Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/XxSdnjPnpzy5LyGftSstm6-fmZk.roa
File: XxSdnjPnpzy5LyGftSstm6-fmZk.roa (raw, json)
Hash identifier: W+0II2qd7g6eEZycD1RXmyb9DYBIh88Zg19DWlRL1dE=
Subject key identifier: 5F:14:9D:9E:33:E7:A7:3C:B9:2F:21:9F:B5:2B:2D:9B:AF:9F:99:99
Certificate issuer: /CN=8a552a86e31b69e5d5320ede81d34bb128a45cee
Certificate serial: 019B78A371032AF2430289A9BB29BFF34796
Authority key identifier: 8A:55:2A:86:E3:1B:69:E5:D5:32:0E:DE:81:D3:4B:B1:28:A4:5C:EE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ilUqhuMbaeXVMg7egdNLsSikXO4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/XxSdnjPnpzy5LyGftSstm6-fmZk.roa
Signing time: Thu 01 Jan 2026 08:18:55 +0000
ROA not before: Thu 01 Jan 2026 08:18:55 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 60950
IP address blocks: 185.23.24.0/22 maxlen: 22
185.23.24.0/24 maxlen: 24
185.23.25.0/24 maxlen: 24
185.23.26.0/24 maxlen: 24
185.23.27.0/24 maxlen: 24
185.100.128.0/22 maxlen: 22
185.100.128.0/24 maxlen: 24
185.100.129.0/24 maxlen: 24
185.100.130.0/24 maxlen: 24
185.100.131.0/24 maxlen: 24
2a00:6960::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/ilUqhuMbaeXVMg7egdNLsSikXO4.crl
rsync://rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/ilUqhuMbaeXVMg7egdNLsSikXO4.mft
rsync://rpki.ripe.net/repository/DEFAULT/ilUqhuMbaeXVMg7egdNLsSikXO4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:78:a3:71:03:2a:f2:43:02:89:a9:bb:29:bf:f3:47:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a552a86e31b69e5d5320ede81d34bb128a45cee
Validity
Not Before: Jan 1 08:18:55 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5f149d9e33e7a73cb92f219fb52b2d9baf9f9999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:20:21:20:d5:76:f1:b6:1f:25:f2:f5:c5:fd:
f9:46:67:07:58:30:8f:34:58:7b:02:bc:9d:f3:9c:
0c:8f:87:02:f3:bb:8a:75:3f:ba:e0:91:7f:17:ba:
6a:86:dc:35:65:dd:0c:13:20:26:11:ca:14:65:dd:
68:d8:1c:bb:2d:ce:92:55:bc:73:0e:7d:9f:b1:08:
a9:cb:7a:a9:9f:56:ae:3a:6f:a6:4a:ed:17:7e:22:
61:d1:fe:0c:b0:81:69:3b:d3:fb:c1:96:d3:0c:9b:
03:41:55:30:e5:60:1d:66:ed:b7:73:1e:6e:db:4d:
2b:a9:16:3d:4b:84:76:b1:09:a9:92:68:f4:0d:2d:
b1:0e:86:ad:65:d3:d6:dc:95:3b:1f:b5:74:4d:bc:
76:a3:2c:eb:4b:3f:ad:e5:4f:0b:74:c7:23:e4:ff:
85:94:fe:c1:f7:83:a1:30:bf:b2:0a:09:ce:c2:ba:
a1:4a:b6:7a:0a:63:95:c5:c0:37:80:63:53:f8:d9:
0a:24:99:ee:ca:71:90:cb:fb:fa:2b:9e:97:81:7a:
c2:51:48:aa:4f:04:ff:e7:2f:87:fd:cb:ae:13:6e:
b9:74:4a:8f:30:8c:21:ad:f2:ca:3c:c4:48:d2:4a:
1d:97:59:ff:f0:45:e8:65:9b:29:12:1c:9a:af:3e:
f0:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:14:9D:9E:33:E7:A7:3C:B9:2F:21:9F:B5:2B:2D:9B:AF:9F:99:99
X509v3 Authority Key Identifier:
keyid:8A:55:2A:86:E3:1B:69:E5:D5:32:0E:DE:81:D3:4B:B1:28:A4:5C:EE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilUqhuMbaeXVMg7egdNLsSikXO4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/XxSdnjPnpzy5LyGftSstm6-fmZk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/e954b9-8738-4496-89ad-78a126bf0adc/1/ilUqhuMbaeXVMg7egdNLsSikXO4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.23.24.0/22
185.100.128.0/22
IPv6:
2a00:6960::/32
Signature Algorithm: sha256WithRSAEncryption
34:df:5b:8c:34:5c:4f:71:23:c6:46:78:7c:8b:95:45:46:76:
ac:c4:45:47:8a:b2:2e:8d:ea:25:72:ae:98:af:da:78:b3:62:
09:66:1b:75:b5:15:2c:f7:b5:d1:0d:c7:32:7e:94:3a:27:86:
16:90:b4:fe:90:5b:77:7e:30:38:3e:ee:f0:b7:64:f1:05:61:
ff:5f:28:0c:41:06:01:94:2a:cf:12:a6:83:da:c5:7f:3e:cc:
ae:f1:f4:34:93:ff:f5:9c:0b:e6:be:e9:dc:b0:1d:2d:d8:c3:
cd:78:41:a2:cd:ab:ee:ce:61:ca:0e:1b:14:eb:cd:a9:88:19:
00:97:36:e5:be:69:14:e7:26:82:14:6b:4e:3a:bc:9b:49:fb:
d0:65:7e:bd:76:2d:81:e1:97:f3:a6:73:0e:89:e5:01:cf:67:
8e:6c:09:21:d2:29:91:b3:1a:ce:89:6a:7b:b9:26:8e:77:f8:
41:71:82:77:18:95:ee:05:c8:16:ba:a4:05:4b:71:a4:2d:de:
5a:9c:c4:53:80:ad:81:4b:a2:55:54:64:06:ca:2c:94:57:1f:
c5:96:5a:2c:ed:f5:ae:94:b8:61:8e:1b:fb:c3:b4:93:52:f3:
15:85:c9:95:3e:d5:6c:21:42:c1:79:58:93:0a:63:1e:6d:d0:
13:21:ec:39
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt4o3EDKvJDAompuym/80eWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNTUyYTg2ZTMxYjY5ZTVkNTMyMGVkZTgxZDM0YmIxMjhh
NDVjZWUwHhcNMjYwMTAxMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjE0OWQ5ZTMzZTdhNzNjYjkyZjIxOWZiNTJiMmQ5YmFmOWY5OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CAhINV28bYfJfL1xf35RmcHWDCP
NFh7Aryd85wMj4cC87uKdT+64JF/F7pqhtw1Zd0MEyAmEcoUZd1o2By7Lc6SVbxz
Dn2fsQipy3qpn1auOm+mSu0XfiJh0f4MsIFpO9P7wZbTDJsDQVUw5WAdZu23cx5u
200rqRY9S4R2sQmpkmj0DS2xDoatZdPW3JU7H7V0Tbx2oyzrSz+t5U8LdMcj5P+F
lP7B94OhML+yCgnOwrqhSrZ6CmOVxcA3gGNT+NkKJJnuynGQy/v6K56XgXrCUUiq
TwT/5y+H/cuuE265dEqPMIwhrfLKPMRI0kodl1n/8EXoZZspEhyarz7wkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF8UnZ4z56c8uS8hn7UrLZuvn5mZMB8GA1UdIwQY
MBaAFIpVKobjG2nl1TIO3oHTS7EopFzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxVcWh1TWJhZVhWTWc3ZWdkTkxzU2lrWE80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lOTU0YjktODczOC00NDk2LTg5YWQt
NzhhMTI2YmYwYWRjLzEvWHhTZG5qUG5wenk1THlHZnRTc3RtNi1mbVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lOTU0YjktODczOC00NDk2LTg5YWQtNzhhMTI2YmYwYWRj
LzEvaWxVcWh1TWJhZVhWTWc3ZWdkTkxzU2lrWE80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRcYAwQC
uWSAMA0EAgACMAcDBQAqAGlgMA0GCSqGSIb3DQEBCwUAA4IBAQA031uMNFxPcSPG
Rnh8i5VFRnasxEVHirIujeolcq6Yr9p4s2IJZht1tRUs97XRDccyfpQ6J4YWkLT+
kFt3fjA4Pu7wt2TxBWH/XygMQQYBlCrPEqaD2sV/Psyu8fQ0k//1nAvmvuncsB0t
2MPNeEGizavuzmHKDhsU682piBkAlzblvmkU5yaCFGtOOrybSfvQZX69di2B4Zfz
pnMOieUBz2eObAkh0imRsxrOiWp7uSaOd/hBcYJ3GJXuBcgWuqQFS3GkLd5anMRT
gK2BS6JVVGQGyiyUVx/Fllos7fWulLhhjhv7w7STUvMVhcmVPtVsIULBeViTCmMe
bdATIew5
-----END CERTIFICATE-----
Generated at Mon Mar 2 22:45:19 2026 by rpki-client