Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cXLvsHvbg46dXys6tsFGlStaivg.roa
File: cXLvsHvbg46dXys6tsFGlStaivg.roa (raw, json)
Hash identifier: xZAflEOGoHPXdRw1KqKL76cGPns+HOuukJvybKU+IFM=
Subject key identifier: 71:72:EF:B0:7B:DB:83:8E:9D:5F:2B:3A:B6:C1:46:95:2B:5A:8A:F8
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019E709D25B4112287AFC4044E32D9EB16EC
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cXLvsHvbg46dXys6tsFGlStaivg.roa
Signing time: Thu 28 May 2026 22:03:27 +0000
ROA not before: Thu 28 May 2026 22:03:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15830
IP address blocks: 137.31.38.0/24 maxlen: 24
137.31.39.0/24 maxlen: 24
137.31.40.0/24 maxlen: 24
137.31.41.0/24 maxlen: 24
137.31.42.0/24 maxlen: 24
137.31.51.0/24 maxlen: 24
159.254.25.0/24 maxlen: 24
159.254.26.0/24 maxlen: 24
159.254.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:70:9d:25:b4:11:22:87:af:c4:04:4e:32:d9:eb:16:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: May 28 22:03:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7172efb07bdb838e9d5f2b3ab6c146952b5a8af8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:40:69:5d:ed:45:fe:de:71:2d:d1:3a:a4:19:
7b:9c:e2:0c:9b:93:e7:a5:e2:f8:4e:04:aa:bb:9e:
be:64:e4:6a:88:52:56:a0:92:66:ef:f7:a7:a7:6e:
77:91:6d:1f:e5:2f:6a:02:95:1b:b9:56:e1:97:5c:
1c:ff:09:93:fc:60:ca:73:dd:d4:01:39:1a:dd:b6:
7e:4b:bc:3f:57:b6:70:8d:4a:0b:d5:4a:d7:cc:80:
5e:16:fc:54:6f:7e:a9:77:c3:7b:50:dc:1b:0f:df:
a3:fc:6c:60:0b:ea:9a:26:c9:99:f5:dc:19:a5:42:
0c:95:c3:d6:5e:0c:86:0c:bd:27:f3:6f:bc:12:af:
df:2f:3f:a1:d6:3b:9a:77:75:31:37:ed:85:1a:9a:
c5:09:de:c7:15:b4:a4:c2:47:6b:05:3c:f7:cb:aa:
ee:cb:2f:a3:75:f5:b8:89:2a:ac:95:2a:f4:5d:73:
60:77:e5:87:f5:57:fd:73:78:8a:82:cf:83:85:60:
49:79:06:0c:fa:a8:d6:08:cb:1f:84:d9:cc:86:6d:
a2:ee:6f:f5:04:57:7d:c7:0f:cc:cb:2d:a8:bc:3e:
dc:2b:72:b0:6a:83:d0:21:7b:1b:94:27:d6:dc:72:
2a:76:b6:c7:b6:03:86:4c:13:70:da:0b:52:64:af:
c0:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:72:EF:B0:7B:DB:83:8E:9D:5F:2B:3A:B6:C1:46:95:2B:5A:8A:F8
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cXLvsHvbg46dXys6tsFGlStaivg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.31.38.0-137.31.42.255
137.31.51.0/24
159.254.25.0-159.254.26.255
159.254.28.0/24
Signature Algorithm: sha256WithRSAEncryption
04:04:73:0d:e2:c0:02:00:a9:10:1b:e3:c4:51:67:bc:db:9b:
40:34:d4:cf:58:cb:dd:ef:e1:d5:d4:29:45:7e:bf:44:93:c3:
b6:bc:a5:3a:08:f6:84:89:11:99:d5:cc:b4:0a:86:a0:ee:33:
f5:84:30:d5:8d:cc:e8:81:2d:03:c4:c2:69:7a:a7:3e:12:b2:
ed:1b:a1:b1:7a:2f:56:85:b8:95:3b:92:05:bc:e9:9a:e3:5c:
44:13:ec:4c:07:b8:02:6c:33:49:d8:84:3e:6b:1f:15:e0:da:
04:24:b3:ac:fa:67:b1:3d:a1:75:40:8e:0d:c0:fa:36:44:a4:
0f:24:d0:c2:e5:c2:fc:51:4a:71:48:f0:a9:67:c3:73:61:89:
2e:b9:8a:b1:bd:7b:be:52:35:13:08:60:24:e9:4b:8d:64:bf:
6d:85:dd:2a:c2:3a:75:dc:38:0b:c8:fc:d0:91:dc:b9:6c:ce:
57:37:af:97:97:01:e6:dc:99:e0:28:59:c3:d6:dd:fd:85:1d:
57:de:80:6e:ab:a0:e0:02:77:82:19:80:f0:1b:73:b6:6f:0a:
6b:f2:26:db:d9:54:b2:1d:a1:1a:50:19:0e:ab:5e:e7:b7:a5:
59:87:18:55:ce:3b:fd:e4:3b:77:9e:cc:4e:06:ca:7a:0a:c1:
3f:51:8d:44
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ5wnSW0ESKHr8QETjLZ6xbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwNTI4MjIwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTcyZWZiMDdiZGI4MzhlOWQ1ZjJiM2FiNmMxNDY5NTJiNWE4YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUBpXe1F/t5xLdE6pBl7nOIMm5Pn
peL4TgSqu56+ZORqiFJWoJJm7/enp253kW0f5S9qApUbuVbhl1wc/wmT/GDKc93U
ATka3bZ+S7w/V7ZwjUoL1UrXzIBeFvxUb36pd8N7UNwbD9+j/GxgC+qaJsmZ9dwZ
pUIMlcPWXgyGDL0n82+8Eq/fLz+h1juad3UxN+2FGprFCd7HFbSkwkdrBTz3y6ru
yy+jdfW4iSqslSr0XXNgd+WH9Vf9c3iKgs+DhWBJeQYM+qjWCMsfhNnMhm2i7m/1
BFd9xw/Myy2ovD7cK3KwaoPQIXsblCfW3HIqdrbHtgOGTBNw2gtSZK/AkQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHFy77B724OOnV8rOrbBRpUrWor4MB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvY1hMdnNIdmJnNDZkWHlzNnRzRkdsU3RhaXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAGJHyYD
BACJHyoDBACJHzMwDAMEAJ/+GQMEAJ/+GgMEAJ/+HDANBgkqhkiG9w0BAQsFAAOC
AQEABARzDeLAAgCpEBvjxFFnvNubQDTUz1jL3e/h1dQpRX6/RJPDtrylOgj2hIkR
mdXMtAqGoO4z9YQw1Y3M6IEtA8TCaXqnPhKy7RuhsXovVoW4lTuSBbzpmuNcRBPs
TAe4AmwzSdiEPmsfFeDaBCSzrPpnsT2hdUCODcD6NkSkDyTQwuXC/FFKcUjwqWfD
c2GJLrmKsb17vlI1EwhgJOlLjWS/bYXdKsI6ddw4C8j80JHcuWzOVzevl5cB5tyZ
4ChZw9bd/YUdV96Abqug4AJ3ghmA8Btztm8Ka/Im29lUsh2hGlAZDqte57elWYcY
Vc47/eQ7d57MTgbKegrBP1GNRA==
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:38:08 2026 by rpki-client