Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/XtfitIKECL4Esn5wVQYquZKD0aY.roa
File: XtfitIKECL4Esn5wVQYquZKD0aY.roa (raw, json)
Hash identifier: Rusmu3puclElkF3Iw8mfUgThxObk4QDJvsuY23x3w40=
Subject key identifier: 5E:D7:E2:B4:82:84:08:BE:04:B2:7E:70:55:06:2A:B9:92:83:D1:A6
Certificate issuer: /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial: 0199A13A00B58D6CA921CA79C3A7FD4DD7C6
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/XtfitIKECL4Esn5wVQYquZKD0aY.roa
Signing time: Wed 01 Oct 2025 19:22:36 +0000
ROA not before: Wed 01 Oct 2025 19:22:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 45691
IP address blocks: 185.217.5.0/24 maxlen: 24
2a12:f8c2:200::/40 maxlen: 40
2a12:f8c3:4000::/36 maxlen: 36
2a12:f8c6::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:a1:3a:00:b5:8d:6c:a9:21:ca:79:c3:a7:fd:4d:d7:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Validity
Not Before: Oct 1 19:22:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ed7e2b4828408be04b27e7055062ab99283d1a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:78:7f:24:09:83:56:29:61:34:7a:d7:ab:79:
0d:d6:81:8c:ba:18:b6:c0:81:e1:fd:58:ed:74:3b:
8a:ee:a6:39:dd:cb:2c:ad:98:a0:79:9f:0c:4d:25:
bc:fc:65:ab:37:d9:28:5f:92:76:4c:b1:ee:6d:b9:
d1:82:df:12:6a:ba:ae:48:aa:fd:f1:ab:72:f3:27:
83:e7:28:45:3b:e3:81:21:41:39:42:b6:77:13:9e:
df:76:29:3c:bc:69:ef:a9:0b:54:c7:5c:93:92:2e:
97:25:42:5c:63:fb:74:a8:42:fc:9b:34:10:27:53:
90:49:ba:d6:f1:61:64:f9:1f:72:0d:54:eb:95:9d:
51:45:ef:6a:49:4f:ad:d1:66:bf:48:53:c3:0b:63:
16:08:7f:84:31:8d:92:b2:60:2a:a8:69:95:81:0b:
24:45:55:20:00:07:7d:3a:67:ea:a3:4a:06:85:e7:
ad:6d:96:50:5b:02:47:29:54:3c:c7:13:a5:b6:d3:
29:24:2b:3d:85:2e:52:75:c6:d2:ff:fd:9b:47:0a:
12:59:bb:c7:a5:19:4c:a1:f1:99:c9:9c:48:ef:ef:
27:af:b6:97:15:b0:2a:68:5b:97:85:18:9a:86:43:
77:04:99:be:ed:21:07:45:2b:c2:71:56:86:a6:a0:
d4:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:D7:E2:B4:82:84:08:BE:04:B2:7E:70:55:06:2A:B9:92:83:D1:A6
X509v3 Authority Key Identifier:
keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/XtfitIKECL4Esn5wVQYquZKD0aY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.217.5.0/24
IPv6:
2a12:f8c2:200::/40
2a12:f8c3:4000::/36
2a12:f8c6::/32
Signature Algorithm: sha256WithRSAEncryption
02:a3:b5:f9:a1:8c:76:1d:2d:84:44:7f:3b:27:c4:ee:f5:b5:
3a:ee:3b:18:6f:60:c3:88:77:8e:71:0c:77:b7:a5:84:1d:ff:
21:dc:54:16:0f:50:e6:bf:48:f8:4f:78:1f:b6:be:24:5f:0d:
6e:61:4d:1e:a9:07:37:20:21:fe:df:9b:75:20:24:ce:63:45:
a1:cb:88:72:f0:1f:11:a8:e1:4e:6d:ec:ba:de:93:77:99:7e:
f4:36:a5:70:1b:9c:d8:32:07:c7:79:b0:4e:04:d4:e8:59:17:
00:78:cf:5f:39:ca:9c:1a:8a:5b:20:cc:4d:87:01:e1:46:61:
82:d1:e7:a0:fc:d2:da:d9:f7:5d:78:a4:e4:59:11:1e:1d:72:
fa:41:55:7f:d3:02:00:7a:1a:50:95:16:dc:af:a3:0a:ac:a8:
bc:2c:0f:69:fe:1d:63:a4:b4:8a:91:71:11:4c:18:a5:da:77:
46:11:13:e4:da:f8:2d:93:a1:a5:1a:ba:99:43:ba:4e:88:a7:
87:be:31:99:d2:ed:1e:26:fb:f4:23:ad:84:63:ee:c4:ad:56:
42:18:50:97:3c:17:87:46:07:1e:4e:3a:b3:f7:16:cd:cf:39:
61:98:3b:83:08:14:a9:62:d0:ef:72:34:e6:1f:a2:58:9f:9e:
d8:97:a6:76
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZmhOgC1jWypIcp5w6f9TdfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUxMDAxMTkyMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ3ZTJiNDgyODQwOGJlMDRiMjdlNzA1NTA2MmFiOTkyODNkMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73h/JAmDVilhNHrXq3kN1oGMuhi2
wIHh/VjtdDuK7qY53cssrZigeZ8MTSW8/GWrN9koX5J2TLHubbnRgt8SarquSKr9
8aty8yeD5yhFO+OBIUE5QrZ3E57fdik8vGnvqQtUx1yTki6XJUJcY/t0qEL8mzQQ
J1OQSbrW8WFk+R9yDVTrlZ1RRe9qSU+t0Wa/SFPDC2MWCH+EMY2SsmAqqGmVgQsk
RVUgAAd9Omfqo0oGheetbZZQWwJHKVQ8xxOlttMpJCs9hS5SdcbS//2bRwoSWbvH
pRlMofGZyZxI7+8nr7aXFbAqaFuXhRiahkN3BJm+7SEHRSvCcVaGpqDU3wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFF7X4rSChAi+BLJ+cFUGKrmSg9GmMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvWHRmaXRJS0VDTDRFc241d1ZRWXF1WktEMGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAMBAIAATAGAwQAudkFMB0E
AgACMBcDBgAqEvjCAgMGBCoS+MNAAwUAKhL4xjANBgkqhkiG9w0BAQsFAAOCAQEA
AqO1+aGMdh0thER/OyfE7vW1Ou47GG9gw4h3jnEMd7elhB3/IdxUFg9Q5r9I+E94
H7a+JF8NbmFNHqkHNyAh/t+bdSAkzmNFocuIcvAfEajhTm3sut6Td5l+9DalcBuc
2DIHx3mwTgTU6FkXAHjPXznKnBqKWyDMTYcB4UZhgtHnoPzS2tn3XXik5FkRHh1y
+kFVf9MCAHoaUJUW3K+jCqyovCwPaf4dY6S0ipFxEUwYpdp3RhET5Nr4LZOhpRq6
mUO6Toinh74xmdLtHib79COthGPuxK1WQhhQlzwXh0YHHk46s/cWzc85YZg7gwgU
qWLQ73I05h+iWJ+e2Jemdg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 20:49:06 2025 by rpki-client