Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CIVU1P0aKgaDD1cwUNqBuoekcVA.roa
File: CIVU1P0aKgaDD1cwUNqBuoekcVA.roa (raw, json)
Hash identifier: V30EHAgluG9cXy+M/NIiCvYLViAGVGN1/HtPIkN9IQE=
Subject key identifier: 08:85:54:D4:FD:1A:2A:06:83:0F:57:30:50:DA:81:BA:87:A4:71:50
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CB55BF057A54FBC5BC20944186F695727
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CIVU1P0aKgaDD1cwUNqBuoekcVA.roa
Signing time: Tue 03 Mar 2026 20:20:27 +0000
ROA not before: Tue 03 Mar 2026 20:20:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210457
IP address blocks: 144.31.12.0/24 maxlen: 24
144.31.25.0/24 maxlen: 24
144.31.106.0/24 maxlen: 24
144.31.136.0/24 maxlen: 24
144.31.169.0/24 maxlen: 24
144.31.221.0/24 maxlen: 24
150.241.66.0/24 maxlen: 24
193.23.199.0/24 maxlen: 24
193.23.209.0/24 maxlen: 24
193.23.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Mar 2026 20:09:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b5:5b:f0:57:a5:4f:bc:5b:c2:09:44:18:6f:69:57:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 3 20:20:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=088554d4fd1a2a06830f573050da81ba87a47150
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:fe:78:df:12:72:73:e3:e0:c2:78:ee:32:54:
08:d0:52:cb:14:4c:7a:48:0e:d2:18:04:ba:dc:f9:
e6:0a:d7:2d:b9:54:c2:99:f2:48:27:17:cb:97:b4:
98:11:0a:f5:00:81:4a:db:4e:74:71:b0:d8:f1:9a:
22:fa:13:32:e1:b8:e6:35:24:e4:86:81:5e:82:0c:
03:5c:56:30:83:32:7c:8d:91:f0:d8:9c:f5:4b:75:
75:c3:bf:9e:a5:27:dd:da:e6:7a:e9:e9:89:d0:7f:
2e:38:50:68:8d:00:b2:f8:06:c1:30:b1:1f:df:2d:
7a:f9:ab:9e:53:13:c8:b4:56:29:56:40:af:6a:e1:
a1:a9:44:35:7b:c6:6b:3e:bf:32:aa:45:e9:9c:f0:
a0:20:09:c7:9f:4f:90:7f:aa:61:ef:1a:e4:d1:97:
69:a9:3a:91:e9:ab:30:b5:bb:56:c9:79:b4:4a:b0:
da:8a:34:bc:dd:83:68:67:cc:e4:c8:4c:23:eb:36:
95:76:da:b2:a0:78:23:0f:2c:40:cf:d3:fd:50:93:
d7:a8:f7:a4:09:69:29:78:e7:8c:cd:ca:03:2e:11:
c2:09:fc:10:83:8d:17:ef:90:d7:39:73:f1:6a:cf:
c3:8f:e7:df:31:d9:ee:c8:a4:03:02:78:62:88:df:
9f:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:85:54:D4:FD:1A:2A:06:83:0F:57:30:50:DA:81:BA:87:A4:71:50
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CIVU1P0aKgaDD1cwUNqBuoekcVA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
144.31.12.0/24
144.31.25.0/24
144.31.106.0/24
144.31.136.0/24
144.31.169.0/24
144.31.221.0/24
150.241.66.0/24
193.23.199.0/24
193.23.209.0/24
193.23.221.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:ca:7c:9c:6d:a4:f4:eb:fb:65:60:be:94:86:a2:03:21:3b:
12:3d:d1:af:28:d1:b7:0c:cf:25:cd:dc:24:ee:09:77:b1:4f:
60:f2:bd:18:e3:5f:b1:89:6b:ed:ed:aa:0c:a9:ba:d8:14:37:
cb:19:77:e0:7f:bc:ea:96:46:0d:e1:0d:4d:91:0e:0e:02:d7:
74:29:c3:c1:79:9d:68:ea:5c:26:48:f3:56:51:cc:fc:52:57:
3b:31:ef:23:e9:78:ac:48:e8:7c:c6:67:23:ec:33:fa:dd:7e:
fb:70:f4:ca:8e:48:3f:09:19:37:4f:87:8a:05:20:83:fc:0b:
a3:b4:84:21:c6:41:a4:a8:92:53:37:a0:57:a0:b9:17:3a:96:
05:aa:c8:5d:d6:2b:be:76:40:d0:8e:2d:d8:1d:0f:49:46:ed:
ec:ea:64:15:d4:28:72:81:39:dc:47:df:51:21:63:3f:f3:a1:
a7:60:4f:00:d3:c2:6f:c8:32:23:a1:87:f2:98:76:06:03:04:
da:98:92:35:fe:7f:c6:f9:17:65:56:2e:51:b0:a7:26:01:05:
86:fa:91:05:ca:7f:45:39:18:a4:eb:22:e5:cd:51:fd:94:57:
c1:6e:0d:2b:b6:32:a5:aa:d9:c9:7c:d9:6f:bd:22:68:23:44:
b8:2d:1e:11
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZy1W/BXpU+8W8IJRBhvaVcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzAzMjAyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg1NTRkNGZkMWEyYTA2ODMwZjU3MzA1MGRhODFiYTg3YTQ3MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/543xJyc+PgwnjuMlQI0FLLFEx6
SA7SGAS63PnmCtctuVTCmfJIJxfLl7SYEQr1AIFK2050cbDY8Zoi+hMy4bjmNSTk
hoFeggwDXFYwgzJ8jZHw2Jz1S3V1w7+epSfd2uZ66emJ0H8uOFBojQCy+AbBMLEf
3y16+aueUxPItFYpVkCvauGhqUQ1e8ZrPr8yqkXpnPCgIAnHn0+Qf6ph7xrk0Zdp
qTqR6aswtbtWyXm0SrDaijS83YNoZ8zkyEwj6zaVdtqyoHgjDyxAz9P9UJPXqPek
CWkpeOeMzcoDLhHCCfwQg40X75DXOXPxas/Dj+ffMdnuyKQDAnhiiN+fAQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAiFVNT9GioGgw9XMFDagbqHpHFQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQ0lWVTFQMGFLZ2FERDFjd1VOcUJ1b2VrY1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAkB8MAwQA
kB8ZAwQAkB9qAwQAkB+IAwQAkB+pAwQAkB/dAwQAlvFCAwQAwRfHAwQAwRfRAwQA
wRfdMA0GCSqGSIb3DQEBCwUAA4IBAQBcynycbaT06/tlYL6UhqIDITsSPdGvKNG3
DM8lzdwk7gl3sU9g8r0Y41+xiWvt7aoMqbrYFDfLGXfgf7zqlkYN4Q1NkQ4OAtd0
KcPBeZ1o6lwmSPNWUcz8Ulc7Me8j6XisSOh8xmcj7DP63X77cPTKjkg/CRk3T4eK
BSCD/AujtIQhxkGkqJJTN6BXoLkXOpYFqshd1iu+dkDQji3YHQ9JRu3s6mQV1Chy
gTncR99RIWM/86GnYE8A08JvyDIjoYfymHYGAwTamJI1/n/G+RdlVi5RsKcmAQWG
+pEFyn9FORik6yLlzVH9lFfBbg0rtjKlqtnJfNlvvSJoI0S4LR4R
-----END CERTIFICATE-----
Generated at Sun Mar 8 06:38:29 2026 by rpki-client