Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xa7SyBowKsDXcKT1QiVYQxKGkAw.roa
File: xa7SyBowKsDXcKT1QiVYQxKGkAw.roa (raw, json)
Hash identifier: r8O+JtL44cX7uCKbqCEO0E6OGZKAqmZCYKZ0eNy25JI=
Subject key identifier: C5:AE:D2:C8:1A:30:2A:C0:D7:70:A4:F5:42:25:58:43:12:86:90:0C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0198C15FE95B1F4F5510C5438AD536A7904E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xa7SyBowKsDXcKT1QiVYQxKGkAw.roa
Signing time: Tue 19 Aug 2025 08:09:05 +0000
ROA not before: Tue 19 Aug 2025 08:09:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 79.99.150.0/23 maxlen: 24
82.152.55.0/24 maxlen: 24
82.153.145.0/24 maxlen: 24
82.163.0.0/24 maxlen: 24
82.163.10.0/23 maxlen: 24
89.213.226.0/24 maxlen: 24
109.176.30.0/24 maxlen: 24
109.176.208.0/24 maxlen: 24
213.218.235.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c1:5f:e9:5b:1f:4f:55:10:c5:43:8a:d5:36:a7:90:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 19 08:09:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5aed2c81a302ac0d770a4f5422558431286900c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c9:f8:cb:c6:e7:4c:d8:2b:03:d6:a6:fa:bf:
06:0e:9c:f5:a0:11:06:81:61:4c:71:3d:2b:49:d3:
a1:6e:ac:c0:14:9f:00:83:13:d5:6e:1c:a2:b8:3d:
10:a6:81:e4:9d:e4:e1:9c:bd:16:3f:a0:e9:e8:64:
89:8f:b5:4b:cf:b0:21:49:ad:03:87:b4:b7:0e:50:
81:c0:fd:a5:02:0e:79:8e:3b:16:fe:da:ec:d6:4f:
cb:2c:3c:3f:c1:07:e9:1f:97:32:10:e9:8f:f0:b3:
bb:13:a8:ac:0c:39:8e:7d:75:72:0f:9d:41:f0:45:
a6:b6:4b:85:c9:82:5c:41:cf:55:33:92:cb:74:64:
5d:4d:ae:2f:59:56:a6:82:b5:60:c8:f4:0c:f1:97:
8d:9d:9a:46:27:9a:a7:19:9c:2e:64:24:fa:d2:dd:
f8:9f:bf:55:a9:b6:cc:41:58:81:60:84:2b:2f:dc:
3e:0e:46:f1:71:d5:72:7a:2c:b2:0f:3b:cb:f0:04:
8f:4e:ff:3f:9e:52:34:8f:de:ed:3c:1a:dd:4e:65:
f7:da:83:83:ba:9b:2c:48:33:29:ce:cc:31:96:ff:
41:00:e8:c0:37:33:8f:cb:54:72:f4:d0:3e:cd:45:
e7:2b:81:66:6b:02:a8:ee:b5:43:3a:34:bf:7a:98:
23:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:AE:D2:C8:1A:30:2A:C0:D7:70:A4:F5:42:25:58:43:12:86:90:0C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xa7SyBowKsDXcKT1QiVYQxKGkAw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.99.150.0/23
82.152.55.0/24
82.153.145.0/24
82.163.0.0/24
82.163.10.0/23
89.213.226.0/24
109.176.30.0/24
109.176.208.0/24
213.218.235.0/24
Signature Algorithm: sha256WithRSAEncryption
55:9e:9c:04:9e:cf:ed:12:ed:71:98:7a:3d:e1:5d:f8:8c:20:
c3:72:c4:c0:0a:19:4d:05:2d:71:38:5c:8e:7c:e0:6d:0d:80:
12:13:1f:41:a0:e5:f7:d3:ec:ef:9f:0b:63:a2:e0:6d:29:06:
36:37:21:68:8b:16:91:04:be:bb:06:b9:d7:d9:22:e3:31:19:
61:90:a7:63:42:08:1f:e0:36:7e:5d:7c:12:c6:0a:0a:da:ce:
17:a5:a9:7e:dc:ec:ce:17:de:4b:6c:ac:ca:4c:77:1e:ce:6d:
9d:35:a8:13:fa:a8:e0:4e:7f:93:2f:5c:94:86:2e:8b:36:48:
a0:e1:36:5d:0a:57:04:6d:5c:03:ba:c2:47:5b:77:e8:75:f4:
32:92:ab:3f:ba:ee:da:f3:4f:0e:81:c9:f4:dd:b0:39:a6:9d:
09:be:31:51:3c:d6:9a:03:b2:2e:a4:1c:2d:dc:4a:b4:4e:f2:
7b:26:1e:3e:58:28:47:6a:cb:10:d3:a2:cb:d3:ed:67:58:82:
f7:6a:c0:4f:1f:8b:0e:3e:df:b4:f4:3a:75:84:7a:0b:68:e5:
d9:ed:4f:aa:46:b5:13:11:be:45:5f:ed:e5:13:7b:f8:ee:bc:
6a:bc:74:fa:64:56:1c:2e:3f:d2:82:0a:68:1b:2b:f9:3e:4b:
95:fa:af:a4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZjBX+lbH09VEMVDitU2p5BOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODE5MDgwOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFlZDJjODFhMzAyYWMwZDc3MGE0ZjU0MjI1NTg0MzEyODY5MDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucn4y8bnTNgrA9am+r8GDpz1oBEG
gWFMcT0rSdOhbqzAFJ8AgxPVbhyiuD0QpoHkneThnL0WP6Dp6GSJj7VLz7AhSa0D
h7S3DlCBwP2lAg55jjsW/trs1k/LLDw/wQfpH5cyEOmP8LO7E6isDDmOfXVyD51B
8EWmtkuFyYJcQc9VM5LLdGRdTa4vWVamgrVgyPQM8ZeNnZpGJ5qnGZwuZCT60t34
n79VqbbMQViBYIQrL9w+DkbxcdVyeiyyDzvL8ASPTv8/nlI0j97tPBrdTmX32oOD
upssSDMpzswxlv9BAOjANzOPy1Ry9NA+zUXnK4FmawKo7rVDOjS/epgjYwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMWu0sgaMCrA13Ck9UIlWEMShpAMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveGE3U3lCb3dLc0RYY0tUMVFpVllReEtHa0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBT2OWAwQA
Upg3AwQAUpmRAwQAUqMAAwQBUqMKAwQAWdXiAwQAbbAeAwQAbbDQAwQA1drrMA0G
CSqGSIb3DQEBCwUAA4IBAQBVnpwEns/tEu1xmHo94V34jCDDcsTAChlNBS1xOFyO
fOBtDYASEx9BoOX30+zvnwtjouBtKQY2NyFoixaRBL67BrnX2SLjMRlhkKdjQggf
4DZ+XXwSxgoK2s4Xpal+3OzOF95LbKzKTHcezm2dNagT+qjgTn+TL1yUhi6LNkig
4TZdClcEbVwDusJHW3fodfQykqs/uu7a808Ogcn03bA5pp0JvjFRPNaaA7IupBwt
3Eq0TvJ7Jh4+WChHassQ06LL0+1nWIL3asBPH4sOPt+09Dp1hHoLaOXZ7U+qRrUT
Eb5FX+3lE3v47rxqvHT6ZFYcLj/SggpoGyv5PkuV+q+k
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:41:35 2025 by rpki-client