Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xqWPzURQERwArIFHXEX3EnCl6G0.roa
File: xqWPzURQERwArIFHXEX3EnCl6G0.roa (raw, json)
Hash identifier: sdIn7OH8dSfwnW0kTcunJQ/gFY1CcgJ+fH9TWlySv04=
Subject key identifier: C6:A5:8F:CD:44:50:11:1C:00:AC:81:47:5C:45:F7:12:70:A5:E8:6D
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 019A29F5C20F1F99FA4C6C7E1740B7116DAB
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xqWPzURQERwArIFHXEX3EnCl6G0.roa
Signing time: Tue 28 Oct 2025 08:36:03 +0000
ROA not before: Tue 28 Oct 2025 08:36:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203936
IP address blocks: 45.144.248.0/22 maxlen: 24
89.40.238.0/24 maxlen: 24
89.43.72.0/24 maxlen: 24
89.43.198.0/24 maxlen: 24
89.44.145.0/24 maxlen: 24
185.249.232.0/24 maxlen: 24
185.253.144.0/22 maxlen: 24
185.253.145.0/24 maxlen: 24
193.39.92.0/24 maxlen: 24
193.39.93.0/24 maxlen: 24
193.39.94.0/24 maxlen: 24
193.39.95.0/24 maxlen: 24
194.15.219.0/24 maxlen: 24
194.15.232.0/24 maxlen: 24
194.15.236.0/24 maxlen: 24
194.26.1.0/24 maxlen: 24
2a0c:1380::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 13:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:29:f5:c2:0f:1f:99:fa:4c:6c:7e:17:40:b7:11:6d:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Oct 28 08:36:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c6a58fcd4450111c00ac81475c45f71270a5e86d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:65:b3:5a:47:59:6f:61:d6:28:09:09:6c:fb:
0c:4c:f7:b5:cc:74:e8:96:b7:92:0a:ca:eb:2c:cb:
58:2e:29:8d:f3:c9:96:25:77:74:34:10:ec:b9:c9:
df:48:57:cb:5a:ea:6c:71:b7:61:5f:80:df:2e:94:
68:40:2d:26:99:22:12:36:61:2a:b2:9a:d9:13:bb:
96:a6:f9:40:3c:f0:b6:90:a1:85:6f:6d:e7:c8:d8:
74:2d:aa:ab:6a:82:57:0a:3b:42:99:03:53:e6:0a:
17:e4:7f:68:54:fd:77:b6:ca:05:0e:c5:b5:af:2c:
89:42:c9:77:d9:ff:99:a0:6f:be:17:ed:25:30:c3:
6c:29:f0:74:c4:0d:32:df:7b:0d:ce:48:a6:cf:5d:
2f:3c:c1:61:37:66:33:9a:17:cc:7f:69:63:11:73:
ee:c7:d2:11:90:81:3e:60:de:92:9f:68:ca:bc:e4:
c4:1e:e8:fc:b6:df:f6:86:1d:09:c3:9d:62:a1:0d:
4e:d5:f9:74:33:3f:e2:1e:25:18:34:3e:69:ea:45:
94:14:ce:fc:ab:dc:95:f7:e5:98:92:c2:c7:08:a3:
a7:a5:b8:5a:23:da:0a:50:fa:25:76:1e:e2:6a:b1:
a3:49:d4:09:75:17:de:8a:1e:2c:6a:66:8a:a1:4a:
cd:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A5:8F:CD:44:50:11:1C:00:AC:81:47:5C:45:F7:12:70:A5:E8:6D
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xqWPzURQERwArIFHXEX3EnCl6G0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.248.0/22
89.40.238.0/24
89.43.72.0/24
89.43.198.0/24
89.44.145.0/24
185.249.232.0/24
185.253.144.0/22
193.39.92.0/22
194.15.219.0/24
194.15.232.0/24
194.15.236.0/24
194.26.1.0/24
IPv6:
2a0c:1380::/29
Signature Algorithm: sha256WithRSAEncryption
14:d0:15:da:9d:bb:d3:f4:fc:42:b3:9e:f5:b8:9a:59:60:dc:
4e:fc:aa:2f:6d:be:52:d1:87:3f:7c:3e:eb:e5:05:8b:d5:53:
39:39:81:98:90:d0:b5:c7:b9:e1:0c:de:67:98:f3:18:e8:f4:
e5:bc:e5:81:99:5b:e2:87:13:eb:74:dd:6f:63:24:9d:44:b0:
1a:4b:21:84:92:f2:c0:9d:e8:46:d4:cc:82:f7:6d:01:d4:2f:
ec:04:4f:ca:0e:7b:57:1d:99:01:c9:d5:6f:9f:68:15:09:1e:
6d:7b:49:d0:60:fd:7a:cc:25:b4:3d:c7:14:8d:cb:ac:98:5d:
33:56:0b:3b:8f:d5:d2:56:23:73:6e:cd:d8:5a:6a:91:62:63:
7d:4f:6a:1a:ec:92:fa:3b:f0:67:f6:c0:f6:83:c8:62:8c:53:
2c:42:3f:ab:39:60:eb:a2:5c:4e:94:13:dd:a1:e6:5d:65:ce:
97:ca:33:02:3f:ca:d5:74:51:e7:d3:e6:66:f2:34:4b:4b:43:
5c:54:ee:23:52:d9:83:1e:28:ff:89:55:53:6e:0a:11:f0:ae:
8c:9f:95:7f:7a:96:a7:fc:82:ad:53:1a:72:89:40:78:5f:b3:
70:17:84:24:f1:42:b3:00:ab:da:3f:49:92:ff:84:2e:3e:bf:
86:2e:01:3e
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAZop9cIPH5n6TGx+F0C3EW2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUxMDI4MDgzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE1OGZjZDQ0NTAxMTFjMDBhYzgxNDc1YzQ1ZjcxMjcwYTVlODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WWzWkdZb2HWKAkJbPsMTPe1zHTo
lreSCsrrLMtYLimN88mWJXd0NBDsucnfSFfLWupscbdhX4DfLpRoQC0mmSISNmEq
sprZE7uWpvlAPPC2kKGFb23nyNh0LaqraoJXCjtCmQNT5goX5H9oVP13tsoFDsW1
ryyJQsl32f+ZoG++F+0lMMNsKfB0xA0y33sNzkimz10vPMFhN2YzmhfMf2ljEXPu
x9IRkIE+YN6Sn2jKvOTEHuj8tt/2hh0Jw51ioQ1O1fl0Mz/iHiUYND5p6kWUFM78
q9yV9+WYksLHCKOnpbhaI9oKUPoldh7iarGjSdQJdRfeih4samaKoUrN2QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFMalj81EUBEcAKyBR1xF9xJwpehtMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEveHFXUHpVUlFFUndBcklGSFhFWDNFbkNsNkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQCLZD4AwQA
WSjuAwQAWStIAwQAWSvGAwQAWSyRAwQAufnoAwQCuf2QAwQCwSdcAwQAwg/bAwQA
wg/oAwQAwg/sAwQAwhoBMA0EAgACMAcDBQMqDBOAMA0GCSqGSIb3DQEBCwUAA4IB
AQAU0BXanbvT9PxCs571uJpZYNxO/Kovbb5S0Yc/fD7r5QWL1VM5OYGYkNC1x7nh
DN5nmPMY6PTlvOWBmVvihxPrdN1vYySdRLAaSyGEkvLAnehG1MyC920B1C/sBE/K
DntXHZkBydVvn2gVCR5te0nQYP16zCW0PccUjcusmF0zVgs7j9XSViNzbs3YWmqR
YmN9T2oa7JL6O/Bn9sD2g8hijFMsQj+rOWDrolxOlBPdoeZdZc6XyjMCP8rVdFHn
0+Zm8jRLS0NcVO4jUtmDHij/iVVTbgoR8K6Mn5V/epan/IKtUxpyiUB4X7NwF4Qk
8UKzAKvaP0mS/4QuPr+GLgE+
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:50:19 2025 by rpki-client