Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/xUZt8DNQHiBefNBi4Ert7_QLSEI.roa
File: xUZt8DNQHiBefNBi4Ert7_QLSEI.roa (raw, json)
Hash identifier: oWYA1BCVHJtygn7rZSGc6Cdmnr0lvqfDo1gxsViQABk=
Subject key identifier: C5:46:6D:F0:33:50:1E:20:5E:7C:D0:62:E0:4A:ED:EF:F4:0B:48:42
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 019D77B714FC58FA92C28FFFC3E5C11D5E71
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/xUZt8DNQHiBefNBi4Ert7_QLSEI.roa
Signing time: Fri 10 Apr 2026 14:06:20 +0000
ROA not before: Fri 10 Apr 2026 14:06:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14080
IP address blocks: 189.81.84.0/23 maxlen: 23
189.81.86.0/23 maxlen: 23
189.81.88.0/23 maxlen: 23
189.81.90.0/23 maxlen: 23
189.81.92.0/23 maxlen: 23
189.81.94.0/23 maxlen: 23
189.81.96.0/23 maxlen: 23
189.81.98.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Apr 2026 23:01:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:77:b7:14:fc:58:fa:92:c2:8f:ff:c3:e5:c1:1d:5e:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Apr 10 14:06:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c5466df033501e205e7cd062e04aedeff40b4842
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:39:54:94:2c:2f:fd:df:28:b0:ac:a0:f4:df:
8c:3d:ed:52:ea:ca:ea:cf:63:27:b5:7d:36:c1:00:
e6:ae:5f:51:20:ba:fc:fe:2c:92:d4:9d:8f:f8:86:
2e:cb:0f:da:21:02:06:b5:22:f3:f2:69:f0:b5:20:
60:df:7e:7a:68:b1:a4:57:12:9c:20:5b:e6:b5:71:
97:ae:3b:c2:4b:bb:f0:ab:15:d6:d1:26:74:7b:9b:
62:d2:c4:de:8f:6d:9f:15:51:06:62:ea:2d:92:14:
30:3b:93:68:ff:71:72:93:45:b0:46:ed:83:c0:22:
ac:fd:3a:e5:b1:dc:f3:63:98:26:11:88:28:7f:f8:
99:9b:4e:ca:1a:83:75:e9:11:ef:e4:b6:72:28:5b:
45:06:70:4d:aa:72:6f:e0:26:fc:9a:21:1b:d5:69:
a6:a8:12:7b:1c:f4:2c:1b:60:c0:bd:8c:06:1f:cb:
28:8d:3b:50:46:f7:93:86:a9:e1:65:fb:ae:ca:18:
32:34:1f:53:2d:cf:38:34:22:c0:56:de:7e:f0:7b:
0b:f0:2e:46:f2:74:67:ee:af:5c:8c:fb:6c:62:bc:
b2:5f:10:f2:4d:d6:78:57:bb:c7:47:6d:de:d3:f2:
c9:42:c2:35:28:49:bb:30:44:76:b5:b0:26:fa:a2:
6d:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:46:6D:F0:33:50:1E:20:5E:7C:D0:62:E0:4A:ED:EF:F4:0B:48:42
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/xUZt8DNQHiBefNBi4Ert7_QLSEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
189.81.84.0-189.81.99.255
Signature Algorithm: sha256WithRSAEncryption
09:45:77:81:70:2e:78:cd:4d:84:91:46:98:a8:bc:8f:47:ea:
c4:b6:21:a0:8a:33:3e:1a:a0:bf:f1:8a:60:84:61:7d:15:95:
e6:e9:50:fa:85:8a:79:cd:96:88:fa:8a:2b:f5:c5:b7:c8:47:
07:89:ef:0b:c7:1d:90:d0:2c:64:28:fe:75:45:fe:0a:a8:38:
90:c7:a9:8b:03:12:6d:6f:46:dc:c6:bc:ef:14:3e:20:26:2b:
ee:b9:67:22:0b:4e:f4:7d:f4:66:15:0d:bd:4b:9d:71:62:dc:
02:9f:ed:a4:26:24:42:30:b4:cd:9c:6a:43:06:fc:0a:11:72:
fc:8e:14:c2:02:e1:0f:88:d9:4e:73:65:0a:8c:6f:0d:34:81:
d3:75:77:c2:82:71:0a:46:0a:73:e8:b6:3c:11:8d:06:69:71:
8f:79:9a:7c:d4:9b:a7:17:54:17:99:94:7d:c4:2d:56:c0:1e:
01:2c:c0:55:25:fd:4d:49:75:8d:ea:23:b4:65:0e:33:ec:62:
14:08:d7:d4:95:96:c7:54:0c:a6:a3:fa:aa:61:72:ff:90:68:
c3:3b:0e:46:3d:e5:c5:36:ce:68:2a:aa:22:c5:f7:1a:99:d4:
d4:f4:af:4e:b1:ed:e0:47:b5:07:03:5a:72:5e:d6:0d:40:23:
49:27:be:64
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ13txT8WPqSwo//w+XBHV5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwNDEwMTQwNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQ2NmRmMDMzNTAxZTIwNWU3Y2QwNjJlMDRhZWRlZmY0MGI0ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jlUlCwv/d8osKyg9N+MPe1S6srq
z2MntX02wQDmrl9RILr8/iyS1J2P+IYuyw/aIQIGtSLz8mnwtSBg3356aLGkVxKc
IFvmtXGXrjvCS7vwqxXW0SZ0e5ti0sTej22fFVEGYuotkhQwO5No/3Fyk0WwRu2D
wCKs/TrlsdzzY5gmEYgof/iZm07KGoN16RHv5LZyKFtFBnBNqnJv4Cb8miEb1Wmm
qBJ7HPQsG2DAvYwGH8sojTtQRveThqnhZfuuyhgyNB9TLc84NCLAVt5+8HsL8C5G
8nRn7q9cjPtsYryyXxDyTdZ4V7vHR23e0/LJQsI1KEm7MER2tbAm+qJtuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMVGbfAzUB4gXnzQYuBK7e/0C0hCMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEveFVadDhETlFIaUJlZk5CaTRFcnQ3X1FMU0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK9UVQD
BAK9UWAwDQYJKoZIhvcNAQELBQADggEBAAlFd4FwLnjNTYSRRpiovI9H6sS2IaCK
Mz4aoL/ximCEYX0VlebpUPqFinnNloj6iiv1xbfIRweJ7wvHHZDQLGQo/nVF/gqo
OJDHqYsDEm1vRtzGvO8UPiAmK+65ZyILTvR99GYVDb1LnXFi3AKf7aQmJEIwtM2c
akMG/AoRcvyOFMIC4Q+I2U5zZQqMbw00gdN1d8KCcQpGCnPotjwRjQZpcY95mnzU
m6cXVBeZlH3ELVbAHgEswFUl/U1JdY3qI7RlDjPsYhQI19SVlsdUDKaj+qphcv+Q
aMM7DkY95cU2zmgqqiLF9xqZ1NT0r06x7eBHtQcDWnJe1g1AI0knvmQ=
-----END CERTIFICATE-----
Generated at Sun Apr 19 09:45:21 2026 by rpki-client