Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dXkjdfAO_p_lK1gO8RD77TSm3sw.roa
File: dXkjdfAO_p_lK1gO8RD77TSm3sw.roa (raw, json)
Hash identifier: Q8I5BEU39HHH+FZbSvF7yNnqC9Mc3NQjTkHLFmtM2lo=
Subject key identifier: 75:79:23:75:F0:0E:FE:9F:E5:2B:58:0E:F1:10:FB:ED:34:A6:DE:CC
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0198D37D0CC26E667DA789E794A219FC75C8
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dXkjdfAO_p_lK1gO8RD77TSm3sw.roa
Signing time: Fri 22 Aug 2025 20:34:04 +0000
ROA not before: Fri 22 Aug 2025 20:34:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.112.0/22 maxlen: 24
77.239.112.0/22 maxlen: 24
77.239.116.0/22 maxlen: 24
77.239.124.0/24 maxlen: 24
144.31.0.0/18 maxlen: 24
144.31.64.0/19 maxlen: 24
144.31.96.0/20 maxlen: 24
144.31.112.0/20 maxlen: 24
144.31.128.0/21 maxlen: 24
144.31.136.0/21 maxlen: 24
144.31.144.0/20 maxlen: 24
144.31.164.0/22 maxlen: 24
144.31.168.0/22 maxlen: 24
144.31.176.0/22 maxlen: 24
144.31.180.0/22 maxlen: 24
144.31.188.0/22 maxlen: 24
144.31.192.0/23 maxlen: 24
144.31.194.0/23 maxlen: 24
144.31.198.0/23 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.202.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.206.0/23 maxlen: 24
144.31.213.0/24 maxlen: 24
144.31.214.0/24 maxlen: 24
144.31.215.0/24 maxlen: 24
144.31.216.0/24 maxlen: 24
144.31.217.0/24 maxlen: 24
144.31.218.0/24 maxlen: 24
144.31.219.0/24 maxlen: 24
144.31.220.0/24 maxlen: 24
144.31.221.0/24 maxlen: 24
144.31.222.0/24 maxlen: 24
144.31.223.0/24 maxlen: 24
144.31.224.0/19 maxlen: 24
150.241.64.0/19 maxlen: 24
150.241.96.0/22 maxlen: 24
193.23.196.0/24 maxlen: 24
193.23.204.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d3:7d:0c:c2:6e:66:7d:a7:89:e7:94:a2:19:fc:75:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 22 20:34:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=75792375f00efe9fe52b580ef110fbed34a6decc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:22:ee:04:05:e2:03:30:c0:01:4f:9c:63:c6:
e6:6c:4e:21:87:f3:45:d3:ab:0a:87:43:51:26:e6:
e6:fe:cf:1e:f2:87:45:d2:de:96:76:7c:90:4b:67:
fa:88:87:3b:f2:2b:d9:35:44:ec:eb:ba:10:44:e0:
be:52:44:f8:aa:6e:89:be:46:65:24:4f:6e:28:40:
95:bd:0d:a3:26:0d:42:d2:8b:3a:23:db:a3:e6:eb:
cb:5d:90:3c:52:8e:b7:ed:88:ca:a1:88:b8:a7:20:
b6:a6:41:49:ee:62:b6:e1:f3:6a:d0:78:c0:c4:1e:
52:dd:e1:c7:27:b0:05:af:dc:f8:17:23:e7:c1:a5:
8a:e0:31:c2:03:99:ed:9d:03:ad:f4:50:77:5b:3d:
73:c4:e9:44:89:87:f5:8d:f7:ea:9b:c9:f8:3b:38:
ff:2e:cf:b1:1f:bd:26:4a:18:64:8a:34:6f:76:30:
8c:eb:b8:60:d6:64:b5:d6:0d:fb:ed:04:78:d3:43:
91:54:70:b4:34:56:e9:e5:1f:65:6e:f9:22:82:7d:
4c:51:a3:d0:97:84:d0:c8:3d:b6:b0:5e:f1:1b:67:
8e:39:ab:fe:5a:23:37:e1:a0:a1:15:ec:59:e4:42:
03:4a:0d:fa:37:07:60:21:22:f3:34:04:f0:e4:5a:
14:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:79:23:75:F0:0E:FE:9F:E5:2B:58:0E:F1:10:FB:ED:34:A6:DE:CC
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dXkjdfAO_p_lK1gO8RD77TSm3sw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.112.0/22
77.239.112.0/21
77.239.124.0/24
144.31.0.0-144.31.159.255
144.31.164.0-144.31.171.255
144.31.176.0/21
144.31.188.0-144.31.195.255
144.31.198.0-144.31.207.255
144.31.213.0-144.31.255.255
150.241.64.0-150.241.99.255
193.23.196.0/24
193.23.204.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:17:fd:ef:91:e4:a9:34:09:48:af:6b:87:a1:08:91:7d:df:
fa:ad:c3:2e:f2:a6:24:ff:d7:a4:4b:5b:9c:6b:94:b3:49:f7:
d5:8d:f9:a8:bb:84:6f:4a:cb:15:fc:5f:5f:1f:c6:f0:56:ab:
27:52:d2:12:59:2b:e2:bf:3e:af:8f:b2:59:93:18:ca:45:79:
14:8a:86:a4:df:13:cc:13:7b:80:18:ce:a0:57:01:f9:95:a4:
b9:c8:92:2a:cd:d3:c4:c8:f3:c8:3e:ba:a6:b4:78:7b:b7:e9:
f4:eb:97:63:6e:6c:b0:65:76:83:c7:eb:63:bc:bf:9e:c2:32:
bc:85:17:53:16:00:65:e9:e6:6c:82:4d:7d:f6:1e:e0:87:03:
f1:a9:ec:4b:08:45:f9:ce:9f:98:a4:dd:50:7e:9f:7c:d1:85:
20:0b:f2:a2:39:f4:94:b5:8c:52:a7:b0:79:86:85:a3:5f:b8:
a7:ed:50:bf:6c:98:09:33:9e:e9:3a:a5:7d:88:a5:d6:0f:e4:
16:26:a2:6b:a3:7b:21:07:0b:6e:41:68:0a:f0:fc:b8:73:df:
35:52:a6:56:78:20:b8:95:bd:10:32:93:98:40:f6:af:2c:d4:
3f:f4:30:8f:f3:e5:76:c1:a0:06:03:d0:cc:71:62:07:38:ec:
3f:06:6c:6e
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZjTfQzCbmZ9p4nnlKIZ/HXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODIyMjAzNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTc5MjM3NWYwMGVmZTlmZTUyYjU4MGVmMTEwZmJlZDM0YTZkZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyLuBAXiAzDAAU+cY8bmbE4hh/NF
06sKh0NRJubm/s8e8odF0t6WdnyQS2f6iIc78ivZNUTs67oQROC+UkT4qm6JvkZl
JE9uKECVvQ2jJg1C0os6I9uj5uvLXZA8Uo637YjKoYi4pyC2pkFJ7mK24fNq0HjA
xB5S3eHHJ7AFr9z4FyPnwaWK4DHCA5ntnQOt9FB3Wz1zxOlEiYf1jffqm8n4Ozj/
Ls+xH70mShhkijRvdjCM67hg1mS11g377QR400ORVHC0NFbp5R9lbvkign1MUaPQ
l4TQyD22sF7xG2eOOav+WiM34aChFexZ5EIDSg36NwdgISLzNATw5FoUtwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFHV5I3XwDv6f5StYDvEQ++00pt7MMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZFhramRmQU9fcF9sSzFnTzhSRDc3VFNtM3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAJAvHAD
BANN73ADBABN73wwCwMDAJAfAwQFkB+AMAwDBAKQH6QDBAKQH6gDBAOQH7AwDAME
ApAfvAMEApAfwDAMAwQBkB/GAwQEkB/AMAsDBACQH9UDAwWQADAMAwQGlvFAAwQC
lvFgAwQAwRfEAwQCwRfMMA0GCSqGSIb3DQEBCwUAA4IBAQAuF/3vkeSpNAlIr2uH
oQiRfd/6rcMu8qYk/9ekS1uca5SzSffVjfmou4RvSssV/F9fH8bwVqsnUtISWSvi
vz6vj7JZkxjKRXkUioak3xPME3uAGM6gVwH5laS5yJIqzdPEyPPIPrqmtHh7t+n0
65djbmywZXaDx+tjvL+ewjK8hRdTFgBl6eZsgk199h7ghwPxqexLCEX5zp+YpN1Q
fp980YUgC/KiOfSUtYxSp7B5hoWjX7in7VC/bJgJM57pOqV9iKXWD+QWJqJro3sh
BwtuQWgK8Py4c981UqZWeCC4lb0QMpOYQPavLNQ/9DCP8+V2waAGA9DMcWIHOOw/
Bmxu
-----END CERTIFICATE-----
Generated at Sun Aug 24 00:28:57 2025 by rpki-client