Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/xmgEeMB7WvkvTgZR5WIp3Cku-OQ.roa
File: xmgEeMB7WvkvTgZR5WIp3Cku-OQ.roa (raw, json)
Hash identifier: DB/674zCoFtnashikqEwhqolbIZIshtp2JBUcqe8xB8=
Subject key identifier: C6:68:04:78:C0:7B:5A:F9:2F:4E:06:51:E5:62:29:DC:29:2E:F8:E4
Certificate issuer: /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial: 019928EE5D5619931E0C9AE76C41E0F999DE
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/xmgEeMB7WvkvTgZR5WIp3Cku-OQ.roa
Signing time: Mon 08 Sep 2025 10:45:34 +0000
ROA not before: Mon 08 Sep 2025 10:45:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15830
IP address blocks: 137.174.0.0/16 maxlen: 22
137.174.128.0/18 maxlen: 22
137.174.192.0/19 maxlen: 22
141.137.0.0/16 maxlen: 22
147.123.32.0/19 maxlen: 24
147.123.128.0/17 maxlen: 22
147.123.208.0/21 maxlen: 24
155.204.0.0/16 maxlen: 22
155.204.119.0/24 maxlen: 24
155.204.128.0/18 maxlen: 22
155.204.200.0/21 maxlen: 24
155.204.208.0/21 maxlen: 21
155.204.216.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.mft
rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 07:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:28:ee:5d:56:19:93:1e:0c:9a:e7:6c:41:e0:f9:99:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Validity
Not Before: Sep 8 10:45:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c6680478c07b5af92f4e0651e56229dc292ef8e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:0b:55:21:ce:ac:e6:d4:af:83:a7:2f:0a:1c:
d6:01:c2:d7:3e:69:ce:83:57:69:a0:90:8e:38:ef:
23:5e:c9:58:b0:97:73:2e:b2:f0:d7:c2:68:e7:bb:
79:7d:c8:54:0d:cc:b9:c4:09:79:4a:6a:a8:b3:c0:
87:bf:d7:4b:af:68:a3:5b:43:80:7f:10:d5:85:cf:
bb:6d:d1:97:4b:39:98:4b:62:41:47:1f:7a:a8:e6:
b3:41:42:57:26:dc:49:1f:04:b6:85:9b:c4:8c:90:
60:08:d9:a7:0a:71:63:63:45:a5:24:48:e6:a1:d4:
51:e3:4d:44:c0:01:0c:b2:a0:80:a8:e6:7c:61:72:
c3:b3:d9:e8:42:2b:d4:75:0f:d1:ba:41:da:68:99:
1b:8a:7c:34:ee:ef:ab:25:75:f9:98:dd:a2:c6:2f:
3f:90:43:4b:9d:12:85:f7:ef:8b:11:c6:6d:1c:b0:
fa:23:61:ad:0e:d6:e5:7e:99:45:df:8f:25:07:a2:
ee:8e:56:c0:69:e7:5e:ea:37:62:db:a7:86:d3:ae:
07:bc:39:24:c7:c6:51:d3:c8:17:30:e9:d6:bc:71:
03:c2:f4:7d:a1:b4:c0:1b:f0:54:25:c1:fb:11:e6:
ff:5c:83:c7:86:4e:70:ef:24:0c:44:dd:37:32:98:
1c:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:68:04:78:C0:7B:5A:F9:2F:4E:06:51:E5:62:29:DC:29:2E:F8:E4
X509v3 Authority Key Identifier:
keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/xmgEeMB7WvkvTgZR5WIp3Cku-OQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.174.0.0/16
141.137.0.0/16
147.123.32.0/19
147.123.128.0/17
155.204.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:71:5f:bb:e8:c7:36:b9:33:a6:3b:b7:9a:43:4c:72:02:f7:
e8:ff:bc:98:3d:71:93:89:ba:7f:0f:f3:7a:2b:6b:ed:d9:56:
a4:ae:5a:b4:44:21:88:4c:82:b8:11:6d:7a:ee:4c:06:dc:40:
eb:f1:f5:10:1a:6b:63:26:81:10:a2:3b:50:ec:ee:3e:73:ca:
dc:ca:c1:34:cb:50:f3:9d:4a:10:fa:b1:7c:4d:ad:5c:6f:73:
99:f1:ae:36:9a:fa:26:4f:c6:6b:f3:93:94:01:b6:66:2c:e7:
6b:0a:16:d6:55:02:0b:72:2f:50:fe:43:ea:15:1d:ee:ef:c8:
62:9d:81:ec:cf:7c:c6:55:b6:73:e7:24:4b:7b:24:c8:73:05:
fd:2e:47:47:ad:2c:b0:4a:5e:1f:8c:96:44:45:08:07:b9:f4:
fd:5c:ad:2c:87:c1:45:02:41:c4:12:a8:95:82:b3:95:ab:60:
0f:dd:c9:b6:3d:3a:3b:5b:14:2b:d2:9f:8c:58:24:58:6b:c4:
d7:97:a8:71:da:3e:85:5c:cb:8c:fd:b4:97:b6:84:a1:6e:c4:
fd:6c:80:18:6b:32:74:16:69:e5:d4:8b:a3:6d:67:9b:a9:74:
43:61:0f:e0:e3:73:9e:b0:43:01:ef:21:0a:ef:c9:e3:40:97:
a5:e7:e5:67
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZko7l1WGZMeDJrnbEHg+ZneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjUwOTA4MTA0NTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY4MDQ3OGMwN2I1YWY5MmY0ZTA2NTFlNTYyMjlkYzI5MmVmOGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wtVIc6s5tSvg6cvChzWAcLXPmnO
g1dpoJCOOO8jXslYsJdzLrLw18Jo57t5fchUDcy5xAl5Smqos8CHv9dLr2ijW0OA
fxDVhc+7bdGXSzmYS2JBRx96qOazQUJXJtxJHwS2hZvEjJBgCNmnCnFjY0WlJEjm
odRR401EwAEMsqCAqOZ8YXLDs9noQivUdQ/RukHaaJkbinw07u+rJXX5mN2ixi8/
kENLnRKF9++LEcZtHLD6I2GtDtblfplF348lB6LujlbAaede6jdi26eG064HvDkk
x8ZR08gXMOnWvHEDwvR9obTAG/BUJcH7Eeb/XIPHhk5w7yQMRN03Mpgc5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMZoBHjAe1r5L04GUeViKdwpLvjkMB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEveG1nRWVNQjdXdmt2VGdaUjVXSXAzQ2t1LU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAATAbAwMAia4DAwCN
iQMEBZN7IAMEB5N7gAMDAJvMMA0GCSqGSIb3DQEBCwUAA4IBAQApcV+76Mc2uTOm
O7eaQ0xyAvfo/7yYPXGTibp/D/N6K2vt2Vakrlq0RCGITIK4EW167kwG3EDr8fUQ
GmtjJoEQojtQ7O4+c8rcysE0y1DznUoQ+rF8Ta1cb3OZ8a42mvomT8Zr85OUAbZm
LOdrChbWVQILci9Q/kPqFR3u78hinYHsz3zGVbZz5yRLeyTIcwX9LkdHrSywSl4f
jJZERQgHufT9XK0sh8FFAkHEEqiVgrOVq2AP3cm2PTo7WxQr0p+MWCRYa8TXl6hx
2j6FXMuM/bSXtoShbsT9bIAYazJ0Fmnl1IujbWebqXRDYQ/g43OesEMB7yEK78nj
QJel5+Vn
-----END CERTIFICATE-----
Generated at Wed Sep 10 15:18:31 2025 by rpki-client