Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/XpkYVtb--kvZli-gjLhQHv0SRzY.roa
File: XpkYVtb--kvZli-gjLhQHv0SRzY.roa (raw, json)
Hash identifier: 9YvzsHrnuK/DQCSv5fkfKk7czH+Jjir+tAOAMyYKWPE=
Subject key identifier: 5E:99:18:56:D6:FE:FA:4B:D9:96:2F:A0:8C:B8:50:1E:FD:12:47:36
Certificate issuer: /CN=87e1b29c4779edddbc0fa2a588107b894ebaf6dd
Certificate serial: 019E6319828AAAFE1AE9BE84AAE01A49E8E9
Authority key identifier: 87:E1:B2:9C:47:79:ED:DD:BC:0F:A2:A5:88:10:7B:89:4E:BA:F6:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h-GynEd57d28D6KliBB7iU669t0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/XpkYVtb--kvZli-gjLhQHv0SRzY.roa
Signing time: Tue 26 May 2026 07:04:36 +0000
ROA not before: Tue 26 May 2026 07:04:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209532
IP address blocks: 147.78.172.0/22 maxlen: 22
194.156.149.0/24 maxlen: 24
194.156.160.0/24 maxlen: 24
194.156.164.0/24 maxlen: 24
194.156.173.0/24 maxlen: 24
2a0e:6e00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/h-GynEd57d28D6KliBB7iU669t0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/h-GynEd57d28D6KliBB7iU669t0.mft
rsync://rpki.ripe.net/repository/DEFAULT/h-GynEd57d28D6KliBB7iU669t0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:63:19:82:8a:aa:fe:1a:e9:be:84:aa:e0:1a:49:e8:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=87e1b29c4779edddbc0fa2a588107b894ebaf6dd
Validity
Not Before: May 26 07:04:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5e991856d6fefa4bd9962fa08cb8501efd124736
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:64:be:90:16:aa:7e:49:f6:d5:58:1b:41:60:
c2:d3:64:54:2d:83:64:e7:4a:22:15:25:08:a5:59:
37:e0:64:30:59:df:c7:ff:89:12:31:24:08:56:ed:
4b:38:e7:9f:2d:6b:f2:2e:2f:11:24:de:6b:6f:43:
8f:7c:db:0f:e0:db:69:ff:a6:5d:fb:12:6c:4f:70:
88:7e:a8:88:b8:ca:40:9e:8a:a1:78:59:9a:ba:8a:
34:6a:c9:c9:1a:c8:bf:d5:e7:d9:2d:42:90:bb:0b:
5d:7c:aa:17:fe:6a:96:3d:2e:67:91:8e:02:e4:9a:
fb:7c:25:ae:7f:83:78:f6:f7:a9:73:64:75:02:a1:
03:c8:23:da:b2:c9:81:91:df:fb:b5:f3:40:27:09:
e0:6a:94:cd:99:e0:9f:88:75:17:0a:7b:c8:dc:c7:
53:e0:e6:29:98:8f:c9:ee:06:89:fc:76:92:98:5c:
16:80:58:bc:7f:d4:9d:0b:45:a1:4f:4b:9e:d3:1b:
f9:e7:3c:ad:fc:d5:69:d7:1e:d6:8b:48:c7:0d:d9:
38:63:54:15:f9:5e:e4:80:69:bb:1e:fc:68:22:07:
58:20:2e:f5:11:dc:e1:e7:57:43:88:a0:8d:15:7e:
50:38:f4:9d:cd:80:07:e2:db:16:ae:4c:6c:2d:08:
0c:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:99:18:56:D6:FE:FA:4B:D9:96:2F:A0:8C:B8:50:1E:FD:12:47:36
X509v3 Authority Key Identifier:
keyid:87:E1:B2:9C:47:79:ED:DD:BC:0F:A2:A5:88:10:7B:89:4E:BA:F6:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h-GynEd57d28D6KliBB7iU669t0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/XpkYVtb--kvZli-gjLhQHv0SRzY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/212a65-0b8a-4061-aa8b-31b7da66c4bd/1/h-GynEd57d28D6KliBB7iU669t0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.172.0/22
194.156.149.0/24
194.156.160.0/24
194.156.164.0/24
194.156.173.0/24
IPv6:
2a0e:6e00::/29
Signature Algorithm: sha256WithRSAEncryption
14:43:c7:37:52:f2:1b:de:54:3a:0a:0e:84:6d:1e:e5:e3:fa:
40:60:f4:80:15:30:30:b3:7a:cc:69:f8:e7:7c:2c:38:8d:d0:
63:b6:28:e8:42:22:35:62:85:c0:1a:c7:32:c2:db:58:b1:db:
36:4a:a0:57:3a:42:f6:64:1a:62:eb:2f:b4:f6:5e:16:1b:ce:
2a:7c:05:7c:ec:24:a6:d4:9c:f6:34:7f:7f:50:16:bb:1a:1e:
be:19:a6:59:28:80:1f:1d:a7:f4:c1:16:e8:69:67:95:37:55:
11:ef:c9:8c:bf:a6:73:37:0e:6d:cb:8e:ee:35:9d:87:69:28:
bb:8e:52:45:bf:ed:8a:00:14:ff:b8:01:69:25:54:e5:4f:87:
5a:cb:2d:1d:5f:23:bc:5d:d1:d0:f8:33:cd:b1:ff:e2:a6:58:
bc:6b:2d:6b:ea:c5:9c:74:e9:df:98:a2:b4:b8:eb:da:f5:b4:
b9:3c:9b:b7:51:a1:02:9e:cb:7d:75:08:27:af:97:0c:fd:4c:
64:31:5a:d6:20:5e:ab:ab:ff:6c:24:c4:7f:8f:84:cd:6a:8c:
f2:28:b0:e3:e6:47:5c:2c:d4:15:cf:3a:26:68:1a:d7:3d:25:
98:8b:d2:1c:0b:33:f6:e1:d7:8a:9a:70:cb:60:4d:0f:0f:51:
37:c6:d1:88
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZ5jGYKKqv4a6b6EquAaSejpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZTFiMjljNDc3OWVkZGRiYzBmYTJhNTg4MTA3Yjg5NGVi
YWY2ZGQwHhcNMjYwNTI2MDcwNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk5MTg1NmQ2ZmVmYTRiZDk5NjJmYTA4Y2I4NTAxZWZkMTI0NzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2S+kBaqfkn21VgbQWDC02RULYNk
50oiFSUIpVk34GQwWd/H/4kSMSQIVu1LOOefLWvyLi8RJN5rb0OPfNsP4Ntp/6Zd
+xJsT3CIfqiIuMpAnoqheFmauoo0asnJGsi/1efZLUKQuwtdfKoX/mqWPS5nkY4C
5Jr7fCWuf4N49vepc2R1AqEDyCPassmBkd/7tfNAJwngapTNmeCfiHUXCnvI3MdT
4OYpmI/J7gaJ/HaSmFwWgFi8f9SdC0WhT0ue0xv55zyt/NVp1x7Wi0jHDdk4Y1QV
+V7kgGm7HvxoIgdYIC71Edzh51dDiKCNFX5QOPSdzYAH4tsWrkxsLQgMzwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF6ZGFbW/vpL2ZYvoIy4UB79Ekc2MB8GA1UdIwQY
MBaAFIfhspxHee3dvA+ipYgQe4lOuvbdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaC1HeW5FZDU3ZDI4RDZLbGlCQjdpVTY2OXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yMTJhNjUtMGI4YS00MDYxLWFhOGIt
MzFiN2RhNjZjNGJkLzEvWHBrWVZ0Yi0ta3ZabGktZ2pMaFFIdjBTUnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yMTJhNjUtMGI4YS00MDYxLWFhOGItMzFiN2RhNjZjNGJk
LzEvaC1HeW5FZDU3ZDI4RDZLbGlCQjdpVTY2OXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCk06sAwQA
wpyVAwQAwpygAwQAwpykAwQAwpytMA0EAgACMAcDBQMqDm4AMA0GCSqGSIb3DQEB
CwUAA4IBAQAUQ8c3UvIb3lQ6Cg6EbR7l4/pAYPSAFTAws3rMafjnfCw4jdBjtijo
QiI1YoXAGscywttYsds2SqBXOkL2ZBpi6y+09l4WG84qfAV87CSm1Jz2NH9/UBa7
Gh6+GaZZKIAfHaf0wRboaWeVN1UR78mMv6ZzNw5ty47uNZ2HaSi7jlJFv+2KABT/
uAFpJVTlT4dayy0dXyO8XdHQ+DPNsf/ipli8ay1r6sWcdOnfmKK0uOva9bS5PJu3
UaECnst9dQgnr5cM/UxkMVrWIF6rq/9sJMR/j4TNaozyKLDj5kdcLNQVzzomaBrX
PSWYi9IcCzP24deKmnDLYE0PD1E3xtGI
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:20:52 2026 by rpki-client