Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/7UCLvACKFL5zxr_yWrkJA3_2oMM.roa
File: 7UCLvACKFL5zxr_yWrkJA3_2oMM.roa (raw, json)
Hash identifier: xfPkwGQHVQT9CzmP7+QJgRXdoTw3Rugce1r0GD7IvJ0=
Subject key identifier: ED:40:8B:BC:00:8A:14:BE:73:C6:BF:F2:5A:B9:09:03:7F:F6:A0:C3
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019EA7747E6C800284206D47DD6B5B93DAE0
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/7UCLvACKFL5zxr_yWrkJA3_2oMM.roa
Signing time: Mon 08 Jun 2026 13:38:10 +0000
ROA not before: Mon 08 Jun 2026 13:38:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36454
IP address blocks: 65.98.5.0/24 maxlen: 24
65.181.112.0/24 maxlen: 24
65.181.116.0/24 maxlen: 24
65.181.123.0/24 maxlen: 24
65.181.124.0/24 maxlen: 24
65.181.125.0/24 maxlen: 24
65.181.127.0/24 maxlen: 24
69.57.189.0/24 maxlen: 24
162.208.8.0/24 maxlen: 24
162.208.9.0/24 maxlen: 24
162.208.10.0/24 maxlen: 24
162.208.11.0/24 maxlen: 24
185.181.253.0/24 maxlen: 24
185.181.254.0/24 maxlen: 24
185.181.255.0/24 maxlen: 24
192.243.96.0/24 maxlen: 24
192.243.97.0/24 maxlen: 24
192.243.98.0/24 maxlen: 24
192.243.99.0/24 maxlen: 24
192.243.100.0/24 maxlen: 24
192.243.101.0/24 maxlen: 24
192.243.102.0/24 maxlen: 24
192.243.103.0/24 maxlen: 24
192.243.104.0/24 maxlen: 24
192.243.105.0/24 maxlen: 24
192.243.106.0/24 maxlen: 24
192.243.107.0/24 maxlen: 24
192.243.108.0/24 maxlen: 24
192.243.109.0/24 maxlen: 24
192.243.111.0/24 maxlen: 24
192.250.224.0/20 maxlen: 20
192.250.226.0/24 maxlen: 24
192.250.227.0/24 maxlen: 24
192.250.236.0/24 maxlen: 24
194.39.123.0/24 maxlen: 24
194.39.148.0/24 maxlen: 24
194.39.149.0/24 maxlen: 24
195.250.25.0/24 maxlen: 24
198.38.90.0/24 maxlen: 24
199.175.48.0/24 maxlen: 24
199.175.49.0/24 maxlen: 24
199.175.50.0/24 maxlen: 24
199.175.51.0/24 maxlen: 24
199.175.52.0/24 maxlen: 24
199.175.53.0/24 maxlen: 24
199.175.54.0/24 maxlen: 24
199.175.55.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 20:26:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:a7:74:7e:6c:80:02:84:20:6d:47:dd:6b:5b:93:da:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Jun 8 13:38:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ed408bbc008a14be73c6bff25ab909037ff6a0c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f0:d6:fb:9c:82:9a:75:0e:1e:81:f8:f0:48:
41:7a:77:85:0c:21:ea:c8:76:96:78:30:f1:66:c4:
25:42:e4:a4:15:f8:dc:2d:de:c9:fb:9e:56:3e:00:
3c:fe:ac:6d:d5:b1:c1:e1:7a:97:2c:11:08:b4:11:
bf:0b:43:0f:94:33:25:11:a6:6d:12:2a:a3:79:52:
24:f7:60:3c:8f:7f:33:7b:9c:21:f8:25:8f:de:12:
50:c7:d7:8b:b3:3e:2a:e7:6c:f5:0c:39:76:62:9e:
ee:a0:26:3b:40:f8:0e:d6:e1:dd:c9:f3:38:3c:fa:
c1:bb:e3:bb:66:a1:13:a1:4f:80:ec:79:f1:88:c1:
42:fa:de:66:28:ff:73:23:21:9b:2a:9b:67:82:44:
0b:22:5a:8e:5d:f0:35:83:7b:4e:d2:5a:55:16:a1:
b4:3f:8e:e8:d1:eb:15:ce:6d:c3:50:47:d9:eb:0f:
cd:63:8b:6c:41:96:3a:d8:92:41:72:ab:42:fc:8b:
36:fa:b3:bc:05:61:79:0f:bc:20:08:ff:e0:3d:14:
9f:15:bf:c9:4c:0b:a3:56:f5:90:bd:f5:d9:ac:3f:
ad:b8:55:69:76:08:ed:d8:60:c8:52:f8:80:da:e0:
5f:6b:b3:8b:48:73:2e:76:2d:41:2e:b8:56:00:6a:
57:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:40:8B:BC:00:8A:14:BE:73:C6:BF:F2:5A:B9:09:03:7F:F6:A0:C3
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/7UCLvACKFL5zxr_yWrkJA3_2oMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.98.5.0/24
65.181.112.0/24
65.181.116.0/24
65.181.123.0-65.181.125.255
65.181.127.0/24
69.57.189.0/24
162.208.8.0/22
185.181.253.0-185.181.255.255
192.243.96.0-192.243.109.255
192.243.111.0/24
192.250.224.0/20
194.39.123.0/24
194.39.148.0/23
195.250.25.0/24
198.38.90.0/24
199.175.48.0/21
Signature Algorithm: sha256WithRSAEncryption
5f:aa:43:85:65:28:b0:d4:99:ca:e5:05:74:d8:9e:e4:7e:fc:
dc:ff:14:82:60:0c:06:78:43:87:98:c3:02:80:32:81:56:a8:
f3:c2:fe:94:e9:8b:84:eb:52:21:0d:4c:b7:f9:9d:85:2e:01:
27:49:72:96:15:e7:d9:b3:b1:23:3a:d6:fc:78:8e:49:68:5a:
96:90:34:76:78:77:e0:da:df:01:cc:d1:16:92:98:1d:fe:42:
f5:82:fd:98:36:db:8e:a0:c8:0b:f7:12:2d:61:cb:75:d1:02:
2d:6c:79:b6:4a:27:80:62:0c:af:56:9c:91:f4:9f:a4:d1:f7:
d4:c2:61:bf:cc:9f:cf:a2:09:ad:54:a4:ff:1a:25:53:23:f2:
d4:09:9f:41:82:96:33:49:be:0b:74:06:8e:05:b3:e9:cc:6a:
20:c2:a1:32:1a:d8:ff:c1:1d:ed:a8:40:b3:9a:da:8f:13:a4:
02:d6:ba:ee:8e:65:03:ff:0b:ed:ec:1c:46:0c:e7:d5:64:ca:
ba:5e:0d:76:b4:cc:10:fd:f1:38:85:0d:a2:cd:cd:3c:93:2b:
f0:2a:60:77:81:53:65:1a:79:0b:38:b4:93:1b:99:fd:48:a6:
e5:17:d5:b7:db:86:bc:92:7b:1b:f9:55:e3:0e:25:9f:d2:58:
86:0a:20:93
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAZ6ndH5sgAKEIG1H3Wtbk9rgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwNjA4MTMzODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQwOGJiYzAwOGExNGJlNzNjNmJmZjI1YWI5MDkwMzdmZjZhMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfDW+5yCmnUOHoH48EhBeneFDCHq
yHaWeDDxZsQlQuSkFfjcLd7J+55WPgA8/qxt1bHB4XqXLBEItBG/C0MPlDMlEaZt
EiqjeVIk92A8j38ze5wh+CWP3hJQx9eLsz4q52z1DDl2Yp7uoCY7QPgO1uHdyfM4
PPrBu+O7ZqEToU+A7HnxiMFC+t5mKP9zIyGbKptngkQLIlqOXfA1g3tO0lpVFqG0
P47o0esVzm3DUEfZ6w/NY4tsQZY62JJBcqtC/Is2+rO8BWF5D7wgCP/gPRSfFb/J
TAujVvWQvfXZrD+tuFVpdgjt2GDIUviA2uBfa7OLSHMudi1BLrhWAGpXHQIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFO1Ai7wAihS+c8a/8lq5CQN/9qDDMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvN1VDTHZBQ0tGTDV6eHJfeVdya0pBM18yb01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgABMHcDBABBYgUD
BABBtXADBABBtXQwDAMEAEG1ewMEAUG1fAMEAEG1fwMEAEU5vQMEAqLQCDALAwQA
ubX9AwMBubQwDAMEBcDzYAMEAcDzbAMEAMDzbwMEBMD64AMEAMInewMEAcInlAME
AMP6GQMEAMYmWgMEA8evMDANBgkqhkiG9w0BAQsFAAOCAQEAX6pDhWUosNSZyuUF
dNie5H783P8UgmAMBnhDh5jDAoAygVao88L+lOmLhOtSIQ1Mt/mdhS4BJ0lylhXn
2bOxIzrW/HiOSWhalpA0dnh34NrfAczRFpKYHf5C9YL9mDbbjqDIC/cSLWHLddEC
LWx5tkongGIMr1ackfSfpNH31MJhv8yfz6IJrVSk/xolUyPy1AmfQYKWM0m+C3QG
jgWz6cxqIMKhMhrY/8Ed7ahAs5rajxOkAta67o5lA/8L7ewcRgzn1WTKul4NdrTM
EP3xOIUNos3NPJMr8Cpgd4FTZRp5Czi0kxuZ/Uim5RfVt9uGvJJ7G/lV4w4ln9JY
hgogkw==
-----END CERTIFICATE-----
Generated at Fri Jun 12 04:40:41 2026 by rpki-client