Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/XQhGXNLWNfcx8qTRL0NifXvVWoo.roa
File: XQhGXNLWNfcx8qTRL0NifXvVWoo.roa (raw, json)
Hash identifier: DIa3SB+1p0iRvRz10kAY5XHHNPz0YIKVDN13uXTrSK8=
Subject key identifier: 5D:08:46:5C:D2:D6:35:F7:31:F2:A4:D1:2F:43:62:7D:7B:D5:5A:8A
Certificate issuer: /CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Certificate serial: 0198C5E9B3AAF058C21A073DC23B99083746
Authority key identifier: 87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/XQhGXNLWNfcx8qTRL0NifXvVWoo.roa
Signing time: Wed 20 Aug 2025 05:18:04 +0000
ROA not before: Wed 20 Aug 2025 05:18:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 138160
IP address blocks: 45.8.28.0/24 maxlen: 24
45.8.31.0/24 maxlen: 24
45.9.109.0/24 maxlen: 24
45.10.211.0/24 maxlen: 24
45.80.112.0/24 maxlen: 24
193.108.47.0/24 maxlen: 24
193.164.222.0/24 maxlen: 24
193.164.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.mft
rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c5:e9:b3:aa:f0:58:c2:1a:07:3d:c2:3b:99:08:37:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=878abb29977a65b140cacb6e72ab24ceddd4e8c5
Validity
Not Before: Aug 20 05:18:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d08465cd2d635f731f2a4d12f43627d7bd55a8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:56:82:44:cd:fe:0b:66:80:48:ff:d6:5b:c9:
db:f8:04:8c:e8:1b:ef:38:eb:00:2f:51:99:30:2c:
17:8c:21:d1:d3:ee:07:49:2d:82:10:96:c8:9b:de:
40:eb:e1:03:11:75:44:70:23:bd:23:14:9f:95:97:
df:c0:15:87:92:11:48:05:c5:d7:df:9c:2f:71:aa:
68:89:54:2c:ed:cf:2e:94:0e:e1:f2:12:27:4f:83:
f0:db:09:b5:7c:c5:13:d2:d0:fd:23:83:c2:31:08:
d6:af:86:3d:7c:ef:31:81:de:d9:e0:b4:3a:1f:76:
b4:7b:d9:36:8e:c6:de:00:f2:78:c0:93:17:8a:3f:
b2:70:c2:8e:a2:0b:63:57:4f:6e:bd:26:8e:b3:75:
f2:e7:9d:7d:ed:32:3c:6a:a1:29:6e:bf:43:90:58:
1b:06:bf:ff:0e:f2:25:fe:49:9d:9f:7f:11:3a:9b:
1f:7c:ab:64:29:82:c7:98:eb:a5:2a:5c:d7:bd:e9:
d4:d3:0c:87:c4:f6:68:e6:e1:52:4b:3f:cb:14:c7:
96:59:7f:27:5b:2e:7d:07:59:85:c1:0c:c6:78:b3:
6a:dc:9f:b6:34:33:bd:88:d6:b1:6d:c5:ee:5e:a5:
c0:fe:ac:20:1a:7f:d5:40:05:4a:67:29:75:c5:ff:
ce:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:08:46:5C:D2:D6:35:F7:31:F2:A4:D1:2F:43:62:7D:7B:D5:5A:8A
X509v3 Authority Key Identifier:
keyid:87:8A:BB:29:97:7A:65:B1:40:CA:CB:6E:72:AB:24:CE:DD:D4:E8:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h4q7KZd6ZbFAystucqskzt3U6MU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/XQhGXNLWNfcx8qTRL0NifXvVWoo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/06b8f5-1a76-45f8-b97a-ac8647d0558a/1/h4q7KZd6ZbFAystucqskzt3U6MU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.28.0/24
45.8.31.0/24
45.9.109.0/24
45.10.211.0/24
45.80.112.0/24
193.108.47.0/24
193.164.222.0/23
Signature Algorithm: sha256WithRSAEncryption
1e:5c:80:ff:79:e7:47:82:de:d5:0c:55:a4:c5:20:50:9b:73:
e0:e7:5d:2d:7e:a1:fe:21:26:4f:52:c7:f0:29:f4:5f:8c:54:
e7:71:44:bb:95:e4:88:65:46:f2:61:73:e0:09:69:66:94:48:
88:1b:d2:d2:ff:95:5b:55:b3:f6:56:24:9d:dd:ac:a0:e5:9f:
7a:b7:9d:6c:cf:3a:94:7d:33:4b:8d:64:f4:f6:b0:b2:53:82:
ab:0b:26:0a:6c:06:53:03:54:40:27:e9:a4:8e:93:5d:e8:c0:
35:35:eb:ba:e4:fa:8d:25:04:be:28:e7:b1:4c:2f:e7:8d:d8:
40:a8:a2:95:6f:8c:69:a2:76:91:7e:7e:dc:53:96:4f:9f:37:
18:26:f5:24:7d:83:6e:57:fe:0b:f0:2e:fe:f6:a6:73:9b:ef:
cc:91:34:da:0f:0a:c1:3d:50:fb:90:d9:7a:89:06:68:ce:91:
f8:98:92:0b:06:31:92:cf:57:13:ba:d2:cb:df:16:17:07:23:
3e:87:88:0d:c6:78:1a:55:29:67:04:93:6d:41:62:fd:85:b5:
4a:68:d8:41:9b:8b:6c:72:6c:e0:5e:ba:af:bf:8d:f3:b7:d6:
c9:06:fa:43:77:58:1b:87:ab:d3:e9:82:4d:32:64:30:8c:bf:
e4:07:9e:8f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZjF6bOq8FjCGgc9wjuZCDdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGFiYjI5OTc3YTY1YjE0MGNhY2I2ZTcyYWIyNGNlZGRk
NGU4YzUwHhcNMjUwODIwMDUxODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA4NDY1Y2QyZDYzNWY3MzFmMmE0ZDEyZjQzNjI3ZDdiZDU1YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1aCRM3+C2aASP/WW8nb+ASM6Bvv
OOsAL1GZMCwXjCHR0+4HSS2CEJbIm95A6+EDEXVEcCO9IxSflZffwBWHkhFIBcXX
35wvcapoiVQs7c8ulA7h8hInT4Pw2wm1fMUT0tD9I4PCMQjWr4Y9fO8xgd7Z4LQ6
H3a0e9k2jsbeAPJ4wJMXij+ycMKOogtjV09uvSaOs3Xy55197TI8aqEpbr9DkFgb
Br//DvIl/kmdn38ROpsffKtkKYLHmOulKlzXvenU0wyHxPZo5uFSSz/LFMeWWX8n
Wy59B1mFwQzGeLNq3J+2NDO9iNaxbcXuXqXA/qwgGn/VQAVKZyl1xf/O5QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFF0IRlzS1jX3MfKk0S9DYn171VqKMB8GA1UdIwQY
MBaAFIeKuymXemWxQMrLbnKrJM7d1OjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2Et
YWM4NjQ3ZDA1NThhLzEvWFFoR1hOTFdOZmN4OHFUUkwwTmlmWHZWV29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wNmI4ZjUtMWE3Ni00NWY4LWI5N2EtYWM4NjQ3ZDA1NThh
LzEvaDRxN0taZDZaYkZBeXN0dWNxc2t6dDNVNk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALQgcAwQA
LQgfAwQALQltAwQALQrTAwQALVBwAwQAwWwvAwQBwaTeMA0GCSqGSIb3DQEBCwUA
A4IBAQAeXID/eedHgt7VDFWkxSBQm3Pg510tfqH+ISZPUsfwKfRfjFTncUS7leSI
ZUbyYXPgCWlmlEiIG9LS/5VbVbP2ViSd3ayg5Z96t51szzqUfTNLjWT09rCyU4Kr
CyYKbAZTA1RAJ+mkjpNd6MA1Neu65PqNJQS+KOexTC/njdhAqKKVb4xponaRfn7c
U5ZPnzcYJvUkfYNuV/4L8C7+9qZzm+/MkTTaDwrBPVD7kNl6iQZozpH4mJILBjGS
z1cTutLL3xYXByM+h4gNxngaVSlnBJNtQWL9hbVKaNhBm4tscmzgXrqvv43zt9bJ
BvpDd1gbh6vT6YJNMmQwjL/kB56P
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:48:52 2025 by rpki-client