:b8:eb:d9:0c:74:1c:0d:1b:0d:58:c9:da:1e:d7:cf:4b:
f1:7c:7c:df:ba:20:b8:15:82:a3:6f:30:2a:c8:a2:8f:d3:9f:
33:b5:c4:bb:f2:b2:5e:7d:64:fb:6d:17:e2:74:4f:a4:b1:08:
a5:2a:23:9f:aa:11:5a:c7:19:85:ef:54:8d:03:cc:f2:8d:e5:
02:13:4c:7d:92:65:f5:01:a1:37:80:ba:79:4a:f6:0e:e7:4d:
3e:4d:39:dc:73:ca:c0:ca:29:ee:cd:af:7f:49:db:95:4c:d8:
3b:51:16:50
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAZ2a+xqq6KAzvVu56KTHhqR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwNDE3MTAyNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZiY2I4YjQ2ZWE5OThmZTRkYWVkM2FhNDhiYmI3OTVmMTI3MmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpa3zdRPZo7otjgDRw1mCeTfW8li
dmMVX7VdHRnIqRgCx042CdBKis1HFPyaD8q+R1cb6Qb4yQ9tKm/y6gnGslfATQ2o
HY9r1z/Wg/3o0eRdZwiiSibdzO0/A34K/PK4WN2DUBxikNMJZRQEp6XTQmtJ/f0z
s/UgX74F/ByDooorZN9Pzdn3l63kmbz9U7Oa8rtLLJWn0WsV3qqiKKhYZcdWt5Xb
RHgVyIhxB9IoyZlrSjHTEEr4mDoNoPexwAUciCWkxRPsFm7o1SmS7O1PLX15r5tw
UV9Jq0SEDWSrpgvkgQhNPtQBY44FaKoam2jqCx2qC/TsaR+2RK218jkI3QIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFFz7y4tG6pmP5NrtOqSLu3lfEnLKMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvWFB2TGkwYnFtWV9rMnUwNnBJdTdlVjhTY3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAGK
fAADBACKfAUwDAMEAIp8CwMEAIp8DDAMAwQBinw+AwQBinxMMAwDBACKfE8DBACK
fFADBACKfFMDBACKfFgwDAMEAYp8XgMEAIp8YAMEAIp8ZDAMAwQDinxoAwQAinxq
AwQAinx4AwQAinx6AwQCinzkAwQBinzwAwQAinzzAwQAinz7AwQAinz9MA0GCSqG
SIb3DQEBCwUAA4IBAQAHoJqkewQfz1ZgcTMiY5Qq0H1iUawK5Vy0+2q+2JKVf3kq
d1/EEpgy91XTh/6s1ZW7fTvdvMQ5tRZbGrQTdTIEo2Fto6Hx2GgbIxdtl8sbCwTZ
NGbl9QlwPW4Bisg6//EnHl+ur+MwnAQNwVivUtmmoIeod4PAKlRZ393fYrWbKpD6
27AK2lGwoFIOvZeY1CZ/3bjr2Qx0HA0bDVjJ2h7Xz0vxfHzfuiC4FYKjbzAqyKKP
058ztcS78rJefWT7bRfidE+ksQilKiOfqhFaxxmF71SNA8zyjeUCE0x9kmX1AaE3
gLp5SvYO500+TTncc8rAyinuza9/SduVTNg7URZQ
-----END CERTIFICATE-----
Generated at Tue Apr 21 17:12:55 2026 by rpki-client