Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XL-yYcDz4EHA_1YfpaexzF8rJ2U.roa
File: XL-yYcDz4EHA_1YfpaexzF8rJ2U.roa (raw, json)
Hash identifier: 4fgnvvclaoCsDVyjyuYkbReWujbb1eRc6u96Gh7O1uY=
Subject key identifier: 5C:BF:B2:61:C0:F3:E0:41:C0:FF:56:1F:A5:A7:B1:CC:5F:2B:27:65
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D2A82B1E79C1B392CE8B13BA52B298757
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XL-yYcDz4EHA_1YfpaexzF8rJ2U.roa
Signing time: Thu 26 Mar 2026 14:18:21 +0000
ROA not before: Thu 26 Mar 2026 14:18:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36626
IP address blocks: 81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 14:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2a:82:b1:e7:9c:1b:39:2c:e8:b1:3b:a5:2b:29:87:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Mar 26 14:18:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5cbfb261c0f3e041c0ff561fa5a7b1cc5f2b2765
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:0a:d7:fa:a9:ec:a3:79:5b:8d:95:1d:b8:18:
36:9d:36:91:3f:74:51:d3:46:0b:3d:2c:73:ff:25:
95:31:b9:30:f7:4b:32:05:8a:16:a7:ce:07:db:6b:
bc:29:14:2a:5e:a0:6f:55:ec:dd:b2:1e:6f:5d:36:
da:08:29:14:f5:bb:cc:7d:5e:22:d4:c1:24:51:7a:
38:06:82:49:ca:aa:7b:5c:2d:22:9c:14:0b:54:f2:
e3:18:d1:8f:7e:66:a1:da:ea:1a:56:d9:c4:fc:dc:
f0:d3:2a:2a:d9:dd:6c:a0:53:d0:8b:76:a8:d6:86:
e0:e4:f4:ec:7a:54:01:07:00:4f:36:6c:cd:68:e5:
6f:86:16:31:ad:84:2d:0c:d6:41:a0:80:ac:0a:48:
bb:01:92:b7:26:f1:d1:c4:0d:f7:9c:a8:25:30:9c:
59:0a:7b:e8:55:84:42:30:96:39:8f:1f:bc:71:d0:
b9:71:5e:cf:cc:07:61:27:a3:2b:85:71:d0:da:e9:
e3:06:4b:9a:d0:8b:1a:26:76:e6:23:f9:6b:8a:90:
c9:10:60:3f:90:a7:46:e6:ad:53:a8:17:37:51:23:
b9:4e:70:52:e5:97:83:2c:19:42:78:62:b9:cc:f7:
60:b3:15:49:3c:5e:04:a2:95:cd:03:7e:40:f7:1e:
48:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:BF:B2:61:C0:F3:E0:41:C0:FF:56:1F:A5:A7:B1:CC:5F:2B:27:65
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/XL-yYcDz4EHA_1YfpaexzF8rJ2U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.195.30/31
185.100.0.0/24
Signature Algorithm: sha256WithRSAEncryption
90:f0:33:8a:05:9b:57:0e:c7:3a:ba:70:3a:98:fc:ce:2a:1b:
b8:2b:b8:7a:ac:07:00:84:56:ff:6e:21:2d:e7:1a:e3:6a:a3:
17:e8:a5:5b:cf:06:c3:6a:57:d0:f7:ed:6b:38:f6:5b:4d:f4:
aa:ec:de:32:3b:eb:5d:52:c6:76:4a:35:8b:93:a5:10:55:d5:
6b:c4:56:ca:ed:ba:da:3c:d2:99:cd:bd:1b:4f:08:38:c7:5c:
5f:2d:56:3c:d7:eb:9a:cb:84:d5:10:62:27:eb:cd:16:e5:73:
c5:d2:f0:89:b9:6e:72:87:50:bc:f4:1e:2d:d5:bb:62:3b:8b:
ec:2c:8d:06:8f:e5:25:54:21:f0:4c:a5:27:1b:1f:ab:f5:43:
5e:c0:f3:e0:e7:47:33:2d:47:55:93:07:e0:cb:72:5f:b6:18:
0d:ad:82:60:da:cc:4c:2d:ad:2f:d9:00:52:fe:85:f4:88:af:
c4:15:d2:ef:7c:11:89:a2:af:79:c8:7a:ef:00:2a:b8:14:59:
8c:b2:9a:18:a5:5f:5e:9e:74:f7:03:45:cf:8a:7e:c5:b3:54:
44:5a:5e:7b:2b:2d:e3:f2:cf:0c:16:13:e3:8e:69:6b:91:74:
9e:37:4b:30:04:08:8c:3b:52:75:61:fa:e3:7f:1f:cf:ea:98:
26:d7:6a:4c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0qgrHnnBs5LOixO6UrKYdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwMzI2MTQxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JmYjI2MWMwZjNlMDQxYzBmZjU2MWZhNWE3YjFjYzVmMmIyNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQrX+qnso3lbjZUduBg2nTaRP3RR
00YLPSxz/yWVMbkw90syBYoWp84H22u8KRQqXqBvVezdsh5vXTbaCCkU9bvMfV4i
1MEkUXo4BoJJyqp7XC0inBQLVPLjGNGPfmah2uoaVtnE/Nzw0yoq2d1soFPQi3ao
1obg5PTselQBBwBPNmzNaOVvhhYxrYQtDNZBoICsCki7AZK3JvHRxA33nKglMJxZ
CnvoVYRCMJY5jx+8cdC5cV7PzAdhJ6MrhXHQ2unjBkua0IsaJnbmI/lripDJEGA/
kKdG5q1TqBc3USO5TnBS5ZeDLBlCeGK5zPdgsxVJPF4EopXNA35A9x5I4QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFFy/smHA8+BBwP9WH6WnscxfKydlMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvWEwteVljRHo0RUhBXzFZZnBhZXh6RjhySjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwUBURPDHgME
ALlkADANBgkqhkiG9w0BAQsFAAOCAQEAkPAzigWbVw7HOrpwOpj8ziobuCu4eqwH
AIRW/24hLeca42qjF+ilW88Gw2pX0Pftazj2W030quzeMjvrXVLGdko1i5OlEFXV
a8RWyu262jzSmc29G08IOMdcXy1WPNfrmsuE1RBiJ+vNFuVzxdLwiblucodQvPQe
LdW7YjuL7CyNBo/lJVQh8EylJxsfq/VDXsDz4OdHMy1HVZMH4MtyX7YYDa2CYNrM
TC2tL9kAUv6F9IivxBXS73wRiaKvech67wAquBRZjLKaGKVfXp509wNFz4p+xbNU
RFpeeyst4/LPDBYT445pa5F0njdLMAQIjDtSdWH6438fz+qYJtdqTA==
-----END CERTIFICATE-----
Generated at Sun Mar 29 19:49:43 2026 by rpki-client