Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/CPn7kuPgMKNn5b8hVVI_Z0CeOvU.roa
File: CPn7kuPgMKNn5b8hVVI_Z0CeOvU.roa (raw, json)
Hash identifier: 7mRryJiNLMo58v700Hn7pFQU6Pwy+1r0rYQZSAKixVw=
Subject key identifier: 08:F9:FB:92:E3:E0:30:A3:67:E5:BF:21:55:52:3F:67:40:9E:3A:F5
Certificate issuer: /CN=01c38a06a39b20b8da40009237d76acdd28e71a5
Certificate serial: 019D9AD7656E670EC56A7D251A9FB6D8756B
Authority key identifier: 01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/CPn7kuPgMKNn5b8hVVI_Z0CeOvU.roa
Signing time: Fri 17 Apr 2026 09:48:20 +0000
ROA not before: Fri 17 Apr 2026 09:48:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16839
IP address blocks: 37.98.232.0/21 maxlen: 24
37.98.232.0/22 maxlen: 24
37.98.232.0/23 maxlen: 23
37.98.232.0/24 maxlen: 24
37.98.233.0/24 maxlen: 24
37.98.234.0/23 maxlen: 23
37.98.234.0/24 maxlen: 24
37.98.235.0/24 maxlen: 24
37.98.236.0/22 maxlen: 24
37.98.236.0/23 maxlen: 23
37.98.236.0/24 maxlen: 24
37.98.237.0/24 maxlen: 24
37.98.238.0/23 maxlen: 23
37.98.238.0/24 maxlen: 24
37.98.239.0/24 maxlen: 24
136.242.128.0/17 maxlen: 17
138.12.128.0/17 maxlen: 17
138.12.128.0/24 maxlen: 24
148.139.0.0/16 maxlen: 16
148.139.0.0/24 maxlen: 24
148.139.1.0/24 maxlen: 24
148.139.2.0/24 maxlen: 24
148.139.3.0/24 maxlen: 24
148.139.4.0/22 maxlen: 24
148.139.8.0/22 maxlen: 24
148.139.12.0/22 maxlen: 24
148.139.16.0/22 maxlen: 24
148.139.28.0/24 maxlen: 24
148.139.29.0/24 maxlen: 24
148.139.30.0/24 maxlen: 24
148.139.32.0/20 maxlen: 24
148.139.48.0/20 maxlen: 24
148.139.64.0/20 maxlen: 24
148.139.80.0/20 maxlen: 24
148.139.96.0/22 maxlen: 24
148.139.100.0/22 maxlen: 24
148.139.104.0/24 maxlen: 24
148.139.105.0/24 maxlen: 24
148.139.108.0/22 maxlen: 24
148.139.112.0/22 maxlen: 24
148.139.116.0/22 maxlen: 24
148.139.120.0/22 maxlen: 24
148.139.124.0/24 maxlen: 24
148.139.125.0/24 maxlen: 24
148.139.128.0/22 maxlen: 24
148.139.132.0/22 maxlen: 24
148.139.136.0/22 maxlen: 24
148.139.140.0/24 maxlen: 24
148.139.141.0/24 maxlen: 24
148.139.142.0/24 maxlen: 24
148.139.143.0/24 maxlen: 24
148.139.144.0/22 maxlen: 24
148.139.144.0/24 maxlen: 24
148.139.148.0/22 maxlen: 24
148.139.152.0/22 maxlen: 24
148.139.156.0/22 maxlen: 24
148.139.160.0/20 maxlen: 24
148.139.176.0/20 maxlen: 24
148.139.192.0/24 maxlen: 24
148.139.193.0/24 maxlen: 24
148.139.194.0/24 maxlen: 24
148.139.195.0/24 maxlen: 24
148.139.196.0/22 maxlen: 24
148.139.200.0/22 maxlen: 24
148.139.214.0/24 maxlen: 24
148.139.215.0/24 maxlen: 24
148.139.224.0/22 maxlen: 24
148.139.228.0/22 maxlen: 24
148.139.232.0/22 maxlen: 24
148.139.236.0/22 maxlen: 24
148.139.240.0/22 maxlen: 24
148.139.244.0/22 maxlen: 24
148.139.248.0/22 maxlen: 24
148.139.252.0/22 maxlen: 24
157.5.128.0/17 maxlen: 17
157.70.0.0/17 maxlen: 17
163.120.128.0/17 maxlen: 17
165.171.0.0/17 maxlen: 17
2a04:37c0::/29 maxlen: 48
2a04:37c0:3110::/48 maxlen: 48
2a04:37c0:3120::/48 maxlen: 48
2a04:37c0:3510::/48 maxlen: 48
2a04:37c0:3520::/48 maxlen: 48
2a04:37c0:3910::/48 maxlen: 48
2a04:37c0:3920::/48 maxlen: 48
2a04:37c0:4110::/48 maxlen: 48
2a04:37c0:4120::/48 maxlen: 48
2a04:37c0:4410::/48 maxlen: 48
2a04:37c0:4420::/48 maxlen: 48
2a04:37c0:4430::/48 maxlen: 48
2a04:37c0:4910::/48 maxlen: 48
2a04:37c0:4920::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.mft
rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9a:d7:65:6e:67:0e:c5:6a:7d:25:1a:9f:b6:d8:75:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=01c38a06a39b20b8da40009237d76acdd28e71a5
Validity
Not Before: Apr 17 09:48:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=08f9fb92e3e030a367e5bf2155523f67409e3af5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:c8:4d:eb:aa:b9:21:fe:38:22:19:d9:e8:4f:
a7:c0:ad:cc:d1:54:da:3a:ac:e8:11:8b:14:ca:a0:
da:6e:d0:8f:c4:0d:3d:ba:e7:37:b6:df:ce:a0:0a:
15:69:92:19:84:61:6a:10:2a:5e:2d:b5:83:fa:73:
72:c1:6c:8f:e1:38:d2:1f:dd:5a:6e:96:29:78:73:
bf:cc:a8:e9:c2:61:e6:c1:8c:7f:ba:33:a0:0e:61:
17:1f:14:4d:16:9b:d7:c0:40:ab:82:28:2b:39:7e:
03:79:68:c4:ef:5d:8f:de:fa:e4:cd:41:17:6e:8f:
e9:29:92:7a:d0:1f:b5:2f:ef:5d:d5:3b:a4:44:cf:
b2:2b:76:2d:6a:b8:b3:05:68:8a:b4:2d:01:15:11:
54:f7:18:38:b3:fd:40:11:97:98:3f:85:8f:94:fe:
44:d0:2e:c1:58:69:81:a4:09:01:02:3e:42:98:89:
dc:6a:62:1d:b7:91:33:b2:4c:df:10:30:df:a7:3a:
4d:ee:33:3c:f1:8c:10:97:d7:b6:6b:ad:0e:f1:81:
14:96:ce:ef:00:55:cf:47:b7:7d:8e:0c:17:1c:42:
02:7b:2b:a8:80:9c:2f:09:9d:e2:c0:66:91:ad:c7:
aa:85:1f:d5:7d:0e:85:ec:98:eb:ee:30:d4:94:0f:
85:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:F9:FB:92:E3:E0:30:A3:67:E5:BF:21:55:52:3F:67:40:9E:3A:F5
X509v3 Authority Key Identifier:
keyid:01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/CPn7kuPgMKNn5b8hVVI_Z0CeOvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.232.0/21
136.242.128.0/17
138.12.128.0/17
148.139.0.0/16
157.5.128.0/17
157.70.0.0/17
163.120.128.0/17
165.171.0.0/17
IPv6:
2a04:37c0::/29
Signature Algorithm: sha256WithRSAEncryption
44:5d:10:45:86:f6:41:92:f0:e5:d5:ce:78:2a:b2:d8:89:be:
c6:62:8d:ce:2b:8b:34:dc:2b:27:49:ec:77:e5:f1:53:dc:15:
71:ca:7e:d5:d9:7d:85:75:1d:60:91:01:4f:d9:5b:72:fa:01:
10:a0:bb:4e:76:f2:e0:2d:24:96:fa:b5:8e:9b:ad:35:17:e1:
5f:63:13:38:80:81:46:2b:e8:7c:b7:bc:80:6e:ea:23:8e:03:
84:b1:fc:15:8e:78:93:72:52:ca:b9:17:fa:a0:98:b9:2e:b0:
d1:68:be:cc:5a:a7:be:57:f1:b1:d9:4b:10:b0:d4:ea:00:45:
a0:d1:71:6a:10:28:60:55:ce:87:e6:53:49:a3:d2:10:1d:dd:
5c:a9:a9:71:e7:01:77:6b:e3:b2:d7:e5:78:6b:6b:b0:e5:59:
82:ef:87:81:13:f3:7a:bf:3a:44:0a:b8:e1:1f:11:a3:8d:92:
93:2a:d2:e4:63:04:72:a8:a1:21:78:08:b9:21:38:89:7e:4a:
d9:97:f9:1c:f1:b6:8a:33:84:17:9e:82:a4:99:bf:8c:1c:40:
20:49:fd:89:6c:bb:e7:33:9b:22:51:a3:68:44:1d:a7:fe:63:
51:6e:b1:a0:9f:ca:64:4c:f4:7b:5f:7f:2f:8f:24:35:88:0b:
46:fb:dd:0e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ2a12VuZw7Fan0lGp+22HVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYzM4YTA2YTM5YjIwYjhkYTQwMDA5MjM3ZDc2YWNkZDI4
ZTcxYTUwHhcNMjYwNDE3MDk0ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGY5ZmI5MmUzZTAzMGEzNjdlNWJmMjE1NTUyM2Y2NzQwOWUzYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAschN66q5If44IhnZ6E+nwK3M0VTa
OqzoEYsUyqDabtCPxA09uuc3tt/OoAoVaZIZhGFqECpeLbWD+nNywWyP4TjSH91a
bpYpeHO/zKjpwmHmwYx/ujOgDmEXHxRNFpvXwECrgigrOX4DeWjE712P3vrkzUEX
bo/pKZJ60B+1L+9d1TukRM+yK3YtarizBWiKtC0BFRFU9xg4s/1AEZeYP4WPlP5E
0C7BWGmBpAkBAj5CmIncamIdt5EzskzfEDDfpzpN7jM88YwQl9e2a60O8YEUls7v
AFXPR7d9jgwXHEICeyuogJwvCZ3iwGaRrceqhR/VfQ6F7Jjr7jDUlA+FOQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFAj5+5Lj4DCjZ+W/IVVSP2dAnjr1MB8GA1UdIwQY
MBaAFAHDigajmyC42kAAkjfXas3SjnGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAt
YjI5ZjEwY2MwMzI4LzEvQ1BuN2t1UGdNS05uNWI4aFZWSV9aMENlT3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAtYjI5ZjEwY2MwMzI4
LzEvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjA1BAIAATAvAwQDJWLoAwQH
iPKAAwQHigyAAwMAlIsDBAedBYADBAedRgADBAejeIADBAelqwAwDQQCAAIwBwMF
AyoEN8AwDQYJKoZIhvcNAQELBQADggEBAERdEEWG9kGS8OXVzngqstiJvsZijc4r
izTcKydJ7Hfl8VPcFXHKftXZfYV1HWCRAU/ZW3L6ARCgu0528uAtJJb6tY6brTUX
4V9jEziAgUYr6Hy3vIBu6iOOA4Sx/BWOeJNyUsq5F/qgmLkusNFovsxap75X8bHZ
SxCw1OoARaDRcWoQKGBVzofmU0mj0hAd3VypqXHnAXdr47LX5Xhra7DlWYLvh4ET
83q/OkQKuOEfEaONkpMq0uRjBHKooSF4CLkhOIl+StmX+RzxtoozhBeegqSZv4wc
QCBJ/Ylsu+czmyJRo2hEHaf+Y1FusaCfymRM9Htffy+PJDWIC0b73Q4=
-----END CERTIFICATE-----
Generated at Sat Apr 18 00:57:39 2026 by rpki-client