Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/XoEgN8Rzf-_O70nBq2ov0ajUPeY.roa
File: XoEgN8Rzf-_O70nBq2ov0ajUPeY.roa (raw, json)
Hash identifier: Uqsa+8GNjpiZZotqp2+P9cchtd9l85RTnq9RE86H8w8=
Subject key identifier: 5E:81:20:37:C4:73:7F:EF:CE:EF:49:C1:AB:6A:2F:D1:A8:D4:3D:E6
Certificate issuer: /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial: 019A0142FF3BF3B2845C89C802E4FF5055DC
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/XoEgN8Rzf-_O70nBq2ov0ajUPeY.roa
Signing time: Mon 20 Oct 2025 10:55:59 +0000
ROA not before: Mon 20 Oct 2025 10:55:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60077
IP address blocks: 78.110.112.0/21 maxlen: 32
78.110.112.0/22 maxlen: 32
78.110.112.0/24 maxlen: 24
78.110.116.0/22 maxlen: 32
85.198.8.0/21 maxlen: 32
85.198.8.0/22 maxlen: 32
85.198.12.0/22 maxlen: 32
85.198.16.0/21 maxlen: 32
85.198.16.0/22 maxlen: 32
85.198.16.0/23 maxlen: 32
85.198.18.0/23 maxlen: 32
85.198.19.0/24 maxlen: 24
85.198.20.0/22 maxlen: 32
85.198.20.0/23 maxlen: 23
85.198.20.0/24 maxlen: 24
85.198.21.0/24 maxlen: 24
85.198.22.0/23 maxlen: 23
85.198.22.0/24 maxlen: 24
193.151.128.0/19 maxlen: 32
193.151.128.0/20 maxlen: 32
193.151.128.0/22 maxlen: 32
193.151.132.0/22 maxlen: 32
193.151.136.0/22 maxlen: 32
193.151.140.0/22 maxlen: 32
193.151.144.0/20 maxlen: 32
193.151.144.0/21 maxlen: 32
193.151.144.0/22 maxlen: 32
193.151.148.0/22 maxlen: 32
193.151.152.0/22 maxlen: 32
193.151.156.0/23 maxlen: 32
193.151.156.0/24 maxlen: 32
193.151.157.0/24 maxlen: 32
193.151.158.0/24 maxlen: 32
193.151.159.0/24 maxlen: 32
2a05:1a30::/34 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Oct 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:01:42:ff:3b:f3:b2:84:5c:89:c8:02:e4:ff:50:55:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Validity
Not Before: Oct 20 10:55:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e812037c4737fefceef49c1ab6a2fd1a8d43de6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:c0:0d:7c:72:95:a6:dd:d2:c7:c7:88:d2:02:
ca:85:6b:ff:bd:04:7b:e9:30:ce:bb:ec:f2:7f:0f:
84:82:5e:0e:14:cf:22:77:ee:5d:44:48:46:59:2d:
b7:85:df:e4:84:98:93:19:08:9a:c0:20:21:e4:d4:
3d:5c:f3:04:db:b6:0a:d3:e5:06:fb:d1:4f:16:bb:
1a:93:84:5b:f3:a0:b6:8e:d4:8d:12:a8:f1:49:9f:
1d:54:35:d9:a6:e1:9b:26:1f:e3:6c:5d:4c:91:04:
35:f4:a6:61:7e:ba:d8:72:ca:2a:3f:52:73:45:79:
a1:90:ef:c8:4d:0c:b5:ba:56:14:00:f4:08:02:2b:
b4:06:32:50:61:d2:7d:c4:4c:9b:05:c9:0f:17:52:
42:c5:61:97:d7:22:86:4e:f2:e7:92:36:7e:33:cd:
94:53:6b:67:44:54:ec:ab:e5:49:01:c7:8d:f8:94:
12:3e:3e:cf:02:fe:fa:14:28:c5:61:e4:20:b7:4e:
ac:ab:da:09:d7:5f:03:34:22:69:c6:49:8a:b3:a9:
53:a4:70:15:5c:c9:f5:a3:77:a1:5b:4b:1f:76:e0:
e1:2f:ea:b9:ff:19:c2:f9:a5:73:a3:38:85:72:4a:
d8:67:b1:c9:ec:ff:c6:ad:bf:d3:d6:e6:3b:95:14:
25:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:81:20:37:C4:73:7F:EF:CE:EF:49:C1:AB:6A:2F:D1:A8:D4:3D:E6
X509v3 Authority Key Identifier:
keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/XoEgN8Rzf-_O70nBq2ov0ajUPeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.110.112.0/21
85.198.8.0-85.198.23.255
193.151.128.0/19
IPv6:
2a05:1a30::/34
Signature Algorithm: sha256WithRSAEncryption
43:76:e6:70:0d:a4:17:ee:d5:31:d3:41:2e:d2:ee:34:d4:65:
6d:6a:4a:6f:18:12:11:5c:8e:f8:12:fb:f7:42:74:08:ca:fc:
f8:9c:90:22:42:04:da:7c:4e:cc:b1:7a:df:7f:8c:5e:03:ea:
1f:62:e9:be:40:42:c8:1d:e9:40:25:0b:9b:42:9f:3c:53:10:
17:d1:91:0e:89:15:b9:b1:b2:69:a0:2c:64:e7:2c:b7:1e:c8:
09:d8:b8:a3:9c:ba:ae:56:40:a9:7a:b1:c7:c1:29:37:e9:46:
a6:52:9e:12:a3:ef:5a:e0:e6:a5:c0:ea:61:dd:e6:30:84:c0:
97:71:10:26:f5:76:99:b4:f8:25:f5:7a:7f:06:83:a0:ec:2c:
ba:e2:c6:a8:b0:ac:84:83:6f:46:c3:b7:76:93:7d:94:a9:f4:
e2:0f:ae:1c:1e:3b:ad:28:30:d0:a6:b9:e5:52:fe:14:0c:5a:
34:e0:ac:8e:90:0d:99:0c:2d:4f:c8:53:54:17:d5:39:30:e0:
0a:23:d0:68:9a:5b:c0:77:ac:fe:4d:8c:da:d7:d1:21:cf:b5:
ae:18:5d:0a:b3:5f:63:62:29:a3:4d:7f:90:eb:f5:58:c7:97:
47:2c:c8:4c:5e:52:bc:db:35:c5:9b:90:fc:26:dc:1b:b0:cf:
37:7a:ae:9a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZoBQv8787KEXInIAuT/UFXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjUxMDIwMTA1NTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgxMjAzN2M0NzM3ZmVmY2VlZjQ5YzFhYjZhMmZkMWE4ZDQzZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cANfHKVpt3Sx8eI0gLKhWv/vQR7
6TDOu+zyfw+Egl4OFM8id+5dREhGWS23hd/khJiTGQiawCAh5NQ9XPME27YK0+UG
+9FPFrsak4Rb86C2jtSNEqjxSZ8dVDXZpuGbJh/jbF1MkQQ19KZhfrrYcsoqP1Jz
RXmhkO/ITQy1ulYUAPQIAiu0BjJQYdJ9xEybBckPF1JCxWGX1yKGTvLnkjZ+M82U
U2tnRFTsq+VJAceN+JQSPj7PAv76FCjFYeQgt06sq9oJ118DNCJpxkmKs6lTpHAV
XMn1o3ehW0sfduDhL+q5/xnC+aVzoziFckrYZ7HJ7P/Grb/T1uY7lRQlZQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFF6BIDfEc3/vzu9JwatqL9Go1D3mMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvWG9FZ044UnpmLV9PNzBuQnEyb3YwYWpVUGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAgBAIAATAaAwQDTm5wMAwD
BANVxggDBANVxhADBAXBl4AwDgQCAAIwCAMGBioFGjAAMA0GCSqGSIb3DQEBCwUA
A4IBAQBDduZwDaQX7tUx00Eu0u401GVtakpvGBIRXI74Evv3QnQIyvz4nJAiQgTa
fE7MsXrff4xeA+ofYum+QELIHelAJQubQp88UxAX0ZEOiRW5sbJpoCxk5yy3HsgJ
2LijnLquVkCperHHwSk36UamUp4So+9a4OalwOph3eYwhMCXcRAm9XaZtPgl9Xp/
BoOg7Cy64saosKyEg29Gw7d2k32UqfTiD64cHjutKDDQprnlUv4UDFo04KyOkA2Z
DC1PyFNUF9U5MOAKI9BomlvAd6z+TYza19Ehz7WuGF0Ks19jYimjTX+Q6/VYx5dH
LMhMXlK82zXFm5D8JtwbsM83eq6a
-----END CERTIFICATE-----
Generated at Sun Oct 26 08:59:36 2025 by rpki-client