Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Xrf2BP79heZyPUnEjdoMN247jLA.roa
File: Xrf2BP79heZyPUnEjdoMN247jLA.roa (raw, json)
Hash identifier: OhXt9BoGAkGzW+9iunvXp7qfeztquv5rM9uBpdYNu54=
Subject key identifier: 5E:B7:F6:04:FE:FD:85:E6:72:3D:49:C4:8D:DA:0C:37:6E:3B:8C:B0
Certificate issuer: /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial: 01997B97B45D1C7752CA4FCBCA94224F3840
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Xrf2BP79heZyPUnEjdoMN247jLA.roa
Signing time: Wed 24 Sep 2025 11:59:23 +0000
ROA not before: Wed 24 Sep 2025 11:59:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 62.179.128.0/17 maxlen: 17
92.235.0.0/19 maxlen: 19
92.235.32.0/21 maxlen: 21
92.235.40.0/21 maxlen: 21
92.235.48.0/20 maxlen: 20
92.235.96.0/19 maxlen: 19
92.235.128.0/17 maxlen: 17
94.168.128.0/17 maxlen: 17
2001:67c:794::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 07:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7b:97:b4:5d:1c:77:52:ca:4f:cb:ca:94:22:4f:38:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
Validity
Not Before: Sep 24 11:59:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5eb7f604fefd85e6723d49c48dda0c376e3b8cb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f7:c1:2b:93:d9:34:6e:67:24:6c:40:fe:42:
16:3c:fa:67:39:8c:ee:00:c3:55:21:f9:42:c6:00:
2b:59:0d:5f:3d:cd:de:e8:1d:95:46:2a:93:28:2b:
e0:ef:17:4e:c2:9d:df:58:fe:25:d9:d0:fe:4c:5e:
85:d1:2b:df:ba:00:3f:a1:1b:76:93:ad:11:4f:7f:
00:c4:48:a0:e9:32:85:ae:2d:a2:1f:fa:be:d6:4e:
7f:48:77:48:bd:a1:c7:b4:8e:98:52:28:cd:32:c2:
50:a1:b2:72:79:38:91:1e:a3:f3:0a:66:cf:06:82:
8b:18:13:65:3a:f7:0d:e4:88:08:b4:68:50:60:d0:
87:2f:a6:6d:2f:15:cf:0b:e0:4a:32:fd:e8:9c:13:
7b:03:ae:84:ac:68:17:0e:fc:65:7c:1d:cf:5a:68:
79:b8:1a:95:53:b1:a0:0a:5e:1e:35:e9:ed:8f:a3:
1f:05:ce:9c:1b:aa:b7:3c:86:0c:a6:2b:9f:ab:fc:
72:d1:7e:98:53:27:37:9f:6c:2d:3a:17:a0:38:f4:
cb:8f:6e:97:31:73:c9:97:c7:39:53:c6:45:5b:61:
34:0d:3c:c3:e9:18:11:61:fa:d6:68:c5:96:c0:46:
26:29:18:57:0b:a8:28:f4:5a:75:e9:2a:03:58:4c:
7a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:B7:F6:04:FE:FD:85:E6:72:3D:49:C4:8D:DA:0C:37:6E:3B:8C:B0
X509v3 Authority Key Identifier:
keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/Xrf2BP79heZyPUnEjdoMN247jLA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.179.128.0/17
92.235.0.0/18
92.235.96.0-92.235.255.255
94.168.128.0/17
IPv6:
2001:67c:794::/48
Signature Algorithm: sha256WithRSAEncryption
1a:5b:e5:e3:5b:87:8f:e1:fb:af:3f:0e:c5:06:51:6a:5b:15:
0c:eb:04:88:4f:b1:4f:76:b0:1c:32:c3:40:9c:da:37:b7:7e:
ef:c9:7d:ff:1c:86:45:75:51:0d:2f:fd:36:e1:83:b3:ac:a4:
7b:ac:0a:9a:40:d4:23:7c:b3:b2:4d:22:6c:2a:c6:07:26:55:
61:71:26:4f:cb:7c:d9:ce:6a:72:b3:88:cc:67:c4:20:6c:f4:
df:e4:d7:cf:38:ae:86:1b:88:d6:05:6d:79:79:71:e9:e0:b1:
2f:94:61:2e:bb:94:b3:39:13:8f:5f:62:bf:77:66:df:32:bf:
8f:85:d8:01:55:23:47:d9:8c:b9:aa:8a:f0:72:83:c9:05:36:
a7:07:cd:fb:14:b8:99:15:12:68:5f:a4:d7:76:af:e6:72:d1:
bd:14:fe:9f:43:88:13:7b:3e:57:ad:ff:03:38:07:34:56:5a:
a0:e0:8d:e5:f7:4e:51:6c:2b:8d:cf:38:34:92:e8:d7:b7:74:
e2:01:ea:30:49:60:a0:03:fb:50:90:8b:bd:34:0c:ea:7e:59:
35:5c:ba:f3:8e:00:de:b5:71:17:5d:55:04:3a:98:80:28:c6:
df:26:a1:0d:d6:3f:ef:3d:64:eb:3c:75:ab:53:13:ef:16:78:
04:18:4c:d9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZl7l7RdHHdSyk/LypQiTzhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjUwOTI0MTE1OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWI3ZjYwNGZlZmQ4NWU2NzIzZDQ5YzQ4ZGRhMGMzNzZlM2I4Y2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/fBK5PZNG5nJGxA/kIWPPpnOYzu
AMNVIflCxgArWQ1fPc3e6B2VRiqTKCvg7xdOwp3fWP4l2dD+TF6F0SvfugA/oRt2
k60RT38AxEig6TKFri2iH/q+1k5/SHdIvaHHtI6YUijNMsJQobJyeTiRHqPzCmbP
BoKLGBNlOvcN5IgItGhQYNCHL6ZtLxXPC+BKMv3onBN7A66ErGgXDvxlfB3PWmh5
uBqVU7GgCl4eNentj6MfBc6cG6q3PIYMpiufq/xy0X6YUyc3n2wtOhegOPTLj26X
MXPJl8c5U8ZFW2E0DTzD6RgRYfrWaMWWwEYmKRhXC6go9Fp16SoDWEx6TwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF639gT+/YXmcj1JxI3aDDduO4ywMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvWHJmMkJQNzloZVp5UFVuRWpkb01OMjQ3akxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAlBAIAATAfAwQHPrOAAwQG
XOsAMAsDBAVc62ADAwJc6AMEB16ogDAPBAIAAjAJAwcAIAEGfAeUMA0GCSqGSIb3
DQEBCwUAA4IBAQAaW+XjW4eP4fuvPw7FBlFqWxUM6wSIT7FPdrAcMsNAnNo3t37v
yX3/HIZFdVENL/024YOzrKR7rAqaQNQjfLOyTSJsKsYHJlVhcSZPy3zZzmpys4jM
Z8QgbPTf5NfPOK6GG4jWBW15eXHp4LEvlGEuu5SzOROPX2K/d2bfMr+PhdgBVSNH
2Yy5qorwcoPJBTanB837FLiZFRJoX6TXdq/mctG9FP6fQ4gTez5Xrf8DOAc0Vlqg
4I3l905RbCuNzzg0kujXt3TiAeowSWCgA/tQkIu9NAzqflk1XLrzjgDetXEXXVUE
OpiAKMbfJqEN1j/vPWTrPHWrUxPvFngEGEzZ
-----END CERTIFICATE-----
Generated at Wed Oct 8 13:57:46 2025 by rpki-client