Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XzorbUzYYONqZkKJQULMyVEzdzk.roa
File: XzorbUzYYONqZkKJQULMyVEzdzk.roa (raw, json)
Hash identifier: 8FnrWsO5dX3b1DZx/dzGBGdysQN66iJjB2aQyGqzkvI=
Subject key identifier: 5F:3A:2B:6D:4C:D8:60:E3:6A:66:42:89:41:42:CC:C9:51:33:77:39
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019DF762F7DB5AC0358C01BBB645E75C8268
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XzorbUzYYONqZkKJQULMyVEzdzk.roa
Signing time: Tue 05 May 2026 09:05:51 +0000
ROA not before: Tue 05 May 2026 09:05:51 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215727
IP address blocks: 82.153.148.0/24 maxlen: 24
89.213.63.0/24 maxlen: 24
89.213.227.0/24 maxlen: 24
109.176.208.0/24 maxlen: 24
213.130.137.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f7:62:f7:db:5a:c0:35:8c:01:bb:b6:45:e7:5c:82:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 5 09:05:51 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f3a2b6d4cd860e36a6642894142ccc951337739
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:24:1a:04:93:a5:2b:9c:d3:fe:7a:33:c9:a0:
f9:cf:f9:39:35:e8:14:1c:8a:1d:c1:c2:1b:8f:6c:
09:20:f3:e0:60:63:c5:83:4c:9f:95:d2:36:8a:a5:
2a:37:9c:a6:73:02:2a:bc:50:0c:a5:24:7e:a1:15:
e2:b5:b4:ef:de:d4:69:aa:37:8c:d9:1b:bc:51:98:
72:5b:e7:aa:96:69:43:fa:8b:4d:44:74:f3:9e:c8:
fd:ae:1a:c4:58:b5:ae:f4:0f:76:41:b9:38:be:ec:
27:27:b9:7c:75:3d:fb:4c:41:d6:02:e0:33:93:1c:
af:f4:1c:3d:32:77:f6:82:84:ce:4c:91:7c:c6:7f:
d6:c6:5a:6f:ac:73:8b:17:6c:22:74:bd:e7:4d:31:
e7:36:b1:34:68:a8:2c:71:6c:31:4b:e9:2c:5a:50:
61:4a:04:fe:9f:f8:6a:49:c0:f7:75:43:92:09:47:
09:77:15:bf:3a:b4:2d:e4:9f:53:aa:02:98:ff:0d:
aa:91:f7:79:34:e5:f0:f7:07:21:48:d2:7d:7c:12:
d1:80:01:27:04:47:41:ce:55:7f:1e:dd:13:a5:c7:
58:f5:1e:2a:49:3d:1f:d3:2b:6c:d5:c2:39:dc:00:
00:b0:c1:48:f3:b9:10:d6:03:e0:fe:af:b0:be:2c:
4d:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:3A:2B:6D:4C:D8:60:E3:6A:66:42:89:41:42:CC:C9:51:33:77:39
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XzorbUzYYONqZkKJQULMyVEzdzk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.148.0/24
89.213.63.0/24
89.213.227.0/24
109.176.208.0/24
213.130.137.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:92:a4:78:ec:c0:7a:9f:69:56:f8:d9:95:11:30:bc:7e:8f:
69:e2:cb:5b:02:27:99:0b:c9:27:b7:8b:89:12:ae:3b:b0:b9:
e6:38:34:1e:75:a3:87:17:68:f7:46:a4:14:64:41:0b:2f:95:
94:3b:dd:22:09:85:bd:54:d8:8b:17:3b:28:16:69:23:0c:27:
e0:2a:ed:be:50:fa:a2:14:6e:bb:1e:7e:2a:eb:0e:18:48:b9:
f3:8f:b8:f2:c4:32:73:7f:c4:91:f5:52:84:23:0d:de:ff:bf:
8b:38:a2:13:57:12:d8:ba:90:a3:d3:d9:f5:21:8f:45:90:a0:
13:5e:f3:76:0e:45:80:f5:38:00:05:5d:88:29:e2:61:6a:ea:
75:45:95:e7:e2:55:be:2e:00:8d:b3:50:7d:29:6f:40:48:73:
dd:aa:ed:92:72:f9:9c:41:2e:d9:11:e0:ab:4e:74:01:7c:32:
1e:04:95:f2:92:87:36:92:69:d8:57:c0:7a:0a:06:6d:50:b8:
e9:33:1b:02:03:3c:cb:a3:a4:cb:69:d0:ab:fe:d8:46:ec:a4:
bd:6f:7d:11:b2:68:fe:38:7f:e0:d5:77:c0:0f:f6:64:6f:27:
c1:40:98:b2:a1:b4:49:e5:10:a0:38:05:65:a5:64:e2:ba:62:
6a:08:3a:35
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ33YvfbWsA1jAG7tkXnXIJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA1MDkwNTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNhMmI2ZDRjZDg2MGUzNmE2NjQyODk0MTQyY2NjOTUxMzM3NzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCQaBJOlK5zT/nozyaD5z/k5NegU
HIodwcIbj2wJIPPgYGPFg0yfldI2iqUqN5ymcwIqvFAMpSR+oRXitbTv3tRpqjeM
2Ru8UZhyW+eqlmlD+otNRHTznsj9rhrEWLWu9A92Qbk4vuwnJ7l8dT37TEHWAuAz
kxyv9Bw9Mnf2goTOTJF8xn/WxlpvrHOLF2widL3nTTHnNrE0aKgscWwxS+ksWlBh
SgT+n/hqScD3dUOSCUcJdxW/OrQt5J9TqgKY/w2qkfd5NOXw9wchSNJ9fBLRgAEn
BEdBzlV/Ht0TpcdY9R4qST0f0yts1cI53AAAsMFI87kQ1gPg/q+wvixNAQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFF86K21M2GDjamZCiUFCzMlRM3c5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHpvcmJVellZT05xWmtLSlFVTE15VkV6ZHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUpmUAwQA
WdU/AwQAWdXjAwQAbbDQAwQA1YKJMA0GCSqGSIb3DQEBCwUAA4IBAQCkkqR47MB6
n2lW+NmVETC8fo9p4stbAieZC8knt4uJEq47sLnmODQedaOHF2j3RqQUZEELL5WU
O90iCYW9VNiLFzsoFmkjDCfgKu2+UPqiFG67Hn4q6w4YSLnzj7jyxDJzf8SR9VKE
Iw3e/7+LOKITVxLYupCj09n1IY9FkKATXvN2DkWA9TgABV2IKeJhaup1RZXn4lW+
LgCNs1B9KW9ASHPdqu2ScvmcQS7ZEeCrTnQBfDIeBJXykoc2kmnYV8B6CgZtULjp
MxsCAzzLo6TLadCr/thG7KS9b30Rsmj+OH/g1XfAD/ZkbyfBQJiyobRJ5RCgOAVl
pWTiumJqCDo1
-----END CERTIFICATE-----
Generated at Wed May 13 05:58:07 2026 by rpki-client