Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/_TZcDPZzpFhla5KXCrewBSv_afs.roa
File: _TZcDPZzpFhla5KXCrewBSv_afs.roa (raw, json)
Hash identifier: F0O1jt3D7eDKUVGno8fQyg0oYO+Zw0jzvuEgWmXzed0=
Subject key identifier: FD:36:5C:0C:F6:73:A4:58:65:6B:92:97:0A:B7:B0:05:2B:FF:69:FB
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 019E984D2E8EE15BE89CFD287FEE4247B852
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/_TZcDPZzpFhla5KXCrewBSv_afs.roa
Signing time: Fri 05 Jun 2026 15:00:55 +0000
ROA not before: Fri 05 Jun 2026 15:00:55 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41745
IP address blocks: 138.124.0.0/24 maxlen: 24
138.124.1.0/24 maxlen: 24
138.124.2.0/24 maxlen: 24
138.124.3.0/24 maxlen: 24
138.124.4.0/24 maxlen: 24
138.124.5.0/24 maxlen: 24
138.124.10.0/24 maxlen: 24
138.124.15.0/24 maxlen: 24
138.124.16.0/24 maxlen: 24
138.124.19.0/24 maxlen: 24
138.124.20.0/24 maxlen: 24
138.124.30.0/24 maxlen: 24
138.124.31.0/24 maxlen: 24
138.124.68.0/24 maxlen: 24
138.124.69.0/24 maxlen: 24
138.124.70.0/24 maxlen: 24
138.124.71.0/24 maxlen: 24
138.124.72.0/24 maxlen: 24
138.124.73.0/24 maxlen: 24
138.124.74.0/24 maxlen: 24
138.124.75.0/24 maxlen: 24
138.124.84.0/24 maxlen: 24
138.124.85.0/24 maxlen: 24
138.124.86.0/24 maxlen: 24
138.124.87.0/24 maxlen: 24
138.124.88.0/24 maxlen: 24
138.124.96.0/24 maxlen: 24
138.124.125.0/24 maxlen: 24
138.124.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 00:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:98:4d:2e:8e:e1:5b:e8:9c:fd:28:7f:ee:42:47:b8:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jun 5 15:00:55 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fd365c0cf673a458656b92970ab7b0052bff69fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:93:44:2c:4e:b6:63:3f:a3:b4:8e:29:32:2d:
d1:da:d5:6a:af:52:ab:89:94:5e:4c:8e:15:89:e9:
f1:de:87:c7:3a:9e:b2:d6:68:19:63:c1:75:ed:a3:
3b:4c:dc:0f:3e:df:78:48:7f:89:48:80:43:b1:d7:
71:a2:10:33:18:56:7f:14:7d:e2:84:c1:51:6c:69:
bc:3a:0b:af:8e:5d:31:fa:b0:95:f4:31:94:be:ca:
89:29:7d:be:f7:4a:b6:86:89:16:71:0e:78:d5:b8:
8c:89:0c:6f:28:05:c5:8f:53:57:6d:b2:d0:6a:92:
e3:89:96:f3:6c:e1:3b:02:08:2e:2d:ab:57:0c:c8:
18:fd:e1:86:27:a3:c0:3e:d0:3b:65:a8:51:74:b7:
49:ca:d3:e2:c6:af:cf:f9:ae:19:72:3d:89:99:b8:
ff:df:5b:e6:74:a5:21:7c:0d:80:de:51:92:52:1c:
57:bf:c8:88:e9:83:57:0c:75:00:2f:42:bf:b4:52:
0b:2a:4c:3d:88:b6:59:57:fc:6c:a8:a9:66:08:b4:
0c:ef:16:81:a1:f3:e5:21:02:a5:03:f8:3b:4b:b3:
c6:a7:36:4c:ce:75:cf:3f:8f:1c:10:58:5e:bd:cd:
c5:d9:f9:d3:fe:5d:ed:18:59:65:04:6e:f7:b5:9a:
64:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:36:5C:0C:F6:73:A4:58:65:6B:92:97:0A:B7:B0:05:2B:FF:69:FB
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/_TZcDPZzpFhla5KXCrewBSv_afs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.0.0-138.124.5.255
138.124.10.0/24
138.124.15.0-138.124.16.255
138.124.19.0-138.124.20.255
138.124.30.0/23
138.124.68.0-138.124.75.255
138.124.84.0-138.124.88.255
138.124.96.0/24
138.124.125.0/24
138.124.251.0/24
Signature Algorithm: sha256WithRSAEncryption
51:bd:59:50:74:1b:54:20:06:94:ca:bc:13:d7:17:e9:ff:8a:
d2:05:99:36:cf:e0:52:5b:2b:06:c6:82:4c:52:46:2f:d7:1e:
83:78:1f:47:72:29:99:ca:49:c1:a5:7c:6e:f5:74:31:1d:fc:
ac:97:f6:cf:7e:dd:aa:a3:1b:e3:ab:e9:fb:1e:ac:5c:c5:f0:
40:37:c9:24:18:5f:b1:ea:71:4d:ee:45:2f:5e:97:37:84:09:
fa:2a:1f:85:fb:66:6c:db:74:ad:55:09:cc:9a:b5:c2:56:c5:
d8:a1:53:5b:ea:f1:3f:6f:1c:18:53:9d:13:df:8a:84:47:e8:
37:5a:a0:09:b6:a2:aa:c8:81:a3:f6:f1:78:bb:a3:2a:c2:3f:
a2:f6:e4:20:d1:4d:5d:8d:cd:1d:bf:b1:88:aa:cf:f3:a5:63:
ae:8d:e5:9d:af:c4:7c:ee:8f:20:4f:a3:76:23:cd:08:c0:92:
86:8c:35:b5:0a:6b:b3:54:fb:54:ba:cd:ec:77:3f:ca:15:c3:
01:f7:9f:72:59:90:27:39:60:4d:e6:7f:24:e6:70:0f:fc:9d:
b8:20:f2:3c:9e:b6:6e:07:1b:db:4f:eb:cf:b6:d4:aa:c9:82:
3c:61:d6:65:2e:7e:89:f5:25:6a:5d:44:bc:24:20:45:66:4e:
e1:dc:63:73
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZ6YTS6O4VvonP0of+5CR7hSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwNjA1MTUwMDU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDM2NWMwY2Y2NzNhNDU4NjU2YjkyOTcwYWI3YjAwNTJiZmY2OWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJNELE62Yz+jtI4pMi3R2tVqr1Kr
iZReTI4Vienx3ofHOp6y1mgZY8F17aM7TNwPPt94SH+JSIBDsddxohAzGFZ/FH3i
hMFRbGm8Oguvjl0x+rCV9DGUvsqJKX2+90q2hokWcQ541biMiQxvKAXFj1NXbbLQ
apLjiZbzbOE7AgguLatXDMgY/eGGJ6PAPtA7ZahRdLdJytPixq/P+a4Zcj2Jmbj/
31vmdKUhfA2A3lGSUhxXv8iI6YNXDHUAL0K/tFILKkw9iLZZV/xsqKlmCLQM7xaB
ofPlIQKlA/g7S7PGpzZMznXPP48cEFhevc3F2fnT/l3tGFllBG73tZpkyQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFP02XAz2c6RYZWuSlwq3sAUr/2n7MB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvX1RaY0RQWnpwRmhsYTVLWENyZXdCU3ZfYWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBpBAIAATBjMAsDAwKKfAME
AYp8BAMEAIp8CjAMAwQAinwPAwQAinwQMAwDBACKfBMDBACKfBQDBAGKfB4wDAME
Aop8RAMEAop8SDAMAwQCinxUAwQAinxYAwQAinxgAwQAinx9AwQAinz7MA0GCSqG
SIb3DQEBCwUAA4IBAQBRvVlQdBtUIAaUyrwT1xfp/4rSBZk2z+BSWysGxoJMUkYv
1x6DeB9HcimZyknBpXxu9XQxHfysl/bPft2qoxvjq+n7HqxcxfBAN8kkGF+x6nFN
7kUvXpc3hAn6Kh+F+2Zs23StVQnMmrXCVsXYoVNb6vE/bxwYU50T34qER+g3WqAJ
tqKqyIGj9vF4u6Mqwj+i9uQg0U1djc0dv7GIqs/zpWOujeWdr8R87o8gT6N2I80I
wJKGjDW1CmuzVPtUus3sdz/KFcMB959yWZAnOWBN5n8k5nAP/J24IPI8nrZuBxvb
T+vPttSqyYI8YdZlLn6J9SVqXUS8JCBFZk7h3GNz
-----END CERTIFICATE-----
Generated at Sat Jun 6 08:03:49 2026 by rpki-client