Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/xzHa0sSob7avUhmZAKHArZaPoGs.roa
File: xzHa0sSob7avUhmZAKHArZaPoGs.roa (raw, json)
Hash identifier: T9wW3p6GuWmjcvanTN/1Iwt9mSVZHM51FI5kv5kY1Z4=
Subject key identifier: C7:31:DA:D2:C4:A8:6F:B6:AF:52:19:99:00:A1:C0:AD:96:8F:A0:6B
Certificate issuer: /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial: 019D76919CAFCC0E9D21DA6F2AADB88395D8
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/xzHa0sSob7avUhmZAKHArZaPoGs.roa
Signing time: Fri 10 Apr 2026 08:45:47 +0000
ROA not before: Fri 10 Apr 2026 08:45:47 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 41079
IP address blocks: 91.199.22.0/24 maxlen: 24
91.228.196.0/22 maxlen: 24
91.234.146.0/24 maxlen: 24
91.237.52.0/24 maxlen: 24
91.239.66.0/23 maxlen: 24
178.250.40.0/21 maxlen: 24
185.5.96.0/22 maxlen: 24
185.25.148.0/22 maxlen: 24
185.123.160.0/22 maxlen: 24
185.140.120.0/22 maxlen: 22
185.180.204.0/22 maxlen: 24
185.193.112.0/22 maxlen: 24
185.201.112.0/22 maxlen: 24
185.204.216.0/22 maxlen: 24
185.208.164.0/24 maxlen: 24
185.243.52.0/22 maxlen: 24
193.17.184.0/24 maxlen: 24
193.218.152.0/22 maxlen: 24
195.2.254.0/23 maxlen: 24
195.78.66.0/23 maxlen: 24
195.114.0.0/23 maxlen: 24
195.242.116.0/23 maxlen: 24
2a02:1778::/32 maxlen: 32
2a02:1778::/48 maxlen: 64
2a02:1778:194::/48 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:76:91:9c:af:cc:0e:9d:21:da:6f:2a:ad:b8:83:95:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
Validity
Not Before: Apr 10 08:45:47 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c731dad2c4a86fb6af52199900a1c0ad968fa06b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ec:31:42:ce:5d:dd:06:c7:0f:d0:5d:0e:8e:
30:e6:c6:a9:5d:0f:0b:96:7c:bd:fc:07:6b:24:29:
6d:86:5c:40:76:85:a5:9f:82:6b:c5:e2:68:b5:5b:
f0:d9:bb:c5:51:da:d2:fb:5d:c7:37:e2:bf:f1:4c:
69:73:ca:66:c5:97:8b:17:a6:84:1e:9c:57:65:5e:
28:f9:6d:b4:23:78:20:20:1a:a3:8b:98:74:42:78:
0d:38:d7:76:cf:75:8f:16:3a:53:67:73:b3:5c:ea:
d3:1a:fd:6d:29:63:7b:5d:58:31:e6:11:e6:d6:6c:
ee:a6:53:71:d9:bd:66:4a:99:f4:1b:c7:da:c1:db:
af:ef:b5:55:86:89:1d:75:1c:1e:d9:fd:d4:92:f3:
5d:3c:e0:fb:2f:0c:eb:cb:34:84:a5:56:1f:0c:7d:
28:27:3a:b3:27:95:e1:3b:8a:84:04:aa:38:e7:d8:
99:21:07:1b:f1:da:4a:9f:6f:40:be:c3:4a:52:5d:
df:38:90:13:57:21:39:73:17:8d:5e:8f:7d:57:a0:
7d:70:fd:ec:e2:b4:23:ff:67:ef:c8:89:8a:4b:b6:
35:f5:6d:7f:5a:8e:65:95:42:7d:17:c8:18:7c:6a:
3c:cc:2e:50:7a:e9:b1:0a:8c:68:79:ad:c5:2f:d8:
39:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:31:DA:D2:C4:A8:6F:B6:AF:52:19:99:00:A1:C0:AD:96:8F:A0:6B
X509v3 Authority Key Identifier:
keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/xzHa0sSob7avUhmZAKHArZaPoGs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.22.0/24
91.228.196.0/22
91.234.146.0/24
91.237.52.0/24
91.239.66.0/23
178.250.40.0/21
185.5.96.0/22
185.25.148.0/22
185.123.160.0/22
185.140.120.0/22
185.180.204.0/22
185.193.112.0/22
185.201.112.0/22
185.204.216.0/22
185.208.164.0/24
185.243.52.0/22
193.17.184.0/24
193.218.152.0/22
195.2.254.0/23
195.78.66.0/23
195.114.0.0/23
195.242.116.0/23
IPv6:
2a02:1778::/32
Signature Algorithm: sha256WithRSAEncryption
3b:54:f7:ab:f6:14:b1:89:d3:8e:58:0d:de:5f:56:f7:0d:5b:
5b:ed:42:d7:e8:56:4d:7e:b5:92:42:72:b0:4d:d1:eb:94:aa:
2d:fe:11:63:f9:54:88:17:a5:67:88:b6:db:51:26:ff:ab:18:
2c:76:09:1a:3a:46:78:59:6a:32:06:16:95:44:ad:03:96:6c:
b8:bd:9e:95:ed:0f:61:57:c8:fa:c0:9b:3b:90:f1:43:72:be:
c7:53:9f:9f:04:6f:d7:6d:de:7e:4f:ba:02:fe:d2:e3:89:d3:
62:60:53:27:4b:23:8d:30:cc:d0:b9:fe:86:4d:8b:0d:3f:47:
ad:82:97:3d:0f:ef:72:10:4a:a0:6f:ab:53:83:20:8d:8e:db:
8a:66:4c:7e:5f:5e:55:53:ee:07:02:45:6b:f3:b0:ba:a5:5a:
38:40:e2:f4:fe:41:ae:94:67:fd:a1:71:b2:06:8a:fe:01:f2:
33:b9:c8:57:78:6e:41:c2:a3:56:fb:99:d1:3a:f1:b0:cf:1d:
0a:e9:90:2a:81:52:6b:e0:a1:c2:e7:30:ae:51:7f:7f:31:ac:
1c:16:76:2c:5c:3d:95:21:b2:2b:56:70:e3:bc:b7:2d:6d:e2:
31:2d:d5:7e:c0:1d:1c:fd:46:96:33:1a:f0:c5:39:16:ff:8e:
40:05:c8:80
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZ12kZyvzA6dIdpvKq24g5XYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjYwNDEwMDg0NTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzMxZGFkMmM0YTg2ZmI2YWY1MjE5OTkwMGExYzBhZDk2OGZhMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOwxQs5d3QbHD9BdDo4w5sapXQ8L
lny9/AdrJClthlxAdoWln4JrxeJotVvw2bvFUdrS+13HN+K/8Uxpc8pmxZeLF6aE
HpxXZV4o+W20I3ggIBqji5h0QngNONd2z3WPFjpTZ3OzXOrTGv1tKWN7XVgx5hHm
1mzuplNx2b1mSpn0G8fawduv77VVhokddRwe2f3UkvNdPOD7LwzryzSEpVYfDH0o
JzqzJ5XhO4qEBKo459iZIQcb8dpKn29AvsNKUl3fOJATVyE5cxeNXo99V6B9cP3s
4rQj/2fvyImKS7Y19W1/Wo5llUJ9F8gYfGo8zC5QeumxCoxoea3FL9g53wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFMcx2tLEqG+2r1IZmQChwK2Wj6BrMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEveHpIYTBzU29iN2F2VWhtWkFLSEFyWmFQb0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGwBggrBgEFBQcBBwEB/wSBoDCBnTCBiwQCAAEwgYQDBABb
xxYDBAJb5MQDBABb6pIDBABb7TQDBAFb70IDBAOy+igDBAK5BWADBAK5GZQDBAK5
e6ADBAK5jHgDBAK5tMwDBAK5wXADBAK5yXADBAK5zNgDBAC50KQDBAK58zQDBADB
EbgDBALB2pgDBAHDAv4DBAHDTkIDBAHDcgADBAHD8nQwDQQCAAIwBwMFACoCF3gw
DQYJKoZIhvcNAQELBQADggEBADtU96v2FLGJ045YDd5fVvcNW1vtQtfoVk1+tZJC
crBN0euUqi3+EWP5VIgXpWeItttRJv+rGCx2CRo6RnhZajIGFpVErQOWbLi9npXt
D2FXyPrAmzuQ8UNyvsdTn58Eb9dt3n5PugL+0uOJ02JgUydLI40wzNC5/oZNiw0/
R62Clz0P73IQSqBvq1ODII2O24pmTH5fXlVT7gcCRWvzsLqlWjhA4vT+Qa6UZ/2h
cbIGiv4B8jO5yFd4bkHCo1b7mdE68bDPHQrpkCqBUmvgocLnMK5Rf38xrBwWdixc
PZUhsitWcOO8ty1t4jEt1X7AHRz9RpYzGvDFORb/jkAFyIA=
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:24:11 2026 by rpki-client