Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XeK0CZ13T3wtXBojjxpNhDhBvcs.roa
File: XeK0CZ13T3wtXBojjxpNhDhBvcs.roa (raw, json)
Hash identifier: x0vlqqPlTF70kEmtRSbNvFJ/mdBjM21Eu+Z28Tbo5Qk=
Subject key identifier: 5D:E2:B4:09:9D:77:4F:7C:2D:5C:1A:23:8F:1A:4D:84:38:41:BD:CB
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 0198DFC7B708801C530FFED82F28571F4485
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XeK0CZ13T3wtXBojjxpNhDhBvcs.roa
Signing time: Mon 25 Aug 2025 05:51:04 +0000
ROA not before: Mon 25 Aug 2025 05:51:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 53813
IP address blocks: 147.161.192.0/23 maxlen: 24
147.161.194.0/23 maxlen: 24
147.161.196.0/23 maxlen: 24
147.161.198.0/23 maxlen: 24
147.161.200.0/23 maxlen: 24
147.161.204.0/23 maxlen: 24
147.161.208.0/23 maxlen: 24
147.161.210.0/23 maxlen: 24
147.161.212.0/23 maxlen: 24
147.161.214.0/23 maxlen: 24
147.161.216.0/23 maxlen: 24
147.161.218.0/23 maxlen: 24
147.161.220.0/23 maxlen: 24
164.137.56.0/24 maxlen: 24
164.137.57.0/24 maxlen: 24
164.137.58.0/24 maxlen: 24
164.137.59.0/24 maxlen: 24
164.137.60.0/24 maxlen: 24
164.137.69.0/24 maxlen: 24
164.137.109.0/24 maxlen: 24
164.137.159.0/24 maxlen: 24
164.137.160.0/24 maxlen: 24
164.137.161.0/24 maxlen: 24
164.137.162.0/24 maxlen: 24
164.137.163.0/24 maxlen: 24
164.137.164.0/24 maxlen: 24
164.137.165.0/24 maxlen: 24
164.137.166.0/24 maxlen: 24
164.137.167.0/24 maxlen: 24
164.137.168.0/24 maxlen: 24
164.137.169.0/24 maxlen: 24
164.137.170.0/24 maxlen: 24
164.137.171.0/24 maxlen: 24
164.137.172.0/24 maxlen: 24
164.137.173.0/24 maxlen: 24
164.137.174.0/24 maxlen: 24
164.137.175.0/24 maxlen: 24
164.137.176.0/24 maxlen: 24
164.137.177.0/24 maxlen: 24
164.137.178.0/24 maxlen: 24
164.137.179.0/24 maxlen: 24
164.137.180.0/24 maxlen: 24
164.137.181.0/24 maxlen: 24
164.137.182.0/24 maxlen: 24
164.137.183.0/24 maxlen: 24
164.137.184.0/24 maxlen: 24
164.137.185.0/24 maxlen: 24
164.137.186.0/24 maxlen: 24
164.137.187.0/24 maxlen: 24
164.137.188.0/24 maxlen: 24
164.137.189.0/24 maxlen: 24
164.137.190.0/24 maxlen: 24
164.137.191.0/24 maxlen: 24
164.137.192.0/24 maxlen: 24
2a03:eec0:3211::/48 maxlen: 48
2a03:eec0:3223::/48 maxlen: 48
2a03:eec0:3224::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 20:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:df:c7:b7:08:80:1c:53:0f:fe:d8:2f:28:57:1f:44:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Aug 25 05:51:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5de2b4099d774f7c2d5c1a238f1a4d843841bdcb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:95:f6:0c:d9:54:f7:78:51:c0:60:8d:57:78:
8b:8d:76:5b:28:ff:1a:9c:9a:fd:92:18:fd:b3:70:
e9:72:bb:a5:c0:99:37:b9:5f:b5:c7:ac:f2:ff:ff:
fe:72:6a:7b:f1:c2:df:00:b6:0a:7c:79:63:fa:9c:
54:df:f0:09:26:bf:87:14:53:64:90:d1:c1:03:0c:
68:68:fe:47:65:af:67:5f:64:a2:e7:e5:f9:4b:61:
bb:77:13:e4:47:61:c3:97:f1:ee:6c:7f:57:e6:20:
d3:e0:cb:98:e6:82:43:fe:2a:4f:26:cc:55:cc:84:
8b:60:7b:a7:55:80:06:f8:c1:8a:e9:5a:b4:3d:9c:
9d:78:bb:da:38:7c:11:6a:a9:06:a5:a6:e8:83:df:
3e:e6:a2:8e:b0:24:50:a7:4c:e3:20:6f:8a:96:c6:
e3:bc:0c:36:9f:51:4f:00:54:e5:a8:b9:79:89:ac:
23:3d:65:27:67:5a:63:1c:51:c3:fa:27:22:63:c0:
ac:3c:6b:7e:cf:65:d7:f1:43:17:63:4c:1a:25:e7:
79:bb:71:e3:a4:e0:83:f7:76:0f:6f:89:ce:29:33:
e1:a7:c4:09:0d:54:6a:96:fa:84:3d:12:f9:d9:72:
a9:34:cc:1e:0f:72:4f:b3:f6:2c:9e:73:1b:a7:cb:
d1:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:E2:B4:09:9D:77:4F:7C:2D:5C:1A:23:8F:1A:4D:84:38:41:BD:CB
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/XeK0CZ13T3wtXBojjxpNhDhBvcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.192.0-147.161.201.255
147.161.204.0/23
147.161.208.0-147.161.221.255
164.137.56.0-164.137.60.255
164.137.69.0/24
164.137.109.0/24
164.137.159.0-164.137.192.255
IPv6:
2a03:eec0:3211::/48
2a03:eec0:3223::-2a03:eec0:3224:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
2a:05:59:40:78:16:26:0d:07:30:b0:70:c8:53:20:2e:2c:fd:
cd:8b:0c:9f:27:48:5c:93:7c:96:88:e9:e3:b0:79:3f:23:ca:
04:f0:c6:47:23:22:a2:4c:64:74:b8:9c:98:11:e7:dd:fc:98:
19:59:d4:6a:fa:28:71:3e:8c:a2:c9:b1:eb:0c:7b:2e:c1:19:
f8:36:d3:8f:b3:17:35:f3:4e:43:e4:8d:f7:36:03:2e:b5:52:
82:d3:96:6d:04:25:38:0c:9a:ac:9c:9d:37:c6:c0:c6:02:87:
0c:91:31:ab:7d:85:56:74:90:a7:17:c5:7f:3b:4b:26:9d:d1:
f6:7f:61:a4:1d:22:34:9f:53:60:cb:ae:da:c2:3e:58:9e:43:
25:66:4f:a0:82:b9:14:57:f5:47:49:41:e9:cd:92:75:83:9a:
be:f3:60:dc:75:44:18:69:23:d5:10:75:40:33:b6:ee:a7:e1:
43:de:f2:78:aa:b2:68:f4:88:89:b2:b0:a4:3b:69:22:35:a8:
b5:85:10:7f:ca:52:35:6c:82:b2:a4:02:cf:24:b0:67:9a:9a:
2e:a5:8a:6f:68:2a:ff:e9:d0:eb:aa:50:8b:dc:26:99:bd:c8:
94:01:49:10:bf:28:87:e7:78:1b:bb:b3:f5:df:ae:35:3f:3d:
59:1c:81:04
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAZjfx7cIgBxTD/7YLyhXH0SFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUwODI1MDU1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGUyYjQwOTlkNzc0ZjdjMmQ1YzFhMjM4ZjFhNGQ4NDM4NDFiZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZX2DNlU93hRwGCNV3iLjXZbKP8a
nJr9khj9s3DpcrulwJk3uV+1x6zy///+cmp78cLfALYKfHlj+pxU3/AJJr+HFFNk
kNHBAwxoaP5HZa9nX2Si5+X5S2G7dxPkR2HDl/HubH9X5iDT4MuY5oJD/ipPJsxV
zISLYHunVYAG+MGK6Vq0PZydeLvaOHwRaqkGpabog98+5qKOsCRQp0zjIG+Klsbj
vAw2n1FPAFTlqLl5iawjPWUnZ1pjHFHD+iciY8CsPGt+z2XX8UMXY0waJed5u3Hj
pOCD93YPb4nOKTPhp8QJDVRqlvqEPRL52XKpNMweD3JPs/YsnnMbp8vRLwIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFF3itAmdd098LVwaI48aTYQ4Qb3LMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvWGVLMENaMTNUM3d0WEJvamp4cE5oRGhCdmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwUAQCAAEwSjAMAwQGk6HA
AwQBk6HIAwQBk6HMMAwDBASTodADBAGTodwwDAMEA6SJOAMEAKSJPAMEAKSJRQME
AKSJbTAMAwQApImfAwQApInAMCMEAgACMB0DBwAqA+7AMhEwEgMHACoD7sAyIwMH
ACoD7sAyJDANBgkqhkiG9w0BAQsFAAOCAQEAKgVZQHgWJg0HMLBwyFMgLiz9zYsM
nydIXJN8lojp47B5PyPKBPDGRyMiokxkdLicmBHn3fyYGVnUavoocT6Mosmx6wx7
LsEZ+DbTj7MXNfNOQ+SN9zYDLrVSgtOWbQQlOAyarJydN8bAxgKHDJExq32FVnSQ
pxfFfztLJp3R9n9hpB0iNJ9TYMuu2sI+WJ5DJWZPoIK5FFf1R0lB6c2SdYOavvNg
3HVEGGkj1RB1QDO27qfhQ97yeKqyaPSIibKwpDtpIjWotYUQf8pSNWyCsqQCzySw
Z5qaLqWKb2gq/+nQ66pQi9wmmb3IlAFJEL8oh+d4G7uz9d+uNT89WRyBBA==
-----END CERTIFICATE-----
Generated at Sun Sep 7 03:27:55 2025 by rpki-client