Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZvSRJiDMCUSJTKWohylObO4Za8.roa
File: LZvSRJiDMCUSJTKWohylObO4Za8.roa (raw, json)
Hash identifier: 9l5ogUAHXcGia0+UQ/0UmDHo3VrfmXQFgLOqkDhb0lg=
Subject key identifier: 2D:9B:D2:44:98:83:30:25:12:25:32:96:A2:1C:A5:39:B3:B8:65:AF
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0198C3969D84B1FA75284C37FA562BEA258B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZvSRJiDMCUSJTKWohylObO4Za8.roa
Signing time: Tue 19 Aug 2025 18:28:04 +0000
ROA not before: Tue 19 Aug 2025 18:28:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.112.0/22 maxlen: 24
77.239.112.0/22 maxlen: 24
77.239.116.0/22 maxlen: 24
77.239.120.0/23 maxlen: 24
77.239.124.0/24 maxlen: 24
144.31.0.0/18 maxlen: 24
144.31.64.0/19 maxlen: 24
144.31.96.0/20 maxlen: 24
144.31.112.0/20 maxlen: 24
144.31.128.0/21 maxlen: 24
144.31.136.0/21 maxlen: 24
144.31.144.0/20 maxlen: 24
144.31.160.0/22 maxlen: 24
144.31.164.0/22 maxlen: 24
144.31.168.0/22 maxlen: 24
144.31.172.0/22 maxlen: 24
144.31.176.0/22 maxlen: 24
144.31.180.0/22 maxlen: 24
144.31.184.0/22 maxlen: 24
144.31.188.0/22 maxlen: 24
144.31.192.0/23 maxlen: 24
144.31.194.0/23 maxlen: 24
144.31.196.0/23 maxlen: 24
144.31.198.0/23 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.202.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.206.0/23 maxlen: 24
144.31.208.0/24 maxlen: 24
144.31.209.0/24 maxlen: 24
144.31.210.0/24 maxlen: 24
144.31.211.0/24 maxlen: 24
144.31.212.0/24 maxlen: 24
144.31.213.0/24 maxlen: 24
144.31.214.0/24 maxlen: 24
144.31.215.0/24 maxlen: 24
144.31.216.0/24 maxlen: 24
144.31.217.0/24 maxlen: 24
144.31.218.0/24 maxlen: 24
144.31.219.0/24 maxlen: 24
144.31.220.0/24 maxlen: 24
144.31.221.0/24 maxlen: 24
144.31.222.0/24 maxlen: 24
144.31.223.0/24 maxlen: 24
144.31.224.0/19 maxlen: 24
150.241.64.0/19 maxlen: 24
150.241.96.0/22 maxlen: 24
150.241.100.0/24 maxlen: 24
150.241.101.0/24 maxlen: 24
150.241.102.0/24 maxlen: 24
150.241.103.0/24 maxlen: 24
193.23.196.0/24 maxlen: 24
193.23.204.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 21:02:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c3:96:9d:84:b1:fa:75:28:4c:37:fa:56:2b:ea:25:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 19 18:28:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d9bd2449883302512253296a21ca539b3b865af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c0:66:4c:ea:5c:62:bb:27:3a:06:6c:d3:c3:
ab:dc:82:24:56:2a:b9:2d:e0:90:84:83:6d:83:bb:
37:7b:7e:66:ec:67:0e:d2:04:dc:4f:8b:62:fe:a9:
74:96:c6:b2:d7:74:7e:53:64:93:b5:76:61:54:cb:
16:5b:ba:6d:58:bc:20:08:94:3d:48:b4:0b:1f:86:
67:c5:d7:11:02:d7:17:47:63:e5:e2:1c:2a:e0:7f:
6b:82:c0:91:9f:f0:78:87:6f:6a:57:99:df:cc:fd:
57:55:f6:a4:d8:57:67:64:c1:06:2a:22:e7:8e:0b:
7a:cc:78:18:b4:3c:79:ec:c3:4d:79:60:5f:69:93:
70:92:e6:33:85:59:5f:cc:cb:ef:3d:97:f1:94:33:
c2:c7:d1:3c:c4:08:a2:22:a7:cf:c1:a1:14:ca:e2:
73:9e:02:70:5e:39:7d:f4:66:16:85:45:26:86:f6:
12:29:ee:bb:31:d0:1a:d9:91:a8:72:62:77:8c:86:
12:0a:c0:59:a0:eb:c8:d5:1d:33:63:10:3a:6e:29:
c9:7f:b4:91:13:8c:26:d6:83:4b:d5:fb:c6:e9:83:
4c:3c:02:46:5b:2e:55:99:47:6f:92:57:43:69:6d:
37:b8:b1:eb:ff:cb:b5:09:cf:2e:c2:8d:22:02:d4:
81:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:9B:D2:44:98:83:30:25:12:25:32:96:A2:1C:A5:39:B3:B8:65:AF
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZvSRJiDMCUSJTKWohylObO4Za8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.112.0/22
77.239.112.0-77.239.121.255
77.239.124.0/24
144.31.0.0/16
150.241.64.0-150.241.103.255
193.23.196.0/24
193.23.204.0/22
Signature Algorithm: sha256WithRSAEncryption
01:f5:75:af:40:f1:a8:82:35:7e:f1:75:73:13:1c:fe:0b:4a:
6d:d5:69:1a:40:e9:af:9e:98:84:30:11:4c:9e:ad:98:df:e7:
fc:f9:1a:58:d9:6a:1a:c7:dc:13:a9:61:84:a0:4c:f7:c7:99:
8d:66:f2:28:06:1d:e9:e8:f8:77:1e:bc:a1:e1:57:08:b4:db:
5f:aa:eb:f7:8e:9c:0a:2a:71:dd:e4:2c:2d:7c:eb:73:ce:9c:
8b:bf:0d:bb:30:0e:f0:9d:b5:c0:fb:08:cf:ac:aa:fb:c6:4d:
82:45:f6:a8:8a:ee:c9:30:2b:06:53:b6:54:53:41:98:11:5f:
80:2f:f9:15:fc:28:c3:5d:ed:60:98:8c:fb:6a:04:b4:42:48:
35:fe:07:54:96:bb:49:eb:1d:1f:2c:55:55:bb:b0:b7:9e:16:
65:c8:80:b7:fe:c3:67:02:29:b1:bf:da:ec:a9:9c:96:a3:46:
22:5a:53:2a:29:7d:e1:0d:31:3f:9e:50:32:25:64:e6:4f:63:
a2:c5:fa:1c:37:31:5b:66:40:3c:95:dc:b2:a0:91:e2:bb:8f:
56:dc:b8:ab:6d:c1:81:5a:39:47:99:e1:ad:f5:ef:a0:6e:f0:
3e:9c:31:1d:61:37:62:c5:1c:69:14:65:29:2b:f9:05:ac:d1:
f3:82:65:64
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZjDlp2Esfp1KEw3+lYr6iWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODE5MTgyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDliZDI0NDk4ODMzMDI1MTIyNTMyOTZhMjFjYTUzOWIzYjg2NWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMBmTOpcYrsnOgZs08Or3IIkViq5
LeCQhINtg7s3e35m7GcO0gTcT4ti/ql0lsay13R+U2STtXZhVMsWW7ptWLwgCJQ9
SLQLH4ZnxdcRAtcXR2Pl4hwq4H9rgsCRn/B4h29qV5nfzP1XVfak2FdnZMEGKiLn
jgt6zHgYtDx57MNNeWBfaZNwkuYzhVlfzMvvPZfxlDPCx9E8xAiiIqfPwaEUyuJz
ngJwXjl99GYWhUUmhvYSKe67MdAa2ZGocmJ3jIYSCsBZoOvI1R0zYxA6binJf7SR
E4wm1oNL1fvG6YNMPAJGWy5VmUdvkldDaW03uLHr/8u1Cc8uwo0iAtSBbQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFC2b0kSYgzAlEiUylqIcpTmzuGWvMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTFp2U1JKaURNQ1VTSlRLV29oeWxPYk80WmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAATA5AwQCQLxwMAwD
BARN73ADBAFN73gDBABN73wDAwCQHzAMAwQGlvFAAwQDlvFgAwQAwRfEAwQCwRfM
MA0GCSqGSIb3DQEBCwUAA4IBAQAB9XWvQPGogjV+8XVzExz+C0pt1WkaQOmvnpiE
MBFMnq2Y3+f8+RpY2Woax9wTqWGEoEz3x5mNZvIoBh3p6Ph3Hryh4VcItNtfquv3
jpwKKnHd5CwtfOtzzpyLvw27MA7wnbXA+wjPrKr7xk2CRfaoiu7JMCsGU7ZUU0GY
EV+AL/kV/CjDXe1gmIz7agS0Qkg1/gdUlrtJ6x0fLFVVu7C3nhZlyIC3/sNnAimx
v9rsqZyWo0YiWlMqKX3hDTE/nlAyJWTmT2OixfocNzFbZkA8ldyyoJHiu49W3Lir
bcGBWjlHmeGt9e+gbvA+nDEdYTdixRxpFGUpK/kFrNHzgmVk
-----END CERTIFICATE-----
Generated at Thu Aug 21 06:59:03 2025 by rpki-client