Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/Xpmq2qI8X7GAALvPIhXOimJgH5Y.roa
File: Xpmq2qI8X7GAALvPIhXOimJgH5Y.roa (raw, json)
Hash identifier: AgxExCu/sRjU92nC3fyyQWh5ZarDgbI5r/jd4t48QXE=
Subject key identifier: 5E:99:AA:DA:A2:3C:5F:B1:80:00:BB:CF:22:15:CE:8A:62:60:1F:96
Certificate issuer: /CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Certificate serial: 019A066301753A0039350A142B3F6FE5BDB3
Authority key identifier: 38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/Xpmq2qI8X7GAALvPIhXOimJgH5Y.roa
Signing time: Tue 21 Oct 2025 10:49:02 +0000
ROA not before: Tue 21 Oct 2025 10:49:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200752
IP address blocks: 5.133.96.0/22 maxlen: 24
91.214.60.0/22 maxlen: 24
185.97.120.0/22 maxlen: 24
2a06:5c0::/29 maxlen: 29
2a09:6e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 24 Oct 2025 07:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:06:63:01:75:3a:00:39:35:0a:14:2b:3f:6f:e5:bd:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38bc794c5fbaac632a7ffb43db14f739cd53b2c4
Validity
Not Before: Oct 21 10:49:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e99aadaa23c5fb18000bbcf2215ce8a62601f96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:42:36:0f:7e:24:f0:97:f1:f8:10:f1:68:76:
c5:20:cf:8e:67:36:e0:12:38:5e:06:4d:bb:ff:3e:
93:ad:af:16:2e:58:b4:d9:f7:76:ca:98:7b:c6:5c:
9f:e5:d2:a6:5e:be:3a:8c:1f:9a:7d:b4:c9:4f:5f:
fc:4d:77:f1:98:e1:1f:7d:14:d2:f7:75:92:24:59:
bb:d5:df:fb:ac:ef:be:2c:e4:e4:20:d0:4f:2d:2d:
f9:52:a7:28:17:0c:7d:9d:12:1c:47:a2:a8:9b:8a:
e2:7a:d9:16:df:21:cc:f0:6e:9f:3a:ca:7a:6b:4f:
b8:f3:85:9a:63:57:7d:ef:d1:7a:b4:69:3c:a5:9b:
ee:10:a0:9a:59:6c:54:9a:4b:d9:43:81:89:f9:ff:
b9:f9:39:9b:3a:82:71:1f:61:ac:15:50:b4:60:ed:
37:31:53:fe:9b:a3:55:35:1c:f6:2b:c8:89:f2:a2:
56:ff:b1:de:21:e4:22:78:91:de:80:93:21:6b:8b:
2b:c6:9c:a9:03:02:4a:cc:a8:94:59:56:2a:d5:bd:
d0:f4:31:79:6b:00:61:60:57:47:40:98:88:e5:fd:
32:77:6b:cd:6a:98:a5:2d:dd:75:12:38:fe:66:ef:
7e:4e:53:bc:d6:c8:5e:bb:27:b4:53:68:81:3c:60:
d5:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:99:AA:DA:A2:3C:5F:B1:80:00:BB:CF:22:15:CE:8A:62:60:1F:96
X509v3 Authority Key Identifier:
keyid:38:BC:79:4C:5F:BA:AC:63:2A:7F:FB:43:DB:14:F7:39:CD:53:B2:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/Xpmq2qI8X7GAALvPIhXOimJgH5Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/1a3d98-c14f-4d06-a466-d985394e3c10/1/OLx5TF-6rGMqf_tD2xT3Oc1TssQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.96.0/22
91.214.60.0/22
185.97.120.0/22
IPv6:
2a06:5c0::/29
2a09:6e00::/29
Signature Algorithm: sha256WithRSAEncryption
bb:91:69:95:de:26:91:62:c4:e5:7d:60:a3:ec:d4:5c:d2:99:
4f:09:17:1d:9d:79:c9:84:6f:55:be:c5:1e:da:7a:ca:03:a3:
cd:18:2e:37:7d:07:c2:1e:c5:b5:b7:90:01:a4:66:b3:7f:66:
26:56:c9:63:42:05:1e:99:c3:3c:60:78:00:05:d4:9a:d2:fe:
d5:18:7f:9e:1b:44:a5:13:3b:f2:1d:10:7b:43:a6:8b:e0:d7:
07:d7:d2:41:bd:21:cc:30:13:2e:82:0e:66:ca:07:f2:bb:0d:
70:dc:94:13:86:e5:2e:cd:40:fc:8c:4d:03:87:22:d5:f4:7a:
c6:f1:6b:03:cb:b2:a1:bc:21:52:fd:9f:f7:12:5a:34:fb:e7:
b8:c7:7a:71:32:b7:7a:c2:03:a7:98:8c:c6:c5:88:a2:69:76:
be:b1:4e:ed:1a:af:b0:49:cf:07:41:5d:77:81:05:ab:53:a8:
79:e2:31:99:89:13:43:4d:8c:95:89:b8:68:cc:0e:8a:99:39:
19:04:32:ef:9c:e8:84:79:ec:63:82:01:3e:cd:9a:6e:f3:94:
14:22:e9:4f:b4:7f:0d:23:41:4e:e4:99:cb:21:1b:04:09:a0:
39:55:ab:de:13:a0:ae:1f:bf:dd:09:17:b9:fe:e3:5c:df:07:
70:47:c3:81
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZoGYwF1OgA5NQoUKz9v5b2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmM3OTRjNWZiYWFjNjMyYTdmZmI0M2RiMTRmNzM5Y2Q1
M2IyYzQwHhcNMjUxMDIxMTA0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk5YWFkYWEyM2M1ZmIxODAwMGJiY2YyMjE1Y2U4YTYyNjAxZjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEI2D34k8Jfx+BDxaHbFIM+OZzbg
EjheBk27/z6Tra8WLli02fd2yph7xlyf5dKmXr46jB+afbTJT1/8TXfxmOEffRTS
93WSJFm71d/7rO++LOTkINBPLS35UqcoFwx9nRIcR6Kom4rietkW3yHM8G6fOsp6
a0+484WaY1d979F6tGk8pZvuEKCaWWxUmkvZQ4GJ+f+5+TmbOoJxH2GsFVC0YO03
MVP+m6NVNRz2K8iJ8qJW/7HeIeQieJHegJMha4srxpypAwJKzKiUWVYq1b3Q9DF5
awBhYFdHQJiI5f0yd2vNapilLd11Ejj+Zu9+TlO81sheuye0U2iBPGDVRQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFF6ZqtqiPF+xgAC7zyIVzopiYB+WMB8GA1UdIwQY
MBaAFDi8eUxfuqxjKn/7Q9sU9znNU7LEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYt
ZDk4NTM5NGUzYzEwLzEvWHBtcTJxSThYN0dBQUx2UEloWE9pbUpnSDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xYTNkOTgtYzE0Zi00ZDA2LWE0NjYtZDk4NTM5NGUzYzEw
LzEvT0x4NVRGLTZyR01xZl90RDJ4VDNPYzFUc3NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCBYVgAwQC
W9Y8AwQCuWF4MBQEAgACMA4DBQMqBgXAAwUDKgluADANBgkqhkiG9w0BAQsFAAOC
AQEAu5Fpld4mkWLE5X1go+zUXNKZTwkXHZ15yYRvVb7FHtp6ygOjzRguN30Hwh7F
tbeQAaRms39mJlbJY0IFHpnDPGB4AAXUmtL+1Rh/nhtEpRM78h0Qe0Omi+DXB9fS
Qb0hzDATLoIOZsoH8rsNcNyUE4blLs1A/IxNA4ci1fR6xvFrA8uyobwhUv2f9xJa
NPvnuMd6cTK3esIDp5iMxsWIoml2vrFO7RqvsEnPB0Fdd4EFq1OoeeIxmYkTQ02M
lYm4aMwOipk5GQQy75zohHnsY4IBPs2abvOUFCLpT7R/DSNBTuSZyyEbBAmgOVWr
3hOgrh+/3QkXuf7jXN8HcEfDgQ==
-----END CERTIFICATE-----
Generated at Thu Oct 23 10:55:52 2025 by rpki-client