Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XybjbHqrm5wf-JybbzP6Hgr8ATY.roa
File: XybjbHqrm5wf-JybbzP6Hgr8ATY.roa (raw, json)
Hash identifier: wS5Y8CBrVOIZXXyASc5OK4M/UOrdC7iWNmJ9VfEYQv0=
Subject key identifier: 5F:26:E3:6C:7A:AB:9B:9C:1F:F8:9C:9B:6F:33:FA:1E:0A:FC:01:36
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0198A7F0FD72265151EB8B4A3B6CF07DA591
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XybjbHqrm5wf-JybbzP6Hgr8ATY.roa
Signing time: Thu 14 Aug 2025 09:37:25 +0000
ROA not before: Thu 14 Aug 2025 09:37:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 77.93.137.0/24 maxlen: 24
77.93.149.0/24 maxlen: 24
80.240.88.0/21 maxlen: 24
82.152.174.0/23 maxlen: 23
82.153.208.0/22 maxlen: 22
82.163.19.0/24 maxlen: 24
82.163.24.0/21 maxlen: 24
89.213.58.0/24 maxlen: 24
89.213.60.0/23 maxlen: 24
89.213.108.0/23 maxlen: 24
89.213.110.0/24 maxlen: 24
89.213.122.0/24 maxlen: 24
89.213.126.0/24 maxlen: 24
89.213.147.0/24 maxlen: 24
89.213.194.0/23 maxlen: 24
89.213.198.0/23 maxlen: 24
89.213.200.0/23 maxlen: 24
89.213.202.0/23 maxlen: 24
89.213.204.0/23 maxlen: 24
89.213.228.0/24 maxlen: 24
89.213.240.0/23 maxlen: 24
89.213.249.0/24 maxlen: 24
89.213.250.0/24 maxlen: 24
213.210.16.0/24 maxlen: 24
213.210.18.0/24 maxlen: 24
213.210.33.0/24 maxlen: 24
213.210.51.0/24 maxlen: 24
213.218.220.0/24 maxlen: 24
217.144.151.0/24 maxlen: 24
217.144.156.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:a7:f0:fd:72:26:51:51:eb:8b:4a:3b:6c:f0:7d:a5:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 14 09:37:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f26e36c7aab9b9c1ff89c9b6f33fa1e0afc0136
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:13:ab:ed:b7:5c:e7:4d:3a:c6:f8:e7:cc:87:
66:dd:c9:77:21:1c:26:a7:1c:47:00:f2:64:d5:e9:
b2:bf:a3:b9:fe:a2:9a:b1:6e:5d:27:a9:8c:ad:cd:
e7:22:aa:5f:fc:bd:1a:5f:45:e7:9f:9d:b5:93:13:
18:0b:b8:4d:86:e8:00:8e:ea:ce:8a:e2:79:52:45:
56:28:89:19:f8:59:8c:4a:0b:c7:2e:e0:93:de:90:
94:83:a2:b0:ea:7a:68:b6:37:6b:e5:d2:8a:4c:25:
da:18:e6:2e:65:c2:8d:70:3d:0e:4d:4a:16:b1:4e:
e6:d5:a8:3e:fb:1b:4f:7c:f8:c8:6a:f0:c0:f1:b9:
f2:09:0a:40:20:2c:97:1b:2c:0d:1c:9f:26:f9:f0:
3b:cb:09:7f:fa:97:82:b8:91:96:6f:3e:06:c0:15:
a7:78:ae:68:68:85:76:e8:df:07:a7:49:aa:6a:0e:
1b:c3:fb:09:f2:00:c0:cb:d4:d3:72:8c:ee:d8:a9:
c3:5d:19:26:c3:b5:c1:c1:85:b9:1e:86:af:45:5b:
9a:2d:e2:2a:08:4f:91:0c:11:47:da:24:bd:06:d8:
3c:6f:fe:62:2b:8e:29:c0:2f:ce:4f:bd:d0:bc:b4:
eb:19:86:59:d3:e9:41:11:43:27:95:89:f8:23:7b:
1a:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:26:E3:6C:7A:AB:9B:9C:1F:F8:9C:9B:6F:33:FA:1E:0A:FC:01:36
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XybjbHqrm5wf-JybbzP6Hgr8ATY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.137.0/24
77.93.149.0/24
80.240.88.0/21
82.152.174.0/23
82.153.208.0/22
82.163.19.0/24
82.163.24.0/21
89.213.58.0/24
89.213.60.0/23
89.213.108.0-89.213.110.255
89.213.122.0/24
89.213.126.0/24
89.213.147.0/24
89.213.194.0/23
89.213.198.0-89.213.205.255
89.213.228.0/24
89.213.240.0/23
89.213.249.0-89.213.250.255
213.210.16.0/24
213.210.18.0/24
213.210.33.0/24
213.210.51.0/24
213.218.220.0/24
217.144.151.0/24
217.144.156.0/24
Signature Algorithm: sha256WithRSAEncryption
74:50:56:9a:b9:5d:c5:85:02:99:26:29:1a:e6:dd:82:a0:b4:
1a:0f:59:ea:c5:13:2b:28:29:91:16:7d:c7:fa:3f:b2:4c:be:
f2:ee:a6:6c:6c:42:30:64:c0:0f:6e:2b:6c:dd:b9:af:cb:3a:
f7:32:88:23:85:70:c7:b2:5b:dd:5f:18:ff:e8:d8:2e:f2:09:
d4:fd:79:3f:2b:15:7e:d7:cc:2f:62:0c:78:a4:2e:15:12:b9:
b2:74:c7:9d:dd:b1:3d:d3:fa:7f:fe:cb:2b:ac:8f:c7:c3:8b:
05:23:65:4d:3f:39:97:c3:19:85:0c:45:30:bc:cc:29:9b:6e:
68:40:0a:ce:a0:75:0e:2a:e6:eb:e1:e6:c9:d3:6b:28:eb:9e:
6a:92:53:f8:92:3e:0b:c4:e1:5b:43:49:96:25:b7:e1:ff:fe:
69:74:b8:a8:a7:ea:b5:90:48:8c:29:6b:a6:b7:96:4a:76:58:
88:2e:d4:35:32:25:3d:cd:8d:f5:19:02:7c:a2:79:b5:a8:20:
d0:e4:be:f1:a8:98:94:29:df:25:9a:a8:3f:85:85:ee:b0:ea:
27:bd:31:6c:33:17:85:16:f0:3f:fb:a0:fd:71:66:87:8f:63:
8c:98:41:75:98:fa:b8:24:9c:dc:2b:54:e4:cf:f3:b8:7d:02:
39:0c:27:9c
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAZin8P1yJlFR64tKO2zwfaWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE0MDkzNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI2ZTM2YzdhYWI5YjljMWZmODljOWI2ZjMzZmExZTBhZmMwMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BOr7bdc5006xvjnzIdm3cl3IRwm
pxxHAPJk1emyv6O5/qKasW5dJ6mMrc3nIqpf/L0aX0Xnn521kxMYC7hNhugAjurO
iuJ5UkVWKIkZ+FmMSgvHLuCT3pCUg6Kw6npotjdr5dKKTCXaGOYuZcKNcD0OTUoW
sU7m1ag++xtPfPjIavDA8bnyCQpAICyXGywNHJ8m+fA7ywl/+peCuJGWbz4GwBWn
eK5oaIV26N8Hp0mqag4bw/sJ8gDAy9TTcozu2KnDXRkmw7XBwYW5HoavRVuaLeIq
CE+RDBFH2iS9Btg8b/5iK44pwC/OT73QvLTrGYZZ0+lBEUMnlYn4I3sa1QIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFF8m42x6q5ucH/icm28z+h4K/AE2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHliamJIcXJtNXdmLUp5YmJ6UDZIZ3I4QVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4DBABN
XYkDBABNXZUDBANQ8FgDBAFSmK4DBAJSmdADBABSoxMDBANSoxgDBABZ1ToDBAFZ
1TwwDAMEAlnVbAMEAFnVbgMEAFnVegMEAFnVfgMEAFnVkwMEAVnVwjAMAwQBWdXG
AwQBWdXMAwQAWdXkAwQBWdXwMAwDBABZ1fkDBABZ1foDBADV0hADBADV0hIDBADV
0iEDBADV0jMDBADV2twDBADZkJcDBADZkJwwDQYJKoZIhvcNAQELBQADggEBAHRQ
Vpq5XcWFApkmKRrm3YKgtBoPWerFEysoKZEWfcf6P7JMvvLupmxsQjBkwA9uK2zd
ua/LOvcyiCOFcMeyW91fGP/o2C7yCdT9eT8rFX7XzC9iDHikLhUSubJ0x53dsT3T
+n/+yyusj8fDiwUjZU0/OZfDGYUMRTC8zCmbbmhACs6gdQ4q5uvh5snTayjrnmqS
U/iSPgvE4VtDSZYlt+H//ml0uKin6rWQSIwpa6a3lkp2WIgu1DUyJT3NjfUZAnyi
ebWoINDkvvGomJQp3yWaqD+Fhe6w6ie9MWwzF4UW8D/7oP1xZoePY4yYQXWY+rgk
nNwrVOTP87h9AjkMJ5w=
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:46:10 2025 by rpki-client