Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xSn7ixxST4P6sLWhFGPF1kgNAlE.roa
File: xSn7ixxST4P6sLWhFGPF1kgNAlE.roa (raw, json)
Hash identifier: 6Zt2rctbn7D8+hho9smzj15xitIYg/ED9s7TTA4i/jk=
Subject key identifier: C5:29:FB:8B:1C:52:4F:83:FA:B0:B5:A1:14:63:C5:D6:48:0D:02:51
Certificate issuer: /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial: 019D2F302556AB52A1702E2FE4C58F22575C
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xSn7ixxST4P6sLWhFGPF1kgNAlE.roa
Signing time: Fri 27 Mar 2026 12:06:17 +0000
ROA not before: Fri 27 Mar 2026 12:06:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 51500
IP address blocks: 45.89.88.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 00:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2f:30:25:56:ab:52:a1:70:2e:2f:e4:c5:8f:22:57:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Validity
Not Before: Mar 27 12:06:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c529fb8b1c524f83fab0b5a11463c5d6480d0251
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:5d:6d:ab:98:88:fd:24:7b:52:b5:ab:6b:82:
9f:5f:24:4f:ee:e9:a7:79:5c:a5:e0:b5:83:89:cd:
2d:ed:b8:3c:e5:35:c8:1c:bc:9e:f4:97:cb:57:a5:
0d:a9:5a:c3:38:b6:51:6b:11:ba:88:10:d5:8d:1b:
ec:be:29:d1:23:11:b0:c8:a8:f7:61:18:fe:ef:a8:
06:d9:67:62:17:d8:b1:d9:1f:36:47:3e:20:5f:b0:
5d:62:d7:9c:5f:36:28:9d:02:14:56:78:ce:bf:82:
82:91:48:14:d4:02:cf:26:4d:9b:53:5a:4e:f7:20:
ab:ee:81:2f:f3:f7:1b:35:8b:e7:67:f9:17:d9:9b:
15:b4:c8:ac:4a:c3:31:5c:71:ac:db:18:96:77:3d:
1b:de:0a:0d:c0:17:6f:3b:fd:b2:57:7f:d5:f9:1b:
7d:ec:22:a2:15:78:b9:5c:b8:11:0e:74:91:54:4c:
54:7e:9c:0b:48:0b:5f:62:49:57:a8:d2:a9:c4:d1:
07:07:79:91:19:cb:b5:4a:42:fc:cd:92:1c:fb:a6:
a5:4e:6c:d9:8c:15:9d:db:f8:10:1b:91:0c:49:af:
1f:c7:7a:55:db:47:51:76:56:ed:a1:42:03:21:65:
38:69:7c:1f:41:a5:79:7d:f5:54:33:a3:6c:a9:95:
e5:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:29:FB:8B:1C:52:4F:83:FA:B0:B5:A1:14:63:C5:D6:48:0D:02:51
X509v3 Authority Key Identifier:
keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xSn7ixxST4P6sLWhFGPF1kgNAlE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.88.0/22
Signature Algorithm: sha256WithRSAEncryption
49:c9:10:4d:40:86:2a:9e:9c:17:31:5d:21:a6:f7:fe:f9:9e:
41:b1:3d:c3:48:bf:9c:5f:b5:5d:a0:d7:79:b5:4e:3d:72:ce:
cd:76:fe:69:1d:ca:d9:7a:2b:df:49:e8:ee:82:b5:27:8a:0d:
fd:25:c6:db:aa:90:5a:8a:4b:6c:27:fd:af:29:2c:87:b4:54:
89:7d:8b:23:4e:74:97:6d:ef:a4:e6:86:09:79:be:9d:53:55:
6c:30:b3:fe:50:67:5c:ae:71:a4:5e:55:c5:d2:66:27:0a:73:
b6:1b:1b:66:87:85:7e:e0:a9:34:41:16:61:82:9e:ac:8a:c1:
22:62:5c:e6:80:a9:de:f9:28:65:ae:4f:3a:c5:cd:eb:58:8a:
04:2c:d7:3a:6d:38:82:a2:5e:23:77:fb:33:c5:a1:38:dd:fe:
3d:6f:db:16:84:bb:be:b1:6b:48:c9:1a:d4:3a:0d:79:8d:de:
97:08:40:a3:47:59:f8:44:51:4c:2f:40:c1:ec:9a:c2:2a:6c:
41:c6:6b:49:10:36:05:16:b1:4c:8f:22:17:9a:25:be:22:ca:
77:dd:9e:9d:7b:f3:d9:f5:5f:da:53:c4:a6:00:67:24:80:9c:
e8:9e:89:1e:cd:90:b4:13:b1:a2:fb:a6:28:c0:a2:01:e7:35:
62:85:8b:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0vMCVWq1KhcC4v5MWPIldcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjYwMzI3MTIwNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTI5ZmI4YjFjNTI0ZjgzZmFiMGI1YTExNDYzYzVkNjQ4MGQwMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV1tq5iI/SR7UrWra4KfXyRP7umn
eVyl4LWDic0t7bg85TXIHLye9JfLV6UNqVrDOLZRaxG6iBDVjRvsvinRIxGwyKj3
YRj+76gG2WdiF9ix2R82Rz4gX7BdYtecXzYonQIUVnjOv4KCkUgU1ALPJk2bU1pO
9yCr7oEv8/cbNYvnZ/kX2ZsVtMisSsMxXHGs2xiWdz0b3goNwBdvO/2yV3/V+Rt9
7CKiFXi5XLgRDnSRVExUfpwLSAtfYklXqNKpxNEHB3mRGcu1SkL8zZIc+6alTmzZ
jBWd2/gQG5EMSa8fx3pV20dRdlbtoUIDIWU4aXwfQaV5ffVUM6NsqZXlawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUp+4scUk+D+rC1oRRjxdZIDQJRMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEveFNuN2l4eFNUNFA2c0xXaEZHUEYxa2dOQWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVlYMA0G
CSqGSIb3DQEBCwUAA4IBAQBJyRBNQIYqnpwXMV0hpvf++Z5BsT3DSL+cX7VdoNd5
tU49cs7Ndv5pHcrZeivfSejugrUnig39JcbbqpBaiktsJ/2vKSyHtFSJfYsjTnSX
be+k5oYJeb6dU1VsMLP+UGdcrnGkXlXF0mYnCnO2Gxtmh4V+4Kk0QRZhgp6sisEi
YlzmgKne+Shlrk86xc3rWIoELNc6bTiCol4jd/szxaE43f49b9sWhLu+sWtIyRrU
Og15jd6XCECjR1n4RFFML0DB7JrCKmxBxmtJEDYFFrFMjyIXmiW+Isp33Z6de/PZ
9V/aU8SmAGckgJzonokezZC0E7Gi+6YowKIB5zVihYu9
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:01:24 2026 by rpki-client