Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/XTgOcjNR8wb1-tvvZiXLrq9V1rE.roa
File: XTgOcjNR8wb1-tvvZiXLrq9V1rE.roa (raw, json)
Hash identifier: 1gsq3L9BAGQsVCvDdI2JTTbvR819vWRtg2jfK/LpLoo=
Subject key identifier: 5D:38:0E:72:33:51:F3:06:F5:FA:DB:EF:66:25:CB:AE:AF:55:D6:B1
Certificate issuer: /CN=36a9b82bd59aca6340f6df54fe8d33600b7e91e4
Certificate serial: 019A5318270E46EAD8BA5E07A826D1DFCECD
Authority key identifier: 36:A9:B8:2B:D5:9A:CA:63:40:F6:DF:54:FE:8D:33:60:0B:7E:91:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nqm4K9WaymNA9t9U_o0zYAt-keQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/XTgOcjNR8wb1-tvvZiXLrq9V1rE.roa
Signing time: Wed 05 Nov 2025 08:18:03 +0000
ROA not before: Wed 05 Nov 2025 08:18:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205476
IP address blocks: 185.136.209.0/24 maxlen: 24
185.136.210.0/24 maxlen: 24
185.136.211.0/24 maxlen: 24
2a06:fec0:3203::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/Nqm4K9WaymNA9t9U_o0zYAt-keQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/Nqm4K9WaymNA9t9U_o0zYAt-keQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/Nqm4K9WaymNA9t9U_o0zYAt-keQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 08:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:18:27:0e:46:ea:d8:ba:5e:07:a8:26:d1:df:ce:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36a9b82bd59aca6340f6df54fe8d33600b7e91e4
Validity
Not Before: Nov 5 08:18:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d380e723351f306f5fadbef6625cbaeaf55d6b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:f6:e1:ee:8b:a1:30:f4:c6:cc:5d:cd:ad:e4:
1b:b9:ed:55:dd:c0:b1:1d:27:f1:19:45:a4:f6:99:
14:e4:c1:d0:1d:f5:ff:7f:72:8a:38:fb:ff:10:27:
66:67:c1:b0:60:50:34:b0:71:34:e2:f6:92:5b:02:
d9:b6:91:6e:0f:07:ff:93:5c:7d:fe:de:72:7e:1b:
b6:e1:93:2a:fe:48:ca:a7:6e:63:f3:cb:0f:19:ad:
a7:3a:fc:a1:95:ab:50:41:cd:01:e4:56:b8:d3:8a:
5a:dd:a5:48:c7:e9:17:a8:a4:1b:19:9b:a8:0f:20:
e0:2c:7c:63:c7:fb:31:92:54:91:00:f5:54:c4:01:
ea:c4:1d:fa:a3:b7:4b:5f:a3:8f:bd:9c:c7:3c:94:
09:57:86:d7:f9:80:f5:62:b1:1c:35:71:1c:87:8f:
4c:0f:64:83:83:75:e2:9d:23:22:1b:c0:ab:43:57:
21:db:bb:d9:f4:dd:8d:52:0a:09:d0:72:1b:f5:01:
d8:36:71:61:3a:cd:bb:42:f5:62:03:ee:fc:b9:57:
63:77:a8:a3:5a:55:1e:04:d2:ee:4a:8f:4c:05:b8:
b9:33:52:f0:41:a6:8e:d6:c9:a0:b1:92:a2:40:f3:
c9:64:79:a5:82:fb:8a:b8:4a:f8:99:06:8a:f2:0c:
23:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:38:0E:72:33:51:F3:06:F5:FA:DB:EF:66:25:CB:AE:AF:55:D6:B1
X509v3 Authority Key Identifier:
keyid:36:A9:B8:2B:D5:9A:CA:63:40:F6:DF:54:FE:8D:33:60:0B:7E:91:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nqm4K9WaymNA9t9U_o0zYAt-keQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/XTgOcjNR8wb1-tvvZiXLrq9V1rE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/56b4c1-8015-4189-a3e5-5ad3026d8f28/1/Nqm4K9WaymNA9t9U_o0zYAt-keQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.209.0-185.136.211.255
IPv6:
2a06:fec0:3203::/48
Signature Algorithm: sha256WithRSAEncryption
68:6a:5a:ff:15:70:7f:c2:70:14:30:dd:6c:cb:be:48:45:24:
a3:3c:0b:7a:22:6b:ee:1b:4c:40:2e:d7:b7:0a:28:46:00:de:
3c:09:db:b7:8a:a8:ee:d2:a8:b0:50:46:02:3b:e9:b8:dc:9c:
77:e8:70:35:90:ac:b9:c0:d8:a9:e2:10:37:b3:df:ad:b8:67:
47:ef:eb:20:12:97:68:23:12:da:eb:4c:d2:00:fc:30:58:c3:
2e:e0:0b:8c:82:e8:2f:02:b1:02:b8:e6:b1:9c:cb:d8:f9:ae:
9a:82:a3:ae:04:58:d3:60:fe:f7:cb:a8:d9:83:41:2b:27:63:
7f:f0:87:40:26:ef:d0:83:78:54:b5:f1:f7:f1:12:6e:cb:32:
62:29:70:23:9e:52:4d:26:f7:a3:99:dc:7e:f0:15:5a:bd:d9:
32:1e:f0:2c:42:bd:fb:1d:23:72:a0:bf:1c:78:48:ca:74:f5:
5f:18:c6:3e:b9:5b:d7:8a:2b:89:69:cf:6c:43:bb:d2:ad:9b:
8e:e0:36:a7:80:d3:22:63:fc:42:88:1f:b9:1a:5e:cd:25:65:
29:89:2c:14:55:c2:d9:c2:74:9b:11:cc:3e:63:40:c5:b6:c7:
a4:88:9b:45:c1:62:ee:ad:9b:66:c5:99:44:2f:95:72:c9:16:
49:66:01:c1
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpTGCcORurYul4HqCbR387NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTliODJiZDU5YWNhNjM0MGY2ZGY1NGZlOGQzMzYwMGI3
ZTkxZTQwHhcNMjUxMTA1MDgxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM4MGU3MjMzNTFmMzA2ZjVmYWRiZWY2NjI1Y2JhZWFmNTVkNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vbh7ouhMPTGzF3NreQbue1V3cCx
HSfxGUWk9pkU5MHQHfX/f3KKOPv/ECdmZ8GwYFA0sHE04vaSWwLZtpFuDwf/k1x9
/t5yfhu24ZMq/kjKp25j88sPGa2nOvyhlatQQc0B5Fa404pa3aVIx+kXqKQbGZuo
DyDgLHxjx/sxklSRAPVUxAHqxB36o7dLX6OPvZzHPJQJV4bX+YD1YrEcNXEch49M
D2SDg3XinSMiG8CrQ1ch27vZ9N2NUgoJ0HIb9QHYNnFhOs27QvViA+78uVdjd6ij
WlUeBNLuSo9MBbi5M1LwQaaO1smgsZKiQPPJZHmlgvuKuEr4mQaK8gwjyQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFF04DnIzUfMG9frb72Yly66vVdaxMB8GA1UdIwQY
MBaAFDapuCvVmspjQPbfVP6NM2ALfpHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFtNEs5V2F5bU5BOXQ5VV9vMHpZQXQta2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC81NmI0YzEtODAxNS00MTg5LWEzZTUt
NWFkMzAyNmQ4ZjI4LzEvWFRnT2NqTlI4d2IxLXR2dlppWExycTlWMXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC81NmI0YzEtODAxNS00MTg5LWEzZTUtNWFkMzAyNmQ4ZjI4
LzEvTnFtNEs5V2F5bU5BOXQ5VV9vMHpZQXQta2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAC5iNED
BAK5iNAwDwQCAAIwCQMHACoG/sAyAzANBgkqhkiG9w0BAQsFAAOCAQEAaGpa/xVw
f8JwFDDdbMu+SEUkozwLeiJr7htMQC7XtwooRgDePAnbt4qo7tKosFBGAjvpuNyc
d+hwNZCsucDYqeIQN7PfrbhnR+/rIBKXaCMS2utM0gD8MFjDLuALjILoLwKxArjm
sZzL2PmumoKjrgRY02D+98uo2YNBKydjf/CHQCbv0IN4VLXx9/ESbssyYilwI55S
TSb3o5ncfvAVWr3ZMh7wLEK9+x0jcqC/HHhIynT1XxjGPrlb14oriWnPbEO70q2b
juA2p4DTImP8QogfuRpezSVlKYksFFXC2cJ0mxHMPmNAxbbHpIibRcFi7q2bZsWZ
RC+VcskWSWYBwQ==
-----END CERTIFICATE-----
Generated at Tue Nov 11 14:01:38 2025 by rpki-client