Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/998BRvNZPYVrxnHbItsKl1TaeJ8.roa
File: 998BRvNZPYVrxnHbItsKl1TaeJ8.roa (raw, json)
Hash identifier: oH21Z8NMgABZRMenmEcf/UJlynPSY9apgRAn3dvN5Zk=
Subject key identifier: F7:DF:01:46:F3:59:3D:85:6B:C6:71:DB:22:DB:0A:97:54:DA:78:9F
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0199F34BDC5F2B780343D9DF563EE3831A4F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/998BRvNZPYVrxnHbItsKl1TaeJ8.roa
Signing time: Fri 17 Oct 2025 17:50:59 +0000
ROA not before: Fri 17 Oct 2025 17:50:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.112.0/22 maxlen: 24
77.239.100.0/22 maxlen: 24
77.239.112.0/22 maxlen: 24
144.31.8.0/21 maxlen: 21
144.31.20.0/22 maxlen: 22
144.31.28.0/24 maxlen: 24
144.31.29.0/24 maxlen: 24
144.31.32.0/19 maxlen: 19
144.31.64.0/19 maxlen: 24
144.31.96.0/20 maxlen: 24
144.31.112.0/20 maxlen: 24
144.31.128.0/21 maxlen: 24
144.31.136.0/23 maxlen: 24
144.31.140.0/24 maxlen: 24
144.31.141.0/24 maxlen: 24
144.31.142.0/24 maxlen: 24
144.31.143.0/24 maxlen: 24
144.31.144.0/20 maxlen: 24
144.31.160.0/22 maxlen: 22
144.31.172.0/22 maxlen: 22
144.31.180.0/22 maxlen: 24
144.31.184.0/22 maxlen: 22
144.31.202.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.206.0/23 maxlen: 24
144.31.224.0/19 maxlen: 24
150.241.64.0/19 maxlen: 24
150.241.124.0/24 maxlen: 24
185.229.223.0/24 maxlen: 24
193.23.192.0/22 maxlen: 24
193.23.196.0/24 maxlen: 24
193.23.204.0/22 maxlen: 22
193.23.212.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f3:4b:dc:5f:2b:78:03:43:d9:df:56:3e:e3:83:1a:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Oct 17 17:50:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f7df0146f3593d856bc671db22db0a9754da789f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:ac:04:eb:9c:e1:fc:e2:4f:23:94:ba:61:75:
99:95:bc:3c:73:d3:b5:30:8d:d2:80:39:e2:9f:a3:
6d:1d:7a:20:ba:0f:cb:0c:de:20:99:0f:32:ab:02:
c6:72:70:0d:2c:e0:b4:21:d9:77:10:55:d5:62:96:
88:50:d2:fb:dd:22:6b:88:52:ec:54:15:99:d2:3c:
a4:b2:a1:da:32:89:2b:59:15:74:8b:56:5c:3c:42:
9c:38:79:32:d3:10:9f:a9:0b:e3:d4:bb:64:33:28:
7b:1d:dd:ff:c5:46:71:2a:40:a4:8a:8a:66:7d:4e:
ec:5a:20:ec:7d:1f:d6:57:ab:a0:82:8a:6d:be:bb:
4d:13:1e:0c:43:df:82:5f:42:56:57:e8:4f:8b:cc:
0b:2d:cb:94:6b:44:35:cf:3e:7d:aa:c9:c4:58:3f:
16:e6:53:b7:fc:c2:8d:91:9c:16:9e:69:af:e7:52:
4f:f4:57:19:10:5e:06:cf:35:d5:51:e6:29:8b:34:
03:a2:75:97:ff:b0:84:c3:7d:d4:b4:e7:b0:15:c7:
2d:73:be:34:0c:f9:54:06:e2:72:f2:ee:df:ed:9f:
76:27:a3:9f:e5:b0:21:3d:c6:25:5d:68:4b:3c:a3:
28:bb:87:df:f7:40:97:97:2d:74:e3:8b:cc:53:94:
12:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:DF:01:46:F3:59:3D:85:6B:C6:71:DB:22:DB:0A:97:54:DA:78:9F
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/998BRvNZPYVrxnHbItsKl1TaeJ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.112.0/22
77.239.100.0/22
77.239.112.0/22
144.31.8.0/21
144.31.20.0/22
144.31.28.0/23
144.31.32.0-144.31.137.255
144.31.140.0-144.31.163.255
144.31.172.0/22
144.31.180.0-144.31.187.255
144.31.202.0-144.31.207.255
144.31.224.0/19
150.241.64.0/19
150.241.124.0/24
185.229.223.0/24
193.23.192.0-193.23.196.255
193.23.204.0/22
193.23.212.0/22
Signature Algorithm: sha256WithRSAEncryption
1a:6a:e7:d8:0d:75:98:5e:28:7d:6c:52:21:58:10:93:c3:50:
44:4b:4e:28:c1:24:b9:b8:64:52:a6:df:44:bf:f6:b6:7b:35:
8d:39:fe:80:dc:64:cb:c3:90:cf:ce:a6:09:3a:f0:7f:2b:e1:
34:5e:d1:fe:20:29:1d:68:9e:16:78:7f:e1:f3:f0:e7:1e:33:
93:25:a4:33:de:27:86:28:1f:0c:00:67:8f:26:78:ab:bc:01:
6b:c7:19:47:95:e0:d9:49:8f:db:9c:70:f2:9f:8a:ff:53:8d:
36:13:83:2f:ef:15:05:5b:0b:35:5a:c9:7d:d1:4a:5e:90:b2:
ec:77:38:2d:63:4d:4e:28:a4:6e:6d:07:c8:81:ec:94:51:68:
54:ef:d9:53:a0:c3:3e:2a:8b:d1:2d:38:34:a9:c6:b2:e5:8b:
6a:d4:6e:f2:44:8d:5a:14:9d:da:82:df:52:58:44:ed:c7:f6:
0d:11:1d:77:40:e7:05:4b:2a:28:60:eb:87:0a:30:61:3d:9e:
33:b8:8a:c7:27:1b:af:ce:e4:f8:ab:a9:83:f0:c6:e2:cd:39:
d6:8d:58:ea:7e:39:02:e8:92:f0:11:43:5a:32:39:ab:8a:3b:
73:da:2d:1c:d9:cb:df:a1:66:e4:31:38:a9:3e:63:09:96:66:
a8:84:09:ca
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAZnzS9xfK3gDQ9nfVj7jgxpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDE3MTc1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RmMDE0NmYzNTkzZDg1NmJjNjcxZGIyMmRiMGE5NzU0ZGE3ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9qwE65zh/OJPI5S6YXWZlbw8c9O1
MI3SgDnin6NtHXogug/LDN4gmQ8yqwLGcnANLOC0Idl3EFXVYpaIUNL73SJriFLs
VBWZ0jyksqHaMokrWRV0i1ZcPEKcOHky0xCfqQvj1LtkMyh7Hd3/xUZxKkCkiopm
fU7sWiDsfR/WV6uggoptvrtNEx4MQ9+CX0JWV+hPi8wLLcuUa0Q1zz59qsnEWD8W
5lO3/MKNkZwWnmmv51JP9FcZEF4GzzXVUeYpizQDonWX/7CEw33UtOewFcctc740
DPlUBuJy8u7f7Z92J6Of5bAhPcYlXWhLPKMou4ff90CXly1044vMU5QSewIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFPffAUbzWT2Fa8Zx2yLbCpdU2nifMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOTk4QlJ2TlpQWVZyeG5IYkl0c0tsMVRhZUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQDBAJA
vHADBAJN72QDBAJN73ADBAOQHwgDBAKQHxQDBAGQHxwwDAMEBZAfIAMEAZAfiDAM
AwQCkB+MAwQCkB+gAwQCkB+sMAwDBAKQH7QDBAKQH7gwDAMEAZAfygMEBJAfwAME
BZAf4AMEBZbxQAMEAJbxfAMEALnl3zAMAwQGwRfAAwQAwRfEAwQCwRfMAwQCwRfU
MA0GCSqGSIb3DQEBCwUAA4IBAQAaaufYDXWYXih9bFIhWBCTw1BES04owSS5uGRS
pt9Ev/a2ezWNOf6A3GTLw5DPzqYJOvB/K+E0XtH+ICkdaJ4WeH/h8/DnHjOTJaQz
3ieGKB8MAGePJnirvAFrxxlHleDZSY/bnHDyn4r/U402E4Mv7xUFWws1Wsl90Upe
kLLsdzgtY01OKKRubQfIgeyUUWhU79lToMM+KovRLTg0qcay5Ytq1G7yRI1aFJ3a
gt9SWETtx/YNER13QOcFSyooYOuHCjBhPZ4zuIrHJxuvzuT4q6mD8MbizTnWjVjq
fjkC6JLwEUNaMjmrijtz2i0c2cvfoWbkMTipPmMJlmaohAnK
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:40:43 2025 by rpki-client