Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xwsUAnVcyqeDoWGmXmzjTIdr5IA.roa
File: xwsUAnVcyqeDoWGmXmzjTIdr5IA.roa (raw, json)
Hash identifier: a11zbl6U+f1cxGH+sbWFiYBhYBarDdFxdf1xfJHZ0lw=
Subject key identifier: C7:0B:14:02:75:5C:CA:A7:83:A1:61:A6:5E:6C:E3:4C:87:6B:E4:80
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019CE637DE17DDD504C2A0A11A3D8762A718
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xwsUAnVcyqeDoWGmXmzjTIdr5IA.roa
Signing time: Fri 13 Mar 2026 08:02:26 +0000
ROA not before: Fri 13 Mar 2026 08:02:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 192.71.161.0/24 maxlen: 24
193.180.119.0/24 maxlen: 24
193.234.82.0/24 maxlen: 24
193.235.104.0/24 maxlen: 24
193.235.106.0/24 maxlen: 24
193.235.108.0/23 maxlen: 24
194.71.221.0/24 maxlen: 24
194.103.47.0/24 maxlen: 24
194.132.122.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Mar 2026 00:55:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:e6:37:de:17:dd:d5:04:c2:a0:a1:1a:3d:87:62:a7:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Mar 13 08:02:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c70b1402755ccaa783a161a65e6ce34c876be480
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:c4:42:36:ac:56:c5:a3:3a:07:60:c5:79:e3:
ae:97:22:50:5c:d3:4b:0f:db:61:64:31:5e:e7:24:
13:87:cf:95:24:b6:15:80:ed:c5:4f:05:bc:f4:59:
75:82:2e:b1:27:e3:1b:77:72:89:c7:e9:16:28:d0:
b2:7c:71:7b:37:36:95:87:04:f3:1b:60:9e:93:28:
32:2d:b9:7f:5b:49:d5:42:f8:9a:c4:da:6a:1e:20:
99:59:6c:12:9f:f2:bb:c6:a1:b5:0c:37:70:b6:99:
0f:53:d5:0c:c8:9f:5d:d4:57:42:63:da:0e:65:04:
19:06:07:16:bc:b7:65:28:76:0c:89:2a:77:0e:9f:
c1:07:2b:f2:c9:80:c7:fe:b5:33:91:d2:88:15:1d:
31:a3:bf:c1:fc:ea:9b:7a:62:3c:23:01:a8:af:1e:
c5:7c:bf:50:07:ec:94:53:0c:46:f6:47:61:74:89:
3d:df:bf:a2:e6:de:eb:7e:bb:69:4c:ae:3a:d0:6f:
25:f8:70:b2:4f:ac:4c:68:94:47:4c:86:6a:98:3e:
e0:9f:d0:9d:6a:33:a6:6e:89:4a:d0:f5:24:50:db:
ed:d8:62:00:74:9d:42:65:07:7d:44:be:2c:6f:80:
e0:ef:ea:6d:d7:89:c2:24:63:26:c7:c3:97:87:06:
b8:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:0B:14:02:75:5C:CA:A7:83:A1:61:A6:5E:6C:E3:4C:87:6B:E4:80
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xwsUAnVcyqeDoWGmXmzjTIdr5IA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.71.161.0/24
193.180.119.0/24
193.234.82.0/24
193.235.104.0/24
193.235.106.0/24
193.235.108.0/23
194.71.221.0/24
194.103.47.0/24
194.132.122.0/24
Signature Algorithm: sha256WithRSAEncryption
70:64:69:81:be:6b:6e:ff:46:13:07:4b:1c:2e:d4:d7:23:14:
37:56:97:64:7c:32:6c:2b:bb:87:05:27:e9:6d:d6:13:84:c8:
e1:d2:df:65:7c:99:26:32:ff:77:9d:90:c3:7c:4f:e2:5f:14:
c9:08:ff:73:50:08:8c:25:76:f9:5f:78:25:7d:57:48:68:80:
a6:6e:e8:9e:15:60:f8:d5:a4:df:58:c5:f1:b8:72:e2:98:d8:
60:44:11:e9:f2:e1:41:c8:e0:cc:e5:d8:f7:fb:5d:07:38:5a:
c3:22:e7:03:bb:ef:79:c4:a3:19:44:f8:c9:cd:6e:c0:b4:29:
90:42:91:a4:4d:8b:e4:53:53:f1:70:95:f1:c4:94:39:b7:0f:
13:99:7c:d1:5f:1e:7d:9e:a5:59:60:d6:29:33:74:a0:0c:e9:
9e:91:83:80:9d:e0:98:e3:26:29:5a:e7:d6:41:98:f5:ab:94:
c4:33:37:34:b2:18:4d:06:00:26:73:29:97:37:64:01:cf:65:
06:16:52:f6:01:45:8d:09:92:5e:d4:a4:29:59:c3:bb:46:de:
4a:bb:af:51:3e:96:b4:85:a1:47:11:6b:4e:ee:32:dc:fb:ba:
4e:b6:ec:28:2c:8d:6e:0f:64:ff:a7:0e:f4:21:f2:2c:17:dd:
99:1f:58:9e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZzmN94X3dUEwqChGj2HYqcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMzEzMDgwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzBiMTQwMjc1NWNjYWE3ODNhMTYxYTY1ZTZjZTM0Yzg3NmJlNDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssRCNqxWxaM6B2DFeeOulyJQXNNL
D9thZDFe5yQTh8+VJLYVgO3FTwW89Fl1gi6xJ+Mbd3KJx+kWKNCyfHF7NzaVhwTz
G2CekygyLbl/W0nVQviaxNpqHiCZWWwSn/K7xqG1DDdwtpkPU9UMyJ9d1FdCY9oO
ZQQZBgcWvLdlKHYMiSp3Dp/BByvyyYDH/rUzkdKIFR0xo7/B/OqbemI8IwGorx7F
fL9QB+yUUwxG9kdhdIk937+i5t7rfrtpTK460G8l+HCyT6xMaJRHTIZqmD7gn9Cd
ajOmbolK0PUkUNvt2GIAdJ1CZQd9RL4sb4Dg7+pt14nCJGMmx8OXhwa4KQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMcLFAJ1XMqng6Fhpl5s40yHa+SAMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveHdzVUFuVmN5cWVEb1dHbVhtempUSWRyNUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwEehAwQA
wbR3AwQAwepSAwQAwetoAwQAwetqAwQBwetsAwQAwkfdAwQAwmcvAwQAwoR6MA0G
CSqGSIb3DQEBCwUAA4IBAQBwZGmBvmtu/0YTB0scLtTXIxQ3VpdkfDJsK7uHBSfp
bdYThMjh0t9lfJkmMv93nZDDfE/iXxTJCP9zUAiMJXb5X3glfVdIaICmbuieFWD4
1aTfWMXxuHLimNhgRBHp8uFByODM5dj3+10HOFrDIucDu+95xKMZRPjJzW7AtCmQ
QpGkTYvkU1PxcJXxxJQ5tw8TmXzRXx59nqVZYNYpM3SgDOmekYOAneCY4yYpWufW
QZj1q5TEMzc0shhNBgAmcymXN2QBz2UGFlL2AUWNCZJe1KQpWcO7Rt5Ku69RPpa0
haFHEWtO7jLc+7pOtuwoLI1uD2T/pw70IfIsF92ZH1ie
-----END CERTIFICATE-----
Generated at Sat Mar 28 10:48:11 2026 by rpki-client