Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/xXfwL3nXnXFEEVcYcv_dc6Fb5P4.roa
File: xXfwL3nXnXFEEVcYcv_dc6Fb5P4.roa (raw, json)
Hash identifier: sO38IVaxxxNJ8+o5mB4XNWptxay9N15BzuBDzJ2RLLI=
Subject key identifier: C5:77:F0:2F:79:D7:9D:71:44:11:57:18:72:FF:DD:73:A1:5B:E4:FE
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 0198E5A09A76E2C356EB626BDDB49AD38B2D
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/xXfwL3nXnXFEEVcYcv_dc6Fb5P4.roa
Signing time: Tue 26 Aug 2025 09:06:04 +0000
ROA not before: Tue 26 Aug 2025 09:06:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213541
IP address blocks: 85.28.43.0/24 maxlen: 24
85.28.44.0/23 maxlen: 23
85.28.46.0/24 maxlen: 24
85.28.57.0/24 maxlen: 24
85.28.59.0/24 maxlen: 24
85.28.60.0/24 maxlen: 24
85.28.62.0/24 maxlen: 24
109.238.200.0/24 maxlen: 24
109.238.201.0/24 maxlen: 24
109.238.203.0/24 maxlen: 24
109.238.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e5:a0:9a:76:e2:c3:56:eb:62:6b:dd:b4:9a:d3:8b:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Aug 26 09:06:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c577f02f79d79d714411571872ffdd73a15be4fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:76:f4:63:44:43:4a:c9:14:42:4e:91:7a:41:
5c:43:5c:d1:7c:67:1d:c4:14:1d:1f:8f:7d:f8:5b:
e0:62:f8:c7:d7:d0:4f:77:5b:96:26:f3:f9:bb:20:
89:59:dd:9a:8d:76:8f:c7:e8:56:40:ca:5f:ea:f8:
12:d4:68:6c:02:71:33:f8:2c:64:ae:d3:ce:4d:e2:
11:94:28:6b:d7:70:fc:4c:e6:12:22:79:e0:57:01:
27:0a:80:a2:02:1c:82:a0:88:78:1a:f7:52:a2:de:
e9:58:ca:cb:e3:f5:17:3e:a0:08:de:e6:e2:19:e6:
b2:68:29:15:e3:c3:17:e6:76:d5:4d:32:69:61:ad:
38:5d:85:36:30:81:01:e8:9e:e2:d4:63:a9:01:97:
bb:d0:fa:67:7a:26:c4:40:c2:4e:78:a9:1d:75:80:
6c:46:76:33:20:b8:51:2e:a7:39:67:8c:d9:f5:77:
d6:3d:bb:39:89:53:b3:a8:a4:96:af:5d:2e:23:d9:
61:14:93:6e:36:c0:ee:1a:64:af:27:d0:4b:3f:1e:
bf:e8:7f:18:1f:a9:50:a2:eb:69:01:b8:66:1b:7b:
52:fa:c1:3e:db:5b:be:42:e1:3d:90:1b:a0:39:2e:
7d:d4:d4:d8:d7:79:2d:d6:73:19:71:c7:16:a1:43:
b5:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:77:F0:2F:79:D7:9D:71:44:11:57:18:72:FF:DD:73:A1:5B:E4:FE
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/xXfwL3nXnXFEEVcYcv_dc6Fb5P4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.43.0-85.28.46.255
85.28.57.0/24
85.28.59.0-85.28.60.255
85.28.62.0/24
109.238.200.0/23
109.238.203.0/24
109.238.206.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:d3:65:7e:8e:31:14:4c:f5:fc:d9:3b:4f:d1:7b:51:3d:70:
bc:ec:4a:a2:da:80:a8:77:ea:fd:ac:48:b0:a1:43:c7:5d:2c:
fb:0a:55:4a:74:36:e7:dd:b2:36:73:78:0c:7b:d9:57:56:a6:
d4:f7:7a:4b:46:f0:fe:33:70:a3:c0:f3:c2:df:47:0d:8b:0f:
43:a5:6b:bb:55:2e:9b:e6:4b:ca:e6:92:6b:ab:b3:da:3c:33:
c8:03:0b:7d:a3:76:ed:a8:0c:1d:ec:6b:b6:5a:6c:85:e8:99:
0d:eb:98:18:b0:05:ba:08:d2:d7:cd:5d:8c:1a:a2:3d:88:b1:
5f:fb:30:dd:2c:73:4b:70:4b:e0:2a:be:2e:e9:0d:90:39:c5:
25:31:fd:c2:85:24:f9:e5:b0:07:02:fd:33:ed:92:9c:ca:05:
6a:25:6e:7c:f9:b5:af:84:db:bd:ab:60:9a:68:bf:74:11:b2:
22:91:9b:79:0f:23:46:cd:14:a3:df:37:d0:a5:66:e7:1b:9e:
50:34:f8:90:03:4b:ba:6e:52:5c:06:47:d2:05:34:16:c5:08:
fe:92:08:30:11:ce:5a:03:fa:94:78:93:16:f1:9f:4d:f5:e5:
82:fa:73:94:d9:cb:77:be:cb:e9:c4:b3:52:ce:70:92:5f:2c:
43:42:41:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZjloJp24sNW62Jr3bSa04stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwODI2MDkwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTc3ZjAyZjc5ZDc5ZDcxNDQxMTU3MTg3MmZmZGQ3M2ExNWJlNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Hb0Y0RDSskUQk6RekFcQ1zRfGcd
xBQdH499+FvgYvjH19BPd1uWJvP5uyCJWd2ajXaPx+hWQMpf6vgS1GhsAnEz+Cxk
rtPOTeIRlChr13D8TOYSInngVwEnCoCiAhyCoIh4GvdSot7pWMrL4/UXPqAI3ubi
GeayaCkV48MX5nbVTTJpYa04XYU2MIEB6J7i1GOpAZe70PpneibEQMJOeKkddYBs
RnYzILhRLqc5Z4zZ9XfWPbs5iVOzqKSWr10uI9lhFJNuNsDuGmSvJ9BLPx6/6H8Y
H6lQoutpAbhmG3tS+sE+21u+QuE9kBugOS591NTY13kt1nMZcccWoUO12QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFMV38C95151xRBFXGHL/3XOhW+T+MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEveFhmd0wzblhuWEZFRVZjWWN2X2RjNkZiNVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBABVHCsD
BABVHC4DBABVHDkwDAMEAFUcOwMEAFUcPAMEAFUcPgMEAW3uyAMEAG3uywMEAG3u
zjANBgkqhkiG9w0BAQsFAAOCAQEAn9Nlfo4xFEz1/Nk7T9F7UT1wvOxKotqAqHfq
/axIsKFDx10s+wpVSnQ2592yNnN4DHvZV1am1Pd6S0bw/jNwo8Dzwt9HDYsPQ6Vr
u1Uum+ZLyuaSa6uz2jwzyAMLfaN27agMHexrtlpsheiZDeuYGLAFugjS181djBqi
PYixX/sw3SxzS3BL4Cq+LukNkDnFJTH9woUk+eWwBwL9M+2SnMoFaiVufPm1r4Tb
vatgmmi/dBGyIpGbeQ8jRs0Uo9830KVm5xueUDT4kANLum5SXAZH0gU0FsUI/pII
MBHOWgP6lHiTFvGfTfXlgvpzlNnLd77L6cSzUs5wkl8sQ0JB4A==
-----END CERTIFICATE-----
Generated at Mon Sep 8 04:28:43 2025 by rpki-client