Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/xEsnJciiBq0cpARjJTgBj_Gwb0g.roa
File: xEsnJciiBq0cpARjJTgBj_Gwb0g.roa (raw, json)
Hash identifier: rNWLcgQzhcKlCZHWn2PfxjHWg6/hf63VmYuH/DFdDPs=
Subject key identifier: C4:4B:27:25:C8:A2:06:AD:1C:A4:04:63:25:38:01:8F:F1:B0:6F:48
Certificate issuer: /CN=24cacceee35ff87cd678ef6a92262cefce8492df
Certificate serial: 01997B36A846411A4F153B14CE9E180705EB
Authority key identifier: 24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/xEsnJciiBq0cpARjJTgBj_Gwb0g.roa
Signing time: Wed 24 Sep 2025 10:13:23 +0000
ROA not before: Wed 24 Sep 2025 10:13:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48944
IP address blocks: 5.23.112.0/21 maxlen: 21
5.23.112.0/22 maxlen: 22
5.23.116.0/22 maxlen: 22
95.130.56.0/21 maxlen: 21
95.130.56.0/24 maxlen: 24
95.130.57.0/24 maxlen: 24
95.130.58.0/24 maxlen: 24
95.130.59.0/24 maxlen: 24
95.130.60.0/24 maxlen: 24
95.130.61.0/24 maxlen: 24
95.130.62.0/24 maxlen: 24
95.130.63.0/24 maxlen: 24
109.72.192.0/20 maxlen: 20
109.72.192.0/21 maxlen: 21
109.72.192.0/24 maxlen: 24
109.72.193.0/24 maxlen: 24
109.72.194.0/24 maxlen: 24
109.72.195.0/24 maxlen: 24
109.72.196.0/24 maxlen: 24
109.72.197.0/24 maxlen: 24
109.72.198.0/24 maxlen: 24
109.72.199.0/24 maxlen: 24
109.72.200.0/21 maxlen: 21
109.72.200.0/24 maxlen: 24
109.72.201.0/24 maxlen: 24
109.72.202.0/24 maxlen: 24
109.72.203.0/24 maxlen: 24
109.72.204.0/24 maxlen: 24
109.72.205.0/24 maxlen: 24
109.72.206.0/24 maxlen: 24
109.72.207.0/24 maxlen: 24
109.238.176.0/20 maxlen: 20
109.238.176.0/21 maxlen: 21
109.238.184.0/21 maxlen: 21
109.238.184.0/24 maxlen: 24
176.67.64.0/20 maxlen: 20
185.11.176.0/22 maxlen: 22
185.11.176.0/23 maxlen: 23
185.11.176.0/24 maxlen: 24
185.11.177.0/24 maxlen: 24
185.11.178.0/23 maxlen: 23
185.11.178.0/24 maxlen: 24
185.11.179.0/24 maxlen: 24
185.193.208.0/22 maxlen: 22
185.193.208.0/23 maxlen: 23
185.193.208.0/24 maxlen: 24
185.193.209.0/24 maxlen: 24
185.193.210.0/23 maxlen: 23
185.193.210.0/24 maxlen: 24
185.193.211.0/24 maxlen: 24
185.214.36.0/24 maxlen: 24
185.214.37.0/24 maxlen: 24
185.214.38.0/24 maxlen: 24
185.214.39.0/24 maxlen: 24
185.226.132.0/22 maxlen: 22
185.226.132.0/23 maxlen: 23
185.226.132.0/24 maxlen: 24
185.226.133.0/24 maxlen: 24
185.226.134.0/23 maxlen: 23
185.226.134.0/24 maxlen: 24
185.226.135.0/24 maxlen: 24
185.246.4.0/22 maxlen: 22
185.246.4.0/23 maxlen: 23
185.246.4.0/24 maxlen: 24
185.246.5.0/24 maxlen: 24
185.246.6.0/23 maxlen: 23
185.246.6.0/24 maxlen: 24
185.246.7.0/24 maxlen: 24
2a02:d2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.mft
rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7b:36:a8:46:41:1a:4f:15:3b:14:ce:9e:18:07:05:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=24cacceee35ff87cd678ef6a92262cefce8492df
Validity
Not Before: Sep 24 10:13:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c44b2725c8a206ad1ca404632538018ff1b06f48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4f:9a:72:5c:42:9d:88:7f:89:f7:f1:e7:48:
e9:d9:d6:47:0e:a1:71:ca:3c:33:1d:5a:f5:f7:64:
04:69:ef:90:3a:67:cb:dd:1d:a1:c3:10:27:44:54:
28:01:d3:21:e9:9f:b8:51:17:70:df:44:75:d8:dc:
c3:09:15:90:9c:2f:36:95:dd:c2:1d:a3:b3:79:95:
ee:08:30:3d:18:ef:c7:01:63:6c:fc:e4:58:bc:be:
0c:0d:54:ca:15:70:a3:00:50:b7:3d:e0:8f:7c:31:
ee:75:a1:64:5f:4f:3a:de:3a:3a:0c:df:b0:28:e6:
4e:f2:f7:7f:52:44:c2:7b:d7:af:c5:eb:b8:65:3e:
cb:17:4c:16:c8:85:71:9a:b5:d5:95:a4:a7:c5:b0:
13:fe:17:44:c0:db:cf:fb:58:fe:71:25:9a:f2:11:
fd:1d:56:b7:b1:07:5a:38:ea:0b:f4:3c:25:f1:99:
e7:49:df:01:b6:7d:f2:88:0d:45:51:c3:dc:65:3a:
4a:99:5a:c9:64:7e:7c:ba:a7:9c:05:f0:e1:53:0d:
cb:2f:0a:08:c4:92:bc:0d:b0:dd:f5:ba:39:e2:14:
20:34:7e:4a:73:1e:8d:9c:48:48:00:66:46:92:8f:
ee:e6:0e:9d:c2:15:dc:7c:9a:c0:17:e8:87:c8:30:
40:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:4B:27:25:C8:A2:06:AD:1C:A4:04:63:25:38:01:8F:F1:B0:6F:48
X509v3 Authority Key Identifier:
keyid:24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/xEsnJciiBq0cpARjJTgBj_Gwb0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.112.0/21
95.130.56.0/21
109.72.192.0/20
109.238.176.0/20
176.67.64.0/20
185.11.176.0/22
185.193.208.0/22
185.214.36.0/22
185.226.132.0/22
185.246.4.0/22
IPv6:
2a02:d2c0::/29
Signature Algorithm: sha256WithRSAEncryption
33:73:d4:de:9e:32:6c:75:e6:a7:50:66:f0:88:30:02:10:ef:
46:85:ef:9f:ef:d3:12:34:b7:ae:a5:00:1d:9a:83:83:5c:ab:
1f:90:5d:9b:4d:f5:35:cb:a1:79:51:2a:e2:ec:0a:33:a2:ed:
7e:d5:7f:ec:1d:e9:9e:00:ed:66:00:f2:23:37:0f:19:09:ef:
df:8c:79:3e:90:43:4e:a9:11:76:9e:15:e5:1d:73:0e:19:33:
e0:03:23:a6:30:72:ef:d7:f7:d2:20:9f:b6:d8:60:cc:b4:30:
7d:85:89:25:a7:96:a9:5a:ae:71:ba:6a:df:c8:15:32:f9:47:
69:ff:62:c7:e0:04:19:60:67:fe:f4:f8:9e:64:f4:02:6b:29:
3f:74:fb:a4:62:92:0d:0a:b3:4c:68:ad:3d:c4:a3:fc:75:f7:
ae:22:00:df:eb:6e:49:8b:75:1c:ca:a6:8f:0a:ae:2f:a4:04:
73:c2:6f:d2:45:d1:cb:9a:e8:74:a1:0e:91:23:ef:3e:01:06:
97:e9:3e:14:0a:90:57:eb:63:89:ea:b1:9a:9f:d4:ef:ba:c6:
94:da:1b:a5:23:d8:42:48:dd:c0:28:32:0c:99:cd:69:70:c2:
cf:44:9f:74:99:ac:6e:db:de:7a:97:38:c9:e6:91:b1:c5:ec:
4a:6e:54:3e
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZl7NqhGQRpPFTsUzp4YBwXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Y2FjY2VlZTM1ZmY4N2NkNjc4ZWY2YTkyMjYyY2VmY2U4
NDkyZGYwHhcNMjUwOTI0MTAxMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRiMjcyNWM4YTIwNmFkMWNhNDA0NjMyNTM4MDE4ZmYxYjA2ZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0+aclxCnYh/iffx50jp2dZHDqFx
yjwzHVr192QEae+QOmfL3R2hwxAnRFQoAdMh6Z+4URdw30R12NzDCRWQnC82ld3C
HaOzeZXuCDA9GO/HAWNs/ORYvL4MDVTKFXCjAFC3PeCPfDHudaFkX0863jo6DN+w
KOZO8vd/UkTCe9evxeu4ZT7LF0wWyIVxmrXVlaSnxbAT/hdEwNvP+1j+cSWa8hH9
HVa3sQdaOOoL9Dwl8ZnnSd8Btn3yiA1FUcPcZTpKmVrJZH58uqecBfDhUw3LLwoI
xJK8DbDd9bo54hQgNH5Kcx6NnEhIAGZGko/u5g6dwhXcfJrAF+iHyDBAQQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFMRLJyXIogatHKQEYyU4AY/xsG9IMB8GA1UdIwQY
MBaAFCTKzO7jX/h81njvapImLO/OhJLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAt
YTI5ZWIxMzllNzlkLzEveEVzbkpjaWlCcTBjcEFSakpUZ0JqX0d3YjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAtYTI5ZWIxMzllNzlk
LzEvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBRdwAwQD
X4I4AwQEbUjAAwQEbe6wAwQEsENAAwQCuQuwAwQCucHQAwQCudYkAwQCueKEAwQC
ufYEMA0EAgACMAcDBQMqAtLAMA0GCSqGSIb3DQEBCwUAA4IBAQAzc9TenjJsdean
UGbwiDACEO9Ghe+f79MSNLeupQAdmoODXKsfkF2bTfU1y6F5USri7Aozou1+1X/s
HemeAO1mAPIjNw8ZCe/fjHk+kENOqRF2nhXlHXMOGTPgAyOmMHLv1/fSIJ+22GDM
tDB9hYklp5apWq5xumrfyBUy+Udp/2LH4AQZYGf+9PieZPQCayk/dPukYpINCrNM
aK09xKP8dfeuIgDf625Ji3UcyqaPCq4vpARzwm/SRdHLmuh0oQ6RI+8+AQaX6T4U
CpBX62OJ6rGan9TvusaU2hulI9hCSN3AKDIMmc1pcMLPRJ90maxu2956lzjJ5pGx
xexKblQ+
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:00:38 2025 by rpki-client