Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/XaMeeXQ5ysc8kABhh0l_VC0xvRQ.roa
File: XaMeeXQ5ysc8kABhh0l_VC0xvRQ.roa (raw, json)
Hash identifier: f1b46uPGTd/9X8UPdm3VptVXLZpHjki1wLcZZ1TfO/Q=
Subject key identifier: 5D:A3:1E:79:74:39:CA:C7:3C:90:00:61:87:49:7F:54:2D:31:BD:14
Certificate issuer: /CN=e57455b8a8b0576d6f94f7e014f6b34d5aa6c4d7
Certificate serial: 019ECF9B7AC929D6A1E3C8799C1F7DB671C3
Authority key identifier: E5:74:55:B8:A8:B0:57:6D:6F:94:F7:E0:14:F6:B3:4D:5A:A6:C4:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5XRVuKiwV21vlPfgFPazTVqmxNc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/XaMeeXQ5ysc8kABhh0l_VC0xvRQ.roa
Signing time: Tue 16 Jun 2026 08:45:33 +0000
ROA not before: Tue 16 Jun 2026 08:45:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201719
IP address blocks: 185.65.120.0/22 maxlen: 22
185.65.120.0/24 maxlen: 24
185.65.121.0/24 maxlen: 24
185.65.122.0/24 maxlen: 24
185.65.123.0/24 maxlen: 24
2a04:ff80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/5XRVuKiwV21vlPfgFPazTVqmxNc.crl
rsync://rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/5XRVuKiwV21vlPfgFPazTVqmxNc.mft
rsync://rpki.ripe.net/repository/DEFAULT/5XRVuKiwV21vlPfgFPazTVqmxNc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:cf:9b:7a:c9:29:d6:a1:e3:c8:79:9c:1f:7d:b6:71:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e57455b8a8b0576d6f94f7e014f6b34d5aa6c4d7
Validity
Not Before: Jun 16 08:45:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5da31e797439cac73c90006187497f542d31bd14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:96:3b:32:ed:b4:fe:b8:f7:22:27:fa:f0:1c:
52:1e:d9:f0:da:49:18:8d:16:3e:e8:1f:a9:ac:4a:
88:10:4d:a3:0a:20:3a:65:ca:9e:7d:e0:9b:d9:3e:
02:6a:6f:85:21:9f:16:21:2c:12:77:b6:f4:83:9b:
d2:35:bd:6f:81:13:80:6c:d1:ce:32:5f:54:af:2b:
c3:fd:b0:93:01:bf:10:0c:45:d3:10:74:6c:70:ce:
46:89:8b:a2:4a:d7:83:75:11:fb:c6:18:58:03:24:
c9:df:62:b5:a7:ed:3d:7d:82:8c:c2:f6:13:6f:9f:
8d:1e:f7:60:ce:21:a4:e1:f3:b6:8c:ca:a8:fe:05:
3d:30:1b:cd:8c:f9:cf:89:1f:b0:95:d0:63:05:7b:
50:8f:1d:0b:a4:69:d6:35:0f:95:c2:18:55:b0:34:
68:e9:74:6e:b6:4e:bf:35:bd:1b:c2:94:0f:8a:2c:
67:81:c3:de:e8:a4:0d:47:97:5a:02:18:6c:70:fb:
97:b9:93:38:e2:ab:3f:c4:df:56:ae:7c:76:ef:ed:
1a:5a:c3:7f:2a:0e:00:c1:a2:90:39:0e:28:a1:4c:
c8:5e:88:84:ec:dd:6f:80:9a:d1:8c:3a:bb:36:9a:
26:b6:a0:9e:f5:46:bd:50:6b:48:42:a4:18:c3:76:
e0:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:A3:1E:79:74:39:CA:C7:3C:90:00:61:87:49:7F:54:2D:31:BD:14
X509v3 Authority Key Identifier:
keyid:E5:74:55:B8:A8:B0:57:6D:6F:94:F7:E0:14:F6:B3:4D:5A:A6:C4:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5XRVuKiwV21vlPfgFPazTVqmxNc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/XaMeeXQ5ysc8kABhh0l_VC0xvRQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d498e3-0ea9-4314-9849-00233ae50b52/1/5XRVuKiwV21vlPfgFPazTVqmxNc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.120.0/22
IPv6:
2a04:ff80::/29
Signature Algorithm: sha256WithRSAEncryption
10:a2:c0:55:7b:a3:6f:6a:47:9d:24:8e:12:88:0c:19:2c:4a:
3f:ee:8c:ff:de:5a:61:cf:3a:ea:e9:e9:76:77:c7:dd:f3:bc:
df:ce:8b:65:00:02:fa:91:ae:da:1f:f4:9a:eb:fe:e1:57:2d:
ae:c5:cf:b4:65:0b:ca:c4:31:74:88:01:65:8a:9a:92:e5:fd:
85:b0:02:cb:b7:29:c6:e6:66:8d:e8:61:06:85:ee:18:9a:c0:
66:df:1a:33:b0:a4:10:ec:0b:d8:ac:90:46:dc:26:e6:b1:0a:
05:71:68:7c:d5:89:48:00:f8:5b:15:35:8f:a3:f2:66:4c:79:
c3:bd:05:42:d9:c0:b2:f6:8d:d5:74:d7:71:97:bb:df:d2:70:
cf:40:ef:41:b5:88:e8:9c:95:11:6a:02:4f:f4:36:20:7b:ad:
f6:0f:bb:5c:32:dd:bd:45:45:4d:83:58:1f:4c:a8:bc:61:53:
a5:1d:3f:cc:72:1d:ba:9a:29:92:e3:de:45:63:d3:0b:40:fe:
1d:37:70:e3:a6:36:a6:33:9e:72:b8:f8:dc:e5:cd:dc:70:1d:
25:0f:37:fb:5f:0e:d5:6a:9e:86:c4:cb:eb:84:20:0c:23:e6:
7b:ce:db:cf:68:48:3a:94:43:7f:25:d6:4b:c4:df:3b:12:51:
70:73:57:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7Pm3rJKdah48h5nB99tnHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzQ1NWI4YThiMDU3NmQ2Zjk0ZjdlMDE0ZjZiMzRkNWFh
NmM0ZDcwHhcNMjYwNjE2MDg0NTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGEzMWU3OTc0MzljYWM3M2M5MDAwNjE4NzQ5N2Y1NDJkMzFiZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJY7Mu20/rj3Iif68BxSHtnw2kkY
jRY+6B+prEqIEE2jCiA6ZcqefeCb2T4Cam+FIZ8WISwSd7b0g5vSNb1vgROAbNHO
Ml9UryvD/bCTAb8QDEXTEHRscM5GiYuiSteDdRH7xhhYAyTJ32K1p+09fYKMwvYT
b5+NHvdgziGk4fO2jMqo/gU9MBvNjPnPiR+wldBjBXtQjx0LpGnWNQ+VwhhVsDRo
6XRutk6/Nb0bwpQPiixngcPe6KQNR5daAhhscPuXuZM44qs/xN9Wrnx27+0aWsN/
Kg4AwaKQOQ4ooUzIXoiE7N1vgJrRjDq7NpomtqCe9Ua9UGtIQqQYw3bgawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF2jHnl0OcrHPJAAYYdJf1QtMb0UMB8GA1UdIwQY
MBaAFOV0VbiosFdtb5T34BT2s01apsTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhSVnVLaXdWMjF2bFBmZ0ZQYXpUVnFteE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kNDk4ZTMtMGVhOS00MzE0LTk4NDkt
MDAyMzNhZTUwYjUyLzEvWGFNZWVYUTV5c2M4a0FCaGgwbF9WQzB4dlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kNDk4ZTMtMGVhOS00MzE0LTk4NDktMDAyMzNhZTUwYjUy
LzEvNVhSVnVLaXdWMjF2bFBmZ0ZQYXpUVnFteE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUF4MA0E
AgACMAcDBQMqBP+AMA0GCSqGSIb3DQEBCwUAA4IBAQAQosBVe6NvakedJI4SiAwZ
LEo/7oz/3lphzzrq6el2d8fd87zfzotlAAL6ka7aH/Sa6/7hVy2uxc+0ZQvKxDF0
iAFlipqS5f2FsALLtynG5maN6GEGhe4YmsBm3xozsKQQ7AvYrJBG3CbmsQoFcWh8
1YlIAPhbFTWPo/JmTHnDvQVC2cCy9o3VdNdxl7vf0nDPQO9BtYjonJURagJP9DYg
e632D7tcMt29RUVNg1gfTKi8YVOlHT/Mch26mimS495FY9MLQP4dN3DjpjamM55y
uPjc5c3ccB0lDzf7Xw7Vap6GxMvrhCAMI+Z7ztvPaEg6lEN/JdZLxN87ElFwc1eC
-----END CERTIFICATE-----
Generated at Mon Jun 29 10:35:34 2026 by rpki-client