Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g_iYqNRowTTxiEFM7KxyIodrdN8.roa
File: g_iYqNRowTTxiEFM7KxyIodrdN8.roa (raw, json)
Hash identifier: QHUgb4Et5YotlsL3lcCNLa8bKqSQdvBj79Q4dPnBgRw=
Subject key identifier: 83:F8:98:A8:D4:68:C1:34:F1:88:41:4C:EC:AC:72:22:87:6B:74:DF
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 01991B2B44061F69FB23CFDCBC6D4EFF5373
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g_iYqNRowTTxiEFM7KxyIodrdN8.roa
Signing time: Fri 05 Sep 2025 18:37:24 +0000
ROA not before: Fri 05 Sep 2025 18:37:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.112.0/22 maxlen: 24
77.239.96.0/22 maxlen: 24
77.239.100.0/22 maxlen: 24
144.31.8.0/21 maxlen: 21
144.31.16.0/22 maxlen: 22
144.31.20.0/22 maxlen: 22
144.31.25.0/24 maxlen: 24
144.31.26.0/24 maxlen: 24
144.31.27.0/24 maxlen: 24
144.31.28.0/24 maxlen: 24
144.31.29.0/24 maxlen: 24
144.31.30.0/24 maxlen: 24
144.31.31.0/24 maxlen: 24
144.31.32.0/19 maxlen: 19
144.31.64.0/19 maxlen: 24
144.31.96.0/20 maxlen: 24
144.31.112.0/20 maxlen: 24
144.31.128.0/21 maxlen: 24
144.31.136.0/21 maxlen: 24
144.31.144.0/20 maxlen: 24
144.31.160.0/22 maxlen: 22
144.31.172.0/22 maxlen: 22
144.31.180.0/22 maxlen: 24
144.31.184.0/22 maxlen: 22
144.31.188.0/22 maxlen: 24
144.31.194.0/23 maxlen: 24
144.31.198.0/23 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.202.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.206.0/23 maxlen: 24
144.31.224.0/19 maxlen: 24
150.241.64.0/19 maxlen: 24
193.23.196.0/24 maxlen: 24
193.23.204.0/22 maxlen: 22
193.23.209.0/24 maxlen: 24
193.23.212.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 17:17:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:1b:2b:44:06:1f:69:fb:23:cf:dc:bc:6d:4e:ff:53:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Sep 5 18:37:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=83f898a8d468c134f188414cecac7222876b74df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:40:80:47:2e:dd:24:80:ee:d4:63:6a:46:59:
56:72:7b:c3:d6:46:47:96:cd:66:31:64:88:5b:20:
4c:8b:a8:68:b2:7e:d6:13:db:0e:aa:85:c7:f1:8d:
34:00:69:59:eb:ca:13:ba:7b:d0:57:38:22:40:6e:
f6:fd:5e:97:27:53:4e:41:21:e1:0a:54:40:86:fd:
33:3c:93:1d:96:e2:38:d1:85:cf:07:03:b8:c6:60:
32:1c:9c:60:e8:08:f3:7a:9f:11:29:59:49:7b:61:
97:49:b3:e1:42:44:dd:78:69:49:24:c3:78:f6:60:
45:d2:97:ac:09:a5:1c:ae:94:a3:c9:25:75:1b:93:
53:fe:ef:01:cc:7b:aa:39:30:f5:10:50:10:75:3d:
aa:7d:78:c4:55:e5:0f:13:de:0b:e6:4a:58:59:b9:
77:47:cd:d7:3e:81:02:43:54:66:83:eb:a9:c9:1e:
24:b1:03:ed:72:7f:c8:48:75:42:7b:13:e9:e1:27:
71:cc:5c:37:c6:20:16:ce:cc:19:b8:f9:c7:31:d3:
34:1a:72:f5:29:56:0a:a8:c9:00:98:20:7e:18:d7:
cc:38:b6:27:70:5c:e8:43:01:6e:42:3b:10:5b:e7:
4c:54:cf:4b:3e:87:96:fe:4d:6e:9a:aa:2a:d5:4e:
a9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:F8:98:A8:D4:68:C1:34:F1:88:41:4C:EC:AC:72:22:87:6B:74:DF
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g_iYqNRowTTxiEFM7KxyIodrdN8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.112.0/22
77.239.96.0/21
144.31.8.0-144.31.23.255
144.31.25.0-144.31.163.255
144.31.172.0/22
144.31.180.0-144.31.191.255
144.31.194.0/23
144.31.198.0-144.31.207.255
144.31.224.0/19
150.241.64.0/19
193.23.196.0/24
193.23.204.0/22
193.23.209.0/24
193.23.212.0/22
Signature Algorithm: sha256WithRSAEncryption
39:1f:32:a4:7e:fb:8c:b1:91:e2:39:fb:f8:db:e7:cd:a0:1c:
18:1e:92:86:06:06:22:a4:ff:81:dc:db:0f:90:87:4c:6c:ee:
b4:1b:bb:92:26:06:41:2c:08:1d:57:15:3d:40:71:a8:a7:a8:
cc:13:84:5f:ed:b5:68:b6:76:68:58:53:18:2e:29:e5:ff:17:
36:b2:f0:a0:72:e6:f0:e1:22:80:db:01:31:f5:e9:5b:1e:1c:
d4:4e:67:d0:c4:68:13:be:a3:d7:39:50:17:54:53:78:27:42:
af:2f:3c:83:c7:ab:72:46:3c:7d:6c:ce:49:e1:2b:22:81:51:
f3:72:f7:ba:2c:50:ac:8b:ce:e5:62:ad:55:97:63:66:cc:05:
2a:00:50:59:d3:bd:ca:15:bb:09:9d:61:7a:22:95:ee:eb:fa:
23:f7:59:e4:3a:fd:52:f9:a2:a1:8f:39:fd:7a:bb:24:79:68:
75:8b:67:24:00:d3:23:2b:9a:a4:4d:fe:10:0b:91:24:12:8c:
c2:db:b5:eb:a0:06:7d:5b:e4:b6:1f:03:5c:9c:83:21:18:1c:
e7:1c:4b:d0:24:4f:89:24:b2:ce:e5:ed:16:23:b9:b0:2d:f4:
9f:af:98:e9:6a:53:7f:98:f4:71:36:e5:39:9b:3b:30:a3:61:
39:bb:f6:a5
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZkbK0QGH2n7I8/cvG1O/1NzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTA1MTgzNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y4OThhOGQ0NjhjMTM0ZjE4ODQxNGNlY2FjNzIyMjg3NmI3NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkCARy7dJIDu1GNqRllWcnvD1kZH
ls1mMWSIWyBMi6hosn7WE9sOqoXH8Y00AGlZ68oTunvQVzgiQG72/V6XJ1NOQSHh
ClRAhv0zPJMdluI40YXPBwO4xmAyHJxg6Ajzep8RKVlJe2GXSbPhQkTdeGlJJMN4
9mBF0pesCaUcrpSjySV1G5NT/u8BzHuqOTD1EFAQdT2qfXjEVeUPE94L5kpYWbl3
R83XPoECQ1Rmg+upyR4ksQPtcn/ISHVCexPp4SdxzFw3xiAWzswZuPnHMdM0GnL1
KVYKqMkAmCB+GNfMOLYncFzoQwFuQjsQW+dMVM9LPoeW/k1umqoq1U6pdQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFIP4mKjUaME08YhBTOysciKHa3TfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZ19pWXFOUm93VFR4aUVGTTdLeHlJb2RyZE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAkC8cAME
A03vYDAMAwQDkB8IAwQDkB8QMAwDBACQHxkDBAKQH6ADBAKQH6wwDAMEApAftAME
BpAfgAMEAZAfwjAMAwQBkB/GAwQEkB/AAwQFkB/gAwQFlvFAAwQAwRfEAwQCwRfM
AwQAwRfRAwQCwRfUMA0GCSqGSIb3DQEBCwUAA4IBAQA5HzKkfvuMsZHiOfv42+fN
oBwYHpKGBgYipP+B3NsPkIdMbO60G7uSJgZBLAgdVxU9QHGop6jME4Rf7bVotnZo
WFMYLinl/xc2svCgcubw4SKA2wEx9elbHhzUTmfQxGgTvqPXOVAXVFN4J0KvLzyD
x6tyRjx9bM5J4SsigVHzcve6LFCsi87lYq1Vl2NmzAUqAFBZ073KFbsJnWF6IpXu
6/oj91nkOv1S+aKhjzn9erskeWh1i2ckANMjK5qkTf4QC5EkEozC27XroAZ9W+S2
HwNcnIMhGBznHEvQJE+JJLLO5e0WI7mwLfSfr5jpalN/mPRxNuU5mzswo2E5u/al
-----END CERTIFICATE-----
Generated at Fri Sep 5 22:00:08 2025 by rpki-client