Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/XR-rPb-m7f-FlAMX-L8KGh0V99Y.roa
File: XR-rPb-m7f-FlAMX-L8KGh0V99Y.roa (raw, json)
Hash identifier: BVyK1bZ+31AFIaxsZAF+xtqltatv+NHV8sutqOFiSPE=
Subject key identifier: 5D:1F:AB:3D:BF:A6:ED:FF:85:94:03:17:F8:BF:0A:1A:1D:15:F7:D6
Certificate issuer: /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial: 0197AD11ED17B55543D8AFEDFC72909EDB17
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/XR-rPb-m7f-FlAMX-L8KGh0V99Y.roa
Signing time: Thu 26 Jun 2025 16:28:42 +0000
ROA not before: Thu 26 Jun 2025 16:28:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 45.66.135.0/24 maxlen: 24
45.82.165.0/24 maxlen: 24
45.85.2.0/24 maxlen: 24
45.90.140.0/24 maxlen: 24
45.128.152.0/24 maxlen: 24
45.134.18.0/24 maxlen: 24
45.144.242.0/24 maxlen: 24
45.144.243.0/24 maxlen: 24
81.90.190.0/24 maxlen: 24
89.31.124.0/24 maxlen: 24
91.220.202.0/24 maxlen: 24
91.220.203.0/24 maxlen: 24
147.78.14.0/24 maxlen: 24
152.89.210.0/24 maxlen: 24
185.105.191.0/24 maxlen: 24
185.120.17.0/24 maxlen: 24
185.126.68.0/24 maxlen: 24
185.126.136.0/24 maxlen: 24
185.126.137.0/24 maxlen: 24
185.126.224.0/24 maxlen: 24
185.126.227.0/24 maxlen: 24
185.167.117.0/24 maxlen: 24
185.167.118.0/24 maxlen: 24
185.167.119.0/24 maxlen: 24
185.171.122.0/24 maxlen: 24
185.171.123.0/24 maxlen: 24
185.172.114.0/24 maxlen: 24
185.175.142.0/24 maxlen: 24
185.175.143.0/24 maxlen: 24
185.187.236.0/24 maxlen: 24
188.119.102.0/24 maxlen: 24
192.54.56.0/24 maxlen: 24
192.54.58.0/24 maxlen: 24
192.54.59.0/24 maxlen: 24
193.37.56.0/24 maxlen: 24
193.37.57.0/24 maxlen: 24
193.38.136.0/24 maxlen: 24
194.124.32.0/24 maxlen: 24
194.156.229.0/24 maxlen: 24
2a0c:8a40:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 04:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:ad:11:ed:17:b5:55:43:d8:af:ed:fc:72:90:9e:db:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Validity
Not Before: Jun 26 16:28:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d1fab3dbfa6edff85940317f8bf0a1a1d15f7d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:f2:af:af:14:e2:d2:53:48:27:33:99:c4:03:
52:81:d9:48:ef:75:59:b7:55:a7:bb:80:2f:47:b9:
33:18:c0:60:a7:d2:50:bf:c9:0e:ad:71:ac:5c:c8:
4a:aa:d6:63:6f:c0:7e:88:b4:cf:59:ee:04:ec:51:
58:e9:65:8e:2d:e6:2a:27:10:e9:dd:fd:01:e5:33:
7c:fa:e0:a2:2d:58:d2:2b:e3:44:66:04:33:de:14:
ac:17:22:e8:7f:ea:85:90:a8:88:89:c5:e5:1b:cd:
04:6a:89:c5:69:eb:3b:84:84:f4:28:fb:0b:bd:ce:
22:af:4b:64:e8:ea:f1:85:ce:bc:ce:3c:9d:ad:14:
50:2f:f1:fd:8b:d0:eb:a3:3f:ab:0e:92:3f:bc:af:
89:7f:5d:26:b3:be:e4:8c:c2:4e:0c:87:50:e1:29:
0f:15:74:d8:7d:30:13:72:c0:93:9a:14:f3:8e:31:
0b:78:b2:48:59:53:af:87:f6:1f:6e:b8:f9:a9:8b:
0c:af:9e:05:cd:2f:bb:79:96:fc:99:98:66:07:5f:
c0:12:50:35:15:3c:45:a8:32:d0:07:c6:a4:d6:76:
86:02:8d:87:03:2b:97:52:4f:e1:8a:0f:b7:88:08:
de:d0:ac:ac:3a:4a:2a:de:f8:f1:11:a6:fa:d9:d7:
1a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:1F:AB:3D:BF:A6:ED:FF:85:94:03:17:F8:BF:0A:1A:1D:15:F7:D6
X509v3 Authority Key Identifier:
keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/XR-rPb-m7f-FlAMX-L8KGh0V99Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.135.0/24
45.82.165.0/24
45.85.2.0/24
45.90.140.0/24
45.128.152.0/24
45.134.18.0/24
45.144.242.0/23
81.90.190.0/24
89.31.124.0/24
91.220.202.0/23
147.78.14.0/24
152.89.210.0/24
185.105.191.0/24
185.120.17.0/24
185.126.68.0/24
185.126.136.0/23
185.126.224.0/24
185.126.227.0/24
185.167.117.0-185.167.119.255
185.171.122.0/23
185.172.114.0/24
185.175.142.0/23
185.187.236.0/24
188.119.102.0/24
192.54.56.0/24
192.54.58.0/23
193.37.56.0/23
193.38.136.0/24
194.124.32.0/24
194.156.229.0/24
IPv6:
2a0c:8a40:2::/48
Signature Algorithm: sha256WithRSAEncryption
4f:c7:c7:a9:8c:25:2c:a5:69:7d:70:8e:b6:11:c4:79:e4:13:
7d:cd:29:f1:00:3a:33:87:e0:34:30:ad:2f:62:09:65:58:a0:
ec:25:77:60:12:5c:f4:17:56:1c:ec:42:3a:a8:fd:c0:93:7d:
3c:54:7a:cc:f8:72:2c:81:6d:4a:0b:39:f7:56:44:f2:1b:69:
71:66:a5:bb:1e:cd:e3:11:f9:80:05:57:c1:5f:dd:1a:39:fb:
8c:76:e4:26:7c:3a:c3:10:7e:b5:86:a9:e4:e8:ae:95:60:b2:
9a:b1:99:03:7d:8b:35:5a:03:2f:4d:2e:9d:6c:e4:ba:58:e6:
3d:c2:65:dd:c0:c9:3e:02:aa:f8:a8:ee:94:f4:d3:d9:8d:f1:
12:f3:91:11:b5:75:d2:aa:7a:fa:6d:29:db:25:3f:51:d4:9d:
23:f9:b9:e6:2c:c0:eb:09:4f:f4:37:42:ba:b4:c5:da:76:e1:
a2:ef:1b:44:93:d9:6c:1c:7b:5b:18:6a:97:5d:96:a1:d0:db:
45:64:29:ca:ee:16:84:c9:51:47:78:98:92:70:c3:f3:ab:40:
6f:7f:c8:03:90:12:8d:55:66:d6:e4:4f:fc:22:67:21:26:93:
fc:6e:26:28:3f:d2:3b:52:8d:58:e2:fb:98:82:99:78:18:55:
58:61:41:7f
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAZetEe0XtVVD2K/t/HKQntsXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUwNjI2MTYyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDFmYWIzZGJmYTZlZGZmODU5NDAzMTdmOGJmMGExYTFkMTVmN2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/KvrxTi0lNIJzOZxANSgdlI73VZ
t1Wnu4AvR7kzGMBgp9JQv8kOrXGsXMhKqtZjb8B+iLTPWe4E7FFY6WWOLeYqJxDp
3f0B5TN8+uCiLVjSK+NEZgQz3hSsFyLof+qFkKiIicXlG80EaonFaes7hIT0KPsL
vc4ir0tk6Orxhc68zjydrRRQL/H9i9Droz+rDpI/vK+Jf10ms77kjMJODIdQ4SkP
FXTYfTATcsCTmhTzjjELeLJIWVOvh/Yfbrj5qYsMr54FzS+7eZb8mZhmB1/AElA1
FTxFqDLQB8ak1naGAo2HAyuXUk/hig+3iAje0KysOkoq3vjxEab62dcahwIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFF0fqz2/pu3/hZQDF/i/ChodFffWMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvWFItclBiLW03Zi1GbEFNWC1MOEtHaDBWOTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBwwQCAAEwgbwDBAAt
QocDBAAtUqUDBAAtVQIDBAAtWowDBAAtgJgDBAAthhIDBAEtkPIDBABRWr4DBABZ
H3wDBAFb3MoDBACTTg4DBACYWdIDBAC5ab8DBAC5eBEDBAC5fkQDBAG5fogDBAC5
fuADBAC5fuMwDAMEALmndQMEA7mncAMEAbmregMEALmscgMEAbmvjgMEALm77AME
ALx3ZgMEAMA2OAMEAcA2OgMEAcElOAMEAMEmiAMEAMJ8IAMEAMKc5TAPBAIAAjAJ
AwcAKgyKQAACMA0GCSqGSIb3DQEBCwUAA4IBAQBPx8epjCUspWl9cI62EcR55BN9
zSnxADozh+A0MK0vYgllWKDsJXdgElz0F1Yc7EI6qP3Ak308VHrM+HIsgW1KCzn3
VkTyG2lxZqW7Hs3jEfmABVfBX90aOfuMduQmfDrDEH61hqnk6K6VYLKasZkDfYs1
WgMvTS6dbOS6WOY9wmXdwMk+Aqr4qO6U9NPZjfES85ERtXXSqnr6bSnbJT9R1J0j
+bnmLMDrCU/0N0K6tMXaduGi7xtEk9lsHHtbGGqXXZah0NtFZCnK7haEyVFHeJiS
cMPzq0Bvf8gDkBKNVWbW5E/8ImchJpP8biYoP9I7Uo1Y4vuYgpl4GFVYYUF/
-----END CERTIFICATE-----
Generated at Sun Jun 29 14:17:54 2025 by rpki-client