Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/xZ9s-lOWjzPOKryloYEBooflvbk.roa
File: xZ9s-lOWjzPOKryloYEBooflvbk.roa (raw, json)
Hash identifier: FhIBYy7jadsE7KXIp04secyaxmxLrjv8hCTIezq5e2s=
Subject key identifier: C5:9F:6C:FA:53:96:8F:33:CE:2A:BC:A5:A1:81:01:A2:87:E5:BD:B9
Certificate issuer: /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial: 0198EAA5188383F2B108FDD4F143EEBA8B1A
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/xZ9s-lOWjzPOKryloYEBooflvbk.roa
Signing time: Wed 27 Aug 2025 08:29:04 +0000
ROA not before: Wed 27 Aug 2025 08:29:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213541
IP address blocks: 89.19.56.0/24 maxlen: 24
89.19.57.0/24 maxlen: 24
89.19.58.0/24 maxlen: 24
89.19.59.0/24 maxlen: 24
185.68.245.0/24 maxlen: 24
185.81.174.0/24 maxlen: 24
185.81.184.0/23 maxlen: 23
185.81.186.0/23 maxlen: 23
185.89.104.0/22 maxlen: 22
185.89.108.0/22 maxlen: 22
185.95.100.0/23 maxlen: 24
185.95.102.0/23 maxlen: 24
185.96.82.0/24 maxlen: 24
185.96.132.0/24 maxlen: 24
185.97.0.0/22 maxlen: 24
185.98.43.0/24 maxlen: 24
185.101.203.0/24 maxlen: 24
185.104.151.0/24 maxlen: 24
185.112.56.0/23 maxlen: 24
185.175.224.0/23 maxlen: 24
185.175.226.0/23 maxlen: 24
213.170.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 04:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:ea:a5:18:83:83:f2:b1:08:fd:d4:f1:43:ee:ba:8b:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
Validity
Not Before: Aug 27 08:29:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c59f6cfa53968f33ce2abca5a18101a287e5bdb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:96:1b:92:38:3c:d0:0d:fc:19:6f:7f:34:9b:
0d:a7:78:88:69:e8:06:ca:44:9b:b5:08:0d:2f:ec:
30:9f:98:4a:92:07:0a:9c:ff:2a:57:23:6b:81:3b:
af:4c:d5:5c:6d:73:7b:d6:0d:d1:e9:4e:d0:d0:d3:
1f:2e:42:76:5f:20:2c:12:89:95:d8:58:9a:d3:a9:
5a:52:78:b3:4c:9f:15:e4:bf:68:29:d8:a9:6c:0d:
0d:d6:b5:70:84:5b:78:bf:68:ba:ff:22:93:40:bf:
c3:40:02:74:fa:b8:da:8d:75:5d:e6:0f:c9:50:fd:
d0:6c:86:5b:88:73:e4:1c:a0:7c:1b:0e:80:c1:5f:
3f:08:3e:b5:dd:e4:b5:6d:90:e3:6a:56:b3:62:03:
db:6d:f3:d3:2e:05:5c:7f:73:70:58:9f:4a:c2:b9:
25:53:68:f1:6c:a3:a4:07:4e:01:89:79:80:19:47:
46:76:06:31:e8:ef:be:2e:80:73:2a:06:93:9e:cf:
75:06:1b:41:ef:20:f5:9c:ab:b5:64:9f:3b:1a:a3:
2a:41:cb:31:be:ac:e2:02:d5:b8:0b:40:8c:af:2f:
24:82:d1:78:d7:6e:9b:1c:73:92:c6:b3:20:8f:1f:
db:72:a0:59:65:6e:79:11:31:9c:69:f3:04:00:50:
39:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:9F:6C:FA:53:96:8F:33:CE:2A:BC:A5:A1:81:01:A2:87:E5:BD:B9
X509v3 Authority Key Identifier:
keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/xZ9s-lOWjzPOKryloYEBooflvbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.56.0/22
185.68.245.0/24
185.81.174.0/24
185.81.184.0/22
185.89.104.0/21
185.95.100.0/22
185.96.82.0/24
185.96.132.0/24
185.97.0.0/22
185.98.43.0/24
185.101.203.0/24
185.104.151.0/24
185.112.56.0/23
185.175.224.0/22
213.170.223.0/24
Signature Algorithm: sha256WithRSAEncryption
47:1d:e6:fe:08:a8:6b:57:92:24:fc:a7:b3:27:07:64:55:0d:
2a:86:fa:8d:01:4a:2d:41:95:a5:af:8b:10:38:fd:49:61:a2:
2c:45:22:2d:35:87:c7:db:ff:0e:6a:7c:0a:64:1e:73:c1:04:
67:66:a9:07:cc:01:4f:30:98:67:82:e6:d6:8a:41:b2:9f:c6:
31:74:37:ce:85:1b:49:4b:36:bd:db:74:24:28:56:cb:59:68:
82:04:be:e3:f6:bf:c4:61:83:6c:18:c1:c5:e1:df:c8:a8:9a:
b6:2d:9d:c7:d7:ea:1a:dc:65:7c:f4:f7:53:39:98:31:1e:fa:
c5:04:16:a5:b4:e1:7d:d3:72:35:c1:ca:64:20:3f:fc:3e:ac:
cd:c5:b2:5a:f8:a9:fd:d4:b2:23:24:44:ef:cc:a2:7c:bd:17:
ee:f6:8c:5a:12:55:85:5a:30:c0:5c:76:08:ce:04:99:f8:74:
bd:02:36:d0:e7:56:69:0f:1c:b9:5c:52:4b:8c:6f:19:7d:0c:
95:d4:b7:88:c3:4b:14:71:d6:ff:2d:96:d4:df:71:96:f4:6d:
b4:33:15:79:2d:5d:cb:fa:0a:71:71:da:6d:6a:bc:34:f2:72:
c8:f5:b0:8b:97:16:66:ee:35:f1:8f:30:b0:45:c7:ab:2d:8c:
9b:d2:30:a4
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZjqpRiDg/KxCP3U8UPuuosaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwODI3MDgyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlmNmNmYTUzOTY4ZjMzY2UyYWJjYTVhMTgxMDFhMjg3ZTViZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZYbkjg80A38GW9/NJsNp3iIaegG
ykSbtQgNL+wwn5hKkgcKnP8qVyNrgTuvTNVcbXN71g3R6U7Q0NMfLkJ2XyAsEomV
2Fia06laUnizTJ8V5L9oKdipbA0N1rVwhFt4v2i6/yKTQL/DQAJ0+rjajXVd5g/J
UP3QbIZbiHPkHKB8Gw6AwV8/CD613eS1bZDjalazYgPbbfPTLgVcf3NwWJ9Kwrkl
U2jxbKOkB04BiXmAGUdGdgYx6O++LoBzKgaTns91BhtB7yD1nKu1ZJ87GqMqQcsx
vqziAtW4C0CMry8kgtF4126bHHOSxrMgjx/bcqBZZW55ETGcafMEAFA53wIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMWfbPpTlo8zziq8paGBAaKH5b25MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEveFo5cy1sT1dqelBPS3J5bG9ZRUJvb2ZsdmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCWRM4AwQA
uUT1AwQAuVGuAwQCuVG4AwQDuVloAwQCuV9kAwQAuWBSAwQAuWCEAwQCuWEAAwQA
uWIrAwQAuWXLAwQAuWiXAwQBuXA4AwQCua/gAwQA1arfMA0GCSqGSIb3DQEBCwUA
A4IBAQBHHeb+CKhrV5Ik/KezJwdkVQ0qhvqNAUotQZWlr4sQOP1JYaIsRSItNYfH
2/8OanwKZB5zwQRnZqkHzAFPMJhngubWikGyn8YxdDfOhRtJSza923QkKFbLWWiC
BL7j9r/EYYNsGMHF4d/IqJq2LZ3H1+oa3GV89PdTOZgxHvrFBBaltOF903I1wcpk
ID/8PqzNxbJa+Kn91LIjJETvzKJ8vRfu9oxaElWFWjDAXHYIzgSZ+HS9AjbQ51Zp
Dxy5XFJLjG8ZfQyV1LeIw0sUcdb/LZbU33GW9G20MxV5LV3L+gpxcdptarw08nLI
9bCLlxZm7jXxjzCwRcerLYyb0jCk
-----END CERTIFICATE-----
Generated at Sat Sep 6 14:08:59 2025 by rpki-client