Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/gNRTXqvX6_SOefWF3gs0Zjt3u6g.roa
File: gNRTXqvX6_SOefWF3gs0Zjt3u6g.roa (raw, json)
Hash identifier: toLN8jyYGEpflA8o2E1g113inHytd59XB0YwnsonQoc=
Subject key identifier: 80:D4:53:5E:AB:D7:EB:F4:8E:79:F5:85:DE:0B:34:66:3B:77:BB:A8
Certificate issuer: /CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
Certificate serial: 019DF37030D0FA8F8F5EF41B0F0109405C64
Authority key identifier: 5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/gNRTXqvX6_SOefWF3gs0Zjt3u6g.roa
Signing time: Mon 04 May 2026 14:41:49 +0000
ROA not before: Mon 04 May 2026 14:41:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214875
IP address blocks: 37.97.0.0/20 maxlen: 20
37.97.2.0/24 maxlen: 24
37.97.3.0/24 maxlen: 24
37.97.48.0/21 maxlen: 21
37.97.57.0/24 maxlen: 24
37.97.58.0/23 maxlen: 23
37.97.62.0/23 maxlen: 23
45.13.240.0/22 maxlen: 22
188.228.8.0/22 maxlen: 22
188.228.14.0/24 maxlen: 24
188.228.48.0/23 maxlen: 23
188.228.54.0/24 maxlen: 24
188.228.68.0/23 maxlen: 23
188.228.78.0/24 maxlen: 24
188.228.80.0/22 maxlen: 22
188.228.88.0/22 maxlen: 22
188.228.92.0/23 maxlen: 23
188.228.96.0/22 maxlen: 22
188.228.102.0/23 maxlen: 23
2a00:fd01::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.mft
rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f3:70:30:d0:fa:8f:8f:5e:f4:1b:0f:01:09:40:5c:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
Validity
Not Before: May 4 14:41:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=80d4535eabd7ebf48e79f585de0b34663b77bba8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:44:9a:07:07:7e:39:55:86:cb:d1:3a:d4:b0:
a0:5a:62:31:07:02:d4:6e:3b:d0:b0:85:6b:e6:eb:
8a:bc:19:98:8c:ab:64:fe:bb:9c:f6:02:d4:54:a9:
4e:f0:c5:90:80:f4:a3:7a:51:93:3a:b3:4f:a1:73:
23:ca:81:dd:93:6e:cf:15:04:b7:20:d9:5c:60:8b:
2a:7a:b3:68:d0:9f:f0:ba:f5:95:bd:94:60:75:b9:
17:6f:5a:9d:12:5e:0e:f8:fd:6f:ee:f6:e3:34:94:
78:e5:d4:41:98:0d:90:c1:a2:25:6d:8b:81:23:77:
2a:b3:ce:1e:d2:43:87:f3:e1:a9:ab:55:4c:65:0f:
7f:67:01:df:4b:77:d3:ca:01:d5:60:fd:db:b5:a5:
ae:f1:e9:64:b2:79:de:aa:c6:1d:13:33:e0:9a:b0:
7c:b9:41:7c:72:de:a0:4d:2d:83:12:80:31:96:30:
42:56:0c:8a:be:a5:43:2d:e1:45:10:ab:80:ca:93:
52:c3:3d:39:89:d3:1a:d9:7e:f9:55:94:c6:91:b3:
d1:e5:fe:4c:28:8a:a0:b0:02:03:68:f3:d3:5f:b1:
89:e7:56:7f:88:ae:24:a6:77:35:a7:59:d4:ca:4a:
ca:d6:83:ec:fa:bd:da:04:a0:1d:b9:01:2e:f0:4e:
da:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:D4:53:5E:AB:D7:EB:F4:8E:79:F5:85:DE:0B:34:66:3B:77:BB:A8
X509v3 Authority Key Identifier:
keyid:5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/gNRTXqvX6_SOefWF3gs0Zjt3u6g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.0.0/20
37.97.48.0/21
37.97.57.0-37.97.59.255
37.97.62.0/23
45.13.240.0/22
188.228.8.0/22
188.228.14.0/24
188.228.48.0/23
188.228.54.0/24
188.228.68.0/23
188.228.78.0/24
188.228.80.0/22
188.228.88.0-188.228.93.255
188.228.96.0/22
188.228.102.0/23
IPv6:
2a00:fd01::/32
Signature Algorithm: sha256WithRSAEncryption
0b:91:7c:5a:69:c6:fe:04:c7:ed:98:5e:ba:dd:69:ce:ce:2b:
0e:14:e0:3c:0f:4a:66:a8:7b:bb:ba:6a:4e:41:28:20:72:1d:
15:a3:da:06:03:3e:ed:41:66:86:c4:6b:7c:54:c0:90:48:c8:
28:bd:59:82:01:31:9d:40:9b:9f:8b:6e:e2:4b:77:59:38:5b:
ca:f1:43:7f:84:d0:3c:1c:30:a0:a4:10:98:1a:4d:24:83:9f:
24:aa:4f:5c:50:d9:a5:d4:9d:1d:25:8f:cb:e6:1f:a2:8a:a3:
64:5a:8a:1b:58:02:01:c7:63:77:d1:f0:3c:48:7d:24:21:d1:
fe:f8:5b:2c:34:5e:06:46:98:c0:66:98:3a:77:38:cf:c2:a1:
b0:ce:30:ee:00:04:02:67:b1:7e:db:03:e6:3f:49:06:2e:ba:
58:4d:ab:c4:41:ae:6f:10:8b:e1:39:8c:ff:cf:38:53:0c:f5:
50:d6:ae:64:e4:07:e7:8a:79:9e:36:5e:48:10:e7:3c:22:84:
9c:8b:6b:3c:c0:cc:15:cb:17:1b:7a:e6:6c:c4:84:24:18:48:
dc:a8:aa:80:a1:ad:b5:7b:07:ce:36:bc:d5:c1:fd:32:57:4f:
6a:61:ce:f0:2e:46:1a:a3:8c:4d:d4:fe:77:d8:35:75:01:51:
40:6e:c0:a5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZ3zcDDQ+o+PXvQbDwEJQFxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMTI5YjA0NjBjZjllZTA1MDBlZTg4MGEyY2ZhMWE1MjRl
NGRmMDAwHhcNMjYwNTA0MTQ0MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ0NTM1ZWFiZDdlYmY0OGU3OWY1ODVkZTBiMzQ2NjNiNzdiYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtESaBwd+OVWGy9E61LCgWmIxBwLU
bjvQsIVr5uuKvBmYjKtk/ruc9gLUVKlO8MWQgPSjelGTOrNPoXMjyoHdk27PFQS3
INlcYIsqerNo0J/wuvWVvZRgdbkXb1qdEl4O+P1v7vbjNJR45dRBmA2QwaIlbYuB
I3cqs84e0kOH8+Gpq1VMZQ9/ZwHfS3fTygHVYP3btaWu8elksnneqsYdEzPgmrB8
uUF8ct6gTS2DEoAxljBCVgyKvqVDLeFFEKuAypNSwz05idMa2X75VZTGkbPR5f5M
KIqgsAIDaPPTX7GJ51Z/iK4kpnc1p1nUykrK1oPs+r3aBKAduQEu8E7avQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFIDUU16r1+v0jnn1hd4LNGY7d7uoMB8GA1UdIwQY
MBaAFF0SmwRgz57gUA7ogKLPoaUk5N8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEt
YTg3N2RkNTFiYzQ5LzEvZ05SVFhxdlg2X1NPZWZXRjNnczBaanQzdTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEtYTg3N2RkNTFiYzQ5
LzEvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTBwBAIAATBqAwQEJWEA
AwQDJWEwMAwDBAAlYTkDBAIlYTgDBAElYT4DBAItDfADBAK85AgDBAC85A4DBAG8
5DADBAC85DYDBAG85EQDBAC85E4DBAK85FAwDAMEA7zkWAMEAbzkXAMEArzkYAME
AbzkZjANBAIAAjAHAwUAKgD9ATANBgkqhkiG9w0BAQsFAAOCAQEAC5F8WmnG/gTH
7Zheut1pzs4rDhTgPA9KZqh7u7pqTkEoIHIdFaPaBgM+7UFmhsRrfFTAkEjIKL1Z
ggExnUCbn4tu4kt3WThbyvFDf4TQPBwwoKQQmBpNJIOfJKpPXFDZpdSdHSWPy+Yf
ooqjZFqKG1gCAcdjd9HwPEh9JCHR/vhbLDReBkaYwGaYOnc4z8KhsM4w7gAEAmex
ftsD5j9JBi66WE2rxEGubxCL4TmM/884Uwz1UNauZOQH54p5njZeSBDnPCKEnItr
PMDMFcsXG3rmbMSEJBhI3KiqgKGttXsHzja81cH9MldPamHO8C5GGqOMTdT+d9g1
dQFRQG7ApQ==
-----END CERTIFICATE-----
Generated at Wed May 13 08:25:09 2026 by rpki-client