Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XailEvYFLaSJBUUFcsMuV9KC0Ho.roa
File: XailEvYFLaSJBUUFcsMuV9KC0Ho.roa (raw, json)
Hash identifier: zBKrkU3GvPlukDYOrrcg0nRR97Ocd15i03GVldZmu0k=
Subject key identifier: 5D:A8:A5:12:F6:05:2D:A4:89:05:45:05:72:C3:2E:57:D2:82:D0:7A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0199BE18FA1CDC7C0AAC0365F56ABB9827DA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XailEvYFLaSJBUUFcsMuV9KC0Ho.roa
Signing time: Tue 07 Oct 2025 09:55:31 +0000
ROA not before: Tue 07 Oct 2025 09:55:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.95.2.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.33.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.245.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.27.0/24 maxlen: 24
91.92.248.0/21 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.37.0/24 maxlen: 32
93.123.109.0/24 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.68.0/24 maxlen: 24
94.156.177.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.37.40.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.59.28.0/23 maxlen: 24
194.169.175.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 07:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:be:18:fa:1c:dc:7c:0a:ac:03:65:f5:6a:bb:98:27:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 7 09:55:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5da8a512f6052da48905450572c32e57d282d07a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:7d:5b:c8:03:3d:52:71:8a:de:98:2e:83:73:
dd:44:2a:fc:03:0c:b2:81:40:cf:f9:1a:e4:93:29:
7c:5b:48:63:f2:35:5d:39:68:59:f0:ae:4e:80:7c:
e2:b6:25:9f:57:d3:3a:a2:2a:8c:72:c6:ca:95:f2:
02:99:f7:1b:64:96:fa:25:4f:d9:7a:4c:29:40:d4:
38:2e:b2:f9:39:5c:25:2a:97:77:95:97:44:f8:61:
f9:a3:fa:a9:b8:c9:e6:ae:49:96:4e:19:c7:11:9b:
5e:e9:95:2d:03:03:a9:da:15:3a:25:2d:61:40:57:
ce:4e:f9:cb:60:40:0f:7b:f1:3f:07:a4:2f:b2:3c:
be:a2:c8:6c:fd:97:8d:69:4f:b0:56:cd:bf:96:66:
ad:4f:23:bd:a4:19:19:04:5a:fd:48:a3:d6:f0:34:
02:01:83:1b:82:e2:f9:6f:47:46:a1:4b:09:2e:69:
80:5a:5a:7f:ee:87:16:8d:9a:20:ec:f3:87:1f:36:
2d:27:02:73:0d:05:5c:77:19:7a:b7:80:a4:90:64:
49:3e:27:d0:86:a2:e6:96:ac:57:34:06:25:c2:65:
2a:f1:a6:a6:d7:a9:8e:6b:f2:36:76:ac:18:68:43:
55:b2:22:f2:f8:1c:34:fc:9c:b4:7f:52:db:b6:7c:
26:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:A8:A5:12:F6:05:2D:A4:89:05:45:05:72:C3:2E:57:D2:82:D0:7A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XailEvYFLaSJBUUFcsMuV9KC0Ho.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.66.228.0/24
45.66.231.0/24
45.89.247.0/24
45.95.2.0/24
45.139.106.0/24
45.141.158.0/24
81.161.238.0/24
82.115.211.0/24
85.217.128.0/24
85.217.130.0/23
87.120.33.0/24
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.120.245.0/24
87.121.165.0/24
91.92.27.0/24
91.92.248.0/21
92.119.196.0/23
92.249.50.0/24
93.123.37.0/24
93.123.109.0/24
94.154.173.0/24
94.156.68.0/24
94.156.177.0/24
193.25.216.0/24
193.37.40.0/24
193.222.98.0/24
194.55.186.0/24
194.59.28.0/23
194.169.175.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
24:8d:e8:e1:63:24:c4:0d:19:25:cb:10:e9:6b:05:85:9a:24:
20:ad:fa:14:fc:f2:57:e5:21:f5:58:6e:95:fc:20:57:aa:d7:
55:3c:26:c0:cc:ff:ab:4f:8a:14:85:11:0d:ce:22:a9:33:c2:
36:ee:4b:f9:df:84:78:35:66:e2:a6:12:40:fb:0f:9d:80:01:
cd:87:ff:bf:6e:02:25:1e:1c:ba:3d:1b:48:85:c5:21:14:b5:
a5:ca:b2:fc:2b:5a:5b:54:02:bd:a5:85:e2:db:d2:29:21:77:
41:f1:f5:5d:33:a5:1c:30:be:d7:0d:62:74:fb:3e:de:52:27:
55:f3:66:35:80:4a:fa:70:8f:34:5b:8d:45:8a:55:99:cb:90:
b2:74:81:4b:b5:6a:16:b1:ee:69:3d:aa:f1:5a:b8:f5:b1:05:
c0:ee:1f:06:53:24:8b:0f:59:77:38:90:5c:84:31:8a:15:7b:
7f:10:98:e0:c3:f3:99:0b:e6:74:93:81:14:2c:48:99:74:c6:
b4:b9:b9:ce:7c:8b:9c:46:cd:18:b7:10:d3:6c:7a:ad:d6:c1:
19:b0:ba:85:41:41:cd:ae:fe:1d:44:72:7a:3e:91:e3:ec:4f:
8c:e1:b8:8f:e2:a1:94:9f:44:cf:1b:b5:61:81:9f:86:20:69:
4f:02:31:5e
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgISAZm+GPoc3HwKrANl9Wq7mCfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDA3MDk1NTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE4YTUxMmY2MDUyZGE0ODkwNTQ1MDU3MmMzMmU1N2QyODJkMDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn1byAM9UnGK3pgug3PdRCr8Awyy
gUDP+Rrkkyl8W0hj8jVdOWhZ8K5OgHzitiWfV9M6oiqMcsbKlfICmfcbZJb6JU/Z
ekwpQNQ4LrL5OVwlKpd3lZdE+GH5o/qpuMnmrkmWThnHEZte6ZUtAwOp2hU6JS1h
QFfOTvnLYEAPe/E/B6Qvsjy+oshs/ZeNaU+wVs2/lmatTyO9pBkZBFr9SKPW8DQC
AYMbguL5b0dGoUsJLmmAWlp/7ocWjZog7POHHzYtJwJzDQVcdxl6t4CkkGRJPifQ
hqLmlqxXNAYlwmUq8aam16mOa/I2dqwYaENVsiLy+Bw0/Jy0f1LbtnwmOQIDAQAB
o4ICzjCCAsowHQYDVR0OBBYEFF2opRL2BS2kiQVFBXLDLlfSgtB6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWGFpbEV2WUZMYVNKQlVVRmNzTXVWOUtDMEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHjBggrBgEFBQcBBwEB/wSB0zCB0DCBzQQCAAEwgcYDBAIF
/IQDBAAtQuQDBAAtQucDBAAtWfcDBAAtXwIDBAAti2oDBAAtjZ4DBABRoe4DBABS
c9MDBABV2YADBAFV2YIDBABXeCEDBABXeFcDBABXeH4DBABXeKYDBABXePUDBABX
eaUDBABbXBsDBANbXPgDBAFcd8QDBABc+TIDBABdeyUDBABde20DBABemq0DBABe
nEQDBABenLEDBADBGdgDBADBJSgDBADB3mIDBADCN7oDBAHCOxwDBADCqa8DBADU
cykwDQYJKoZIhvcNAQELBQADggEBACSN6OFjJMQNGSXLEOlrBYWaJCCt+hT88lfl
IfVYbpX8IFeq11U8JsDM/6tPihSFEQ3OIqkzwjbuS/nfhHg1ZuKmEkD7D52AAc2H
/79uAiUeHLo9G0iFxSEUtaXKsvwrWltUAr2lheLb0ikhd0Hx9V0zpRwwvtcNYnT7
Pt5SJ1XzZjWASvpwjzRbjUWKVZnLkLJ0gUu1ahax7mk9qvFauPWxBcDuHwZTJIsP
WXc4kFyEMYoVe38QmODD85kL5nSTgRQsSJl0xrS5uc58i5xGzRi3ENNseq3WwRmw
uoVBQc2u/h1Ecno+kePsT4zhuI/ioZSfRM8btWGBn4YgaU8CMV4=
-----END CERTIFICATE-----
Generated at Wed Oct 8 13:59:48 2025 by rpki-client