Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/XByMhEpXEd6J8xFbLv_KRyhaqcw.roa
File: XByMhEpXEd6J8xFbLv_KRyhaqcw.roa (raw, json)
Hash identifier: NwJKPF0Lzpc4seej3vkSrBp6N1b9ctdY+vPQTly4uao=
Subject key identifier: 5C:1C:8C:84:4A:57:11:DE:89:F3:11:5B:2E:FF:CA:47:28:5A:A9:CC
Certificate issuer: /CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Certificate serial: 019987C7800E24972C5C924DE0CFDB81F73C
Authority key identifier: F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/XByMhEpXEd6J8xFbLv_KRyhaqcw.roa
Signing time: Fri 26 Sep 2025 20:47:02 +0000
ROA not before: Fri 26 Sep 2025 20:47:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213166
IP address blocks: 37.44.214.0/24 maxlen: 24
86.105.182.0/24 maxlen: 24
91.194.110.0/24 maxlen: 24
2a0f:ea81::/32 maxlen: 48
2a0f:ea83::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.mft
rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 08:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:87:c7:80:0e:24:97:2c:5c:92:4d:e0:cf:db:81:f7:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Validity
Not Before: Sep 26 20:47:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c1c8c844a5711de89f3115b2effca47285aa9cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:3e:17:85:da:7b:08:94:3a:f4:57:a7:0e:cd:
11:64:ee:37:15:ad:7b:ad:eb:19:55:20:d7:6a:ef:
c3:db:a4:47:a7:46:9b:84:d2:eb:a8:44:62:57:ed:
b8:31:67:bf:85:f0:1b:13:3a:19:67:99:67:5b:83:
52:1b:4e:99:c0:42:67:66:35:6e:33:4d:f4:d8:82:
9e:60:63:da:ce:a9:ff:2e:de:65:1a:0b:36:20:c7:
29:5f:94:9f:e5:99:11:6a:0c:92:f9:84:90:68:2b:
bd:ac:33:2c:38:97:f4:a9:51:1c:ee:32:c7:2f:6e:
aa:01:f1:e5:8a:4d:94:91:96:8c:bc:d2:46:47:e9:
87:ac:7e:8e:67:c1:1b:85:2d:5a:e4:0f:f4:5e:dd:
f2:b6:1f:5a:a3:7d:d0:64:e5:2b:d4:9a:31:76:6c:
a8:3e:a8:d0:8b:7b:9d:04:ff:66:1a:e3:56:a3:0f:
e7:2b:cd:67:96:29:19:cd:13:14:eb:73:3d:0f:32:
59:e6:9b:fc:cf:27:63:32:df:18:2f:df:ba:b1:3f:
1d:9b:34:f0:d6:56:2f:14:22:28:cb:e8:d0:df:61:
c0:53:81:28:f3:2c:73:c2:2c:57:65:2d:4c:08:43:
42:1b:61:a6:26:d7:47:e8:e5:43:93:cc:12:5a:77:
6e:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:1C:8C:84:4A:57:11:DE:89:F3:11:5B:2E:FF:CA:47:28:5A:A9:CC
X509v3 Authority Key Identifier:
keyid:F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/XByMhEpXEd6J8xFbLv_KRyhaqcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.44.214.0/24
86.105.182.0/24
91.194.110.0/24
IPv6:
2a0f:ea81::/32
2a0f:ea83::/32
Signature Algorithm: sha256WithRSAEncryption
a4:78:88:b7:d3:a4:5a:8f:7a:e8:09:f0:d4:c3:7d:2e:fe:a8:
af:fd:1e:51:5d:a9:4f:b4:2b:51:93:fa:dc:38:a1:0d:b0:db:
b7:f5:a5:8f:e1:84:85:a8:bc:96:35:03:39:d5:7d:ad:05:ea:
98:af:f1:16:b8:db:18:12:60:3f:1f:1b:90:e1:9f:24:d6:70:
11:6b:72:2a:e7:f8:a7:c3:8e:b9:64:ad:14:83:c0:e7:1e:79:
97:92:c9:7f:a3:55:6b:69:85:e9:63:2c:a4:52:67:32:4b:06:
4c:0e:c3:ba:a5:db:20:69:0e:94:db:55:64:24:72:10:3d:30:
ca:4f:8d:dd:d6:57:03:7f:14:b7:72:10:a2:62:64:a9:ec:1a:
51:83:70:af:bc:f2:cf:d5:35:86:15:0d:b3:b5:f3:ab:b0:0b:
34:8e:1a:ae:c0:cc:53:8b:f1:ea:9a:e4:55:a6:ce:43:69:04:
2d:15:47:61:3a:9d:d9:62:2e:bf:d5:eb:22:98:c7:e1:8e:91:
72:4f:4f:b0:cc:32:a0:2d:4b:47:95:f0:94:e2:ed:15:b2:d9:
75:ad:17:b0:2b:d8:26:83:e8:03:aa:fe:3e:67:00:17:10:6a:
e2:43:18:43:ae:45:60:94:41:ed:a7:58:d1:61:33:f4:34:de:
07:55:ba:55
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZmHx4AOJJcsXJJN4M/bgfc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2Y3M2IzZTQ1Zjc3MmZhZTFiOTE1NjkwYjMxNzM0NGMz
ZjQ0MmIwHhcNMjUwOTI2MjA0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFjOGM4NDRhNTcxMWRlODlmMzExNWIyZWZmY2E0NzI4NWFhOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT4Xhdp7CJQ69FenDs0RZO43Fa17
resZVSDXau/D26RHp0abhNLrqERiV+24MWe/hfAbEzoZZ5lnW4NSG06ZwEJnZjVu
M0302IKeYGPazqn/Lt5lGgs2IMcpX5Sf5ZkRagyS+YSQaCu9rDMsOJf0qVEc7jLH
L26qAfHlik2UkZaMvNJGR+mHrH6OZ8EbhS1a5A/0Xt3yth9ao33QZOUr1Joxdmyo
PqjQi3udBP9mGuNWow/nK81nlikZzRMU63M9DzJZ5pv8zydjMt8YL9+6sT8dmzTw
1lYvFCIoy+jQ32HAU4Eo8yxzwixXZS1MCENCG2GmJtdH6OVDk8wSWnduzwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFFwcjIRKVxHeifMRWy7/ykcoWqnMMB8GA1UdIwQY
MBaAFPXPc7PkX3cvrhuRVpCzFzRMP0QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQt
MWM2NTRlMDJkNzVkLzEvWEJ5TWhFcFhFZDZKOHhGYkx2X0tSeWhhcWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQtMWM2NTRlMDJkNzVk
LzEvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAJSzWAwQA
Vmm2AwQAW8JuMBQEAgACMA4DBQAqD+qBAwUAKg/qgzANBgkqhkiG9w0BAQsFAAOC
AQEApHiIt9OkWo966Anw1MN9Lv6or/0eUV2pT7QrUZP63DihDbDbt/Wlj+GEhai8
ljUDOdV9rQXqmK/xFrjbGBJgPx8bkOGfJNZwEWtyKuf4p8OOuWStFIPA5x55l5LJ
f6NVa2mF6WMspFJnMksGTA7DuqXbIGkOlNtVZCRyED0wyk+N3dZXA38Ut3IQomJk
qewaUYNwr7zyz9U1hhUNs7Xzq7ALNI4arsDMU4vx6prkVabOQ2kELRVHYTqd2WIu
v9XrIpjH4Y6Rck9PsMwyoC1LR5XwlOLtFbLZda0XsCvYJoPoA6r+PmcAFxBq4kMY
Q65FYJRB7adY0WEz9DTeB1W6VQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 18:13:11 2025 by rpki-client