Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/xHYGSG6pMx6mBw-U4QLCbexieKg.roa
File: xHYGSG6pMx6mBw-U4QLCbexieKg.roa (raw, json)
Hash identifier: Dbi0ykNqwAdlzwO51Tx8PIe+eNIEvO7D6Pgb6XNhKuw=
Subject key identifier: C4:76:06:48:6E:A9:33:1E:A6:07:0F:94:E1:02:C2:6D:EC:62:78:A8
Certificate issuer: /CN=ed64691c31892cc991ad4e9a9671147759e417ab
Certificate serial: 01993D34344B0FF89291D2EE2013F84F5FB3
Authority key identifier: ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/xHYGSG6pMx6mBw-U4QLCbexieKg.roa
Signing time: Fri 12 Sep 2025 09:14:15 +0000
ROA not before: Fri 12 Sep 2025 09:14:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34689
IP address blocks: 95.131.202.0/24 maxlen: 24
185.75.242.0/24 maxlen: 24
185.75.243.0/24 maxlen: 24
2a05:5502::/32 maxlen: 32
2a13:9400::/32 maxlen: 32
2a13:9401::/32 maxlen: 32
2a13:9402::/32 maxlen: 32
2a13:9403::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:3d:34:34:4b:0f:f8:92:91:d2:ee:20:13:f8:4f:5f:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed64691c31892cc991ad4e9a9671147759e417ab
Validity
Not Before: Sep 12 09:14:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c47606486ea9331ea6070f94e102c26dec6278a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:21:8d:87:da:d2:5f:34:50:f0:eb:4e:e4:f4:
3c:5b:4d:2e:13:56:e9:af:09:68:bc:6b:c0:06:39:
51:71:44:73:e9:9a:a6:ef:6a:f8:e9:e2:6a:ac:3f:
d9:96:aa:1f:d8:36:9a:16:d9:47:ef:f3:77:55:e9:
a0:ec:5e:d7:3b:48:57:25:3c:df:a8:2e:93:af:df:
07:4b:25:c0:5e:3d:ee:5a:e7:46:8f:d6:26:60:37:
a0:d1:e4:56:88:46:ef:e2:53:68:a0:0d:9e:52:f4:
98:72:67:f2:3c:8c:4d:d0:84:07:c1:44:9d:1c:ae:
58:f1:4c:5a:51:2c:0c:ad:1a:b3:83:7e:cf:2e:8b:
92:ab:92:9e:39:4f:59:79:4e:87:02:8b:f9:a9:1f:
b9:97:bc:f7:3d:12:42:98:e2:b6:99:c5:81:98:9c:
dc:73:58:3c:40:67:ad:44:3a:b8:70:dc:44:87:19:
f3:e7:dc:1f:aa:ba:34:1a:d2:4a:6a:b4:50:b8:b2:
86:b4:2e:c2:23:65:29:31:5c:36:9b:1e:83:e0:e7:
b2:9d:06:25:06:e8:9a:72:2f:3b:eb:55:24:b6:b0:
1c:1d:a4:d2:aa:a4:af:c9:ff:2e:a7:6c:63:53:38:
8e:c6:c6:fc:ff:60:c8:d7:57:e3:18:30:64:08:a9:
4d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:76:06:48:6E:A9:33:1E:A6:07:0F:94:E1:02:C2:6D:EC:62:78:A8
X509v3 Authority Key Identifier:
keyid:ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/xHYGSG6pMx6mBw-U4QLCbexieKg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.202.0/24
185.75.242.0/23
IPv6:
2a05:5502::/32
2a13:9400::/30
Signature Algorithm: sha256WithRSAEncryption
5f:f7:0e:08:cb:6d:cd:98:a5:c8:5a:c9:8c:7f:ad:37:3d:98:
9a:ac:6a:cb:3f:4e:55:90:b8:f8:56:a8:c6:74:61:b0:7a:8b:
76:15:33:17:1b:53:30:83:8e:b9:65:67:3f:45:0a:2d:43:ce:
35:fe:60:59:0d:e3:eb:bd:df:12:89:b7:af:fc:20:9e:20:e7:
6a:bb:8d:ff:66:7a:6d:b4:4d:a1:b0:c0:81:91:39:6a:6a:08:
52:b7:f4:8c:aa:88:0d:c6:39:14:5e:69:6d:7a:2a:40:e8:6c:
6c:1e:d5:44:cf:fd:d7:cc:de:3a:3a:07:d9:50:14:16:aa:70:
4b:38:26:3a:a0:c8:56:7f:0a:da:7e:4c:28:0a:19:57:98:9e:
e3:27:5e:1e:2c:d6:8f:35:17:9d:63:e3:2d:41:91:79:b1:31:
bc:1b:81:6e:1d:0f:84:fd:fc:5a:bc:d8:2a:ef:88:59:49:57:
93:b2:b5:ed:9c:84:d7:e9:3e:e3:4b:2f:c4:77:aa:b4:04:4d:
a2:8c:ab:91:a2:ff:38:23:58:6b:36:ab:4c:d8:30:e0:c7:6d:
3a:45:8c:28:56:15:c8:f8:eb:50:b2:b1:57:fa:e8:07:41:86:
3a:ea:60:31:e5:d5:f8:92:d7:c6:1a:61:91:9f:85:19:4a:5b:
07:c0:6b:48
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZk9NDRLD/iSkdLuIBP4T1+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNjQ2OTFjMzE4OTJjYzk5MWFkNGU5YTk2NzExNDc3NTll
NDE3YWIwHhcNMjUwOTEyMDkxNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc2MDY0ODZlYTkzMzFlYTYwNzBmOTRlMTAyYzI2ZGVjNjI3OGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiGNh9rSXzRQ8OtO5PQ8W00uE1bp
rwlovGvABjlRcURz6Zqm72r46eJqrD/Zlqof2DaaFtlH7/N3Vemg7F7XO0hXJTzf
qC6Tr98HSyXAXj3uWudGj9YmYDeg0eRWiEbv4lNooA2eUvSYcmfyPIxN0IQHwUSd
HK5Y8UxaUSwMrRqzg37PLouSq5KeOU9ZeU6HAov5qR+5l7z3PRJCmOK2mcWBmJzc
c1g8QGetRDq4cNxEhxnz59wfqro0GtJKarRQuLKGtC7CI2UpMVw2mx6D4OeynQYl
Buiaci8761UktrAcHaTSqqSvyf8up2xjUziOxsb8/2DI11fjGDBkCKlN1QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFMR2BkhuqTMepgcPlOECwm3sYnioMB8GA1UdIwQY
MBaAFO1kaRwxiSzJka1OmpZxFHdZ5BerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjIt
N2M3ZGIyMTIzMGEzLzEveEhZR1NHNnBNeDZtQnctVTRRTENiZXhpZUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjItN2M3ZGIyMTIzMGEz
LzEvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAX4PKAwQB
uUvyMBQEAgACMA4DBQAqBVUCAwUCKhOUADANBgkqhkiG9w0BAQsFAAOCAQEAX/cO
CMttzZilyFrJjH+tNz2Ymqxqyz9OVZC4+FaoxnRhsHqLdhUzFxtTMIOOuWVnP0UK
LUPONf5gWQ3j673fEom3r/wgniDnaruN/2Z6bbRNobDAgZE5amoIUrf0jKqIDcY5
FF5pbXoqQOhsbB7VRM/918zeOjoH2VAUFqpwSzgmOqDIVn8K2n5MKAoZV5ie4yde
HizWjzUXnWPjLUGRebExvBuBbh0PhP38WrzYKu+IWUlXk7K17ZyE1+k+40svxHeq
tARNooyrkaL/OCNYazarTNgw4MdtOkWMKFYVyPjrULKxV/roB0GGOupgMeXV+JLX
xhphkZ+FGUpbB8BrSA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:21:44 2025 by rpki-client