Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xkDkU6NFD9uqHIKk9xUKgesFa4k.roa
File: xkDkU6NFD9uqHIKk9xUKgesFa4k.roa (raw, json)
Hash identifier: fVYEz0GGsGXWQrphreJqUT6PDFyBE0mygUqeBXFz2C4=
Subject key identifier: C6:40:E4:53:A3:45:0F:DB:AA:1C:82:A4:F7:15:0A:81:EB:05:6B:89
Certificate issuer: /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial: 0198CC5513B40719C608CEAC883644C6DF1C
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xkDkU6NFD9uqHIKk9xUKgesFa4k.roa
Signing time: Thu 21 Aug 2025 11:13:04 +0000
ROA not before: Thu 21 Aug 2025 11:13:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138160
IP address blocks: 84.233.132.0/23 maxlen: 24
84.233.164.0/23 maxlen: 24
84.233.200.0/23 maxlen: 24
84.233.220.0/23 maxlen: 24
84.233.232.0/23 maxlen: 24
84.233.240.0/23 maxlen: 24
195.86.2.0/23 maxlen: 24
195.86.8.0/21 maxlen: 24
195.86.16.0/22 maxlen: 24
195.86.20.0/23 maxlen: 24
195.86.28.0/22 maxlen: 24
195.86.32.0/22 maxlen: 24
195.86.36.0/23 maxlen: 24
195.86.44.0/22 maxlen: 24
195.86.50.0/23 maxlen: 24
195.86.52.0/22 maxlen: 24
195.86.60.0/22 maxlen: 24
195.86.64.0/23 maxlen: 24
195.86.68.0/22 maxlen: 24
195.86.72.0/21 maxlen: 24
195.86.80.0/20 maxlen: 24
195.86.96.0/20 maxlen: 24
195.86.114.0/23 maxlen: 24
195.86.116.0/22 maxlen: 24
195.86.120.0/22 maxlen: 24
195.86.128.0/23 maxlen: 24
195.86.132.0/22 maxlen: 24
195.86.136.0/21 maxlen: 24
195.86.144.0/20 maxlen: 24
195.86.162.0/23 maxlen: 24
195.86.164.0/22 maxlen: 24
195.86.168.0/21 maxlen: 24
195.86.176.0/20 maxlen: 24
195.86.192.0/20 maxlen: 24
195.86.212.0/22 maxlen: 24
195.86.216.0/23 maxlen: 24
195.86.224.0/21 maxlen: 24
195.86.232.0/22 maxlen: 24
195.86.236.0/23 maxlen: 24
195.86.242.0/23 maxlen: 24
195.86.244.0/22 maxlen: 24
195.86.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 08:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:cc:55:13:b4:07:19:c6:08:ce:ac:88:36:44:c6:df:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Validity
Not Before: Aug 21 11:13:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c640e453a3450fdbaa1c82a4f7150a81eb056b89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:57:6f:d7:9d:ac:8d:18:b8:cc:b3:f8:c1:6c:
1b:98:cb:b8:41:08:65:73:64:71:63:5b:33:b0:21:
75:c5:82:3a:3b:63:af:a5:cd:ea:c6:cc:39:79:c5:
b2:2c:d9:d0:1c:0b:44:9c:9e:bb:85:30:11:eb:41:
50:69:f7:a4:4c:c3:6b:44:39:cd:b7:d1:df:f8:8f:
9f:1d:b4:88:3a:40:8e:63:86:43:e2:31:a3:62:bc:
bd:8e:2b:07:7c:2c:e5:c5:49:e9:b8:af:12:08:4e:
3e:8b:37:83:f4:5a:cf:b1:f0:98:9f:5e:09:74:30:
d0:44:43:96:b5:e4:a8:0f:9f:a1:d4:b5:84:99:8f:
56:ba:8c:cf:41:19:1f:3b:09:d4:c0:c6:a4:3c:fa:
d7:e9:58:e2:12:53:cb:e5:98:c1:25:26:89:e9:00:
f9:c0:d7:db:c0:2b:fb:a6:d3:a9:38:79:b6:e3:01:
d0:09:0c:4c:46:b9:82:c9:cd:da:af:59:83:05:f0:
ff:7e:ee:ed:84:52:ac:47:69:f7:50:74:4d:ce:4b:
29:9c:d3:61:77:ba:27:66:0e:db:c2:05:fe:cb:db:
35:d2:43:fd:79:40:6a:39:3f:be:ff:10:52:98:5f:
e6:21:71:31:4d:1a:1e:53:ab:dc:b2:b7:c9:0f:14:
96:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:40:E4:53:A3:45:0F:DB:AA:1C:82:A4:F7:15:0A:81:EB:05:6B:89
X509v3 Authority Key Identifier:
keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/xkDkU6NFD9uqHIKk9xUKgesFa4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.233.132.0/23
84.233.164.0/23
84.233.200.0/23
84.233.220.0/23
84.233.232.0/23
84.233.240.0/23
195.86.2.0/23
195.86.8.0-195.86.21.255
195.86.28.0-195.86.37.255
195.86.44.0/22
195.86.50.0-195.86.55.255
195.86.60.0-195.86.65.255
195.86.68.0-195.86.111.255
195.86.114.0-195.86.123.255
195.86.128.0/23
195.86.132.0-195.86.159.255
195.86.162.0-195.86.207.255
195.86.212.0-195.86.217.255
195.86.224.0-195.86.237.255
195.86.242.0-195.86.255.255
Signature Algorithm: sha256WithRSAEncryption
5c:72:11:6e:5e:51:91:29:04:82:2b:7d:8d:e9:03:9c:ca:66:
c5:9f:f6:c6:8a:ca:2d:4d:eb:51:4f:be:66:0a:bc:59:fa:ee:
10:fa:16:e3:81:5d:ea:9e:fa:0e:ff:b2:0c:40:d8:4b:a2:f0:
9b:ef:a4:a1:b8:48:a5:16:57:98:ca:3d:fe:36:bf:7a:af:fa:
78:af:b0:cc:3a:9b:58:ae:7b:c0:07:3d:6b:6e:dc:05:2b:b1:
0c:96:bb:2c:90:81:34:9c:ab:8f:10:8d:3f:08:dc:00:05:8d:
76:ce:3d:27:d5:d5:84:ed:9c:26:40:da:5f:24:03:4b:c2:49:
08:9e:b0:8e:a8:f2:e3:29:08:86:0c:e6:76:bd:3c:e7:84:0f:
71:44:00:23:37:95:d5:23:9b:bc:9e:8f:ff:93:17:3c:64:bd:
85:84:80:46:df:36:49:07:a7:fe:b3:93:c6:bd:7b:74:9d:e9:
db:23:b3:a7:a7:2a:2a:ff:8c:14:18:20:d7:6f:c5:e5:a9:bc:
c1:c0:49:d1:46:02:0b:d9:a7:93:f5:f9:59:b7:15:63:10:28:
6f:7e:78:0a:5c:bd:56:fd:83:5d:1b:9e:fd:e1:a2:76:ed:0c:
aa:bf:66:65:d0:e0:45:42:9d:61:d9:71:da:01:78:b3:36:a0:
93:63:e2:88
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgISAZjMVRO0BxnGCM6siDZExt8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwODIxMTExMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQwZTQ1M2EzNDUwZmRiYWExYzgyYTRmNzE1MGE4MWViMDU2Yjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1dv152sjRi4zLP4wWwbmMu4QQhl
c2RxY1szsCF1xYI6O2Ovpc3qxsw5ecWyLNnQHAtEnJ67hTAR60FQafekTMNrRDnN
t9Hf+I+fHbSIOkCOY4ZD4jGjYry9jisHfCzlxUnpuK8SCE4+izeD9FrPsfCYn14J
dDDQREOWteSoD5+h1LWEmY9WuozPQRkfOwnUwMakPPrX6VjiElPL5ZjBJSaJ6QD5
wNfbwCv7ptOpOHm24wHQCQxMRrmCyc3ar1mDBfD/fu7thFKsR2n3UHRNzkspnNNh
d7onZg7bwgX+y9s10kP9eUBqOT++/xBSmF/mIXExTRoeU6vcsrfJDxSWJwIDAQAB
o4IC1zCCAtMwHQYDVR0OBBYEFMZA5FOjRQ/bqhyCpPcVCoHrBWuJMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEveGtEa1U2TkZEOXVxSElLazl4VUtnZXNGYTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHsBggrBgEFBQcBBwEB/wSB3DCB2TCB1gQCAAEwgc8DBAFU
6YQDBAFU6aQDBAFU6cgDBAFU6dwDBAFU6egDBAFU6fADBAHDVgIwDAMEA8NWCAME
AcNWFDAMAwQCw1YcAwQBw1YkAwQCw1YsMAwDBAHDVjIDBAPDVjAwDAMEAsNWPAME
AcNWQDAMAwQCw1ZEAwQEw1ZgMAwDBAHDVnIDBALDVngDBAHDVoAwDAMEAsNWhAME
BcNWgDAMAwQBw1aiAwQEw1bAMAwDBALDVtQDBAHDVtgwDAMEBcNW4AMEAcNW7DAL
AwQBw1byAwMAw1YwDQYJKoZIhvcNAQELBQADggEBAFxyEW5eUZEpBIIrfY3pA5zK
ZsWf9saKyi1N61FPvmYKvFn67hD6FuOBXeqe+g7/sgxA2Eui8JvvpKG4SKUWV5jK
Pf42v3qv+nivsMw6m1iue8AHPWtu3AUrsQyWuyyQgTScq48QjT8I3AAFjXbOPSfV
1YTtnCZA2l8kA0vCSQiesI6o8uMpCIYM5na9POeED3FEACM3ldUjm7yej/+TFzxk
vYWEgEbfNkkHp/6zk8a9e3Sd6dsjs6enKir/jBQYINdvxeWpvMHASdFGAgvZp5P1
+Vm3FWMQKG9+eApcvVb9g10bnv3honbtDKq/ZmXQ4EVCnWHZcdoBeLM2oJNj4og=
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:07:40 2025 by rpki-client