Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OGFCU4kZZlK9auGdjZnpHAC8kZ8.roa
File: OGFCU4kZZlK9auGdjZnpHAC8kZ8.roa (raw, json)
Hash identifier: vfV1Y7SlJFUYC/ytIu5vJmCRLEJ7SSsK/Gagfs4TgUk=
Subject key identifier: 38:61:42:53:89:19:66:52:BD:6A:E1:9D:8D:99:E9:1C:00:BC:91:9F
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019A4201C3F59979187F98F41A2FB1E276DD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OGFCU4kZZlK9auGdjZnpHAC8kZ8.roa
Signing time: Sun 02 Nov 2025 00:40:03 +0000
ROA not before: Sun 02 Nov 2025 00:40:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 37.46.20.0/22 maxlen: 24
64.188.112.0/22 maxlen: 24
77.239.100.0/22 maxlen: 24
77.239.112.0/22 maxlen: 24
144.31.8.0/23 maxlen: 24
144.31.11.0/24 maxlen: 24
144.31.12.0/24 maxlen: 24
144.31.13.0/24 maxlen: 24
144.31.14.0/24 maxlen: 24
144.31.15.0/24 maxlen: 24
144.31.28.0/24 maxlen: 24
144.31.29.0/24 maxlen: 24
144.31.32.0/19 maxlen: 19
144.31.91.0/24 maxlen: 24
144.31.96.0/20 maxlen: 24
144.31.112.0/20 maxlen: 24
144.31.128.0/21 maxlen: 24
144.31.144.0/20 maxlen: 24
144.31.202.0/23 maxlen: 24
144.31.206.0/23 maxlen: 24
144.31.224.0/19 maxlen: 24
150.241.64.0/19 maxlen: 24
150.241.124.0/24 maxlen: 24
185.229.222.0/24 maxlen: 24
193.23.192.0/22 maxlen: 24
193.23.204.0/22 maxlen: 22
193.23.212.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 03:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:42:01:c3:f5:99:79:18:7f:98:f4:1a:2f:b1:e2:76:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Nov 2 00:40:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3861425389196652bd6ae19d8d99e91c00bc919f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:cc:2e:d2:d9:27:8b:c3:e4:ce:f3:23:e0:28:
69:25:13:24:66:74:6d:71:46:f5:61:3e:9b:8d:07:
23:52:78:74:26:11:f1:7e:28:5e:6c:96:93:c9:7d:
ba:64:f7:01:77:bb:63:8b:fa:3a:1a:b3:fc:61:6a:
c9:28:fd:5f:ef:61:2a:7a:5d:de:1c:48:38:97:55:
c7:ea:a0:8b:1f:54:8c:89:be:e5:10:88:58:86:3e:
9c:da:2a:90:aa:22:fd:c6:d1:ff:3b:79:08:16:14:
e2:1f:c6:d7:31:3e:73:98:a9:d3:9d:c8:18:c2:3a:
e4:c4:58:c3:1c:97:e1:93:7a:8f:e3:0d:84:ff:70:
c1:2f:de:90:1b:8c:1a:1a:26:54:e8:58:53:6d:3b:
e0:d5:1f:1e:f9:10:37:55:c2:c0:ff:35:15:96:aa:
12:57:ff:48:a1:e0:bf:76:12:c5:57:a5:f2:b5:35:
29:29:48:a9:61:92:21:57:eb:87:70:9d:5c:10:4a:
30:6a:fd:fa:98:5c:28:86:e2:c5:39:57:a6:82:41:
01:35:68:d3:0f:ed:de:06:f4:34:f8:b2:8e:cd:04:
fd:24:38:db:c0:1d:45:99:73:85:3e:0b:20:69:ce:
e2:0d:46:c9:30:bc:95:a2:2e:6f:54:8f:73:00:22:
79:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:61:42:53:89:19:66:52:BD:6A:E1:9D:8D:99:E9:1C:00:BC:91:9F
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OGFCU4kZZlK9auGdjZnpHAC8kZ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.20.0/22
64.188.112.0/22
77.239.100.0/22
77.239.112.0/22
144.31.8.0/23
144.31.11.0-144.31.15.255
144.31.28.0/23
144.31.32.0/19
144.31.91.0/24
144.31.96.0-144.31.135.255
144.31.144.0/20
144.31.202.0/23
144.31.206.0/23
144.31.224.0/19
150.241.64.0/19
150.241.124.0/24
185.229.222.0/24
193.23.192.0/22
193.23.204.0/22
193.23.212.0/22
Signature Algorithm: sha256WithRSAEncryption
b9:d6:d7:a0:d8:9f:97:cd:50:3b:e5:bf:91:c7:84:31:e5:12:
5b:b3:64:52:69:d4:38:93:fd:91:fd:d0:8b:bd:62:5a:3e:50:
3e:29:d9:51:54:a5:c2:08:a0:af:db:7c:3c:ad:65:72:4c:c4:
a0:31:3e:99:12:69:b1:bc:d9:79:e0:38:45:65:d9:0a:92:91:
13:1c:eb:e0:fe:0a:cb:f0:73:90:02:8f:cb:43:bc:89:ff:34:
25:1b:7a:48:5a:01:32:c8:69:a7:3a:90:36:d4:2c:82:cd:8d:
2f:27:4d:35:8b:f2:7f:e1:fe:a5:21:9d:3a:a9:2a:9c:f2:92:
ae:94:90:3f:a9:85:e3:95:c6:25:e7:10:3a:e4:ae:dc:80:fe:
59:4d:a5:e0:dc:c7:37:33:03:39:0e:39:68:8c:af:3e:e2:08:
27:1b:b1:92:81:10:f5:d6:d8:b9:39:85:3f:4c:54:9c:fc:dd:
f8:0b:72:96:e8:b6:9b:02:6f:f1:25:9e:40:3a:85:b3:67:d6:
e6:ac:1b:9b:1e:ff:16:25:95:d7:c0:36:18:a0:99:63:f2:76:
5b:17:1e:1c:71:fc:5e:9a:f6:f8:77:19:90:7c:4a:1a:7f:1e:
66:22:09:f8:dd:ec:66:8b:88:1f:f8:7c:31:9b:15:b3:12:e0:
a8:67:04:3b
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZpCAcP1mXkYf5j0Gi+x4nbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMTAyMDA0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYxNDI1Mzg5MTk2NjUyYmQ2YWUxOWQ4ZDk5ZTkxYzAwYmM5MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8wu0tkni8PkzvMj4ChpJRMkZnRt
cUb1YT6bjQcjUnh0JhHxfihebJaTyX26ZPcBd7tji/o6GrP8YWrJKP1f72Eqel3e
HEg4l1XH6qCLH1SMib7lEIhYhj6c2iqQqiL9xtH/O3kIFhTiH8bXMT5zmKnTncgY
wjrkxFjDHJfhk3qP4w2E/3DBL96QG4waGiZU6FhTbTvg1R8e+RA3VcLA/zUVlqoS
V/9IoeC/dhLFV6XytTUpKUipYZIhV+uHcJ1cEEowav36mFwohuLFOVemgkEBNWjT
D+3eBvQ0+LKOzQT9JDjbwB1FmXOFPgsgac7iDUbJMLyVoi5vVI9zACJ5hQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFDhhQlOJGWZSvWrhnY2Z6RwAvJGfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvT0dGQ1U0a1pabEs5YXVHZGpabnBIQUM4a1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAIl
LhQDBAJAvHADBAJN72QDBAJN73ADBAGQHwgwDAMEAJAfCwMEBJAfAAMEAZAfHAME
BZAfIAMEAJAfWzAMAwQFkB9gAwQDkB+AAwQEkB+QAwQBkB/KAwQBkB/OAwQFkB/g
AwQFlvFAAwQAlvF8AwQAueXeAwQCwRfAAwQCwRfMAwQCwRfUMA0GCSqGSIb3DQEB
CwUAA4IBAQC51teg2J+XzVA75b+Rx4Qx5RJbs2RSadQ4k/2R/dCLvWJaPlA+KdlR
VKXCCKCv23w8rWVyTMSgMT6ZEmmxvNl54DhFZdkKkpETHOvg/grL8HOQAo/LQ7yJ
/zQlG3pIWgEyyGmnOpA21CyCzY0vJ001i/J/4f6lIZ06qSqc8pKulJA/qYXjlcYl
5xA65K7cgP5ZTaXg3Mc3MwM5DjlojK8+4ggnG7GSgRD11ti5OYU/TFSc/N34C3KW
6LabAm/xJZ5AOoWzZ9bmrBubHv8WJZXXwDYYoJlj8nZbFx4ccfxemvb4dxmQfEoa
fx5mIgn43exmi4gf+HwxmxWzEuCoZwQ7
-----END CERTIFICATE-----
Generated at Mon Nov 3 11:17:45 2025 by rpki-client