Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/XK1u2OpOHfPFyWFSpStjjFR21eM.roa
File: XK1u2OpOHfPFyWFSpStjjFR21eM.roa (raw, json)
Hash identifier: zmHubFupuS74yLzF6KkoHbfyUplOIcN6d9GoVLzuZOc=
Subject key identifier: 5C:AD:6E:D8:EA:4E:1D:F3:C5:C9:61:52:A5:2B:63:8C:54:76:D5:E3
Certificate issuer: /CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
Certificate serial: 019D3EDFA5E598E557F2ABAB880B7F8C7BD7
Authority key identifier: 09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/XK1u2OpOHfPFyWFSpStjjFR21eM.roa
Signing time: Mon 30 Mar 2026 13:12:17 +0000
ROA not before: Mon 30 Mar 2026 13:12:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 395201
IP address blocks: 185.238.166.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.mft
rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 01:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:df:a5:e5:98:e5:57:f2:ab:ab:88:0b:7f:8c:7b:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=097bb48e214bb4d8db42303e9d92a6c70948cc1d
Validity
Not Before: Mar 30 13:12:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5cad6ed8ea4e1df3c5c96152a52b638c5476d5e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:89:27:3a:64:b7:10:8c:cd:a6:b6:72:ca:c0:
bb:a8:96:34:cc:d0:44:ed:df:96:f8:ef:1b:4b:6c:
64:1f:ed:1c:9f:fb:0d:19:72:69:0c:dd:dc:b7:83:
41:96:74:a6:4a:55:5e:6c:a9:fa:b1:3a:0b:a2:92:
f1:46:af:e5:83:83:3b:14:f3:dd:ea:63:a8:d7:55:
3d:02:de:73:40:33:e8:c0:60:c6:65:88:89:3c:e6:
e8:80:8b:28:ae:f5:8e:e2:d2:af:35:3d:3c:d5:7b:
74:3c:71:0e:4c:cf:a3:81:f7:3e:fe:50:6b:96:48:
b1:f2:93:2d:78:f8:b5:d1:18:97:b9:84:16:1a:e2:
60:54:73:21:6f:19:36:4b:c9:1d:de:de:30:cb:c9:
9f:a6:64:02:a6:c7:e4:8f:00:f5:8d:c4:2b:e6:86:
d7:f3:fe:84:5f:95:df:74:6c:f8:8f:86:06:22:2e:
0c:ab:e7:a6:72:32:d5:94:e7:5a:d1:bb:0e:8c:db:
9c:4e:4a:bb:b7:74:be:b8:6c:37:1f:2a:2d:7c:8a:
76:6b:5a:21:fc:ea:fa:23:b2:0a:3b:c9:68:b4:f6:
ba:69:45:83:2b:d2:12:18:50:63:e1:30:e0:7a:b1:
49:64:86:86:85:da:5f:10:6f:32:b2:7c:24:52:03:
04:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:AD:6E:D8:EA:4E:1D:F3:C5:C9:61:52:A5:2B:63:8C:54:76:D5:E3
X509v3 Authority Key Identifier:
keyid:09:7B:B4:8E:21:4B:B4:D8:DB:42:30:3E:9D:92:A6:C7:09:48:CC:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXu0jiFLtNjbQjA-nZKmxwlIzB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/XK1u2OpOHfPFyWFSpStjjFR21eM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40becd-19e9-43fd-a1b8-056f463327e1/1/CXu0jiFLtNjbQjA-nZKmxwlIzB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.238.166.0/24
Signature Algorithm: sha256WithRSAEncryption
b8:c5:d9:21:86:12:89:16:bf:5c:76:28:ed:d4:bc:12:75:82:
c2:dd:be:e0:f5:f5:19:30:e5:45:3e:c9:3a:05:be:c0:b4:02:
b7:d6:9b:a1:5a:d6:81:ae:6d:0f:e2:b3:a5:10:b8:b9:cf:12:
c0:42:24:a3:87:4d:80:33:d8:30:3c:ed:cb:6d:8f:20:37:7d:
99:75:fa:1e:72:16:fe:1b:d2:c2:ce:40:72:04:1a:19:ef:6b:
3b:08:87:15:17:a3:50:66:81:84:c6:64:e4:f9:fb:08:9f:e9:
32:0c:21:52:05:5d:e6:7d:b6:48:d9:cc:2a:a4:8d:2c:0b:b0:
78:f3:3c:5b:03:3d:99:d0:9d:ba:50:96:95:b8:ff:16:25:0f:
57:60:1f:d9:96:71:e2:8b:38:b3:86:c1:4b:d1:85:2f:06:b8:
04:8b:3f:6c:c3:cc:7c:50:ec:a0:b1:40:80:ed:59:78:87:aa:
a2:20:f7:73:a6:d5:20:4f:e9:b1:5f:d5:bc:6d:6c:13:f2:97:
72:a7:65:38:57:5a:63:4c:fb:a6:e6:41:52:ed:ea:4c:94:94:
0b:d5:4c:ef:57:71:29:e0:df:de:4e:1f:38:5d:1e:42:ec:11:
77:2e:0e:e0:af:1a:95:72:04:18:bd:4a:9b:a2:83:88:7a:a4:
04:e0:7e:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+36XlmOVX8quriAt/jHvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5N2JiNDhlMjE0YmI0ZDhkYjQyMzAzZTlkOTJhNmM3MDk0
OGNjMWQwHhcNMjYwMzMwMTMxMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FkNmVkOGVhNGUxZGYzYzVjOTYxNTJhNTJiNjM4YzU0NzZkNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoknOmS3EIzNprZyysC7qJY0zNBE
7d+W+O8bS2xkH+0cn/sNGXJpDN3ct4NBlnSmSlVebKn6sToLopLxRq/lg4M7FPPd
6mOo11U9At5zQDPowGDGZYiJPObogIsorvWO4tKvNT081Xt0PHEOTM+jgfc+/lBr
lkix8pMtePi10RiXuYQWGuJgVHMhbxk2S8kd3t4wy8mfpmQCpsfkjwD1jcQr5obX
8/6EX5XfdGz4j4YGIi4Mq+emcjLVlOda0bsOjNucTkq7t3S+uGw3HyotfIp2a1oh
/Or6I7IKO8lotPa6aUWDK9ISGFBj4TDgerFJZIaGhdpfEG8ysnwkUgMEPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFytbtjqTh3zxclhUqUrY4xUdtXjMB8GA1UdIwQY
MBaAFAl7tI4hS7TY20IwPp2SpscJSMwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgt
MDU2ZjQ2MzMyN2UxLzEvWEsxdTJPcE9IZlBGeVdGU3BTdGpqRlIyMWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MGJlY2QtMTllOS00M2ZkLWExYjgtMDU2ZjQ2MzMyN2Ux
LzEvQ1h1MGppRkx0TmpiUWpBLW5aS214d2xJekIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6mMA0G
CSqGSIb3DQEBCwUAA4IBAQC4xdkhhhKJFr9cdijt1LwSdYLC3b7g9fUZMOVFPsk6
Bb7AtAK31puhWtaBrm0P4rOlELi5zxLAQiSjh02AM9gwPO3LbY8gN32Zdfoechb+
G9LCzkByBBoZ72s7CIcVF6NQZoGExmTk+fsIn+kyDCFSBV3mfbZI2cwqpI0sC7B4
8zxbAz2Z0J26UJaVuP8WJQ9XYB/ZlnHiizizhsFL0YUvBrgEiz9sw8x8UOygsUCA
7Vl4h6qiIPdzptUgT+mxX9W8bWwT8pdyp2U4V1pjTPum5kFS7epMlJQL1UzvV3Ep
4N/eTh84XR5C7BF3Lg7grxqVcgQYvUqbooOIeqQE4H7T
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:15:58 2026 by rpki-client