Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
File: AS396356.roa (raw, json)
Hash identifier: VXNg9GczDedrGxH8cS++mLbklLwCXTzQs3WbemtTLK4=
Subject key identifier: 2A:D3:35:FC:A4:A1:21:7F:9C:EC:FC:56:C2:08:90:FB:6A:E2:07:82
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 4E9DEB725D3CE6D31422FE837A5C896815621274
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
Signing time: Sat 09 May 2026 23:12:14 +0000
ROA not before: Sat 09 May 2026 23:07:14 +0000
ROA not after: Sat 08 May 2027 23:12:14 +0000
asID: 396356
IP address blocks: 2.58.29.0/24 maxlen: 24
2.58.30.0/24 maxlen: 24
2.58.31.0/24 maxlen: 24
2.58.174.0/24 maxlen: 24
5.181.133.0/24 maxlen: 24
5.252.76.0/24 maxlen: 24
5.253.200.0/24 maxlen: 24
5.253.201.0/24 maxlen: 24
5.253.203.0/24 maxlen: 24
45.81.2.0/24 maxlen: 24
45.89.251.0/24 maxlen: 24
45.89.252.0/24 maxlen: 24
45.137.31.0/24 maxlen: 24
45.137.156.0/24 maxlen: 24
45.139.181.0/24 maxlen: 24
109.106.2.0/24 maxlen: 24
130.185.125.0/24 maxlen: 24
179.61.167.0/24 maxlen: 24
179.61.175.0/24 maxlen: 24
179.61.178.0/24 maxlen: 24
179.61.179.0/24 maxlen: 24
179.61.218.0/24 maxlen: 24
179.61.233.0/24 maxlen: 24
181.41.204.0/24 maxlen: 24
181.41.208.0/24 maxlen: 24
181.41.218.0/24 maxlen: 24
181.214.56.0/24 maxlen: 24
181.214.59.0/24 maxlen: 24
181.214.70.0/24 maxlen: 24
181.214.86.0/24 maxlen: 24
181.214.102.0/24 maxlen: 24
181.214.196.0/24 maxlen: 24
181.214.226.0/24 maxlen: 24
181.215.92.0/24 maxlen: 24
181.215.120.0/24 maxlen: 24
181.215.125.0/24 maxlen: 24
181.215.146.0/24 maxlen: 24
181.215.153.0/24 maxlen: 24
181.215.155.0/24 maxlen: 24
181.215.156.0/24 maxlen: 24
181.215.169.0/24 maxlen: 24
181.215.172.0/24 maxlen: 24
181.215.195.0/24 maxlen: 24
185.34.43.0/24 maxlen: 24
185.142.24.0/24 maxlen: 24
185.143.229.0/24 maxlen: 24
185.151.59.0/24 maxlen: 24
185.158.100.0/24 maxlen: 24
185.158.101.0/24 maxlen: 24
185.158.102.0/24 maxlen: 24
185.158.103.0/24 maxlen: 24
185.158.134.0/24 maxlen: 24
191.96.44.0/24 maxlen: 24
191.96.45.0/24 maxlen: 24
191.96.46.0/24 maxlen: 24
191.96.47.0/24 maxlen: 24
191.96.107.0/24 maxlen: 24
191.96.122.0/24 maxlen: 24
191.96.174.0/24 maxlen: 24
191.101.4.0/24 maxlen: 24
191.101.99.0/24 maxlen: 24
191.101.119.0/24 maxlen: 24
191.101.154.0/24 maxlen: 24
191.101.160.0/24 maxlen: 24
191.101.216.0/24 maxlen: 24
191.101.255.0/24 maxlen: 24
213.109.171.0/24 maxlen: 24
2a0a:a700::/30 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 08:12:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:9d:eb:72:5d:3c:e6:d3:14:22:fe:83:7a:5c:89:68:15:62:12:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: May 9 23:07:14 2026 GMT
Not After : May 8 23:12:14 2027 GMT
Subject: CN=2AD335FCA4A1217F9CECFC56C20890FB6AE20782
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:1b:46:2a:e3:86:fa:86:2d:11:0a:76:1e:15:
70:a1:d6:5a:a9:e4:bf:84:b2:c5:23:c5:51:dd:13:
34:d8:ad:85:90:84:bd:c1:9e:a5:76:a1:73:dc:e7:
b8:ea:32:7b:b6:1e:49:65:4e:31:10:7e:43:2f:02:
78:06:8b:67:60:b5:56:d5:42:c3:91:c5:2f:f3:22:
93:3a:a2:9c:5c:d1:0a:17:96:e2:5e:96:5d:ff:e4:
b5:a3:d3:c3:f2:de:1c:31:76:6f:fc:ef:59:f2:99:
9f:85:d5:d7:f9:5e:8e:a0:f8:d6:3e:0d:44:de:0f:
0f:35:ed:0c:c3:d5:88:59:ba:e1:7c:4f:95:62:fc:
7f:8b:ba:f7:d0:5d:5b:aa:42:78:3d:69:bc:f7:2f:
3b:f3:07:4d:16:d9:37:10:46:61:26:4b:ef:8e:83:
6e:6e:96:cd:d9:d6:87:93:4a:28:3c:18:6c:3b:b8:
bc:0e:26:7a:f7:ae:70:2a:bc:41:67:db:08:4c:de:
4d:e2:c0:0a:89:85:5e:fd:75:da:8b:ff:11:5d:0f:
48:40:f2:b9:54:39:b2:79:10:b4:42:58:1f:70:7d:
1e:b9:da:f2:ac:72:6c:37:00:8d:f5:11:89:b5:59:
90:6e:7c:a1:35:a5:6e:38:42:4d:55:6e:09:de:e5:
20:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:D3:35:FC:A4:A1:21:7F:9C:EC:FC:56:C2:08:90:FB:6A:E2:07:82
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396356.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.29.0-2.58.31.255
2.58.174.0/24
5.181.133.0/24
5.252.76.0/24
5.253.200.0/23
5.253.203.0/24
45.81.2.0/24
45.89.251.0-45.89.252.255
45.137.31.0/24
45.137.156.0/24
45.139.181.0/24
109.106.2.0/24
130.185.125.0/24
179.61.167.0/24
179.61.175.0/24
179.61.178.0/23
179.61.218.0/24
179.61.233.0/24
181.41.204.0/24
181.41.208.0/24
181.41.218.0/24
181.214.56.0/24
181.214.59.0/24
181.214.70.0/24
181.214.86.0/24
181.214.102.0/24
181.214.196.0/24
181.214.226.0/24
181.215.92.0/24
181.215.120.0/24
181.215.125.0/24
181.215.146.0/24
181.215.153.0/24
181.215.155.0-181.215.156.255
181.215.169.0/24
181.215.172.0/24
181.215.195.0/24
185.34.43.0/24
185.142.24.0/24
185.143.229.0/24
185.151.59.0/24
185.158.100.0/22
185.158.134.0/24
191.96.44.0/22
191.96.107.0/24
191.96.122.0/24
191.96.174.0/24
191.101.4.0/24
191.101.99.0/24
191.101.119.0/24
191.101.154.0/24
191.101.160.0/24
191.101.216.0/24
191.101.255.0/24
213.109.171.0/24
IPv6:
2a0a:a700::/30
Signature Algorithm: sha256WithRSAEncryption
81:a2:88:a5:40:ad:e4:fd:67:70:35:97:01:18:90:12:ad:e3:
87:53:7d:93:67:49:90:0b:bc:12:1a:52:6e:d8:1e:be:b5:8a:
58:ee:72:32:3a:59:c9:ba:cd:b8:b2:10:d1:c8:ea:f0:d4:cb:
3a:b9:4c:9f:db:9d:e9:28:85:3a:71:9a:02:97:04:3c:da:c2:
b1:90:9f:54:6a:69:be:13:4e:c1:c8:8e:95:be:f5:b9:da:0d:
e9:32:6f:44:c8:3d:17:ff:17:10:19:0d:d5:6d:09:d7:b2:cc:
f8:5a:67:aa:85:e6:cf:ba:a7:1e:0f:fc:99:26:5c:35:85:fa:
84:03:c7:61:4a:7f:3f:07:be:14:92:2b:db:da:f5:58:e1:34:
31:ba:f2:42:cf:e7:55:bc:d6:38:89:02:ee:5c:8e:76:38:14:
ea:d7:5a:28:63:e5:83:a4:37:20:ce:fc:be:e1:5d:9f:13:54:
49:0a:97:1b:68:51:4b:e4:05:33:12:a7:c4:71:bb:e2:76:76:
28:5f:6a:4a:74:eb:a8:5f:63:dc:35:e1:2c:8c:af:c7:0c:61:
d1:68:b3:46:db:2a:5d:87:35:a0:3a:84:f8:2b:49:cc:0e:7a:
af:a3:f1:dc:98:8c:40:55:aa:a7:2c:52:07:67:dc:31:6c:73:
a4:16:62:ce
-----BEGIN CERTIFICATE-----
MIIGdTCCBV2gAwIBAgIUTp3rcl085tMUIv6DelyJaBViEnQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDkyMzA3MTRaFw0yNzA1MDgyMzEyMTRaMDMxMTAvBgNV
BAMTKDJBRDMzNUZDQTRBMTIxN0Y5Q0VDRkM1NkMyMDg5MEZCNkFFMjA3ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpG0Yq44b6hi0RCnYeFXCh1lqp
5L+EssUjxVHdEzTYrYWQhL3BnqV2oXPc57jqMnu2HkllTjEQfkMvAngGi2dgtVbV
QsORxS/zIpM6opxc0QoXluJell3/5LWj08Py3hwxdm/871nymZ+F1df5Xo6g+NY+
DUTeDw817QzD1YhZuuF8T5Vi/H+LuvfQXVuqQng9abz3LzvzB00W2TcQRmEmS++O
g25uls3Z1oeTSig8GGw7uLwOJnr3rnAqvEFn2whM3k3iwAqJhV79ddqL/xFdD0hA
8rlUObJ5ELRCWB9wfR652vKscmw3AI31EYm1WZBufKE1pW44Qk1Vbgne5SDdAgMB
AAGjggN/MIIDezAdBgNVHQ4EFgQUKtM1/KShIX+c7PxWwgiQ+2riB4IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIIBkgYIKwYBBQUHAQcBAf8EggGBMIIBfTCCAWoEAgAB
MIIBYjAMAwQAAjodAwQFAjoAAwQAAjquAwQABbWFAwQABfxMAwQBBf3IAwQABf3L
AwQALVECMAwDBAAtWfsDBAAtWfwDBAAtiR8DBAAtiZwDBAAti7UDBABtagIDBACC
uX0DBACzPacDBACzPa8DBAGzPbIDBACzPdoDBACzPekDBAC1KcwDBAC1KdADBAC1
KdoDBAC11jgDBAC11jsDBAC11kYDBAC11lYDBAC11mYDBAC11sQDBAC11uIDBAC1
11wDBAC113gDBAC1130DBAC115IDBAC115kwDAMEALXXmwMEALXXnAMEALXXqQME
ALXXrAMEALXXwwMEALkiKwMEALmOGAMEALmP5QMEALmXOwMEArmeZAMEALmehgME
Ar9gLAMEAL9gawMEAL9gegMEAL9grgMEAL9lBAMEAL9lYwMEAL9ldwMEAL9lmgME
AL9loAMEAL9l2AMEAL9l/wMEANVtqzANBAIAAjAHAwUCKgqnADANBgkqhkiG9w0B
AQsFAAOCAQEAgaKIpUCt5P1ncDWXARiQEq3jh1N9k2dJkAu8EhpSbtgevrWKWO5y
MjpZybrNuLIQ0cjq8NTLOrlMn9ud6SiFOnGaApcEPNrCsZCfVGppvhNOwciOlb71
udoN6TJvRMg9F/8XEBkN1W0J17LM+FpnqoXmz7qnHg/8mSZcNYX6hAPHYUp/Pwe+
FJIr29r1WOE0MbryQs/nVbzWOIkC7lyOdjgU6tdaKGPlg6Q3IM78vuFdnxNUSQqX
G2hRS+QFMxKnxHG74nZ2KF9qSnTrqF9j3DXhLIyvxwxh0WizRtsqXYc1oDqE+CtJ
zA56r6Px3JiMQFWqpyxSB2fcMWxzpBZizg==
-----END CERTIFICATE-----
Generated at Tue May 12 23:09:05 2026 by rpki-client