Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/XSqKcr4vohHwUX7C_jwkOz3T4S8.roa
File: XSqKcr4vohHwUX7C_jwkOz3T4S8.roa (raw, json)
Hash identifier: S5RGDFj4AygaOQ9nMJnUMnAW4DmVGX2kAbpxmhv1Nxo=
Subject key identifier: 5D:2A:8A:72:BE:2F:A2:11:F0:51:7E:C2:FE:3C:24:3B:3D:D3:E1:2F
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 01985562B51E07E7BECFC5C27B41346223D5
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/XSqKcr4vohHwUX7C_jwkOz3T4S8.roa
Signing time: Tue 29 Jul 2025 08:53:08 +0000
ROA not before: Tue 29 Jul 2025 08:53:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 45.143.158.0/23 maxlen: 24
45.143.159.0/24 maxlen: 24
2a00:bd00::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.mft
rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 09 Aug 2025 11:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:55:62:b5:1e:07:e7:be:cf:c5:c2:7b:41:34:62:23:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Jul 29 08:53:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d2a8a72be2fa211f0517ec2fe3c243b3dd3e12f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:39:8c:5f:d7:4d:e7:d2:55:4a:18:88:1c:05:
a1:a4:af:fa:76:c5:82:63:27:a2:e0:4a:c7:7e:58:
73:98:a5:3a:b5:5c:0e:78:ce:ae:5b:77:d3:69:04:
84:1c:50:ca:71:8c:94:e4:fd:d1:47:be:2a:3f:5e:
96:8e:33:a3:dc:3d:92:b1:cc:ac:f8:34:c3:54:f9:
6d:1b:e0:a6:98:06:2a:7a:ab:04:4e:a1:8e:2c:dd:
65:7e:59:f1:e0:17:c8:13:8f:db:72:4b:ba:b8:d4:
9b:34:65:60:03:68:60:89:f1:43:0d:b0:33:c0:b1:
87:9d:5a:58:93:b0:22:2d:32:72:88:71:c7:d5:48:
3f:80:99:db:09:86:37:7b:16:da:1e:7e:b6:b0:4b:
de:f8:a8:0e:fc:b8:b9:28:9c:5b:16:35:45:0d:e6:
a0:b6:3c:a6:48:db:8f:30:53:80:13:59:30:a2:5f:
7a:87:80:95:ba:27:f1:0b:f4:1a:87:e5:94:8d:a6:
35:75:36:25:b9:ff:d6:b6:aa:48:e3:4a:70:2b:c1:
b1:6b:b7:e5:46:76:b1:06:d2:ee:9d:aa:8a:de:55:
0b:a1:c0:8d:12:ae:d0:c4:6f:fc:d6:a9:73:35:4b:
da:8c:c0:90:5c:81:25:1a:74:a5:f6:90:23:a0:84:
f3:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:2A:8A:72:BE:2F:A2:11:F0:51:7E:C2:FE:3C:24:3B:3D:D3:E1:2F
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/XSqKcr4vohHwUX7C_jwkOz3T4S8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.158.0/23
IPv6:
2a00:bd00::/32
Signature Algorithm: sha256WithRSAEncryption
11:d6:83:f5:07:c3:a1:27:10:1a:61:c6:50:d8:70:94:a4:16:
06:57:72:bd:56:04:5f:0e:1e:4a:23:3f:ae:7b:bf:6b:dd:60:
a8:32:22:ee:36:4f:e7:16:9f:1a:01:2d:04:0d:ec:3b:0a:80:
7b:3f:a4:31:d1:5c:fd:12:44:e5:22:d2:83:25:dc:64:bd:10:
ad:08:ac:d1:34:d1:5d:64:44:54:78:4e:8a:72:fc:d7:3b:43:
ea:7b:f9:22:dc:38:1a:73:fa:19:10:13:eb:15:99:e2:9f:38:
48:bf:73:a4:4d:76:3c:1f:31:e7:bd:94:bb:c3:c6:f9:e6:f4:
0f:c2:9d:ba:cc:3c:e1:79:0a:fc:ed:12:ab:bf:52:53:ef:3d:
b8:94:6d:be:05:db:fa:be:ea:12:1c:2f:e3:c2:ef:9d:36:b7:
10:69:eb:5f:f2:45:2d:17:09:69:ac:8c:88:da:7a:d2:20:45:
8f:13:74:46:dc:ce:7b:88:36:c8:b7:41:f9:f7:bc:da:5c:86:
80:63:78:48:e2:d0:e4:06:44:33:9b:7e:a1:ea:9b:32:14:15:
2b:26:70:0e:74:17:0a:94:a5:76:47:48:c3:5e:66:10:ae:65:
f8:ee:f2:c2:9d:60:86:32:8d:a0:49:da:9b:b0:bb:72:50:8f:
8b:26:c2:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhVYrUeB+e+z8XCe0E0YiPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwNzI5MDg1MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDJhOGE3MmJlMmZhMjExZjA1MTdlYzJmZTNjMjQzYjNkZDNlMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DmMX9dN59JVShiIHAWhpK/6dsWC
Yyei4ErHflhzmKU6tVwOeM6uW3fTaQSEHFDKcYyU5P3RR74qP16WjjOj3D2Sscys
+DTDVPltG+CmmAYqeqsETqGOLN1lflnx4BfIE4/bcku6uNSbNGVgA2hgifFDDbAz
wLGHnVpYk7AiLTJyiHHH1Ug/gJnbCYY3exbaHn62sEve+KgO/Li5KJxbFjVFDeag
tjymSNuPMFOAE1kwol96h4CVuifxC/Qah+WUjaY1dTYluf/WtqpI40pwK8Gxa7fl
RnaxBtLunaqK3lULocCNEq7QxG/81qlzNUvajMCQXIElGnSl9pAjoITz/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF0qinK+L6IR8FF+wv48JDs90+EvMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvWFNxS2NyNHZvaEh3VVg3Q19qd2tPejNUNFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLY+eMA0E
AgACMAcDBQAqAL0AMA0GCSqGSIb3DQEBCwUAA4IBAQAR1oP1B8OhJxAaYcZQ2HCU
pBYGV3K9VgRfDh5KIz+ue79r3WCoMiLuNk/nFp8aAS0EDew7CoB7P6Qx0Vz9EkTl
ItKDJdxkvRCtCKzRNNFdZERUeE6KcvzXO0Pqe/ki3Dgac/oZEBPrFZninzhIv3Ok
TXY8HzHnvZS7w8b55vQPwp26zDzheQr87RKrv1JT7z24lG2+Bdv6vuoSHC/jwu+d
NrcQaetf8kUtFwlprIyI2nrSIEWPE3RG3M57iDbIt0H597zaXIaAY3hI4tDkBkQz
m36h6psyFBUrJnAOdBcKlKV2R0jDXmYQrmX47vLCnWCGMo2gSdqbsLtyUI+LJsI2
-----END CERTIFICATE-----
Generated at Fri Aug 8 19:23:02 2025 by rpki-client