Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/xwOmHY94ffmWcpPf6KqXYjilQDE.roa
File: xwOmHY94ffmWcpPf6KqXYjilQDE.roa (raw, json)
Hash identifier: XM6OGxdr30fmSiTDSkJNnhkS4Ouwvsq+nWxnRyN80J8=
Subject key identifier: C7:03:A6:1D:8F:78:7D:F9:96:72:93:DF:E8:AA:97:62:38:A5:40:31
Certificate issuer: /CN=4f617d6b03e2fe5f8911cbeb5fae2dca3bd6677f
Certificate serial: 019B7BA4EAAC526AE598466D468633BF7DC4
Authority key identifier: 4F:61:7D:6B:03:E2:FE:5F:89:11:CB:EB:5F:AE:2D:CA:3B:D6:67:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T2F9awPi_l-JEcvrX64tyjvWZ38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/xwOmHY94ffmWcpPf6KqXYjilQDE.roa
Signing time: Thu 01 Jan 2026 22:19:24 +0000
ROA not before: Thu 01 Jan 2026 22:19:24 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 44034
IP address blocks: 2.64.0.0/13 maxlen: 13
37.250.0.0/16 maxlen: 16
77.241.128.0/20 maxlen: 20
77.241.128.0/21 maxlen: 21
78.156.192.0/19 maxlen: 19
79.138.128.0/17 maxlen: 17
80.251.192.0/20 maxlen: 20
80.251.202.128/25 maxlen: 25
94.191.128.0/17 maxlen: 17
95.209.0.0/16 maxlen: 16
109.56.0.0/14 maxlen: 14
212.27.0.0/19 maxlen: 19
2a02:aa0::/29 maxlen: 32
2a02:aa0::/30 maxlen: 30
2a02:aa4::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/T2F9awPi_l-JEcvrX64tyjvWZ38.crl
rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/T2F9awPi_l-JEcvrX64tyjvWZ38.mft
rsync://rpki.ripe.net/repository/DEFAULT/T2F9awPi_l-JEcvrX64tyjvWZ38.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a4:ea:ac:52:6a:e5:98:46:6d:46:86:33:bf:7d:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f617d6b03e2fe5f8911cbeb5fae2dca3bd6677f
Validity
Not Before: Jan 1 22:19:24 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c703a61d8f787df9967293dfe8aa976238a54031
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:7b:a3:35:9c:46:e9:2a:11:3f:94:ee:1a:9c:
6b:0c:a4:63:e9:5a:70:8a:72:8b:22:b3:ab:8c:d7:
d9:d6:88:54:5f:93:31:82:4b:cf:13:72:04:0d:dd:
2e:7f:37:72:dd:c9:ea:13:90:eb:e6:4a:9d:6d:7d:
4b:70:ee:07:e1:97:1f:99:37:9c:ad:56:f0:13:40:
b3:06:86:36:ca:ae:38:95:07:4e:a7:31:1a:55:b0:
3f:e3:fd:b9:e4:b3:ff:a5:41:80:3a:c9:98:7d:b4:
55:95:1c:ef:89:39:68:82:d2:a1:d3:84:f2:ad:58:
84:2f:f3:c6:c2:b8:a8:8d:64:f6:0b:dd:f5:f8:13:
81:13:73:3b:b2:21:4c:2e:d2:48:81:79:22:e7:81:
d7:bc:0a:ce:da:07:15:95:ea:46:9a:4c:43:db:32:
c1:c6:3b:f1:0f:8f:c8:14:2f:f2:a2:a2:2c:a7:6d:
ed:f4:eb:fe:bf:b1:3f:bd:3a:ab:77:bd:79:38:0b:
4a:82:d9:d3:de:db:4b:f9:9b:a4:ef:06:84:a1:52:
d9:b9:29:50:8e:fd:02:30:4c:5b:23:11:c1:24:1d:
dc:36:0b:4f:3b:e1:e3:08:c0:bb:89:5b:29:7d:57:
83:6d:bd:58:18:f0:eb:3d:24:12:22:d5:c9:81:cd:
a9:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:03:A6:1D:8F:78:7D:F9:96:72:93:DF:E8:AA:97:62:38:A5:40:31
X509v3 Authority Key Identifier:
keyid:4F:61:7D:6B:03:E2:FE:5F:89:11:CB:EB:5F:AE:2D:CA:3B:D6:67:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T2F9awPi_l-JEcvrX64tyjvWZ38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/xwOmHY94ffmWcpPf6KqXYjilQDE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/T2F9awPi_l-JEcvrX64tyjvWZ38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.64.0.0/13
37.250.0.0/16
77.241.128.0/20
78.156.192.0/19
79.138.128.0/17
80.251.192.0/20
94.191.128.0/17
95.209.0.0/16
109.56.0.0/14
212.27.0.0/19
IPv6:
2a02:aa0::/29
Signature Algorithm: sha256WithRSAEncryption
16:bf:51:98:4d:d0:fd:fb:63:cb:4a:98:a6:e9:18:6b:ef:9c:
58:ee:72:0a:16:08:01:59:01:95:8f:cc:95:ba:08:33:68:3e:
7c:4b:d4:6b:8b:7b:9d:2b:17:5b:d4:98:ba:3d:5e:68:48:13:
d8:db:19:c5:09:8d:66:cd:54:5f:4d:9e:c1:ea:fa:09:16:25:
13:d6:a7:41:21:9b:ce:7f:0c:5e:17:44:5f:f4:42:f4:6a:aa:
48:16:4f:25:45:53:df:7e:bf:b3:fa:01:06:b1:cd:a6:bb:34:
b6:56:4f:35:90:92:2a:d4:17:a9:08:c2:e1:ea:24:e8:5c:7f:
a8:df:58:5c:e5:86:5d:1f:5c:d1:62:07:fb:31:25:3a:ca:01:
6a:7a:91:c5:f4:a2:6a:46:2a:e9:e6:73:b1:ff:53:3a:48:2d:
85:6f:0d:8e:b0:ba:52:59:40:d8:93:d2:8d:05:92:d5:a0:c9:
88:3b:e9:21:1e:52:00:1f:93:5c:da:2f:04:80:81:fd:16:07:
89:55:1f:86:20:e5:c1:17:2b:7e:9b:f9:b2:5c:5d:e4:dd:2b:
a8:03:1e:c8:df:a4:a6:6d:15:0a:bd:80:c7:84:2a:28:28:01:
a1:3b:38:93:37:8c:31:17:4d:b8:8e:ff:71:ce:d1:8c:47:a2:
59:1b:4c:b5
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZt7pOqsUmrlmEZtRoYzv33EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNjE3ZDZiMDNlMmZlNWY4OTExY2JlYjVmYWUyZGNhM2Jk
NjY3N2YwHhcNMjYwMTAxMjIxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzAzYTYxZDhmNzg3ZGY5OTY3MjkzZGZlOGFhOTc2MjM4YTU0MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnujNZxG6SoRP5TuGpxrDKRj6Vpw
inKLIrOrjNfZ1ohUX5MxgkvPE3IEDd0ufzdy3cnqE5Dr5kqdbX1LcO4H4ZcfmTec
rVbwE0CzBoY2yq44lQdOpzEaVbA/4/255LP/pUGAOsmYfbRVlRzviTlogtKh04Ty
rViEL/PGwriojWT2C931+BOBE3M7siFMLtJIgXki54HXvArO2gcVlepGmkxD2zLB
xjvxD4/IFC/yoqIsp23t9Ov+v7E/vTqrd715OAtKgtnT3ttL+Zuk7waEoVLZuSlQ
jv0CMExbIxHBJB3cNgtPO+HjCMC7iVspfVeDbb1YGPDrPSQSItXJgc2pawIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMcDph2PeH35lnKT3+iql2I4pUAxMB8GA1UdIwQY
MBaAFE9hfWsD4v5fiRHL61+uLco71md/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDJGOWF3UGlfbC1KRWN2clg2NHR5anZXWjM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xYjEyNzItODNjMS00ODY0LTljZDMt
MDI3YzdmN2RjNmQ1LzEveHdPbUhZOTRmZm1XY3BQZjZLcVhZamlsUURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xYjEyNzItODNjMS00ODY0LTljZDMtMDI3YzdmN2RjNmQ1
LzEvVDJGOWF3UGlfbC1KRWN2clg2NHR5anZXWjM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwMDAkADAwAl
+gMEBE3xgAMEBU6cwAMEB0+KgAMEBFD7wAMEB16/gAMDAF/RAwMCbTgDBAXUGwAw
DQQCAAIwBwMFAyoCCqAwDQYJKoZIhvcNAQELBQADggEBABa/UZhN0P37Y8tKmKbp
GGvvnFjucgoWCAFZAZWPzJW6CDNoPnxL1GuLe50rF1vUmLo9XmhIE9jbGcUJjWbN
VF9NnsHq+gkWJRPWp0Ehm85/DF4XRF/0QvRqqkgWTyVFU99+v7P6AQaxzaa7NLZW
TzWQkirUF6kIwuHqJOhcf6jfWFzlhl0fXNFiB/sxJTrKAWp6kcX0ompGKunmc7H/
UzpILYVvDY6wulJZQNiT0o0FktWgyYg76SEeUgAfk1zaLwSAgf0WB4lVH4Yg5cEX
K36b+bJcXeTdK6gDHsjfpKZtFQq9gMeEKigoAaE7OJM3jDEXTbiO/3HO0YxHolkb
TLU=
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:03:12 2026 by rpki-client