Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/XJkwKQw1uwsNaMGPHoEZmHJ7ln0.roa
File: XJkwKQw1uwsNaMGPHoEZmHJ7ln0.roa (raw, json)
Hash identifier: 4mMJPUkmp2WBHWIYLKvvJ35kZmLlEY53pxDsemE3rMA=
Subject key identifier: 5C:99:30:29:0C:35:BB:0B:0D:68:C1:8F:1E:81:19:98:72:7B:96:7D
Certificate issuer: /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial: 019D2B2EC376A023F15053CCB2E28F76A17A
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/XJkwKQw1uwsNaMGPHoEZmHJ7ln0.roa
Signing time: Thu 26 Mar 2026 17:26:18 +0000
ROA not before: Thu 26 Mar 2026 17:26:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203963
IP address blocks: 91.228.12.0/24 maxlen: 24
91.228.14.0/24 maxlen: 24
91.228.15.0/24 maxlen: 24
94.154.37.0/24 maxlen: 24
94.154.38.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 02:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2b:2e:c3:76:a0:23:f1:50:53:cc:b2:e2:8f:76:a1:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Validity
Not Before: Mar 26 17:26:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5c9930290c35bb0b0d68c18f1e811998727b967d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:53:fa:af:d7:ca:bc:60:5c:ab:b6:cd:45:ae:
d9:56:7b:04:ec:2b:7f:34:81:b8:e4:a8:38:bc:88:
18:76:2c:2f:40:25:59:d4:e5:7d:ca:61:ff:bf:f8:
bb:4e:e0:98:92:9f:6e:61:ea:53:52:28:d9:66:09:
3f:94:61:8e:ab:63:97:d9:96:33:61:90:ed:bf:a9:
54:3c:a1:da:46:df:04:c2:a6:73:58:6f:9d:fc:a4:
6f:7d:28:44:9d:e7:c2:20:81:21:f6:1b:55:1e:07:
37:d3:b0:dc:4d:ed:48:9c:33:09:5b:3a:27:58:c2:
6d:c5:c1:fd:5f:8a:de:f0:92:46:46:57:50:3b:de:
3c:92:18:7c:f5:03:4a:54:2c:e4:cc:7f:82:de:9c:
33:3b:4d:50:d7:4b:72:9e:2b:85:1c:50:85:52:3e:
df:6e:6e:e3:b5:4b:33:a7:99:03:d1:ae:40:dc:f2:
84:59:fc:cf:45:e3:48:03:dc:d3:53:52:76:63:4e:
7a:e6:1a:cf:a8:c8:98:82:c2:10:a5:5b:b5:bd:bd:
da:93:4b:f7:55:69:7b:12:9b:e8:d7:7e:4f:12:db:
cf:7c:d1:35:b8:e3:8b:d7:53:55:af:97:d7:bb:49:
b5:95:73:83:4d:4c:d6:8b:3b:71:86:4a:60:ed:fd:
4a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:99:30:29:0C:35:BB:0B:0D:68:C1:8F:1E:81:19:98:72:7B:96:7D
X509v3 Authority Key Identifier:
keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/XJkwKQw1uwsNaMGPHoEZmHJ7ln0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.12.0/24
91.228.14.0/23
94.154.37.0-94.154.38.255
Signature Algorithm: sha256WithRSAEncryption
32:06:cc:62:d7:78:5e:9e:cf:7c:6f:0e:f1:62:3a:15:78:f4:
00:c3:7b:29:12:cf:2d:e6:1c:9d:be:98:e2:55:28:31:ff:27:
ca:e5:52:25:cd:e5:0e:2c:81:b9:56:30:09:ea:ae:4b:f8:e0:
50:c5:ba:cd:a0:02:5a:f0:1a:02:e4:e4:46:d2:64:6c:d5:88:
bf:85:04:cf:de:de:e0:87:ef:a9:1b:e6:e5:ad:6e:35:f6:63:
8f:84:6b:98:6b:1a:e4:1f:91:78:c6:55:19:42:b3:50:07:4d:
26:a9:60:73:13:0c:46:2e:62:5b:ef:5c:b2:c5:c1:49:b2:a0:
dd:14:c5:f6:6d:d0:72:c8:3e:69:00:0a:01:5c:82:20:11:35:
7d:1b:83:da:4e:5e:3f:93:85:6f:32:57:57:09:ea:c1:a2:2f:
ae:72:dc:96:54:84:de:d4:bd:e5:1b:97:79:35:3a:a2:5b:9c:
d6:70:75:54:1e:d3:9c:f0:c0:2a:3d:03:26:e7:8e:80:63:c3:
27:f0:9e:49:77:c2:be:31:96:5f:92:a1:da:96:4f:97:0b:53:
fa:51:ba:3a:f6:3c:ce:97:32:58:9b:b7:7d:ea:5c:3e:27:e2:
02:2a:57:97:fb:0f:cd:83:34:23:f7:50:51:07:1f:5a:58:9a:
9d:90:c9:3e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ0rLsN2oCPxUFPMsuKPdqF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjYwMzI2MTcyNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk5MzAyOTBjMzViYjBiMGQ2OGMxOGYxZTgxMTk5ODcyN2I5NjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVP6r9fKvGBcq7bNRa7ZVnsE7Ct/
NIG45Kg4vIgYdiwvQCVZ1OV9ymH/v/i7TuCYkp9uYepTUijZZgk/lGGOq2OX2ZYz
YZDtv6lUPKHaRt8EwqZzWG+d/KRvfShEnefCIIEh9htVHgc307DcTe1InDMJWzon
WMJtxcH9X4re8JJGRldQO948khh89QNKVCzkzH+C3pwzO01Q10tyniuFHFCFUj7f
bm7jtUszp5kD0a5A3PKEWfzPReNIA9zTU1J2Y0565hrPqMiYgsIQpVu1vb3ak0v3
VWl7Epvo135PEtvPfNE1uOOL11NVr5fXu0m1lXODTUzWiztxhkpg7f1KhwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFyZMCkMNbsLDWjBjx6BGZhye5Z9MB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvWEprd0tRdzF1d3NOYU1HUEhvRVptSEo3bG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAW+QMAwQB
W+QOMAwDBABemiUDBABemiYwDQYJKoZIhvcNAQELBQADggEBADIGzGLXeF6ez3xv
DvFiOhV49ADDeykSzy3mHJ2+mOJVKDH/J8rlUiXN5Q4sgblWMAnqrkv44FDFus2g
AlrwGgLk5EbSZGzViL+FBM/e3uCH76kb5uWtbjX2Y4+Ea5hrGuQfkXjGVRlCs1AH
TSapYHMTDEYuYlvvXLLFwUmyoN0UxfZt0HLIPmkACgFcgiARNX0bg9pOXj+ThW8y
V1cJ6sGiL65y3JZUhN7UveUbl3k1OqJbnNZwdVQe05zwwCo9AybnjoBjwyfwnkl3
wr4xll+SodqWT5cLU/pRujr2PM6XMlibt33qXD4n4gIqV5f7D82DNCP3UFEHH1pY
mp2QyT4=
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:25:41 2026 by rpki-client