Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/taxrKIGgholt0zw4AAjTrut9jTw.roa
File: taxrKIGgholt0zw4AAjTrut9jTw.roa (raw, json)
Hash identifier: GntLLWvcFu7rtcqcniIhyohPjU/HRBpEmtMSeeRbwBg=
Subject key identifier: B5:AC:6B:28:81:A0:86:89:6D:D3:3C:38:00:08:D3:AE:EB:7D:8D:3C
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019DFD42E3B60269F1D748D0107B9E6CB10A
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/taxrKIGgholt0zw4AAjTrut9jTw.roa
Signing time: Wed 06 May 2026 12:28:32 +0000
ROA not before: Wed 06 May 2026 12:28:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43260
IP address blocks: 185.85.189.0/24 maxlen: 24
185.86.4.0/24 maxlen: 24
185.86.7.0/24 maxlen: 24
185.86.14.0/24 maxlen: 24
185.86.15.0/24 maxlen: 24
185.86.152.0/24 maxlen: 24
185.86.155.0/24 maxlen: 24
185.87.120.0/24 maxlen: 24
185.88.172.0/24 maxlen: 24
185.88.173.0/24 maxlen: 24
185.88.174.0/24 maxlen: 24
185.88.175.0/24 maxlen: 24
185.98.62.0/24 maxlen: 24
185.141.33.0/24 maxlen: 24
185.141.34.0/24 maxlen: 24
185.184.24.0/24 maxlen: 24
185.184.25.0/24 maxlen: 24
185.184.26.0/24 maxlen: 24
185.184.27.0/24 maxlen: 24
185.185.233.0/24 maxlen: 24
185.185.234.0/24 maxlen: 24
185.243.180.0/24 maxlen: 24
185.243.181.0/24 maxlen: 24
185.243.182.0/24 maxlen: 24
185.243.183.0/24 maxlen: 24
185.254.236.0/24 maxlen: 24
185.254.237.0/24 maxlen: 24
185.254.238.0/24 maxlen: 24
185.254.239.0/24 maxlen: 24
193.160.140.0/24 maxlen: 24
193.160.141.0/24 maxlen: 24
193.160.142.0/24 maxlen: 24
193.160.143.0/24 maxlen: 24
193.223.104.0/24 maxlen: 24
193.223.105.0/24 maxlen: 24
193.223.106.0/24 maxlen: 24
193.223.107.0/24 maxlen: 24
2a05:bf00::/29 maxlen: 29
2a07:e700::/29 maxlen: 29
2a0b:2780::/29 maxlen: 29
2a0d:49c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 06:33:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fd:42:e3:b6:02:69:f1:d7:48:d0:10:7b:9e:6c:b1:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: May 6 12:28:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b5ac6b2881a086896dd33c380008d3aeeb7d8d3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:86:f1:6b:a8:c2:5f:f5:73:b0:9e:ae:a1:f2:
1a:28:7c:88:26:b8:1f:8f:a3:40:24:b1:4c:c2:40:
95:8a:3e:ae:1a:25:e6:4b:f5:56:12:5b:80:cd:d6:
6c:a2:6e:0b:60:4c:0e:38:c1:6c:58:ab:d0:d2:b0:
c4:1f:0b:46:d8:54:34:80:9c:37:da:04:33:dc:8a:
40:4d:18:f0:ef:55:49:4b:e1:41:8f:55:23:cc:ae:
8b:06:1e:4f:10:2c:4c:7f:a7:e5:fe:cc:65:17:11:
09:fc:94:b1:96:7f:55:e9:20:b9:b9:d9:01:98:ee:
c9:0e:4f:3e:ec:58:38:0e:ad:34:34:0d:54:d5:9b:
b2:d6:eb:5d:9e:19:76:6b:ce:dc:ff:e5:e4:66:22:
66:a8:91:69:9c:a3:92:19:38:38:eb:94:7c:7a:d7:
32:5e:11:0d:85:cd:ed:8c:c1:03:e6:70:90:3c:05:
0c:07:81:9d:e3:10:5c:9d:7f:df:ed:21:bf:9f:0a:
34:08:a3:db:64:be:31:a1:e3:c1:76:a5:df:ae:ee:
85:f5:cc:3b:7c:8f:e3:3c:69:53:8a:00:49:36:86:
63:d4:c8:77:aa:62:1a:90:88:ab:04:96:64:9b:29:
32:b4:b6:27:b3:fd:ee:bf:96:bb:8a:d4:1f:23:74:
78:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:AC:6B:28:81:A0:86:89:6D:D3:3C:38:00:08:D3:AE:EB:7D:8D:3C
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/taxrKIGgholt0zw4AAjTrut9jTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.85.189.0/24
185.86.4.0/24
185.86.7.0/24
185.86.14.0/23
185.86.152.0/24
185.86.155.0/24
185.87.120.0/24
185.88.172.0/22
185.98.62.0/24
185.141.33.0-185.141.34.255
185.184.24.0/22
185.185.233.0-185.185.234.255
185.243.180.0/22
185.254.236.0/22
193.160.140.0/22
193.223.104.0/22
IPv6:
2a05:bf00::/29
2a07:e700::/29
2a0b:2780::/29
2a0d:49c0::/29
Signature Algorithm: sha256WithRSAEncryption
a0:1f:f1:05:67:48:d4:32:49:52:64:5e:03:6e:28:87:89:c9:
b4:57:24:37:ed:f9:55:ea:8b:df:32:7c:95:e0:25:b4:42:af:
68:91:8e:a7:58:69:c8:13:65:4b:dc:81:7c:f9:5d:cb:76:41:
a1:83:48:5a:9f:30:25:79:d5:a1:4f:5c:3a:e5:b4:0d:50:99:
2b:4d:ed:1b:ad:79:a0:39:d5:92:f0:bd:0d:d3:03:75:ae:18:
59:31:29:13:43:57:e3:7e:9d:77:00:c0:2a:c2:e2:86:7a:00:
f3:9f:c8:cc:b5:ba:ce:db:ee:0c:b0:a4:61:bf:f5:09:32:fe:
5f:49:70:50:cc:60:00:d0:04:7c:40:e4:c2:c0:f9:d2:2a:27:
fe:4e:a5:74:e4:0e:77:4d:2c:d6:9f:28:f3:60:6b:51:a5:fc:
d1:cd:87:14:61:df:ee:37:79:44:66:37:b0:bb:ef:0c:87:3a:
2b:e0:85:a2:1f:04:c6:ed:1c:0c:16:bd:92:42:9d:1f:18:59:
fb:f7:1c:24:de:b4:bb:c0:d2:63:78:8d:1b:06:41:0d:9f:b4:
bd:b3:f3:5f:8e:d1:52:56:d9:0e:29:5b:16:85:3f:e6:4e:e8:
53:19:c1:70:da:0a:53:f8:e5:b0:97:81:26:a4:71:10:fe:77:
4a:71:64:f2
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAZ39QuO2Amnx10jQEHuebLEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNTA2MTIyODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWFjNmIyODgxYTA4Njg5NmRkMzNjMzgwMDA4ZDNhZWViN2Q4ZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ibxa6jCX/VzsJ6uofIaKHyIJrgf
j6NAJLFMwkCVij6uGiXmS/VWEluAzdZsom4LYEwOOMFsWKvQ0rDEHwtG2FQ0gJw3
2gQz3IpATRjw71VJS+FBj1UjzK6LBh5PECxMf6fl/sxlFxEJ/JSxln9V6SC5udkB
mO7JDk8+7Fg4Dq00NA1U1Zuy1utdnhl2a87c/+XkZiJmqJFpnKOSGTg465R8etcy
XhENhc3tjMED5nCQPAUMB4Gd4xBcnX/f7SG/nwo0CKPbZL4xoePBdqXfru6F9cw7
fI/jPGlTigBJNoZj1Mh3qmIakIirBJZkmykytLYns/3uv5a7itQfI3R4EQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFLWsayiBoIaJbdM8OAAI067rfY08MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdGF4cktJR2dob2x0MHp3NEFBalRydXQ5alR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDB2BAIAATBwAwQAuVW9
AwQAuVYEAwQAuVYHAwQBuVYOAwQAuVaYAwQAuVabAwQAuVd4AwQCuVisAwQAuWI+
MAwDBAC5jSEDBAC5jSIDBAK5uBgwDAMEALm56QMEALm56gMEArnztAMEArn+7AME
AsGgjAMEAsHfaDAiBAIAAjAcAwUDKgW/AAMFAyoH5wADBQMqCyeAAwUDKg1JwDAN
BgkqhkiG9w0BAQsFAAOCAQEAoB/xBWdI1DJJUmReA24oh4nJtFckN+35VeqL3zJ8
leAltEKvaJGOp1hpyBNlS9yBfPldy3ZBoYNIWp8wJXnVoU9cOuW0DVCZK03tG615
oDnVkvC9DdMDda4YWTEpE0NX436ddwDAKsLihnoA85/IzLW6ztvuDLCkYb/1CTL+
X0lwUMxgANAEfEDkwsD50ion/k6ldOQOd00s1p8o82BrUaX80c2HFGHf7jd5RGY3
sLvvDIc6K+CFoh8Exu0cDBa9kkKdHxhZ+/ccJN60u8DSY3iNGwZBDZ+0vbPzX47R
UlbZDilbFoU/5k7oUxnBcNoKU/jlsJeBJqRxEP53SnFk8g==
-----END CERTIFICATE-----
Generated at Wed May 13 11:18:44 2026 by rpki-client