Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/X2EsrEEFKbSK_iJs_zoiqzwXzhw.roa
File: X2EsrEEFKbSK_iJs_zoiqzwXzhw.roa (raw, json)
Hash identifier: O5yVAVGf3Sgd/1yPE2jYUPZAzTieJMlFWiMeZmVlrTk=
Subject key identifier: 5F:61:2C:AC:41:05:29:B4:8A:FE:22:6C:FF:3A:22:AB:3C:17:CE:1C
Certificate issuer: /CN=9e25f8763aa351689b6ba336269ab21c4e0120b3
Certificate serial: 019CDC283F843771CA8ABEDA00AF9D3283E1
Authority key identifier: 9E:25:F8:76:3A:A3:51:68:9B:6B:A3:36:26:9A:B2:1C:4E:01:20:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/X2EsrEEFKbSK_iJs_zoiqzwXzhw.roa
Signing time: Wed 11 Mar 2026 09:09:11 +0000
ROA not before: Wed 11 Mar 2026 09:09:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202020
IP address blocks: 37.130.232.0/21 maxlen: 21
46.17.180.0/22 maxlen: 22
46.229.244.0/23 maxlen: 23
46.229.248.0/23 maxlen: 23
92.246.72.0/22 maxlen: 22
185.56.68.0/22 maxlen: 22
185.219.64.0/22 maxlen: 22
195.253.248.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.crl
rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.mft
rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:28:3f:84:37:71:ca:8a:be:da:00:af:9d:32:83:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e25f8763aa351689b6ba336269ab21c4e0120b3
Validity
Not Before: Mar 11 09:09:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f612cac410529b48afe226cff3a22ab3c17ce1c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4f:0c:73:de:4b:63:08:2f:97:67:c2:6a:12:
27:c1:f9:e7:dc:aa:97:f5:e1:f7:ff:fe:70:d6:33:
16:96:82:05:cf:73:3c:51:6e:12:d6:eb:ef:8b:1b:
34:36:b2:62:c9:71:3c:bd:37:94:e9:51:5e:88:1a:
85:2a:e8:74:4e:ba:5a:cd:b9:51:a5:61:45:a4:8a:
3b:17:84:ef:6c:49:c2:80:4f:9e:3b:2c:16:25:2c:
b7:ab:b9:9a:76:f2:0f:02:e7:bf:e0:ee:64:1b:41:
47:18:50:dc:de:6f:84:13:28:64:eb:23:8b:55:12:
fa:29:8a:6e:71:54:ec:1f:9b:e1:ab:52:eb:05:43:
18:77:3f:38:3b:71:8f:4d:c4:ad:7c:d6:68:63:9b:
ea:cd:1f:5c:89:75:db:2f:c2:2d:ef:b4:47:e5:16:
31:5a:4a:ba:32:6c:05:c7:61:40:3e:9b:95:8f:72:
72:97:82:ee:bf:95:be:20:e9:2c:88:ae:79:6d:b5:
c6:bd:44:97:ee:7b:a2:ca:95:96:c9:68:bd:c0:73:
0e:6f:30:83:07:d3:7f:5e:41:9e:3c:9a:09:5b:dc:
e9:5e:0b:5d:55:60:f0:eb:57:f1:24:a6:d8:a8:b8:
05:88:e4:6a:3a:cd:14:4f:7e:64:52:b0:75:0d:ed:
26:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:61:2C:AC:41:05:29:B4:8A:FE:22:6C:FF:3A:22:AB:3C:17:CE:1C
X509v3 Authority Key Identifier:
keyid:9E:25:F8:76:3A:A3:51:68:9B:6B:A3:36:26:9A:B2:1C:4E:01:20:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/niX4djqjUWiba6M2JpqyHE4BILM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/X2EsrEEFKbSK_iJs_zoiqzwXzhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/0a4564-a525-4615-9a3a-8930ebb83e31/1/niX4djqjUWiba6M2JpqyHE4BILM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.130.232.0/21
46.17.180.0/22
46.229.244.0/23
46.229.248.0/23
92.246.72.0/22
185.56.68.0/22
185.219.64.0/22
195.253.248.0/22
Signature Algorithm: sha256WithRSAEncryption
17:38:8d:7a:e6:7e:83:23:31:bc:ee:c6:8a:7d:df:ec:17:df:
a8:2e:29:4e:7e:0b:10:d0:7c:3c:4a:20:02:42:7d:7e:0b:8e:
17:4d:f5:d0:e9:05:eb:05:0e:2b:0d:8b:13:ec:10:d8:2b:54:
e7:8c:f4:5c:9a:af:ec:02:1e:4b:05:9f:9a:0d:30:f6:d9:ff:
92:62:85:4a:55:bf:1a:ee:d2:68:38:32:03:db:19:57:21:c3:
64:ae:ac:8b:ba:54:05:05:79:b5:1a:b6:a6:c9:74:02:0a:25:
8e:94:d7:1d:a5:71:95:82:8c:24:07:c2:26:38:1f:29:e1:bb:
76:97:c3:52:d6:15:68:20:c9:f2:9e:1b:06:16:4d:a1:6c:53:
ea:71:3f:c0:5d:95:1d:e7:08:50:b0:05:6d:a7:2f:8b:27:a9:
74:c1:89:61:e5:76:6f:dd:ea:32:9b:24:1c:c5:36:4b:91:27:
de:79:bc:1d:c6:b9:e1:8e:a3:65:af:e2:d6:69:42:45:de:a4:
75:ab:f1:8f:06:03:71:24:34:51:39:c5:ff:0b:a7:b7:2c:ef:
b8:73:44:61:90:2a:09:ee:53:77:7b:e3:00:ef:82:b8:04:20:
da:42:33:c2:f8:30:47:c4:dc:0e:a8:b4:4e:92:db:98:cd:4e:
68:7e:cf:72
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZzcKD+EN3HKir7aAK+dMoPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMjVmODc2M2FhMzUxNjg5YjZiYTMzNjI2OWFiMjFjNGUw
MTIwYjMwHhcNMjYwMzExMDkwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjYxMmNhYzQxMDUyOWI0OGFmZTIyNmNmZjNhMjJhYjNjMTdjZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE8Mc95LYwgvl2fCahInwfnn3KqX
9eH3//5w1jMWloIFz3M8UW4S1uvvixs0NrJiyXE8vTeU6VFeiBqFKuh0TrpazblR
pWFFpIo7F4TvbEnCgE+eOywWJSy3q7madvIPAue/4O5kG0FHGFDc3m+EEyhk6yOL
VRL6KYpucVTsH5vhq1LrBUMYdz84O3GPTcStfNZoY5vqzR9ciXXbL8It77RH5RYx
Wkq6MmwFx2FAPpuVj3Jyl4Luv5W+IOksiK55bbXGvUSX7nuiypWWyWi9wHMObzCD
B9N/XkGePJoJW9zpXgtdVWDw61fxJKbYqLgFiORqOs0UT35kUrB1De0m+wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF9hLKxBBSm0iv4ibP86Iqs8F84cMB8GA1UdIwQY
MBaAFJ4l+HY6o1Fom2ujNiaashxOASCzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmlYNGRqcWpVV2liYTZNMkpwcXlIRTRCSUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wYTQ1NjQtYTUyNS00NjE1LTlhM2Et
ODkzMGViYjgzZTMxLzEvWDJFc3JFRUZLYlNLX2lKc196b2lxendYemh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wYTQ1NjQtYTUyNS00NjE1LTlhM2EtODkzMGViYjgzZTMx
LzEvbmlYNGRqcWpVV2liYTZNMkpwcXlIRTRCSUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDJYLoAwQC
LhG0AwQBLuX0AwQBLuX4AwQCXPZIAwQCuThEAwQCudtAAwQCw/34MA0GCSqGSIb3
DQEBCwUAA4IBAQAXOI165n6DIzG87saKfd/sF9+oLilOfgsQ0Hw8SiACQn1+C44X
TfXQ6QXrBQ4rDYsT7BDYK1TnjPRcmq/sAh5LBZ+aDTD22f+SYoVKVb8a7tJoODID
2xlXIcNkrqyLulQFBXm1GramyXQCCiWOlNcdpXGVgowkB8ImOB8p4bt2l8NS1hVo
IMnynhsGFk2hbFPqcT/AXZUd5whQsAVtpy+LJ6l0wYlh5XZv3eoymyQcxTZLkSfe
ebwdxrnhjqNlr+LWaUJF3qR1q/GPBgNxJDRROcX/C6e3LO+4c0RhkCoJ7lN3e+MA
74K4BCDaQjPC+DBHxNwOqLROktuYzU5ofs9y
-----END CERTIFICATE-----
Generated at Thu Mar 26 19:00:48 2026 by rpki-client