Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/1lESD01m5gbJyA-braAOgm-nsxs.roa
File: 1lESD01m5gbJyA-braAOgm-nsxs.roa (raw, json)
Hash identifier: LKvU7E9DI8H+f3xZF2Ibb4ZAlOKiTpfnzxmAzY3Zmkw=
Subject key identifier: D6:51:12:0F:4D:66:E6:06:C9:C8:0F:9B:AD:A0:0E:82:6F:A7:B3:1B
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 019D236A8EA10B6D5B958A673D3A06FA698F
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/1lESD01m5gbJyA-braAOgm-nsxs.roa
Signing time: Wed 25 Mar 2026 05:14:39 +0000
ROA not before: Wed 25 Mar 2026 05:14:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200661
IP address blocks: 138.124.120.0/24 maxlen: 24
138.124.122.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 00:55:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:23:6a:8e:a1:0b:6d:5b:95:8a:67:3d:3a:06:fa:69:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Mar 25 05:14:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d651120f4d66e606c9c80f9bada00e826fa7b31b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:97:0f:9a:17:ac:f5:25:0e:2a:e9:ed:14:d1:
6e:a9:b6:46:17:16:21:40:81:ef:93:e7:53:c4:06:
9d:43:f9:0b:88:6c:98:46:f0:ff:25:c0:b9:05:cc:
2a:b6:60:dd:e5:b2:29:c3:3e:4f:23:05:b3:2b:dd:
0e:a2:66:5e:d8:4d:17:7b:c6:41:4f:bb:13:68:9e:
d6:a7:0d:36:c9:4b:bd:fb:8b:7d:83:d9:dc:e5:f8:
ed:64:a6:bf:db:93:60:ff:46:fc:f4:2c:54:84:18:
58:00:7a:3d:72:2d:8c:21:a4:db:08:17:d8:be:c8:
07:ff:6a:98:cd:35:c4:47:03:bd:81:ee:32:7f:1d:
df:4e:29:50:92:fe:f0:1e:12:9f:c7:4f:d2:d3:fd:
be:ce:78:99:92:2a:7e:82:a5:4f:27:33:64:6e:7a:
e2:e0:00:46:18:db:e0:eb:f6:56:d6:dd:c6:9f:18:
c7:8d:22:60:11:b7:e5:32:56:a8:f5:d3:ce:09:5c:
3e:82:6e:c3:fc:2e:bf:46:1a:cb:0c:0f:08:14:8f:
bd:18:26:4b:7b:c7:cd:71:f8:74:65:c6:ec:c3:95:
49:a0:67:df:61:50:7e:a2:f9:7d:b6:4d:5b:16:b1:
16:8d:6f:ef:c6:e6:ab:2f:0f:f1:1b:84:c5:e4:40:
8d:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:51:12:0F:4D:66:E6:06:C9:C8:0F:9B:AD:A0:0E:82:6F:A7:B3:1B
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/1lESD01m5gbJyA-braAOgm-nsxs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.120.0/24
138.124.122.0/24
Signature Algorithm: sha256WithRSAEncryption
53:21:7e:c6:af:0c:0c:aa:b1:73:0a:ce:db:6a:b7:eb:6b:da:
1c:39:2a:58:e0:40:b1:75:7c:37:58:64:f5:1b:60:de:8b:fc:
82:f8:e2:f9:2c:ac:22:fe:9c:ec:c4:cb:b0:a5:de:52:88:2f:
66:53:e8:d3:ab:f5:45:82:26:4a:54:b7:d5:17:c3:a1:e7:0d:
df:af:8a:8d:b9:5b:b3:97:28:8a:7b:74:d0:f1:79:a8:98:60:
7e:e0:cb:c3:99:a4:a2:d4:d3:7c:48:d1:95:93:d0:20:d2:be:
14:f1:3e:de:32:18:cf:65:e4:92:4c:be:ff:18:aa:f7:ea:7f:
75:88:87:9e:d9:e6:c3:f0:02:ba:70:52:32:e8:06:ba:a0:66:
28:07:25:51:15:fc:7d:eb:0a:7a:2d:0b:7e:3a:4e:e9:52:2f:
c9:bd:93:0f:d5:21:91:63:61:e5:08:36:be:b3:5c:90:df:af:
85:76:2d:7b:50:ef:b5:45:25:8d:87:36:82:88:87:a3:73:9d:
ba:dd:f2:07:ed:08:e4:54:19:37:45:e6:b8:21:a8:db:c8:e7:
29:44:21:3d:54:f0:09:98:6d:e6:d0:5c:cd:7d:e3:96:5b:d2:
95:c4:03:7a:77:5e:d2:96:86:ef:d2:2a:e2:f3:2f:83:a5:42:
8c:b8:ce:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0jao6hC21blYpnPToG+mmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMzI1MDUxNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjUxMTIwZjRkNjZlNjA2YzljODBmOWJhZGEwMGU4MjZmYTdiMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5cPmhes9SUOKuntFNFuqbZGFxYh
QIHvk+dTxAadQ/kLiGyYRvD/JcC5BcwqtmDd5bIpwz5PIwWzK90OomZe2E0Xe8ZB
T7sTaJ7Wpw02yUu9+4t9g9nc5fjtZKa/25Ng/0b89CxUhBhYAHo9ci2MIaTbCBfY
vsgH/2qYzTXERwO9ge4yfx3fTilQkv7wHhKfx0/S0/2+zniZkip+gqVPJzNkbnri
4ABGGNvg6/ZW1t3GnxjHjSJgEbflMlao9dPOCVw+gm7D/C6/RhrLDA8IFI+9GCZL
e8fNcfh0Zcbsw5VJoGffYVB+ovl9tk1bFrEWjW/vxuarLw/xG4TF5ECNywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNZREg9NZuYGycgPm62gDoJvp7MbMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvMWxFU0QwMW01Z2JKeUEtYnJhQU9nbS1uc3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAinx4AwQA
inx6MA0GCSqGSIb3DQEBCwUAA4IBAQBTIX7GrwwMqrFzCs7barfra9ocOSpY4ECx
dXw3WGT1G2Dei/yC+OL5LKwi/pzsxMuwpd5SiC9mU+jTq/VFgiZKVLfVF8Oh5w3f
r4qNuVuzlyiKe3TQ8XmomGB+4MvDmaSi1NN8SNGVk9Ag0r4U8T7eMhjPZeSSTL7/
GKr36n91iIee2ebD8AK6cFIy6Aa6oGYoByVRFfx96wp6LQt+Ok7pUi/JvZMP1SGR
Y2HlCDa+s1yQ36+Fdi17UO+1RSWNhzaCiIejc5263fIH7QjkVBk3Rea4IajbyOcp
RCE9VPAJmG3m0FzNfeOWW9KVxAN6d17Slobv0iri8y+DpUKMuM7f
-----END CERTIFICATE-----
Generated at Sat Mar 28 10:18:59 2026 by rpki-client