Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XTZmA7kJmGjMxtR_qqe64CF0njo.roa
File: XTZmA7kJmGjMxtR_qqe64CF0njo.roa (raw, json)
Hash identifier: jxBbYTZb9vE+9y+Q02putqHaVxNcHQknxHxmdAIZzTU=
Subject key identifier: 5D:36:66:03:B9:09:98:68:CC:C6:D4:7F:AA:A7:BA:E0:21:74:9E:3A
Certificate issuer: /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial: 019CAADCDE2FB04830CC200254EE030C6C99
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XTZmA7kJmGjMxtR_qqe64CF0njo.roa
Signing time: Sun 01 Mar 2026 19:25:27 +0000
ROA not before: Sun 01 Mar 2026 19:25:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205775
IP address blocks: 185.100.157.0/24 maxlen: 24
185.102.115.0/24 maxlen: 24
185.177.239.0/24 maxlen: 24
193.221.200.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:aa:dc:de:2f:b0:48:30:cc:20:02:54:ee:03:0c:6c:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
Validity
Not Before: Mar 1 19:25:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5d366603b9099868ccc6d47faaa7bae021749e3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:75:91:c2:f2:27:42:0b:70:9e:d3:92:30:9c:
c5:a7:37:7c:31:71:d7:69:41:7f:99:ac:2c:83:1f:
f1:c3:79:6f:70:70:30:3d:70:c2:df:77:83:69:24:
bf:da:32:e5:1e:5a:91:1c:27:e4:15:c3:07:1c:d7:
09:4d:67:77:67:6d:0f:b9:aa:ad:9f:03:49:47:d0:
45:9c:f1:8a:b3:c4:92:e1:55:ff:4f:d8:e9:3a:51:
3f:0c:be:63:75:5a:c3:35:79:66:f7:00:ab:ae:a2:
be:d6:00:6d:df:c2:a1:c3:1c:d5:4f:f0:35:d4:0d:
1a:99:11:5f:8f:d0:b0:f1:ed:35:ad:be:bb:cc:a5:
34:9f:4b:93:2a:f4:ce:8f:38:4e:cd:15:90:97:ac:
24:83:55:6d:e1:65:37:d5:04:08:a3:a6:14:dd:d8:
d7:78:ac:b7:3c:55:66:50:cb:cd:a9:0a:c0:69:34:
a0:93:d7:c6:39:43:c4:6a:0e:6d:8e:d3:67:ca:2f:
e0:75:aa:e4:fa:7d:25:80:ed:a9:dc:a9:93:46:84:
01:8c:6b:da:8c:68:c4:9d:69:41:29:21:79:19:c7:
96:cd:ee:a4:d4:21:e8:79:3a:3b:9b:6f:53:58:35:
b1:87:79:08:fe:2e:c2:85:39:a9:82:45:61:20:db:
e9:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:36:66:03:B9:09:98:68:CC:C6:D4:7F:AA:A7:BA:E0:21:74:9E:3A
X509v3 Authority Key Identifier:
keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XTZmA7kJmGjMxtR_qqe64CF0njo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.100.157.0/24
185.102.115.0/24
185.177.239.0/24
193.221.200.0/23
Signature Algorithm: sha256WithRSAEncryption
51:8a:8c:ca:41:1a:11:56:19:69:06:3c:fd:3c:b1:3a:20:92:
c4:ec:21:c6:07:e8:89:82:6d:a6:9e:e4:8f:2a:74:c7:5d:c4:
9c:00:42:f6:fd:b6:b2:1d:5b:2b:84:9e:0b:8e:ef:fa:06:9c:
9b:f5:67:f4:be:c2:e2:73:91:10:dc:8e:2c:f4:e2:11:ee:46:
dd:6e:56:0f:76:e5:17:c4:c2:a6:92:65:28:01:bb:17:4d:92:
88:14:07:8c:97:28:53:94:04:3b:37:f5:d1:4a:54:a8:94:50:
35:73:fc:e9:2c:d4:35:0e:72:c9:86:66:ba:b4:3d:26:bd:5c:
b9:4f:ca:44:03:f9:ac:4c:37:4c:14:f7:ba:cc:cf:0c:6a:05:
1b:78:b4:60:ec:62:d9:dc:46:c4:df:e8:29:dd:e7:f5:4c:f9:
84:5d:32:3d:65:bd:d4:1d:1c:94:0a:d8:82:a0:64:a0:68:1e:
bf:3e:0d:e3:4b:f1:6a:fd:bd:a6:7f:0b:75:0e:47:cc:d6:88:
30:37:6d:37:52:dc:e6:ff:fb:bf:fd:fb:5e:2d:c5:50:45:b2:
53:c5:b4:ea:a2:f1:7d:1b:18:d4:f1:a9:58:e5:62:3e:54:79:
04:58:b2:66:97:e7:4f:ba:aa:e5:d4:ce:a3:03:69:e8:32:c7:
ad:05:73:9f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyq3N4vsEgwzCACVO4DDGyZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjYwMzAxMTkyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM2NjYwM2I5MDk5ODY4Y2NjNmQ0N2ZhYWE3YmFlMDIxNzQ5ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnWRwvInQgtwntOSMJzFpzd8MXHX
aUF/mawsgx/xw3lvcHAwPXDC33eDaSS/2jLlHlqRHCfkFcMHHNcJTWd3Z20Puaqt
nwNJR9BFnPGKs8SS4VX/T9jpOlE/DL5jdVrDNXlm9wCrrqK+1gBt38KhwxzVT/A1
1A0amRFfj9Cw8e01rb67zKU0n0uTKvTOjzhOzRWQl6wkg1Vt4WU31QQIo6YU3djX
eKy3PFVmUMvNqQrAaTSgk9fGOUPEag5tjtNnyi/gdark+n0lgO2p3KmTRoQBjGva
jGjEnWlBKSF5GceWze6k1CHoeTo7m29TWDWxh3kI/i7ChTmpgkVhINvpDQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF02ZgO5CZhozMbUf6qnuuAhdJ46MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvWFRabUE3a0ptR2pNeHRSX3FxZTY0Q0YwbmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuWSdAwQA
uWZzAwQAubHvAwQBwd3IMA0GCSqGSIb3DQEBCwUAA4IBAQBRiozKQRoRVhlpBjz9
PLE6IJLE7CHGB+iJgm2mnuSPKnTHXcScAEL2/bayHVsrhJ4Lju/6Bpyb9Wf0vsLi
c5EQ3I4s9OIR7kbdblYPduUXxMKmkmUoAbsXTZKIFAeMlyhTlAQ7N/XRSlSolFA1
c/zpLNQ1DnLJhma6tD0mvVy5T8pEA/msTDdMFPe6zM8MagUbeLRg7GLZ3EbE3+gp
3ef1TPmEXTI9Zb3UHRyUCtiCoGSgaB6/Pg3jS/Fq/b2mfwt1DkfM1ogwN203Utzm
//u//fteLcVQRbJTxbTqovF9GxjU8alY5WI+VHkEWLJml+dPuqrl1M6jA2noMset
BXOf
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:26:41 2026 by rpki-client