Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/XwIsDyOxk-43zWazQl1IR9pe14s.roa
File: XwIsDyOxk-43zWazQl1IR9pe14s.roa (raw, json)
Hash identifier: OZD2or1OVQ846ccNHNRtfiKwHWHCDjNPUoLSYLxypck=
Subject key identifier: 5F:02:2C:0F:23:B1:93:EE:37:CD:66:B3:42:5D:48:47:DA:5E:D7:8B
Certificate issuer: /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial: 019CCBACD3184E2B701CF2FDF1378C486C7C
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/XwIsDyOxk-43zWazQl1IR9pe14s.roa
Signing time: Sun 08 Mar 2026 04:20:26 +0000
ROA not before: Sun 08 Mar 2026 04:20:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 196925
IP address blocks: 5.133.224.0/20 maxlen: 20
109.235.192.0/21 maxlen: 21
109.235.193.0/24 maxlen: 24
109.235.199.0/24 maxlen: 24
131.117.128.0/20 maxlen: 20
134.19.208.0/20 maxlen: 20
134.19.216.0/24 maxlen: 24
134.19.217.0/24 maxlen: 24
149.126.112.0/20 maxlen: 20
149.126.116.0/24 maxlen: 24
149.126.117.0/24 maxlen: 24
149.126.118.0/24 maxlen: 24
149.126.119.0/24 maxlen: 24
185.138.12.0/22 maxlen: 22
2a00:9100::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:cb:ac:d3:18:4e:2b:70:1c:f2:fd:f1:37:8c:48:6c:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Validity
Not Before: Mar 8 04:20:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f022c0f23b193ee37cd66b3425d4847da5ed78b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a4:81:e8:e3:a6:82:c3:ba:7d:5f:28:2c:c4:
5b:da:eb:ce:3c:8d:d0:22:f8:32:db:1c:e9:37:7e:
a8:24:23:18:aa:04:29:8c:38:cb:63:30:28:a6:a9:
e9:b8:1f:31:63:a9:35:be:a8:f6:1e:0f:a4:dc:48:
9d:2e:c2:c5:78:89:a5:52:20:4e:e8:75:fc:ba:17:
22:e7:13:71:c5:da:83:95:92:a8:c7:46:0d:5a:61:
d8:4f:7d:35:f2:20:c6:3b:a7:c1:24:07:41:2e:a7:
1f:b0:42:bd:72:ca:bc:d4:08:c4:69:d6:d1:ca:93:
19:4d:80:68:7c:8d:23:c0:88:8b:38:84:c9:13:55:
8f:48:d3:6f:77:e6:ae:ff:e5:4d:a4:df:a8:13:8d:
eb:9b:98:59:02:3c:ed:b6:94:0a:98:88:1a:45:82:
d7:89:91:23:0b:27:73:0c:d8:84:37:49:79:3e:0a:
60:0c:60:6b:7b:0b:ad:91:ea:87:8d:ba:98:ee:39:
70:ad:30:88:74:27:e9:7d:f8:58:c2:82:06:51:b2:
b0:ce:0b:ec:05:4a:a6:3a:b4:03:bc:06:d8:1c:d4:
e0:03:34:d5:1d:18:03:ed:7a:7a:5e:08:55:5b:44:
57:d6:3c:29:fa:58:31:97:15:77:45:74:49:f4:0f:
64:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:02:2C:0F:23:B1:93:EE:37:CD:66:B3:42:5D:48:47:DA:5E:D7:8B
X509v3 Authority Key Identifier:
keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/XwIsDyOxk-43zWazQl1IR9pe14s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.224.0/20
109.235.192.0/21
131.117.128.0/20
134.19.208.0/20
149.126.112.0/20
185.138.12.0/22
IPv6:
2a00:9100::/32
Signature Algorithm: sha256WithRSAEncryption
81:9e:d9:21:fe:b0:29:88:0b:33:93:14:1d:08:7e:79:93:71:
69:e6:0c:38:f7:a2:9e:35:68:18:c8:1a:ef:13:36:57:fe:7f:
4e:2c:ca:1b:f9:3b:96:3e:b4:24:88:48:f5:d6:02:70:3e:3a:
9c:30:e5:a9:87:d9:7a:55:c7:bb:ca:e7:8f:67:da:fc:a8:3d:
b7:3d:b8:6a:06:fd:b8:0a:9b:90:3e:a4:43:45:2c:72:0a:69:
fa:fe:af:08:93:4c:f3:f1:8d:d3:d0:b9:a3:56:e0:e8:55:42:
6f:1f:42:b5:89:0e:07:ba:09:ed:fe:2e:db:1f:1c:d0:f5:98:
b8:19:40:3a:0b:54:f2:a2:37:9e:5e:54:59:cd:80:f5:81:60:
2a:92:e7:ae:43:31:bc:67:3a:c0:09:6f:85:be:8a:cd:4a:6d:
d4:94:c9:34:f2:2a:e9:b8:83:21:c7:3e:a7:06:46:21:05:63:
5e:f3:b0:30:1c:66:b8:b0:6f:fb:52:5f:47:dd:69:08:4d:a3:
1c:f4:61:0a:2f:8c:0b:d3:b2:ba:fe:be:0b:5e:b7:35:d1:1f:
3f:48:f1:38:f3:f0:de:2c:f6:c3:6b:d5:56:00:c0:98:55:0d:
1d:b6:ee:51:9a:a0:e1:74:42:4f:5b:00:27:b5:cf:6e:ee:92:
c1:4a:e3:91
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZzLrNMYTitwHPL98TeMSGx8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjYwMzA4MDQyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjAyMmMwZjIzYjE5M2VlMzdjZDY2YjM0MjVkNDg0N2RhNWVkNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKSB6OOmgsO6fV8oLMRb2uvOPI3Q
Ivgy2xzpN36oJCMYqgQpjDjLYzAopqnpuB8xY6k1vqj2Hg+k3EidLsLFeImlUiBO
6HX8uhci5xNxxdqDlZKox0YNWmHYT3018iDGO6fBJAdBLqcfsEK9csq81AjEadbR
ypMZTYBofI0jwIiLOITJE1WPSNNvd+au/+VNpN+oE43rm5hZAjzttpQKmIgaRYLX
iZEjCydzDNiEN0l5PgpgDGBrewutkeqHjbqY7jlwrTCIdCfpffhYwoIGUbKwzgvs
BUqmOrQDvAbYHNTgAzTVHRgD7Xp6XghVW0RX1jwp+lgxlxV3RXRJ9A9kUwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFF8CLA8jsZPuN81ms0JdSEfaXteLMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvWHdJc0R5T3hrLTQzeldhelFsMUlSOXBlMTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBYXgAwQD
bevAAwQEg3WAAwQEhhPQAwQElX5wAwQCuYoMMA0EAgACMAcDBQAqAJEAMA0GCSqG
SIb3DQEBCwUAA4IBAQCBntkh/rApiAszkxQdCH55k3Fp5gw496KeNWgYyBrvEzZX
/n9OLMob+TuWPrQkiEj11gJwPjqcMOWph9l6Vce7yuePZ9r8qD23PbhqBv24CpuQ
PqRDRSxyCmn6/q8Ik0zz8Y3T0LmjVuDoVUJvH0K1iQ4Hugnt/i7bHxzQ9Zi4GUA6
C1TyojeeXlRZzYD1gWAqkueuQzG8ZzrACW+FvorNSm3UlMk08irpuIMhxz6nBkYh
BWNe87AwHGa4sG/7Ul9H3WkITaMc9GEKL4wL07K6/r4LXrc10R8/SPE48/DeLPbD
a9VWAMCYVQ0dtu5RmqDhdEJPWwAntc9u7pLBSuOR
-----END CERTIFICATE-----
Generated at Thu Mar 26 09:49:53 2026 by rpki-client