Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X2fITaUTJddMiM_9RlJAuuAEhM0.roa
File: X2fITaUTJddMiM_9RlJAuuAEhM0.roa (raw, json)
Hash identifier: Ad+Dn2PWNm883D2CoUV6mepRe5PZ/oHO8/jWcdHrnDs=
Subject key identifier: 5F:67:C8:4D:A5:13:25:D7:4C:88:CF:FD:46:52:40:BA:E0:04:84:CD
Certificate issuer: /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial: 019A4E1755258D247DB1FC4C85C76A6F86C3
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X2fITaUTJddMiM_9RlJAuuAEhM0.roa
Signing time: Tue 04 Nov 2025 08:59:03 +0000
ROA not before: Tue 04 Nov 2025 08:59:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48314
IP address blocks: 5.175.233.0/24 maxlen: 24
5.231.115.0/24 maxlen: 24
77.90.0.0/24 maxlen: 24
77.90.2.0/24 maxlen: 24
77.90.8.0/24 maxlen: 24
77.90.13.0/24 maxlen: 24
77.90.18.0/24 maxlen: 24
77.90.51.0/24 maxlen: 24
94.249.189.0/24 maxlen: 24
94.249.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 17:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:17:55:25:8d:24:7d:b1:fc:4c:85:c7:6a:6f:86:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
Validity
Not Before: Nov 4 08:59:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f67c84da51325d74c88cffd465240bae00484cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:a8:93:70:c6:22:6e:cb:8b:46:c4:5b:f4:09:
4b:12:97:ba:df:f6:ba:fb:33:11:25:6e:38:c7:c7:
29:08:96:84:62:1b:a6:23:1b:a6:ba:10:0c:a3:da:
10:85:00:28:da:80:c6:07:70:a3:cf:df:b4:b9:24:
10:04:75:18:b2:6a:31:fb:e9:c4:a0:0e:f2:11:57:
80:99:f2:b5:83:62:15:ea:1f:80:81:3a:dc:27:cc:
50:4e:72:cd:7e:c4:54:f3:ee:c9:34:2b:10:79:b8:
ae:8d:37:57:aa:05:2b:3e:c0:a3:c1:7a:14:34:d8:
5f:5f:16:40:ae:f2:94:89:9e:5b:97:7a:89:5b:de:
d8:f3:e9:03:63:61:eb:28:6f:22:80:75:62:2a:72:
45:51:64:ac:00:9a:55:88:ae:da:a0:4c:5c:e3:e0:
82:ed:bf:de:1d:95:13:eb:95:ae:42:b7:48:93:16:
1b:bb:3f:4a:72:5d:90:49:d1:aa:4d:70:ff:ed:54:
a7:96:14:60:55:71:21:f4:37:76:d3:9d:5d:6a:f6:
b6:7d:a6:8c:d7:3e:8b:9a:97:1c:94:88:97:73:3c:
65:b7:aa:f5:60:e2:0f:f7:d9:8f:fd:51:82:77:43:
9b:61:c4:b0:24:ac:3a:79:c1:71:e8:22:65:d7:c5:
77:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:67:C8:4D:A5:13:25:D7:4C:88:CF:FD:46:52:40:BA:E0:04:84:CD
X509v3 Authority Key Identifier:
keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X2fITaUTJddMiM_9RlJAuuAEhM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.175.233.0/24
5.231.115.0/24
77.90.0.0/24
77.90.2.0/24
77.90.8.0/24
77.90.13.0/24
77.90.18.0/24
77.90.51.0/24
94.249.189.0/24
94.249.193.0/24
Signature Algorithm: sha256WithRSAEncryption
08:4e:bc:57:a3:45:dc:e3:c3:ad:94:fd:1a:b1:c0:d3:80:26:
c4:65:88:b6:a4:fb:8c:fd:0d:28:4a:8e:23:9b:93:70:3c:77:
d9:d0:11:f9:e3:d6:b1:dc:59:82:f9:da:8e:6d:60:42:89:2d:
e6:df:70:9b:53:c6:c1:f5:6d:fc:50:39:b8:b5:93:53:36:06:
b3:3b:1d:22:fb:c4:79:11:da:63:3c:84:93:4b:e9:6f:c7:d0:
c4:1f:09:49:d2:cd:b6:5f:78:35:d1:e3:4b:49:88:c8:21:62:
05:92:00:88:50:ed:09:85:7e:1c:f1:a8:08:cc:fa:08:5b:5a:
2d:c9:a0:39:d6:9c:c2:15:3e:7e:c5:4e:06:56:de:7b:25:8c:
bb:6b:4b:d4:10:39:2f:6b:0c:04:18:6c:ba:37:30:a0:43:89:
13:c8:f8:55:db:f0:0c:2d:d7:4b:fc:ee:64:ff:29:80:16:d9:
a4:81:e5:31:37:7d:81:98:a7:dc:f3:81:2e:03:a7:bb:ed:51:
79:c0:11:2a:18:73:d3:68:1e:4a:04:b4:ec:3b:a0:45:78:04:
ad:d7:0d:4e:8d:fe:0c:77:fc:9c:7b:9a:32:8d:59:79:f0:48:
af:4a:b2:8d:1b:41:73:29:17:91:e8:5a:20:1e:54:77:2c:16:
55:34:08:5c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZpOF1UljSR9sfxMhcdqb4bDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTA0MDg1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY3Yzg0ZGE1MTMyNWQ3NGM4OGNmZmQ0NjUyNDBiYWUwMDQ4NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaiTcMYibsuLRsRb9AlLEpe63/a6
+zMRJW44x8cpCJaEYhumIxumuhAMo9oQhQAo2oDGB3Cjz9+0uSQQBHUYsmox++nE
oA7yEVeAmfK1g2IV6h+AgTrcJ8xQTnLNfsRU8+7JNCsQebiujTdXqgUrPsCjwXoU
NNhfXxZArvKUiZ5bl3qJW97Y8+kDY2HrKG8igHViKnJFUWSsAJpViK7aoExc4+CC
7b/eHZUT65WuQrdIkxYbuz9Kcl2QSdGqTXD/7VSnlhRgVXEh9Dd2051dava2faaM
1z6LmpcclIiXczxlt6r1YOIP99mP/VGCd0ObYcSwJKw6ecFx6CJl18V3gwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFF9nyE2lEyXXTIjP/UZSQLrgBITNMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWDJmSVRhVVRKZGRNaU1fOVJsSkF1dUFFaE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABa/pAwQA
BedzAwQATVoAAwQATVoCAwQATVoIAwQATVoNAwQATVoSAwQATVozAwQAXvm9AwQA
XvnBMA0GCSqGSIb3DQEBCwUAA4IBAQAITrxXo0Xc48OtlP0ascDTgCbEZYi2pPuM
/Q0oSo4jm5NwPHfZ0BH549ax3FmC+dqObWBCiS3m33CbU8bB9W38UDm4tZNTNgaz
Ox0i+8R5EdpjPISTS+lvx9DEHwlJ0s22X3g10eNLSYjIIWIFkgCIUO0JhX4c8agI
zPoIW1otyaA51pzCFT5+xU4GVt57JYy7a0vUEDkvawwEGGy6NzCgQ4kTyPhV2/AM
LddL/O5k/ymAFtmkgeUxN32BmKfc84EuA6e77VF5wBEqGHPTaB5KBLTsO6BFeASt
1w1Ojf4Md/yce5oyjVl58EivSrKNG0FzKReR6FogHlR3LBZVNAhc
-----END CERTIFICATE-----
Generated at Wed Nov 5 01:44:45 2025 by rpki-client