Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
File: AS396356.roa (raw, json)
Hash identifier: J9AxExQ0EHvLsfIfD4u4j7k1mSwoa3dsjB4EELNWmT4=
Subject key identifier: 9A:E8:9B:FA:F2:B3:37:05:9C:57:34:64:E2:1A:39:A9:22:27:41:21
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 1AFB9B3529B96D0D82A3C0A8ECD13F0CED77A605
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
Signing time: Tue 02 Sep 2025 08:57:53 +0000
ROA not before: Tue 02 Sep 2025 08:52:53 +0000
ROA not after: Tue 01 Sep 2026 08:57:53 +0000
asID: 396356
IP address blocks: 2.58.30.0/24 maxlen: 24
2.58.31.0/24 maxlen: 24
2.58.174.0/24 maxlen: 24
5.252.76.0/24 maxlen: 24
5.253.200.0/24 maxlen: 24
5.253.201.0/24 maxlen: 24
5.253.203.0/24 maxlen: 24
45.89.252.0/24 maxlen: 24
45.137.156.0/24 maxlen: 24
181.41.218.0/24 maxlen: 24
181.214.56.0/24 maxlen: 24
181.214.59.0/24 maxlen: 24
181.214.70.0/24 maxlen: 24
181.214.102.0/24 maxlen: 24
181.214.196.0/24 maxlen: 24
181.214.226.0/24 maxlen: 24
181.215.92.0/24 maxlen: 24
181.215.120.0/24 maxlen: 24
181.215.125.0/24 maxlen: 24
181.215.146.0/24 maxlen: 24
181.215.153.0/24 maxlen: 24
181.215.156.0/24 maxlen: 24
181.215.169.0/24 maxlen: 24
181.215.172.0/24 maxlen: 24
181.215.195.0/24 maxlen: 24
191.96.44.0/24 maxlen: 24
191.96.45.0/24 maxlen: 24
191.96.47.0/24 maxlen: 24
191.96.107.0/24 maxlen: 24
191.96.122.0/24 maxlen: 24
191.96.174.0/24 maxlen: 24
191.101.154.0/24 maxlen: 24
191.101.160.0/24 maxlen: 24
191.101.216.0/24 maxlen: 24
2a0a:a700::/30 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 10:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:fb:9b:35:29:b9:6d:0d:82:a3:c0:a8:ec:d1:3f:0c:ed:77:a6:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Sep 2 08:52:53 2025 GMT
Not After : Sep 1 08:57:53 2026 GMT
Subject: CN=9AE89BFAF2B337059C573464E21A39A922274121
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:0f:1a:41:86:97:5b:96:86:77:c1:09:81:18:
6d:81:4b:cf:c9:47:ac:dc:cb:a3:75:2c:cf:40:96:
76:13:db:86:51:35:c2:a3:75:06:91:10:3f:6e:76:
5e:34:08:87:6f:da:60:96:e9:45:27:94:cd:f1:81:
12:2a:5a:7f:ae:ff:d3:dd:f9:0e:62:9c:e4:fe:43:
7f:0e:71:e9:d0:77:7c:53:04:cb:88:8e:78:60:4d:
9c:3f:4e:8d:ae:e0:88:d0:1d:f9:4b:08:ce:1c:68:
6b:b9:a4:26:1c:fa:f7:4b:c9:f5:8b:82:91:55:28:
3a:3b:1c:70:8f:66:99:c3:4e:29:fe:49:44:fa:6b:
37:65:f6:fc:9c:28:bd:df:2c:8e:72:d7:4d:00:51:
ee:38:ae:4b:4b:0c:af:2c:12:fd:d5:1b:9d:85:ba:
c4:af:ce:8f:1c:e0:6a:96:df:a2:bf:a1:95:46:63:
a6:37:26:cc:73:5d:71:76:f0:34:f4:63:40:cb:1b:
7e:b0:e0:4a:d8:5b:c9:84:ef:cb:d0:af:fa:bc:2f:
79:fc:0f:e6:e5:64:7d:74:ac:20:ac:7b:86:57:46:
b7:11:50:8d:bb:12:86:c2:2a:2b:c9:a0:47:a5:8c:
84:d3:99:fa:2f:90:7c:c5:2d:98:26:c3:13:43:54:
23:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:E8:9B:FA:F2:B3:37:05:9C:57:34:64:E2:1A:39:A9:22:27:41:21
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.30.0/23
2.58.174.0/24
5.252.76.0/24
5.253.200.0/23
5.253.203.0/24
45.89.252.0/24
45.137.156.0/24
181.41.218.0/24
181.214.56.0/24
181.214.59.0/24
181.214.70.0/24
181.214.102.0/24
181.214.196.0/24
181.214.226.0/24
181.215.92.0/24
181.215.120.0/24
181.215.125.0/24
181.215.146.0/24
181.215.153.0/24
181.215.156.0/24
181.215.169.0/24
181.215.172.0/24
181.215.195.0/24
191.96.44.0/23
191.96.47.0/24
191.96.107.0/24
191.96.122.0/24
191.96.174.0/24
191.101.154.0/24
191.101.160.0/24
191.101.216.0/24
IPv6:
2a0a:a700::/30
Signature Algorithm: sha256WithRSAEncryption
2d:f4:d6:56:30:78:94:e5:09:65:ca:ac:49:43:4f:f5:42:81:
6f:a1:17:e6:99:26:d0:4f:5e:f3:4f:a3:28:f6:ff:22:38:6f:
11:bc:22:74:61:e6:a0:06:6c:1b:37:6f:8d:ed:f2:20:39:21:
3d:f8:99:0b:49:0f:a9:2e:45:2c:62:ae:93:9f:c4:6d:4a:01:
b9:79:98:f0:f0:02:40:4f:e0:b5:0f:18:18:c1:2c:49:c5:40:
87:5c:ad:9c:6b:7b:46:07:02:ea:d4:f9:79:6e:29:0d:32:c9:
5b:99:9d:00:52:0a:df:0e:b6:ce:6b:38:53:00:d4:28:4e:de:
00:6e:a8:82:24:56:d5:fe:b3:88:5c:97:6d:af:4a:48:bb:16:
d0:4b:b3:2f:b8:dd:2b:db:f5:27:8d:23:fc:7e:69:e1:11:83:
76:ae:89:4c:c0:36:6d:cb:5f:97:5a:3e:e7:b3:65:3a:a9:94:
cc:46:09:4b:3e:20:80:f6:a9:9e:8d:cd:a5:e7:de:9e:49:ba:
c1:8b:77:2d:c9:ff:0f:0e:9f:5e:9f:10:b6:82:48:cf:5d:d0:
01:58:d0:e3:a8:aa:c9:cf:83:12:96:b9:9a:f0:77:5b:0f:d7:
4c:b0:5f:28:fe:76:1a:bc:bf:b6:b6:ea:1b:76:a8:bc:8a:e5:
e9:5f:4b:c8
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgIUGvubNSm5bQ2Co8Co7NE/DO13pgUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDIwODUyNTNaFw0yNjA5MDEwODU3NTNaMDMxMTAvBgNV
BAMTKDlBRTg5QkZBRjJCMzM3MDU5QzU3MzQ2NEUyMUEzOUE5MjIyNzQxMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZDxpBhpdbloZ3wQmBGG2BS8/J
R6zcy6N1LM9AlnYT24ZRNcKjdQaRED9udl40CIdv2mCW6UUnlM3xgRIqWn+u/9Pd
+Q5inOT+Q38OcenQd3xTBMuIjnhgTZw/To2u4IjQHflLCM4caGu5pCYc+vdLyfWL
gpFVKDo7HHCPZpnDTin+SUT6azdl9vycKL3fLI5y100AUe44rktLDK8sEv3VG52F
usSvzo8c4GqW36K/oZVGY6Y3JsxzXXF28DT0Y0DLG36w4ErYW8mE78vQr/q8L3n8
D+blZH10rCCse4ZXRrcRUI27EobCKivJoEeljITTmfovkHzFLZgmwxNDVCNVAgMB
AAGjggLSMIICzjAdBgNVHQ4EFgQUmuib+vKzNwWcVzRk4ho5qSInQSEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIHmBggrBgEFBQcBBwEB/wSB1jCB0zCBwQQCAAEwgboD
BAECOh4DBAACOq4DBAAF/EwDBAEF/cgDBAAF/csDBAAtWfwDBAAtiZwDBAC1KdoD
BAC11jgDBAC11jsDBAC11kYDBAC11mYDBAC11sQDBAC11uIDBAC111wDBAC113gD
BAC1130DBAC115IDBAC115kDBAC115wDBAC116kDBAC116wDBAC118MDBAG/YCwD
BAC/YC8DBAC/YGsDBAC/YHoDBAC/YK4DBAC/ZZoDBAC/ZaADBAC/ZdgwDQQCAAIw
BwMFAioKpwAwDQYJKoZIhvcNAQELBQADggEBAC301lYweJTlCWXKrElDT/VCgW+h
F+aZJtBPXvNPoyj2/yI4bxG8InRh5qAGbBs3b43t8iA5IT34mQtJD6kuRSxirpOf
xG1KAbl5mPDwAkBP4LUPGBjBLEnFQIdcrZxre0YHAurU+XluKQ0yyVuZnQBSCt8O
ts5rOFMA1ChO3gBuqIIkVtX+s4hcl22vSki7FtBLsy+43Svb9SeNI/x+aeERg3au
iUzANm3LX5daPuezZTqplMxGCUs+IID2qZ6NzaXn3p5JusGLdy3J/w8On16fELaC
SM9d0AFY0OOoqsnPgxKWuZrwd1sP10ywXyj+dhq8v7a26ht2qLyK5elfS8g=
-----END CERTIFICATE-----
Generated at Fri Sep 5 12:08:49 2025 by rpki-client