Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/xiXH-5SM76J3-yxlUQfLvem25-k.roa
File: xiXH-5SM76J3-yxlUQfLvem25-k.roa (raw, json)
Hash identifier: BDbe3QCIJuuE+sgkLyO0R164Cf4HsbhT+geqZAmQ7Bc=
Subject key identifier: C6:25:C7:FB:94:8C:EF:A2:77:FB:2C:65:51:07:CB:BD:E9:B6:E7:E9
Certificate issuer: /CN=a764a26f76355140aa696e0a4f1f0c312b7277c0
Certificate serial: 019ED1DC4DA2D076F08408D251751890FAEC
Authority key identifier: A7:64:A2:6F:76:35:51:40:AA:69:6E:0A:4F:1F:0C:31:2B:72:77:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p2Sib3Y1UUCqaW4KTx8MMStyd8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/xiXH-5SM76J3-yxlUQfLvem25-k.roa
Signing time: Tue 16 Jun 2026 19:15:36 +0000
ROA not before: Tue 16 Jun 2026 19:15:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201000
IP address blocks: 45.156.120.0/22 maxlen: 24
45.156.120.0/24 maxlen: 24
45.156.121.0/24 maxlen: 24
45.156.122.0/24 maxlen: 24
45.156.123.0/24 maxlen: 24
79.143.192.0/20 maxlen: 24
79.143.192.0/24 maxlen: 24
79.143.195.0/24 maxlen: 24
79.143.196.0/24 maxlen: 24
79.143.197.0/24 maxlen: 24
79.143.198.0/24 maxlen: 24
79.143.199.0/24 maxlen: 24
79.143.200.0/24 maxlen: 24
79.143.201.0/24 maxlen: 24
79.143.202.0/24 maxlen: 24
79.143.203.0/24 maxlen: 24
79.143.204.0/24 maxlen: 24
79.143.205.0/24 maxlen: 24
79.143.206.0/24 maxlen: 24
79.143.207.0/24 maxlen: 24
91.245.244.0/22 maxlen: 24
91.245.246.0/23 maxlen: 23
185.89.72.0/22 maxlen: 24
185.89.72.0/24 maxlen: 24
185.89.73.0/24 maxlen: 24
185.89.75.0/24 maxlen: 24
185.211.252.0/22 maxlen: 24
185.211.252.0/23 maxlen: 23
185.211.254.0/24 maxlen: 24
185.211.255.0/24 maxlen: 24
185.237.148.0/22 maxlen: 24
185.237.148.0/24 maxlen: 24
185.237.149.0/24 maxlen: 24
185.237.150.0/24 maxlen: 24
185.237.151.0/24 maxlen: 24
2a03:8260::/32 maxlen: 48
2a03:8260:8041::/48 maxlen: 48
2a03:8260:804b::/48 maxlen: 48
2a03:8260:804f::/48 maxlen: 48
2a03:8260:807a::/48 maxlen: 48
2a03:8260:807b::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/p2Sib3Y1UUCqaW4KTx8MMStyd8A.crl
rsync://rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/p2Sib3Y1UUCqaW4KTx8MMStyd8A.mft
rsync://rpki.ripe.net/repository/DEFAULT/p2Sib3Y1UUCqaW4KTx8MMStyd8A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:d1:dc:4d:a2:d0:76:f0:84:08:d2:51:75:18:90:fa:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a764a26f76355140aa696e0a4f1f0c312b7277c0
Validity
Not Before: Jun 16 19:15:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c625c7fb948cefa277fb2c655107cbbde9b6e7e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:a6:e8:ea:06:71:70:79:0c:4e:8d:db:1b:10:
ee:65:1a:fe:5a:c4:27:1b:22:8e:30:7d:33:17:68:
5a:c5:0a:a9:7b:d5:4d:16:ae:5e:ec:e5:85:0b:80:
50:29:9b:bd:8e:46:43:cc:a2:94:e6:74:1a:cc:52:
9a:0b:fa:f0:b4:54:36:73:48:11:92:bb:98:2d:86:
3c:f9:cd:42:27:1b:fe:b2:cc:1f:62:6b:ff:e6:5d:
05:1d:92:d3:11:b7:ce:c5:ee:fc:21:89:6d:80:74:
19:c8:b4:02:ff:53:94:ff:13:ff:90:4f:77:e1:46:
f5:0c:73:ba:29:3f:48:58:27:95:81:c5:0d:87:be:
96:6d:f2:64:15:cb:44:cf:29:ba:9d:88:4b:89:8d:
31:c2:1a:f5:11:12:59:ea:19:e2:e8:09:b6:86:5f:
29:8e:ce:5b:e1:ff:26:19:c6:7a:0e:7a:50:ba:00:
92:59:c7:7b:6d:64:6a:e5:23:52:d3:c0:a6:62:45:
07:dd:06:7e:13:96:48:8b:c1:6a:b4:88:5e:8c:85:
a7:78:d4:53:dd:54:18:29:cb:92:29:f0:b1:e8:0d:
b8:77:31:d7:d6:0f:51:3c:95:40:c1:4b:7b:d8:98:
10:e2:91:35:6f:23:10:55:46:ee:b5:8b:bb:9d:73:
3b:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:25:C7:FB:94:8C:EF:A2:77:FB:2C:65:51:07:CB:BD:E9:B6:E7:E9
X509v3 Authority Key Identifier:
keyid:A7:64:A2:6F:76:35:51:40:AA:69:6E:0A:4F:1F:0C:31:2B:72:77:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2Sib3Y1UUCqaW4KTx8MMStyd8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/xiXH-5SM76J3-yxlUQfLvem25-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/1e8183-aad1-4fd7-b10f-ffa4950a1ccb/1/p2Sib3Y1UUCqaW4KTx8MMStyd8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.120.0/22
79.143.192.0/20
91.245.244.0/22
185.89.72.0/22
185.211.252.0/22
185.237.148.0/22
IPv6:
2a03:8260::/32
Signature Algorithm: sha256WithRSAEncryption
cd:e2:7e:fa:bb:14:bb:82:ec:9e:f4:66:23:bd:97:a4:d7:30:
a2:5e:63:92:9d:21:c4:f8:ae:66:0b:52:a9:e8:88:6b:b1:12:
33:a8:ea:9b:3d:3b:89:6f:48:ea:4c:6d:2d:8d:04:18:19:53:
37:e9:90:19:0d:1f:1d:17:41:c8:5b:9b:cd:18:ce:a7:91:3a:
5c:1b:c5:d4:cc:f7:35:7d:da:32:f0:14:9e:7f:3b:99:8e:07:
cd:04:17:d1:74:4a:c7:92:77:55:99:73:74:1d:c4:0a:a9:95:
19:4f:b8:1a:36:13:f3:6a:b5:eb:57:e0:03:e3:08:80:8b:a9:
6a:8c:72:79:d7:d9:3b:a3:6d:67:22:9e:ee:0e:77:17:7f:12:
53:91:c3:ae:1e:d2:86:4e:5d:27:c9:41:c9:ba:e8:51:1c:5b:
48:1a:df:b6:ad:c5:da:c9:86:2f:d5:16:b1:84:17:3e:0f:1e:
10:db:a6:7f:15:6b:f4:aa:27:b5:3f:5a:38:a2:79:73:63:74:
5e:fe:60:58:7e:cd:e6:ce:3d:c2:f2:0c:01:1a:83:36:f6:03:
91:13:dd:c9:69:8e:8b:9f:40:e6:8d:5d:f4:4a:4e:88:be:af:
1c:1e:9e:c3:f2:8c:5f:22:b7:63:9c:11:9b:11:06:66:09:ae:
32:c5:60:41
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZ7R3E2i0HbwhAjSUXUYkPrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NjRhMjZmNzYzNTUxNDBhYTY5NmUwYTRmMWYwYzMxMmI3
Mjc3YzAwHhcNMjYwNjE2MTkxNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjI1YzdmYjk0OGNlZmEyNzdmYjJjNjU1MTA3Y2JiZGU5YjZlN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16bo6gZxcHkMTo3bGxDuZRr+WsQn
GyKOMH0zF2haxQqpe9VNFq5e7OWFC4BQKZu9jkZDzKKU5nQazFKaC/rwtFQ2c0gR
kruYLYY8+c1CJxv+sswfYmv/5l0FHZLTEbfOxe78IYltgHQZyLQC/1OU/xP/kE93
4Ub1DHO6KT9IWCeVgcUNh76WbfJkFctEzym6nYhLiY0xwhr1ERJZ6hni6Am2hl8p
js5b4f8mGcZ6DnpQugCSWcd7bWRq5SNS08CmYkUH3QZ+E5ZIi8FqtIhejIWneNRT
3VQYKcuSKfCx6A24dzHX1g9RPJVAwUt72JgQ4pE1byMQVUbutYu7nXM7WQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMYlx/uUjO+id/ssZVEHy73ptufpMB8GA1UdIwQY
MBaAFKdkom92NVFAqmluCk8fDDErcnfAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJTaWIzWTFVVUNxYVc0S1R4OE1NU3R5ZDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xZTgxODMtYWFkMS00ZmQ3LWIxMGYt
ZmZhNDk1MGExY2NiLzEveGlYSC01U003NkozLXl4bFVRZkx2ZW0yNS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xZTgxODMtYWFkMS00ZmQ3LWIxMGYtZmZhNDk1MGExY2Ni
LzEvcDJTaWIzWTFVVUNxYVc0S1R4OE1NU3R5ZDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCLZx4AwQE
T4/AAwQCW/X0AwQCuVlIAwQCudP8AwQCue2UMA0EAgACMAcDBQAqA4JgMA0GCSqG
SIb3DQEBCwUAA4IBAQDN4n76uxS7guye9GYjvZek1zCiXmOSnSHE+K5mC1Kp6Ihr
sRIzqOqbPTuJb0jqTG0tjQQYGVM36ZAZDR8dF0HIW5vNGM6nkTpcG8XUzPc1fdoy
8BSefzuZjgfNBBfRdErHkndVmXN0HcQKqZUZT7gaNhPzarXrV+AD4wiAi6lqjHJ5
19k7o21nIp7uDncXfxJTkcOuHtKGTl0nyUHJuuhRHFtIGt+2rcXayYYv1RaxhBc+
Dx4Q26Z/FWv0qie1P1o4onlzY3Re/mBYfs3mzj3C8gwBGoM29gORE93JaY6Ln0Dm
jV30Sk6Ivq8cHp7D8oxfIrdjnBGbEQZmCa4yxWBB
-----END CERTIFICATE-----
Generated at Mon Jun 29 10:35:31 2026 by rpki-client