Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/XBOcHX4UHty7xvkXKxm1gVvZknU.roa
File: XBOcHX4UHty7xvkXKxm1gVvZknU.roa (raw, json)
Hash identifier: sSEKjU0pCmMg2RKg5H64B/1iXyYay+WRVgKlxVw9irk=
Subject key identifier: 5C:13:9C:1D:7E:14:1E:DC:BB:C6:F9:17:2B:19:B5:81:5B:D9:92:75
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019914578610614DED0C5E026ABB8FB90421
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/XBOcHX4UHty7xvkXKxm1gVvZknU.roa
Signing time: Thu 04 Sep 2025 10:48:24 +0000
ROA not before: Thu 04 Sep 2025 10:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 46.8.97.0/24 maxlen: 24
46.8.99.0/24 maxlen: 24
46.8.116.0/23 maxlen: 24
46.8.176.0/22 maxlen: 24
46.8.180.0/23 maxlen: 24
46.8.196.0/23 maxlen: 24
46.8.200.0/23 maxlen: 24
46.8.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:14:57:86:10:61:4d:ed:0c:5e:02:6a:bb:8f:b9:04:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Sep 4 10:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c139c1d7e141edcbbc6f9172b19b5815bd99275
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:07:46:ad:a1:e6:4b:ca:95:e0:d9:d6:ed:17:
7e:42:4b:f9:5a:77:c2:98:56:60:1c:bb:6d:27:b8:
1c:73:bc:0c:7b:03:65:77:dc:39:65:67:c3:69:74:
1b:05:d6:73:83:43:2f:de:1a:ec:87:14:7e:20:7e:
41:8c:11:43:8c:b2:60:c5:76:c7:ed:b2:37:4e:0d:
77:fd:8b:33:d7:06:31:a6:1a:ab:d6:c2:5b:f1:3a:
e5:fe:49:c9:cb:82:30:5f:70:c5:b9:76:3e:77:3f:
cb:68:66:8e:06:f3:84:ed:a8:63:99:2d:ee:82:21:
e9:96:30:ad:b8:6d:4f:1a:49:9c:a4:ff:eb:ff:f6:
a3:23:3c:36:3f:b5:2d:7d:3e:25:c8:10:e9:8d:cf:
20:bf:98:1a:39:dc:12:4c:f8:72:26:eb:33:bc:0f:
cc:76:88:d0:15:6d:e4:87:b5:12:d3:93:86:34:ba:
5c:af:3b:a0:35:fa:93:f6:36:1a:fd:a0:d7:f1:5a:
a8:c7:1c:8e:1f:bd:96:73:73:3c:a0:ed:cc:f3:03:
2e:78:90:2d:49:d1:dc:85:32:50:06:71:b0:b1:f8:
ce:14:fb:09:66:49:8b:b4:5c:12:57:90:ab:4f:ac:
3d:6a:e9:61:3d:06:01:3d:9f:60:5f:1d:55:37:a6:
74:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:13:9C:1D:7E:14:1E:DC:BB:C6:F9:17:2B:19:B5:81:5B:D9:92:75
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/XBOcHX4UHty7xvkXKxm1gVvZknU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.97.0/24
46.8.99.0/24
46.8.116.0/23
46.8.176.0-46.8.181.255
46.8.196.0/23
46.8.200.0/23
46.8.203.0/24
Signature Algorithm: sha256WithRSAEncryption
37:8f:92:17:91:0f:72:9c:d7:d3:22:d1:61:a0:1a:a1:22:af:
cc:4e:34:90:69:c1:68:36:62:b3:88:65:3b:ea:f6:ea:b3:fa:
7a:e8:06:e8:cd:8b:db:4c:4f:00:9f:3e:53:1c:50:5e:11:0d:
01:43:0a:29:9e:b6:50:35:a3:f4:32:a1:89:8f:42:24:ca:fd:
39:e1:83:3c:18:e4:ea:31:0f:ce:d1:21:ed:7e:a5:6a:2d:66:
20:ad:15:e8:6b:38:bc:7c:9b:dc:49:78:ea:62:90:07:c6:e3:
3a:ff:4f:10:5b:8d:9a:df:f2:37:8c:42:c2:aa:21:bd:52:0c:
e8:90:e7:fd:cc:65:a1:84:4f:b0:75:6d:80:c8:71:24:78:f4:
9b:05:91:41:e6:67:0f:26:39:10:ca:1e:01:60:43:73:7e:62:
e4:84:6b:1f:85:e7:76:3d:f9:25:31:67:ef:4a:81:34:f0:48:
ac:c3:a6:3c:3f:ef:c6:e9:07:4a:f4:d5:92:f5:26:c1:d7:33:
29:c5:48:04:a1:43:e7:77:2b:1b:3c:10:4b:3f:ca:fb:c2:4c:
8e:2c:59:36:e0:4f:0f:2e:2c:09:0b:93:4c:be:9a:cc:02:b6:
13:9a:aa:3d:8f:c8:37:4d:63:a1:5a:77:94:7b:21:18:41:dc:
e5:a2:0c:be
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZkUV4YQYU3tDF4CaruPuQQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwOTA0MTA0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzEzOWMxZDdlMTQxZWRjYmJjNmY5MTcyYjE5YjU4MTViZDk5Mjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwdGraHmS8qV4NnW7Rd+Qkv5WnfC
mFZgHLttJ7gcc7wMewNld9w5ZWfDaXQbBdZzg0Mv3hrshxR+IH5BjBFDjLJgxXbH
7bI3Tg13/Ysz1wYxphqr1sJb8Trl/knJy4IwX3DFuXY+dz/LaGaOBvOE7ahjmS3u
giHpljCtuG1PGkmcpP/r//ajIzw2P7UtfT4lyBDpjc8gv5gaOdwSTPhyJuszvA/M
dojQFW3kh7US05OGNLpcrzugNfqT9jYa/aDX8VqoxxyOH72Wc3M8oO3M8wMueJAt
SdHchTJQBnGwsfjOFPsJZkmLtFwSV5CrT6w9aulhPQYBPZ9gXx1VN6Z0TQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFwTnB1+FB7cu8b5FysZtYFb2ZJ1MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWEJPY0hYNFVIdHk3eHZrWEt4bTFnVnZaa25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALghhAwQA
LghjAwQBLgh0MAwDBAQuCLADBAEuCLQDBAEuCMQDBAEuCMgDBAAuCMswDQYJKoZI
hvcNAQELBQADggEBADePkheRD3Kc19Mi0WGgGqEir8xONJBpwWg2YrOIZTvq9uqz
+nroBujNi9tMTwCfPlMcUF4RDQFDCimetlA1o/QyoYmPQiTK/TnhgzwY5OoxD87R
Ie1+pWotZiCtFehrOLx8m9xJeOpikAfG4zr/TxBbjZrf8jeMQsKqIb1SDOiQ5/3M
ZaGET7B1bYDIcSR49JsFkUHmZw8mORDKHgFgQ3N+YuSEax+F53Y9+SUxZ+9KgTTw
SKzDpjw/78bpB0r01ZL1JsHXMynFSAShQ+d3Kxs8EEs/yvvCTI4sWTbgTw8uLAkL
k0y+mswCthOaqj2PyDdNY6Fad5R7IRhB3OWiDL4=
-----END CERTIFICATE-----
Generated at Mon Sep 8 10:04:21 2025 by rpki-client