Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/XoD5monHymuGy1Qsjqo--gAIcWw.roa
File: XoD5monHymuGy1Qsjqo--gAIcWw.roa (raw, json)
Hash identifier: +Dou7IR1JaVQPjmO6dXn1dx2p04Xr2K0Po+ZdyqZpIE=
Subject key identifier: 5E:80:F9:9A:89:C7:CA:6B:86:CB:54:2C:8E:AA:3E:FA:00:08:71:6C
Certificate issuer: /CN=5157c87d111c8050fd5c9ac2b06be62323675033
Certificate serial: 019D95775BED9FA63EAFF73B9CDAC15827E0
Authority key identifier: 51:57:C8:7D:11:1C:80:50:FD:5C:9A:C2:B0:6B:E6:23:23:67:50:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/XoD5monHymuGy1Qsjqo--gAIcWw.roa
Signing time: Thu 16 Apr 2026 08:45:20 +0000
ROA not before: Thu 16 Apr 2026 08:45:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58082
IP address blocks: 109.233.128.0/21 maxlen: 24
109.233.128.0/22 maxlen: 24
109.233.132.0/22 maxlen: 24
2a01:9300::/32 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.crl
rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.mft
rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:95:77:5b:ed:9f:a6:3e:af:f7:3b:9c:da:c1:58:27:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5157c87d111c8050fd5c9ac2b06be62323675033
Validity
Not Before: Apr 16 08:45:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5e80f99a89c7ca6b86cb542c8eaa3efa0008716c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:48:6b:41:5a:31:e8:4a:70:b9:aa:1c:de:92:
69:64:49:e4:71:d8:1e:84:25:04:0f:bc:bb:cc:27:
81:25:99:32:e3:f0:78:d4:5f:e2:78:31:1c:1f:5a:
e4:8f:c1:30:14:41:5a:ba:56:80:26:ae:d8:d9:58:
78:ed:2b:14:2c:00:a9:0f:07:a8:da:5f:99:9f:44:
0b:45:70:23:62:48:ac:41:e0:da:f8:04:b2:14:31:
56:d7:72:72:cc:29:1b:03:d5:c4:3f:d8:f0:72:b1:
c5:2e:e1:87:c5:9a:e1:2f:ab:42:a8:cb:b0:b7:91:
9e:c3:d5:0c:27:c7:22:f2:4c:c0:03:29:aa:07:62:
05:41:d1:01:c8:68:09:33:9c:ee:60:42:e4:4e:57:
b3:88:10:25:e8:ae:8c:ad:6d:1c:7b:a1:e9:e6:5d:
48:39:c1:1e:fd:5f:fc:08:ef:42:09:d0:9f:d1:e2:
62:0d:c8:a3:f6:cd:07:e6:58:3d:93:a9:21:0b:05:
5c:74:ce:4b:b1:9c:c4:c2:23:45:11:d7:55:0b:12:
bf:c7:e1:92:e6:25:c8:01:18:6a:9e:7d:e2:3f:ec:
27:54:cc:c4:93:37:bd:de:fd:ae:71:83:a6:2d:67:
24:2b:9c:1c:da:59:88:37:20:31:03:95:bf:95:ac:
44:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:80:F9:9A:89:C7:CA:6B:86:CB:54:2C:8E:AA:3E:FA:00:08:71:6C
X509v3 Authority Key Identifier:
keyid:51:57:C8:7D:11:1C:80:50:FD:5C:9A:C2:B0:6B:E6:23:23:67:50:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/XoD5monHymuGy1Qsjqo--gAIcWw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.233.128.0/21
IPv6:
2a01:9300::/32
Signature Algorithm: sha256WithRSAEncryption
d6:e4:84:28:6f:84:2a:0b:45:d7:50:d0:01:bf:77:c9:b5:38:
90:d6:b5:f7:fd:9c:0c:84:cc:a3:57:21:44:9b:5d:2b:19:2e:
74:ff:d8:72:0b:6c:43:d7:e7:cc:c9:80:66:7d:49:8a:71:26:
03:3b:ca:0a:dd:9c:69:4a:8d:85:7c:f1:10:36:9a:8d:3c:d7:
e1:5d:e6:5d:08:37:02:36:88:6b:5b:71:3e:ff:c3:3c:fb:95:
d4:5d:8a:f7:7a:61:52:9d:c5:a8:d7:b6:a9:e7:d4:d0:cb:5d:
35:ec:7e:50:54:4a:56:3a:49:39:86:f2:1f:99:42:87:c1:81:
35:16:b2:f5:05:f2:62:25:9c:7a:8a:d9:10:93:f3:06:6f:60:
ac:48:bf:53:4f:8b:7f:2c:bd:f8:d9:07:ca:09:06:a3:cd:36:
0f:22:76:9a:3a:39:c8:f8:a3:5a:2e:c6:ad:93:1b:1d:54:09:
a8:21:19:3e:c7:14:17:90:19:6c:9b:9c:12:ed:be:10:ce:3f:
7c:25:47:75:f2:4b:87:6f:f2:9b:4b:3e:23:fb:b9:96:13:15:
09:58:f8:22:0d:ab:81:35:fe:03:76:b8:c3:b9:1f:2c:53:f7:
b6:a6:12:ec:ec:cc:95:39:4a:b9:cb:40:be:b0:36:7e:a9:bb:
69:0f:b5:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2Vd1vtn6Y+r/c7nNrBWCfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNTdjODdkMTExYzgwNTBmZDVjOWFjMmIwNmJlNjIzMjM2
NzUwMzMwHhcNMjYwNDE2MDg0NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgwZjk5YTg5YzdjYTZiODZjYjU0MmM4ZWFhM2VmYTAwMDg3MTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0hrQVox6Epwuaoc3pJpZEnkcdge
hCUED7y7zCeBJZky4/B41F/ieDEcH1rkj8EwFEFaulaAJq7Y2Vh47SsULACpDweo
2l+Zn0QLRXAjYkisQeDa+ASyFDFW13JyzCkbA9XEP9jwcrHFLuGHxZrhL6tCqMuw
t5Gew9UMJ8ci8kzAAymqB2IFQdEByGgJM5zuYELkTleziBAl6K6MrW0ce6Hp5l1I
OcEe/V/8CO9CCdCf0eJiDcij9s0H5lg9k6khCwVcdM5LsZzEwiNFEddVCxK/x+GS
5iXIARhqnn3iP+wnVMzEkze93v2ucYOmLWckK5wc2lmINyAxA5W/laxE+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF6A+ZqJx8prhstULI6qPvoACHFsMB8GA1UdIwQY
MBaAFFFXyH0RHIBQ/VyawrBr5iMjZ1AzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVZmSWZSRWNnRkQ5WEpyQ3NHdm1JeU5uVURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80ZTdiNWMtMjkwNi00NzhhLThlZjAt
ZDI5NzAxNDg3NTM2LzEvWG9ENW1vbkh5bXVHeTFRc2pxby0tZ0FJY1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80ZTdiNWMtMjkwNi00NzhhLThlZjAtZDI5NzAxNDg3NTM2
LzEvVVZmSWZSRWNnRkQ5WEpyQ3NHdm1JeU5uVURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbemAMA0E
AgACMAcDBQAqAZMAMA0GCSqGSIb3DQEBCwUAA4IBAQDW5IQob4QqC0XXUNABv3fJ
tTiQ1rX3/ZwMhMyjVyFEm10rGS50/9hyC2xD1+fMyYBmfUmKcSYDO8oK3ZxpSo2F
fPEQNpqNPNfhXeZdCDcCNohrW3E+/8M8+5XUXYr3emFSncWo17ap59TQy1017H5Q
VEpWOkk5hvIfmUKHwYE1FrL1BfJiJZx6itkQk/MGb2CsSL9TT4t/LL342QfKCQaj
zTYPInaaOjnI+KNaLsatkxsdVAmoIRk+xxQXkBlsm5wS7b4Qzj98JUd18kuHb/Kb
Sz4j+7mWExUJWPgiDauBNf4DdrjDuR8sU/e2phLs7MyVOUq5y0C+sDZ+qbtpD7Up
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:50:19 2026 by rpki-client