Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/XCBgBb40KAFNV8_NTuAh4kKrwoc.roa
File: XCBgBb40KAFNV8_NTuAh4kKrwoc.roa (raw, json)
Hash identifier: zjjSUJaypws5+cHHwDC46HZi6SOAqaNmSSp20fnQ/zo=
Subject key identifier: 5C:20:60:05:BE:34:28:01:4D:57:CF:CD:4E:E0:21:E2:42:AB:C2:87
Certificate issuer: /CN=66dad7e01be8960ccab00a162be9df4f5fabbf62
Certificate serial: 019EB18A4DEC436CBC1CC122D76615616326
Authority key identifier: 66:DA:D7:E0:1B:E8:96:0C:CA:B0:0A:16:2B:E9:DF:4F:5F:AB:BF:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZtrX4BvolgzKsAoWK-nfT1-rv2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/XCBgBb40KAFNV8_NTuAh4kKrwoc.roa
Signing time: Wed 10 Jun 2026 12:38:11 +0000
ROA not before: Wed 10 Jun 2026 12:38:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34397
IP address blocks: 5.253.80.0/24 maxlen: 24
5.253.81.0/24 maxlen: 24
5.253.82.0/24 maxlen: 24
5.253.83.0/24 maxlen: 24
194.50.35.0/24 maxlen: 24
2a14:f800::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/ZtrX4BvolgzKsAoWK-nfT1-rv2I.crl
rsync://rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/ZtrX4BvolgzKsAoWK-nfT1-rv2I.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZtrX4BvolgzKsAoWK-nfT1-rv2I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:b1:8a:4d:ec:43:6c:bc:1c:c1:22:d7:66:15:61:63:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66dad7e01be8960ccab00a162be9df4f5fabbf62
Validity
Not Before: Jun 10 12:38:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5c206005be3428014d57cfcd4ee021e242abc287
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:c5:91:16:94:ed:fa:45:44:3a:0f:a2:55:c8:
62:6f:25:85:55:8f:35:a0:2a:d9:27:c8:5d:67:c3:
af:06:30:6c:dc:a2:43:4c:7d:30:79:ed:6f:89:56:
0f:cf:fd:2c:7f:20:3f:a4:bf:03:c0:2c:09:30:2f:
ee:c8:af:9a:5f:c2:e8:64:81:4e:2f:2b:2b:d6:27:
f2:58:72:a2:9e:db:7d:f9:9c:bb:db:f1:3f:04:11:
0a:e0:71:85:74:22:2f:24:b0:0f:56:4a:c9:63:66:
5a:cd:44:44:c0:8f:2f:6e:98:22:64:60:64:c6:91:
17:95:c4:9d:64:dd:96:a6:c0:b8:6c:f6:ed:d1:88:
33:6c:05:15:97:58:cb:18:bb:bb:6c:53:6a:dd:20:
91:72:df:04:81:a5:d2:45:13:e5:f0:8d:30:55:a3:
df:7d:d9:0f:76:5c:a8:ad:d3:e5:b5:77:68:cb:4b:
82:dc:78:e3:0d:56:d8:63:7b:b3:fc:bc:bb:19:97:
76:24:b6:be:e3:72:74:91:00:23:7a:da:05:b8:66:
9d:49:de:ab:e3:87:ee:cf:27:66:f0:49:d5:1b:b5:
08:40:d5:60:d8:28:cd:bc:2f:91:98:34:6b:c4:d5:
c4:df:99:c0:5a:e5:7e:4a:0f:64:6a:e3:b2:5b:94:
16:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:20:60:05:BE:34:28:01:4D:57:CF:CD:4E:E0:21:E2:42:AB:C2:87
X509v3 Authority Key Identifier:
keyid:66:DA:D7:E0:1B:E8:96:0C:CA:B0:0A:16:2B:E9:DF:4F:5F:AB:BF:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtrX4BvolgzKsAoWK-nfT1-rv2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/XCBgBb40KAFNV8_NTuAh4kKrwoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4a2d47-0e6f-4914-9481-0cdf00edb4de/1/ZtrX4BvolgzKsAoWK-nfT1-rv2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.80.0/22
194.50.35.0/24
IPv6:
2a14:f800::/29
Signature Algorithm: sha256WithRSAEncryption
42:f6:49:82:5a:eb:be:8e:83:86:c6:cb:4d:35:da:fd:ad:1c:
a8:71:71:c8:b2:02:b3:8d:b0:26:c2:cb:be:ae:7f:83:49:9a:
de:33:70:e3:8d:7a:5a:a4:59:ac:51:f8:49:18:9b:5f:ea:93:
b6:f6:6b:88:d9:f3:31:ab:df:7b:07:6f:12:61:05:7d:26:02:
52:57:b7:24:b9:8b:b6:ed:94:9c:68:cc:0d:7d:bf:c2:de:9b:
5d:51:6d:4d:41:aa:a4:96:3b:49:0e:6f:fd:76:94:69:6f:f1:
73:af:18:5c:fb:9e:ac:c7:7b:b8:68:b2:28:91:ea:07:80:2f:
8e:22:36:3e:57:7d:87:51:af:eb:45:28:b1:e0:2d:b7:c2:1f:
2a:49:67:6d:7f:81:42:44:86:2f:14:4a:3b:43:03:bf:77:98:
93:03:f9:2f:d1:e0:c7:51:9b:3a:4d:82:c9:2f:2b:8a:64:dd:
3b:d5:d8:1b:3b:7d:82:18:dd:13:31:74:23:4f:d5:7f:1d:14:
9f:76:1f:b3:1d:b5:b0:ed:12:96:1e:46:22:b2:d9:2b:d0:b2:
7d:e9:f5:31:7d:90:39:e7:50:05:a2:26:f8:ea:d5:c8:66:30:
2e:10:02:7c:37:a0:c3:ef:8c:08:5e:94:ce:d6:27:a1:40:e0:
43:a9:e1:b7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ6xik3sQ2y8HMEi12YVYWMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGFkN2UwMWJlODk2MGNjYWIwMGExNjJiZTlkZjRmNWZh
YmJmNjIwHhcNMjYwNjEwMTIzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzIwNjAwNWJlMzQyODAxNGQ1N2NmY2Q0ZWUwMjFlMjQyYWJjMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcWRFpTt+kVEOg+iVchibyWFVY81
oCrZJ8hdZ8OvBjBs3KJDTH0wee1viVYPz/0sfyA/pL8DwCwJMC/uyK+aX8LoZIFO
Lysr1ifyWHKintt9+Zy72/E/BBEK4HGFdCIvJLAPVkrJY2ZazUREwI8vbpgiZGBk
xpEXlcSdZN2WpsC4bPbt0YgzbAUVl1jLGLu7bFNq3SCRct8EgaXSRRPl8I0wVaPf
fdkPdlyordPltXdoy0uC3HjjDVbYY3uz/Ly7GZd2JLa+43J0kQAjetoFuGadSd6r
44fuzydm8EnVG7UIQNVg2CjNvC+RmDRrxNXE35nAWuV+Sg9kauOyW5QWgQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFwgYAW+NCgBTVfPzU7gIeJCq8KHMB8GA1UdIwQY
MBaAFGba1+Ab6JYMyrAKFivp309fq79iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRyWDRCdm9sZ3pLc0FvV0stbmZUMS1ydjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YTJkNDctMGU2Zi00OTE0LTk0ODEt
MGNkZjAwZWRiNGRlLzEvWENCZ0JiNDBLQUZOVjhfTlR1QWg0a0tyd29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YTJkNDctMGU2Zi00OTE0LTk0ODEtMGNkZjAwZWRiNGRl
LzEvWnRyWDRCdm9sZ3pLc0FvV0stbmZUMS1ydjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBf1QAwQA
wjIjMA0EAgACMAcDBQMqFPgAMA0GCSqGSIb3DQEBCwUAA4IBAQBC9kmCWuu+joOG
xstNNdr9rRyocXHIsgKzjbAmwsu+rn+DSZreM3DjjXpapFmsUfhJGJtf6pO29muI
2fMxq997B28SYQV9JgJSV7ckuYu27ZScaMwNfb/C3ptdUW1NQaqkljtJDm/9dpRp
b/Fzrxhc+56sx3u4aLIokeoHgC+OIjY+V32HUa/rRSix4C23wh8qSWdtf4FCRIYv
FEo7QwO/d5iTA/kv0eDHUZs6TYLJLyuKZN071dgbO32CGN0TMXQjT9V/HRSfdh+z
HbWw7RKWHkYistkr0LJ96fUxfZA551AFoib46tXIZjAuEAJ8N6DD74wIXpTO1ieh
QOBDqeG3
-----END CERTIFICATE-----
Generated at Sat Jun 13 16:10:17 2026 by rpki-client