Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XWrsnRZ3w0e0DoMnOjNkuaIXctc.roa
File: XWrsnRZ3w0e0DoMnOjNkuaIXctc.roa (raw, json)
Hash identifier: hKOZKXZd+O54dyQoUT1ViJz0QYsGp84f/gyggnOHiyY=
Subject key identifier: 5D:6A:EC:9D:16:77:C3:47:B4:0E:83:27:3A:33:64:B9:A2:17:72:D7
Certificate issuer: /CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
Certificate serial: 019C28449A8C1FD6F7D2AF01A8CB6E0F643A
Authority key identifier: 2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XWrsnRZ3w0e0DoMnOjNkuaIXctc.roa
Signing time: Wed 04 Feb 2026 10:48:30 +0000
ROA not before: Wed 04 Feb 2026 10:48:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57264
IP address blocks: 45.159.36.0/22 maxlen: 22
45.159.36.0/24 maxlen: 24
45.159.37.0/24 maxlen: 24
45.159.38.0/24 maxlen: 24
45.159.39.0/24 maxlen: 24
2a0d:2640::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.mft
rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:28:44:9a:8c:1f:d6:f7:d2:af:01:a8:cb:6e:0f:64:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
Validity
Not Before: Feb 4 10:48:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5d6aec9d1677c347b40e83273a3364b9a21772d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:9d:a1:c2:6f:38:10:16:8d:9e:5b:bc:71:d9:
da:f8:d9:4a:be:1a:a9:31:ec:eb:4f:2f:14:de:4e:
61:ae:29:cb:b8:43:b6:82:2b:47:d1:e3:3d:08:f7:
a1:87:b0:ca:c6:c8:b1:a5:8a:19:5e:d3:08:20:a3:
16:7e:49:2e:ff:22:cd:33:63:0b:2d:5d:d9:72:4a:
d0:88:a9:99:27:11:7b:be:18:55:66:6b:54:64:a2:
8f:09:6a:78:5c:68:83:85:4e:f8:8b:4d:4e:41:cc:
af:1c:2b:72:1b:81:bb:b7:87:a6:c2:bc:9b:ca:0f:
7a:1e:47:77:6f:7d:45:f7:3f:47:39:c8:ee:32:38:
e0:b4:64:19:ff:43:f3:3f:0b:a8:9e:de:6c:3b:9f:
6f:5d:ee:a1:53:6b:63:b7:67:4b:f7:6c:58:59:65:
2d:31:07:67:69:9b:28:99:b3:19:dc:97:bb:47:ef:
09:cb:d4:8a:a3:f1:e2:5b:13:f0:37:c4:55:9f:9e:
aa:50:4a:9b:64:ee:03:ed:04:70:17:eb:d0:c1:0c:
da:9a:2c:06:1b:46:02:64:3b:f1:8f:f4:24:88:2d:
b6:8c:11:1d:89:55:a7:1a:32:cf:92:55:24:2d:3b:
de:b9:18:2a:3b:28:6c:dc:0f:cb:30:eb:c5:54:b5:
37:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:6A:EC:9D:16:77:C3:47:B4:0E:83:27:3A:33:64:B9:A2:17:72:D7
X509v3 Authority Key Identifier:
keyid:2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XWrsnRZ3w0e0DoMnOjNkuaIXctc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.36.0/22
IPv6:
2a0d:2640::/29
Signature Algorithm: sha256WithRSAEncryption
91:53:b0:10:ac:34:b4:20:7b:0e:6f:17:05:9b:a7:c1:14:86:
94:39:9f:d2:f8:57:90:68:a7:8b:c0:9e:1c:99:b8:e3:20:8c:
50:15:6d:8f:59:5f:a1:99:3f:fd:ef:2e:8f:fe:90:82:8c:d7:
5c:34:f4:76:5f:bb:fe:40:e5:d4:dc:04:f8:0a:69:1c:84:fe:
78:aa:02:28:1e:3f:1a:63:24:e0:ae:a1:a6:b1:cf:35:88:4f:
7a:59:03:58:c5:c4:76:7f:bf:6d:e6:21:82:15:a7:f4:f5:b7:
19:9a:ad:e1:fc:fb:3c:df:d8:38:82:5e:4e:27:c7:70:98:58:
81:68:8e:1d:17:54:ac:fa:d0:6c:38:21:23:0f:6d:02:64:0f:
26:ae:24:42:44:40:3a:e1:e7:93:f6:3e:ae:4a:f7:6a:dd:6a:
5f:53:dc:c5:c0:ad:ac:89:67:8f:de:ef:74:ab:8c:0a:a6:e5:
04:7e:84:b0:ac:63:44:76:74:05:0b:0b:7d:85:b6:6e:4f:9e:
97:34:46:f5:ee:91:eb:76:46:27:83:1b:a3:c9:0e:3b:90:5a:
25:dd:06:b9:21:69:63:5b:fb:fb:5d:5c:a5:3e:68:10:32:3c:
31:41:a0:7b:97:90:b3:cc:14:a7:08:bf:1f:55:25:b5:f2:08:
87:00:04:bd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZwoRJqMH9b30q8BqMtuD2Q6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNGUyZDM0Y2NlZTQ1NzZiNWNlNzYwNWEwODRlNmMwODUy
MmMyMjgwHhcNMjYwMjA0MTA0ODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDZhZWM5ZDE2NzdjMzQ3YjQwZTgzMjczYTMzNjRiOWEyMTc3MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwp2hwm84EBaNnlu8cdna+NlKvhqp
MezrTy8U3k5hrinLuEO2gitH0eM9CPehh7DKxsixpYoZXtMIIKMWfkku/yLNM2ML
LV3ZckrQiKmZJxF7vhhVZmtUZKKPCWp4XGiDhU74i01OQcyvHCtyG4G7t4emwryb
yg96Hkd3b31F9z9HOcjuMjjgtGQZ/0PzPwuont5sO59vXe6hU2tjt2dL92xYWWUt
MQdnaZsombMZ3Je7R+8Jy9SKo/HiWxPwN8RVn56qUEqbZO4D7QRwF+vQwQzamiwG
G0YCZDvxj/QkiC22jBEdiVWnGjLPklUkLTveuRgqOyhs3A/LMOvFVLU35wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF1q7J0Wd8NHtA6DJzozZLmiF3LXMB8GA1UdIwQY
MBaAFCtOLTTM7kV2tc52BaCE5sCFIsIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMt
MDc3YmM4YmExZTVkLzEvWFdyc25SWjN3MGUwRG9Nbk9qTmt1YUlYY3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMtMDc3YmM4YmExZTVk
LzEvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ8kMA0E
AgACMAcDBQMqDSZAMA0GCSqGSIb3DQEBCwUAA4IBAQCRU7AQrDS0IHsObxcFm6fB
FIaUOZ/S+FeQaKeLwJ4cmbjjIIxQFW2PWV+hmT/97y6P/pCCjNdcNPR2X7v+QOXU
3AT4CmkchP54qgIoHj8aYyTgrqGmsc81iE96WQNYxcR2f79t5iGCFaf09bcZmq3h
/Ps839g4gl5OJ8dwmFiBaI4dF1Ss+tBsOCEjD20CZA8mriRCREA64eeT9j6uSvdq
3WpfU9zFwK2siWeP3u90q4wKpuUEfoSwrGNEdnQFCwt9hbZuT56XNEb17pHrdkYn
gxujyQ47kFol3Qa5IWljW/v7XVylPmgQMjwxQaB7l5CzzBSnCL8fVSW18giHAAS9
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:04:18 2026 by rpki-client