Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/xe5Lcg3JTJHR_eWIXGRcFm9VxKM.roa
File: xe5Lcg3JTJHR_eWIXGRcFm9VxKM.roa (raw, json)
Hash identifier: 125ShwFH043Mwx/YVzTZ+aTSmLm1FUB4/5PjVBfP5So=
Subject key identifier: C5:EE:4B:72:0D:C9:4C:91:D1:FD:E5:88:5C:64:5C:16:6F:55:C4:A3
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 019E5DBD22A3CACEF0E9F8F5F52DC7EFC50D
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/xe5Lcg3JTJHR_eWIXGRcFm9VxKM.roa
Signing time: Mon 25 May 2026 06:05:36 +0000
ROA not before: Mon 25 May 2026 06:05:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 24589
IP address blocks: 31.42.80.0/20 maxlen: 20
83.243.88.0/21 maxlen: 21
84.38.136.0/21 maxlen: 21
87.99.64.0/19 maxlen: 19
87.99.64.0/24 maxlen: 24
87.99.65.0/24 maxlen: 24
87.99.66.0/24 maxlen: 24
87.99.67.0/24 maxlen: 24
87.99.95.0/24 maxlen: 24
88.135.128.0/20 maxlen: 20
88.135.144.0/21 maxlen: 21
88.135.156.0/22 maxlen: 22
91.90.224.0/19 maxlen: 29
91.90.225.0/24 maxlen: 24
91.90.230.0/24 maxlen: 24
91.90.231.0/24 maxlen: 24
91.90.236.0/24 maxlen: 24
91.90.237.0/25 maxlen: 25
91.90.238.0/24 maxlen: 24
91.90.252.64/29 maxlen: 29
91.90.255.0/24 maxlen: 24
91.233.214.0/23 maxlen: 23
109.197.208.0/21 maxlen: 21
109.197.208.0/24 maxlen: 24
109.229.192.0/20 maxlen: 20
109.229.208.0/21 maxlen: 21
171.25.218.0/23 maxlen: 23
176.103.176.0/22 maxlen: 22
176.103.184.0/24 maxlen: 24
176.106.48.0/20 maxlen: 20
176.106.100.0/23 maxlen: 23
176.106.160.0/20 maxlen: 20
176.106.176.0/21 maxlen: 21
185.47.10.0/24 maxlen: 24
185.47.11.0/24 maxlen: 24
185.220.198.0/24 maxlen: 24
193.111.244.0/22 maxlen: 22
193.238.212.0/22 maxlen: 22
193.238.212.128/25 maxlen: 25
193.238.216.0/21 maxlen: 21
194.9.212.0/22 maxlen: 22
194.9.212.0/24 maxlen: 24
195.69.88.0/22 maxlen: 22
213.110.64.0/23 maxlen: 23
213.110.76.0/22 maxlen: 22
213.110.80.0/20 maxlen: 20
2a01:8ca0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 13:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:5d:bd:22:a3:ca:ce:f0:e9:f8:f5:f5:2d:c7:ef:c5:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: May 25 06:05:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c5ee4b720dc94c91d1fde5885c645c166f55c4a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:de:8f:bb:a7:c8:c6:94:20:51:ad:ec:6e:b2:
e8:54:c6:27:82:75:a3:f1:4d:97:5a:1f:62:73:b6:
ed:5c:9e:7a:ae:6a:48:2b:c2:d7:07:d1:b3:f8:54:
bb:da:e3:ba:19:c5:cf:31:04:38:67:6a:ed:f0:81:
7d:b5:23:90:70:86:7a:b5:34:94:29:e9:c8:05:09:
8d:91:b4:55:8d:bb:cd:fc:b0:52:34:79:d4:ca:2f:
b7:42:2d:c5:d9:13:d8:40:6a:74:eb:55:4e:64:59:
20:4d:02:8c:c2:88:d9:be:5a:14:62:dd:a6:7a:55:
48:7d:ad:55:0d:a2:4c:5f:3e:e7:c1:60:89:de:d9:
2f:0e:68:7a:41:11:2d:e3:a7:3c:e1:5c:0e:15:25:
b0:fc:08:a4:4d:c4:89:f1:df:c3:85:0b:66:3f:a9:
00:ce:81:19:53:17:61:57:e5:b1:ae:b0:80:84:30:
e0:62:92:e2:01:a5:e7:3b:f6:b8:a0:3e:ea:99:5c:
76:2e:4d:13:ea:e7:bd:b6:cb:2a:04:37:54:19:db:
53:8a:35:ce:ab:30:fc:ba:1c:77:c0:a9:ac:e8:1b:
8f:2f:e8:22:9b:78:2d:7a:26:d0:3a:c1:60:08:18:
8e:d2:c0:f1:a2:b4:7e:12:01:a0:f0:31:5f:ec:4b:
49:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:EE:4B:72:0D:C9:4C:91:D1:FD:E5:88:5C:64:5C:16:6F:55:C4:A3
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/xe5Lcg3JTJHR_eWIXGRcFm9VxKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.80.0/20
83.243.88.0/21
84.38.136.0/21
87.99.64.0/19
88.135.128.0-88.135.151.255
88.135.156.0/22
91.90.224.0/19
91.233.214.0/23
109.197.208.0/21
109.229.192.0-109.229.215.255
171.25.218.0/23
176.103.176.0/22
176.103.184.0/24
176.106.48.0/20
176.106.100.0/23
176.106.160.0-176.106.183.255
185.47.10.0/23
185.220.198.0/24
193.111.244.0/22
193.238.212.0-193.238.223.255
194.9.212.0/22
195.69.88.0/22
213.110.64.0/23
213.110.76.0-213.110.95.255
IPv6:
2a01:8ca0::/32
Signature Algorithm: sha256WithRSAEncryption
86:74:bc:6c:cb:49:18:34:b4:a0:04:87:00:45:c1:4a:7e:d0:
39:bc:52:82:8b:c3:31:b9:36:f4:27:59:51:c8:fc:3b:18:9d:
4e:e5:3c:01:1d:7f:85:d3:6d:18:46:57:c2:31:f3:98:23:b5:
f1:f2:7c:83:81:86:2a:99:bc:f9:15:47:1f:07:5a:33:24:99:
f1:19:49:9d:ee:07:08:78:0c:89:56:42:70:81:36:88:d4:d3:
09:c7:a9:35:d5:99:3d:97:34:80:7f:67:c1:04:5b:9c:5e:10:
94:b4:f7:29:99:3d:8d:0d:1c:ac:3f:1f:27:33:34:20:ac:a9:
c7:d1:cc:96:b0:46:03:1f:12:00:53:54:42:c4:53:95:25:15:
a6:44:ea:ef:1c:a2:a9:45:7f:66:f2:38:6e:75:8d:a0:89:9d:
9a:3b:b0:28:e1:94:8e:bb:c6:d4:f5:c6:49:9f:cc:65:23:2f:
83:6e:a7:cb:1d:89:2d:90:a7:41:5a:f7:21:dd:bf:7b:c5:a1:
95:f9:4b:a5:a5:24:86:dd:d9:0d:00:10:44:86:28:2e:75:5c:
84:50:64:04:b4:91:ad:03:52:a9:6f:81:c5:cc:03:9b:db:0d:
1e:d8:55:10:e2:2b:10:03:22:58:8c:a8:a3:6a:0e:80:c3:52:
66:17:2f:c2
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAZ5dvSKjys7w6fj19S3H78UNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNTI1MDYwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVlNGI3MjBkYzk0YzkxZDFmZGU1ODg1YzY0NWMxNjZmNTVjNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz96Pu6fIxpQgUa3sbrLoVMYngnWj
8U2XWh9ic7btXJ56rmpIK8LXB9Gz+FS72uO6GcXPMQQ4Z2rt8IF9tSOQcIZ6tTSU
KenIBQmNkbRVjbvN/LBSNHnUyi+3Qi3F2RPYQGp061VOZFkgTQKMwojZvloUYt2m
elVIfa1VDaJMXz7nwWCJ3tkvDmh6QREt46c84VwOFSWw/AikTcSJ8d/DhQtmP6kA
zoEZUxdhV+WxrrCAhDDgYpLiAaXnO/a4oD7qmVx2Lk0T6ue9tssqBDdUGdtTijXO
qzD8uhx3wKms6BuPL+gim3gteibQOsFgCBiO0sDxorR+EgGg8DFf7EtJiQIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFMXuS3INyUyR0f3liFxkXBZvVcSjMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEveGU1TGNnM0pUSkhSX2VXSVhHUmNGbTlWeEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHkBggrBgEFBQcBBwEB/wSB1DCB0TCBvwQCAAEwgbgDBAQf
KlADBANT81gDBANUJogDBAVXY0AwDAMEB1iHgAMEA1iHkAMEAliHnAMEBVta4AME
AVvp1gMEA23F0DAMAwQGbeXAAwQDbeXQAwQBqxnaAwQCsGewAwQAsGe4AwQEsGow
AwQBsGpkMAwDBAWwaqADBAOwarADBAG5LwoDBAC53MYDBALBb/QwDAMEAsHu1AME
BcHuwAMEAsIJ1AMEAsNFWAMEAdVuQDAMAwQC1W5MAwQF1W5AMA0EAgACMAcDBQAq
AYygMA0GCSqGSIb3DQEBCwUAA4IBAQCGdLxsy0kYNLSgBIcARcFKftA5vFKCi8Mx
uTb0J1lRyPw7GJ1O5TwBHX+F020YRlfCMfOYI7Xx8nyDgYYqmbz5FUcfB1ozJJnx
GUmd7gcIeAyJVkJwgTaI1NMJx6k11Zk9lzSAf2fBBFucXhCUtPcpmT2NDRysPx8n
MzQgrKnH0cyWsEYDHxIAU1RCxFOVJRWmROrvHKKpRX9m8jhudY2giZ2aO7Ao4ZSO
u8bU9cZJn8xlIy+DbqfLHYktkKdBWvch3b97xaGV+UulpSSG3dkNABBEhigudVyE
UGQEtJGtA1Kpb4HFzAOb2w0e2FUQ4isQAyJYjKijag6Aw1JmFy/C
-----END CERTIFICATE-----
Generated at Thu Jun 11 22:50:25 2026 by rpki-client