Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XoLDhIln85JWv0cMTN6Tp16RRDg.roa
File: XoLDhIln85JWv0cMTN6Tp16RRDg.roa (raw, json)
Hash identifier: Wrap0ukE+a0VmBeHMEpWAA00LVggZU1vz+qeJiA3vNE=
Subject key identifier: 5E:82:C3:84:89:67:F3:92:56:BF:47:0C:4C:DE:93:A7:5E:91:44:38
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01981F28D286EE15B17FA2089DC990C89B76
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XoLDhIln85JWv0cMTN6Tp16RRDg.roa
Signing time: Fri 18 Jul 2025 20:10:25 +0000
ROA not before: Fri 18 Jul 2025 20:10:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 62.76.236.0/24 maxlen: 24
62.76.237.0/24 maxlen: 24
193.124.17.0/24 maxlen: 24
194.58.56.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.87.51.0/24 maxlen: 24
194.87.233.0/24 maxlen: 24
194.87.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:1f:28:d2:86:ee:15:b1:7f:a2:08:9d:c9:90:c8:9b:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 18 20:10:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e82c3848967f39256bf470c4cde93a75e914438
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:84:86:05:47:64:f5:16:c1:b3:ad:1a:5d:da:
2d:2a:14:d7:e5:64:8b:b9:b7:7c:75:a1:e1:fb:5f:
cf:0b:6e:fb:ef:23:fd:94:27:e7:ab:e9:e5:d5:e4:
6e:a8:72:f8:49:47:88:56:3b:93:26:6e:b6:e7:6e:
fb:3e:f2:1c:5f:67:32:14:7e:4e:5c:1e:5f:2d:eb:
3f:5a:a9:50:9a:a0:cf:13:1c:a7:72:d2:21:8b:c6:
08:c6:ba:cb:1d:50:a3:ad:b0:d2:f4:8c:2e:e8:52:
7e:d0:90:dc:26:ef:f3:77:b0:d6:a5:96:6d:0d:63:
04:74:9b:7c:9b:3c:3a:80:33:a4:05:ff:cc:71:de:
6a:61:81:2a:33:99:cf:ea:06:4f:2c:d1:e3:94:60:
0b:31:ac:1a:06:b9:4c:c5:22:d7:dd:66:06:a2:59:
e1:99:a8:fb:06:ea:85:78:e0:9b:c4:34:68:dd:63:
49:f9:b9:19:92:a3:b6:ee:8c:5e:c4:cd:5b:4f:3b:
86:48:6e:24:8d:a3:a0:ca:17:ee:ea:0e:d4:bc:b7:
6e:86:41:4d:15:d1:99:39:e6:ad:e2:65:0b:0c:cf:
0e:e6:4b:d2:79:37:90:04:52:8e:41:3b:9b:7c:74:
05:22:db:7c:a5:92:bc:eb:a1:8d:ed:e9:5b:99:0d:
05:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:82:C3:84:89:67:F3:92:56:BF:47:0C:4C:DE:93:A7:5E:91:44:38
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XoLDhIln85JWv0cMTN6Tp16RRDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.236.0/23
193.124.17.0/24
194.58.56.0/24
194.58.154.0/23
194.87.51.0/24
194.87.233.0/24
194.87.255.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:b8:ac:73:3c:6a:13:5b:4e:2b:1f:65:d6:66:15:ac:2d:4d:
8e:c1:24:d9:4a:bf:0c:e9:2e:44:43:3e:1e:02:31:64:6f:96:
5a:61:90:e6:fc:a5:d4:ed:61:d9:6a:25:6b:f4:ce:0c:47:c1:
a0:c3:b5:2f:b3:bd:db:f9:44:97:c7:66:dc:2f:68:f6:77:b7:
af:be:d1:2f:c8:8e:2a:5e:c2:6e:c8:a8:1a:3b:3b:9c:38:77:
e8:3e:ec:3f:4b:75:24:e3:5f:f5:2c:7d:4b:10:46:dd:a7:b4:
31:f7:72:d4:40:b9:85:83:47:f0:ab:8e:b9:e8:4d:3e:85:f0:
6e:76:30:32:96:c9:75:22:de:2e:0e:03:77:fc:c7:2f:23:b8:
54:8e:a5:8a:ab:27:23:ad:12:6d:79:73:88:9e:74:2a:35:a2:
e9:b4:2d:ad:20:a4:7d:21:f5:bc:25:05:14:95:e6:5a:94:68:
b4:38:87:c4:f0:36:d6:4c:31:72:5c:31:f7:f9:4d:32:61:cf:
28:c8:2c:59:f2:98:10:74:97:15:37:af:2e:5f:59:9f:70:6b:
cf:68:d7:02:1e:be:7f:b7:55:a8:06:74:a9:1a:91:85:0d:75:
38:39:e6:d7:3c:3c:a8:60:f7:8d:9a:d1:48:0b:17:0b:04:8c:
cb:e6:86:01
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZgfKNKG7hWxf6IIncmQyJt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzE4MjAxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgyYzM4NDg5NjdmMzkyNTZiZjQ3MGM0Y2RlOTNhNzVlOTE0NDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYSGBUdk9RbBs60aXdotKhTX5WSL
ubd8daHh+1/PC2777yP9lCfnq+nl1eRuqHL4SUeIVjuTJm625277PvIcX2cyFH5O
XB5fLes/WqlQmqDPExynctIhi8YIxrrLHVCjrbDS9Iwu6FJ+0JDcJu/zd7DWpZZt
DWMEdJt8mzw6gDOkBf/Mcd5qYYEqM5nP6gZPLNHjlGALMawaBrlMxSLX3WYGolnh
maj7BuqFeOCbxDRo3WNJ+bkZkqO27oxexM1bTzuGSG4kjaOgyhfu6g7UvLduhkFN
FdGZOeat4mULDM8O5kvSeTeQBFKOQTubfHQFItt8pZK866GN7elbmQ0FtwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFF6Cw4SJZ/OSVr9HDEzek6dekUQ4MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWG9MRGhJbG44NUpXdjBjTVRONlRwMTZSUkRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBPkzsAwQA
wXwRAwQAwjo4AwQBwjqaAwQAwlczAwQAwlfpAwQAwlf/MA0GCSqGSIb3DQEBCwUA
A4IBAQBPuKxzPGoTW04rH2XWZhWsLU2OwSTZSr8M6S5EQz4eAjFkb5ZaYZDm/KXU
7WHZaiVr9M4MR8Ggw7Uvs73b+USXx2bcL2j2d7evvtEvyI4qXsJuyKgaOzucOHfo
Puw/S3Uk41/1LH1LEEbdp7Qx93LUQLmFg0fwq4656E0+hfBudjAylsl1It4uDgN3
/McvI7hUjqWKqycjrRJteXOInnQqNaLptC2tIKR9IfW8JQUUleZalGi0OIfE8DbW
TDFyXDH3+U0yYc8oyCxZ8pgQdJcVN68uX1mfcGvPaNcCHr5/t1WoBnSpGpGFDXU4
OebXPDyoYPeNmtFICxcLBIzL5oYB
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:55:27 2025 by rpki-client