Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/zXAq3vkN_gcHOS3Bhh3xlgW3vM4.roa
File: zXAq3vkN_gcHOS3Bhh3xlgW3vM4.roa (raw, json)
Hash identifier: Udoboc8aZE7E7SL94DHmtXVyLEipg3wZ7Pa2hKpsaLE=
Subject key identifier: CD:70:2A:DE:F9:0D:FE:07:07:39:2D:C1:86:1D:F1:96:05:B7:BC:CE
Certificate issuer: /CN=b2b5df65052ce94a37a8507947c527f0ccffa522
Certificate serial: 019A54DB81C59473A00194B1D210D9E53674
Authority key identifier: B2:B5:DF:65:05:2C:E9:4A:37:A8:50:79:47:C5:27:F0:CC:FF:A5:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/zXAq3vkN_gcHOS3Bhh3xlgW3vM4.roa
Signing time: Wed 05 Nov 2025 16:31:03 +0000
ROA not before: Wed 05 Nov 2025 16:31:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42498
IP address blocks: 91.192.168.0/22 maxlen: 22
91.192.168.0/24 maxlen: 24
91.192.169.0/24 maxlen: 24
91.192.170.0/24 maxlen: 24
91.192.171.0/24 maxlen: 24
178.213.200.0/21 maxlen: 21
178.213.200.0/24 maxlen: 24
178.213.201.0/24 maxlen: 24
178.213.202.0/24 maxlen: 24
178.213.203.0/24 maxlen: 24
178.213.204.0/24 maxlen: 24
178.213.205.0/24 maxlen: 24
178.213.206.0/24 maxlen: 24
178.213.207.0/24 maxlen: 24
185.232.136.0/22 maxlen: 22
185.232.136.0/24 maxlen: 24
185.232.137.0/24 maxlen: 24
185.232.138.0/24 maxlen: 24
185.232.139.0/24 maxlen: 24
185.251.220.0/22 maxlen: 22
185.251.220.0/24 maxlen: 24
185.251.221.0/24 maxlen: 24
185.251.222.0/24 maxlen: 24
185.251.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.mft
rsync://rpki.ripe.net/repository/DEFAULT/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 07:02:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:54:db:81:c5:94:73:a0:01:94:b1:d2:10:d9:e5:36:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2b5df65052ce94a37a8507947c527f0ccffa522
Validity
Not Before: Nov 5 16:31:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cd702adef90dfe0707392dc1861df19605b7bcce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:72:ce:fd:54:20:05:e7:9c:ff:ca:3c:03:1d:
b2:6a:e0:b5:a9:89:33:e6:bd:34:d5:ab:c6:1e:31:
c0:34:fa:4e:57:95:d7:cd:6a:5b:93:10:80:27:0e:
93:ce:5d:33:bb:69:00:b7:35:d8:77:03:df:0e:5d:
4a:5c:02:0d:7f:f3:e6:1f:b4:60:ba:5f:50:e8:5e:
24:b0:9e:dc:90:31:bd:82:65:18:b5:ba:4e:30:7f:
15:ea:09:57:62:f6:59:95:42:e3:35:e4:64:83:38:
34:bc:97:dd:62:cb:90:9e:c7:c3:d8:2c:42:4f:fb:
90:b3:f8:a3:e4:38:95:b9:da:b9:ba:63:d9:13:26:
92:85:98:47:9b:2d:23:a8:0f:e0:df:32:8b:dc:11:
75:ec:3f:2b:65:83:b3:40:42:31:99:6f:b8:4d:6a:
03:2f:69:09:71:62:73:18:fd:f8:c5:d1:26:f3:d9:
43:a4:57:cb:2f:ef:72:3b:6e:8f:49:29:04:8b:9d:
84:60:e7:ba:d0:4d:75:8f:5b:3c:12:58:60:4f:cf:
ad:0d:5b:1d:af:c0:ac:e8:8b:03:27:6c:40:38:ef:
30:8a:59:1a:f2:f7:25:67:3d:87:12:c3:94:0c:74:
46:49:a0:58:11:84:5a:cd:d4:34:03:84:12:36:00:
66:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:70:2A:DE:F9:0D:FE:07:07:39:2D:C1:86:1D:F1:96:05:B7:BC:CE
X509v3 Authority Key Identifier:
keyid:B2:B5:DF:65:05:2C:E9:4A:37:A8:50:79:47:C5:27:F0:CC:FF:A5:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/zXAq3vkN_gcHOS3Bhh3xlgW3vM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/66cbc2-bc7b-4759-8726-ed75c6fb1694/1/srXfZQUs6Uo3qFB5R8Un8Mz_pSI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.192.168.0/22
178.213.200.0/21
185.232.136.0/22
185.251.220.0/22
Signature Algorithm: sha256WithRSAEncryption
3a:41:1c:58:31:39:05:21:9a:59:d2:d4:af:4b:78:4c:e3:98:
19:ca:d3:ca:b5:74:69:94:6d:a1:e4:70:46:d5:58:41:cb:62:
d8:66:a1:20:0c:a8:ec:10:da:da:a4:43:d5:96:dc:ae:1e:c8:
aa:3d:93:7c:9f:98:db:34:11:ad:2d:69:75:22:f1:a0:1f:0c:
29:7b:cc:cf:b4:49:aa:18:55:67:c2:be:20:f5:97:bd:aa:6b:
68:23:ef:58:45:b4:d5:49:2a:a9:0d:c4:19:0c:fd:10:27:b4:
49:fb:ae:b6:82:76:8e:8f:7c:4e:02:19:e3:6c:f3:8f:85:a9:
a4:44:36:1c:d9:e1:e5:87:ed:7d:67:ff:f5:10:17:db:53:ec:
3e:a2:30:3a:b1:60:8a:9c:b5:60:56:2a:0c:d3:12:33:82:78:
7d:90:b6:55:75:d5:06:77:05:ad:b2:9a:8c:e1:25:bc:49:cf:
7a:30:8b:da:f1:74:bf:e2:6f:6e:14:b1:26:bc:7d:e6:7c:20:
d6:84:01:96:3a:71:b7:81:ec:ee:53:76:c8:99:3d:91:31:b5:
6d:52:7d:b4:25:55:2f:d9:f3:4c:16:45:ce:9f:14:c6:9c:95:
d8:6e:9e:b6:e4:c7:d0:f6:0e:fd:5a:97:eb:33:ea:27:2e:b3:
3f:b3:6f:74
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpU24HFlHOgAZSx0hDZ5TZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYjVkZjY1MDUyY2U5NGEzN2E4NTA3OTQ3YzUyN2YwY2Nm
ZmE1MjIwHhcNMjUxMTA1MTYzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDcwMmFkZWY5MGRmZTA3MDczOTJkYzE4NjFkZjE5NjA1YjdiY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3LO/VQgBeec/8o8Ax2yauC1qYkz
5r001avGHjHANPpOV5XXzWpbkxCAJw6Tzl0zu2kAtzXYdwPfDl1KXAINf/PmH7Rg
ul9Q6F4ksJ7ckDG9gmUYtbpOMH8V6glXYvZZlULjNeRkgzg0vJfdYsuQnsfD2CxC
T/uQs/ij5DiVudq5umPZEyaShZhHmy0jqA/g3zKL3BF17D8rZYOzQEIxmW+4TWoD
L2kJcWJzGP34xdEm89lDpFfLL+9yO26PSSkEi52EYOe60E11j1s8ElhgT8+tDVsd
r8Cs6IsDJ2xAOO8wilka8vclZz2HEsOUDHRGSaBYEYRazdQ0A4QSNgBmRQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM1wKt75Df4HBzktwYYd8ZYFt7zOMB8GA1UdIwQY
MBaAFLK132UFLOlKN6hQeUfFJ/DM/6UiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3JYZlpRVXM2VW8zcUZCNVI4VW44TXpfcFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82NmNiYzItYmM3Yi00NzU5LTg3MjYt
ZWQ3NWM2ZmIxNjk0LzEvelhBcTN2a05fZ2NIT1MzQmhoM3hsZ1czdk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82NmNiYzItYmM3Yi00NzU5LTg3MjYtZWQ3NWM2ZmIxNjk0
LzEvc3JYZlpRVXM2VW8zcUZCNVI4VW44TXpfcFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8CoAwQD
stXIAwQCueiIAwQCufvcMA0GCSqGSIb3DQEBCwUAA4IBAQA6QRxYMTkFIZpZ0tSv
S3hM45gZytPKtXRplG2h5HBG1VhBy2LYZqEgDKjsENrapEPVltyuHsiqPZN8n5jb
NBGtLWl1IvGgHwwpe8zPtEmqGFVnwr4g9Ze9qmtoI+9YRbTVSSqpDcQZDP0QJ7RJ
+662gnaOj3xOAhnjbPOPhamkRDYc2eHlh+19Z//1EBfbU+w+ojA6sWCKnLVgVioM
0xIzgnh9kLZVddUGdwWtspqM4SW8Sc96MIva8XS/4m9uFLEmvH3mfCDWhAGWOnG3
gezuU3bImT2RMbVtUn20JVUv2fNMFkXOnxTGnJXYbp625MfQ9g79WpfrM+onLrM/
s290
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:56:30 2025 by rpki-client