Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XqDDBjzRqksOqaLkNJqWqkX_q5g.roa
File: XqDDBjzRqksOqaLkNJqWqkX_q5g.roa (raw, json)
Hash identifier: 1giyN8jwNm42lrK4gv4g6LsRanOMpVhR/vHcE0ewcvw=
Subject key identifier: 5E:A0:C3:06:3C:D1:AA:4B:0E:A9:A2:E4:34:9A:96:AA:45:FF:AB:98
Certificate issuer: /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial: 019A01D8498E5E74D91894ACC8D1F949DE09
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XqDDBjzRqksOqaLkNJqWqkX_q5g.roa
Signing time: Mon 20 Oct 2025 13:39:03 +0000
ROA not before: Mon 20 Oct 2025 13:39:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39326
IP address blocks: 37.235.54.0/24 maxlen: 24
37.235.55.0/24 maxlen: 24
151.236.19.0/24 maxlen: 24
188.190.5.0/24 maxlen: 24
2a03:f80:44::/48 maxlen: 48
2a03:f80:441::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 24 Oct 2025 23:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:01:d8:49:8e:5e:74:d9:18:94:ac:c8:d1:f9:49:de:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Validity
Not Before: Oct 20 13:39:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ea0c3063cd1aa4b0ea9a2e4349a96aa45ffab98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:e1:81:3e:9a:d9:70:ce:fd:10:a3:91:7e:2d:
c4:ec:86:f4:04:11:d6:dc:ff:bd:6d:ad:9c:fd:73:
8a:e3:15:f1:29:e3:bc:87:4d:de:a9:64:84:33:4e:
ac:bd:08:c0:48:98:19:91:fd:99:57:81:bd:8c:47:
45:5b:30:80:83:7d:6d:75:5b:af:fd:5e:22:cd:05:
b6:79:63:fd:03:08:08:23:dd:bc:7f:fa:94:0c:35:
a3:f0:0c:4d:e4:d1:e5:54:62:ec:b0:58:18:9e:a6:
bb:e8:be:1f:18:5a:33:88:0e:e6:69:e2:59:a8:d9:
0d:7c:59:52:6c:c4:36:97:9e:4d:d7:e5:7f:53:cf:
51:76:ab:59:0b:13:4f:0d:a9:a4:f6:6a:93:6d:76:
27:da:fd:83:38:3d:0c:55:db:a4:43:74:ac:3a:53:
25:fc:68:0e:47:36:75:ec:1b:9f:c3:1c:ca:24:ff:
8e:f8:8b:92:f0:b7:4a:76:19:2d:0c:12:05:06:f9:
94:cc:d7:ec:61:ac:a4:91:3c:3c:48:b0:f9:4f:80:
a9:3a:39:8c:6c:6a:27:15:ee:0c:a8:3e:51:cf:8d:
a2:3f:b3:bc:60:47:d6:b0:8a:1a:5d:7c:0d:dd:67:
0f:8c:32:12:00:9b:d6:64:62:c6:67:3f:b0:74:f3:
07:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:A0:C3:06:3C:D1:AA:4B:0E:A9:A2:E4:34:9A:96:AA:45:FF:AB:98
X509v3 Authority Key Identifier:
keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/XqDDBjzRqksOqaLkNJqWqkX_q5g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.54.0/23
151.236.19.0/24
188.190.5.0/24
IPv6:
2a03:f80:44::/48
2a03:f80:441::/48
Signature Algorithm: sha256WithRSAEncryption
6b:a3:69:64:9d:3c:aa:66:ff:ce:e2:45:f5:95:f8:73:1a:f7:
ee:04:42:26:3b:6f:b4:ba:1c:b3:9b:a2:eb:fb:62:96:18:f2:
f9:a1:8a:32:ae:7f:cb:f9:27:e9:4a:e0:3b:f9:61:6d:96:3f:
0c:34:ff:54:bb:41:32:45:2f:2a:6a:bb:50:82:99:a5:b9:20:
26:de:f9:ce:1d:46:94:dc:07:76:fc:26:d6:eb:91:e5:03:e2:
da:ad:9f:f4:87:fc:12:17:ab:86:54:6c:0f:e2:1d:ec:a8:d7:
5e:3b:72:89:fd:28:bb:35:8e:d5:a0:cf:ba:6e:35:91:dc:09:
3a:e5:75:76:4b:e0:ce:ac:bc:1c:f2:bc:fc:ef:53:bf:6f:27:
6f:d5:d1:bc:6d:9d:cb:21:ef:e7:cb:1e:71:38:97:4d:b2:29:
2d:c5:8a:61:d4:40:0c:58:c8:c4:6a:86:df:75:79:49:88:2b:
7c:16:bf:71:03:31:da:bc:b2:ae:97:e3:37:a0:07:f1:25:ea:
bd:82:e3:b8:4f:16:81:cb:99:e7:33:8e:aa:1d:23:75:34:7e:
60:bf:21:98:be:cd:e8:e7:a5:68:bf:db:ec:38:87:fe:29:ed:
f1:4a:9e:1c:a3:ae:06:e6:7c:22:4b:5c:3b:3c:6a:48:ef:93:
4b:b2:1a:36
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZoB2EmOXnTZGJSsyNH5Sd4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUxMDIwMTMzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWEwYzMwNjNjZDFhYTRiMGVhOWEyZTQzNDlhOTZhYTQ1ZmZhYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+GBPprZcM79EKORfi3E7Ib0BBHW
3P+9ba2c/XOK4xXxKeO8h03eqWSEM06svQjASJgZkf2ZV4G9jEdFWzCAg31tdVuv
/V4izQW2eWP9AwgII928f/qUDDWj8AxN5NHlVGLssFgYnqa76L4fGFoziA7maeJZ
qNkNfFlSbMQ2l55N1+V/U89RdqtZCxNPDamk9mqTbXYn2v2DOD0MVdukQ3SsOlMl
/GgORzZ17BufwxzKJP+O+IuS8LdKdhktDBIFBvmUzNfsYaykkTw8SLD5T4CpOjmM
bGonFe4MqD5Rz42iP7O8YEfWsIoaXXwN3WcPjDISAJvWZGLGZz+wdPMHBQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFF6gwwY80apLDqmi5DSalqpF/6uYMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvWHFEREJqelJxa3NPcWFMa05KcVdxa1hfcTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQBJes2AwQA
l+wTAwQAvL4FMBgEAgACMBIDBwAqAw+AAEQDBwAqAw+ABEEwDQYJKoZIhvcNAQEL
BQADggEBAGujaWSdPKpm/87iRfWV+HMa9+4EQiY7b7S6HLObouv7YpYY8vmhijKu
f8v5J+lK4Dv5YW2WPww0/1S7QTJFLypqu1CCmaW5ICbe+c4dRpTcB3b8JtbrkeUD
4tqtn/SH/BIXq4ZUbA/iHeyo1147con9KLs1jtWgz7puNZHcCTrldXZL4M6svBzy
vPzvU79vJ2/V0bxtncsh7+fLHnE4l02yKS3FimHUQAxYyMRqht91eUmIK3wWv3ED
Mdq8sq6X4zegB/El6r2C47hPFoHLmeczjqodI3U0fmC/IZi+zejnpWi/2+w4h/4p
7fFKnhyjrgbmfCJLXDs8akjvk0uyGjY=
-----END CERTIFICATE-----
Generated at Fri Oct 24 09:17:44 2025 by rpki-client