Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/xVnLVOBy85hPjWChXGOs1mXkd-4.roa
File: xVnLVOBy85hPjWChXGOs1mXkd-4.roa (raw, json)
Hash identifier: H4UNkYq2EsNVhyFTgJNfNg3ZFOfjf3kIC2h2Ua9v2C8=
Subject key identifier: C5:59:CB:54:E0:72:F3:98:4F:8D:60:A1:5C:63:AC:D6:65:E4:77:EE
Certificate issuer: /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial: 019A068C3527B7BC2DB6F30D11B621493661
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/xVnLVOBy85hPjWChXGOs1mXkd-4.roa
Signing time: Tue 21 Oct 2025 11:34:03 +0000
ROA not before: Tue 21 Oct 2025 11:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214996
IP address blocks: 159.195.12.0/22 maxlen: 22
159.195.16.0/22 maxlen: 22
2a0a:4cc0:101::/48 maxlen: 48
2a0a:4cc0:101::/52 maxlen: 52
2a0a:4cc0:2000::/43 maxlen: 48
2a0a:4cc0:2000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:8c:35:27:b7:bc:2d:b6:f3:0d:11:b6:21:49:36:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
Validity
Not Before: Oct 21 11:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c559cb54e072f3984f8d60a15c63acd665e477ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:63:b7:2f:7e:9c:6e:24:ad:6b:87:d5:dc:cd:
e7:1f:0f:ee:f1:ca:56:64:a7:bb:b1:e3:1c:a6:52:
98:c7:85:ce:29:25:a7:e0:30:7e:d4:7c:cc:12:82:
ec:6d:69:a1:44:2d:90:f4:91:a3:5e:44:83:a4:36:
e6:39:f0:a9:30:a8:71:94:be:c7:12:06:49:42:e0:
22:b8:df:ec:36:2b:10:37:d7:67:1c:2a:62:6f:35:
d2:08:40:d1:68:52:2b:40:e2:e6:89:42:94:99:f0:
4d:ec:21:68:ad:1a:43:03:ff:7c:1e:6b:14:dd:a8:
c8:41:c8:24:f9:48:97:ac:da:82:75:9b:9e:b6:5e:
bc:c4:75:3a:49:fa:6c:fa:d6:3d:48:99:a7:2e:f6:
e7:f2:d6:f3:b6:64:58:1a:1a:70:63:4f:bd:73:80:
c6:8d:f0:6b:d9:41:cb:cd:0c:8b:08:01:0c:71:13:
ea:00:ac:dc:72:1b:18:31:e8:01:a9:fa:ed:a8:3f:
f2:57:09:35:84:b9:f1:cc:3b:66:d0:ef:99:31:18:
c4:1a:35:e0:73:9f:f3:f2:bc:ee:6e:72:8a:50:ad:
9c:fd:08:53:44:19:89:93:6d:c2:f3:c3:60:34:ac:
21:b7:db:34:15:80:96:93:53:96:ed:40:8c:cc:18:
32:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:59:CB:54:E0:72:F3:98:4F:8D:60:A1:5C:63:AC:D6:65:E4:77:EE
X509v3 Authority Key Identifier:
keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/xVnLVOBy85hPjWChXGOs1mXkd-4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.195.12.0-159.195.19.255
IPv6:
2a0a:4cc0:101::/48
2a0a:4cc0:2000::/43
Signature Algorithm: sha256WithRSAEncryption
57:86:3b:7e:ad:02:d2:55:2a:57:74:2f:87:58:ea:ae:09:a4:
d3:d7:73:bb:4e:67:3d:eb:87:91:e6:cf:4d:b7:12:30:4b:e9:
43:d5:e6:d3:64:cb:55:1b:4b:67:33:17:fc:9a:93:39:68:55:
20:80:96:79:26:41:83:82:22:a9:0b:de:e7:c9:96:77:36:8a:
ae:26:2e:46:f5:0c:b7:38:51:8e:aa:7d:a0:1a:88:fb:dc:9e:
86:9e:6b:1f:28:e3:63:15:44:37:78:b8:1e:e0:46:7c:13:f9:
30:b7:c6:d2:0d:8b:36:8f:e3:27:78:d5:f1:cb:d5:cc:6d:f1:
bc:21:2a:3b:f6:8f:74:d7:b4:5e:01:ca:6e:d0:ee:4d:b1:33:
3c:ce:5b:9a:c3:07:a2:8b:9c:57:73:31:a1:f8:4c:e1:e7:e9:
48:39:ca:f2:db:ab:97:5c:0b:70:60:b8:4b:b6:fc:5e:ef:2b:
99:e6:91:08:d6:c6:18:88:52:23:f1:40:b5:bc:9e:52:fe:bb:
7e:72:15:75:62:04:2a:61:b7:2d:8a:47:41:d2:1c:f3:73:ea:
a6:19:46:0a:cd:55:86:84:72:b4:38:45:1c:cc:e5:8f:f0:29:
b4:02:2c:da:c6:69:ec:8e:53:03:f5:b3:cd:79:5e:64:ed:16:
21:97:3e:b7
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZoGjDUnt7wttvMNEbYhSTZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjUxMDIxMTEzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTU5Y2I1NGUwNzJmMzk4NGY4ZDYwYTE1YzYzYWNkNjY1ZTQ3N2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2O3L36cbiSta4fV3M3nHw/u8cpW
ZKe7seMcplKYx4XOKSWn4DB+1HzMEoLsbWmhRC2Q9JGjXkSDpDbmOfCpMKhxlL7H
EgZJQuAiuN/sNisQN9dnHCpibzXSCEDRaFIrQOLmiUKUmfBN7CForRpDA/98HmsU
3ajIQcgk+UiXrNqCdZuetl68xHU6Sfps+tY9SJmnLvbn8tbztmRYGhpwY0+9c4DG
jfBr2UHLzQyLCAEMcRPqAKzcchsYMegBqfrtqD/yVwk1hLnxzDtm0O+ZMRjEGjXg
c5/z8rzubnKKUK2c/QhTRBmJk23C88NgNKwht9s0FYCWk1OW7UCMzBgy3wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFMVZy1TgcvOYT41goVxjrNZl5HfuMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEveFZuTFZPQnk4NWhQaldDaFhHT3MxbVhrZC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAUBAIAATAOMAwDBAKfwwwD
BAKfwxAwGAQCAAIwEgMHACoKTMABAQMHBSoKTMAgADANBgkqhkiG9w0BAQsFAAOC
AQEAV4Y7fq0C0lUqV3Qvh1jqrgmk09dzu05nPeuHkebPTbcSMEvpQ9Xm02TLVRtL
ZzMX/JqTOWhVIICWeSZBg4IiqQve58mWdzaKriYuRvUMtzhRjqp9oBqI+9yehp5r
HyjjYxVEN3i4HuBGfBP5MLfG0g2LNo/jJ3jV8cvVzG3xvCEqO/aPdNe0XgHKbtDu
TbEzPM5bmsMHooucV3MxofhM4efpSDnK8turl1wLcGC4S7b8Xu8rmeaRCNbGGIhS
I/FAtbyeUv67fnIVdWIEKmG3LYpHQdIc83PqphlGCs1VhoRytDhFHMzlj/AptAIs
2sZp7I5TA/WzzXleZO0WIZc+tw==
-----END CERTIFICATE-----
Generated at Sun Oct 26 20:28:48 2025 by rpki-client