Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/kxBrpruKDuGzW0NKXwURi8d-6VQ.roa
File: kxBrpruKDuGzW0NKXwURi8d-6VQ.roa (raw, json)
Hash identifier: 02RU11M5D0CdS2SF0qjoKxJ8RM04GckOdquc3ZcId8E=
Subject key identifier: 93:10:6B:A6:BB:8A:0E:E1:B3:5B:43:4A:5F:05:11:8B:C7:7E:E9:54
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019D72669D46160470147D529C5D84585784
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/kxBrpruKDuGzW0NKXwURi8d-6VQ.roa
Signing time: Thu 09 Apr 2026 13:20:20 +0000
ROA not before: Thu 09 Apr 2026 13:20:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8434
IP address blocks: 192.36.37.0/24 maxlen: 24
192.71.97.0/24 maxlen: 24
192.71.158.0/24 maxlen: 24
192.121.21.0/24 maxlen: 24
192.121.172.0/24 maxlen: 24
192.121.192.0/24 maxlen: 24
192.165.65.0/24 maxlen: 24
192.165.86.0/24 maxlen: 24
193.180.61.0/24 maxlen: 24
193.181.0.0/24 maxlen: 24
193.181.187.0/24 maxlen: 24
193.183.3.0/24 maxlen: 24
193.183.118.0/24 maxlen: 24
193.234.220.0/23 maxlen: 23
193.234.237.0/24 maxlen: 24
193.235.85.0/24 maxlen: 24
193.235.142.0/23 maxlen: 24
194.14.129.0/24 maxlen: 24
194.14.212.0/24 maxlen: 24
194.68.56.0/23 maxlen: 23
194.68.99.0/24 maxlen: 24
194.68.126.0/24 maxlen: 24
194.68.194.0/23 maxlen: 23
194.71.27.0/24 maxlen: 24
194.71.83.0/24 maxlen: 24
194.71.140.0/23 maxlen: 23
194.71.168.0/24 maxlen: 24
194.103.50.0/24 maxlen: 24
194.132.108.0/23 maxlen: 24
194.132.174.0/24 maxlen: 24
194.132.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:66:9d:46:16:04:70:14:7d:52:9c:5d:84:58:57:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Apr 9 13:20:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=93106ba6bb8a0ee1b35b434a5f05118bc77ee954
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:82:8e:75:b9:8c:95:98:64:bd:06:33:1c:fa:
e9:b8:ef:e4:71:9c:74:09:22:b0:fe:85:2f:1d:58:
55:a6:ff:ff:9a:a3:6c:05:9c:f0:d3:52:13:9c:97:
ce:76:58:0c:ac:24:0e:e7:16:f9:a9:31:33:ab:fa:
42:f1:52:03:37:29:f7:d2:14:0d:ea:00:35:c0:10:
6b:c2:3f:b1:d6:1d:5f:9f:2f:6c:c4:9c:e8:15:e7:
db:b2:4a:0a:28:3c:52:4e:9c:16:5f:39:e0:e0:df:
5a:42:25:ad:2c:30:d8:10:6b:07:a5:ee:41:62:6d:
6e:88:d0:1c:bf:a2:85:04:10:69:3f:4e:d7:95:52:
03:fc:eb:47:13:98:d9:38:f0:d5:d4:cd:45:24:75:
e5:c0:93:d0:a7:9f:b4:aa:4e:26:51:e8:8b:3f:c0:
22:46:74:95:b1:91:13:bf:8e:09:73:79:ba:6e:6a:
76:42:13:b3:13:dd:12:69:af:a1:98:56:cd:d1:8a:
88:65:a4:c5:c0:2e:b9:bb:37:e3:f0:92:8c:70:e2:
5b:66:df:bc:74:02:4d:c3:03:79:f7:af:50:a8:43:
25:f8:28:d8:46:ae:64:22:a2:cf:d2:ce:40:65:af:
15:9a:d3:e3:e9:5c:2c:b4:9d:b1:89:8a:d0:a1:30:
04:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:10:6B:A6:BB:8A:0E:E1:B3:5B:43:4A:5F:05:11:8B:C7:7E:E9:54
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/kxBrpruKDuGzW0NKXwURi8d-6VQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.37.0/24
192.71.97.0/24
192.71.158.0/24
192.121.21.0/24
192.121.172.0/24
192.121.192.0/24
192.165.65.0/24
192.165.86.0/24
193.180.61.0/24
193.181.0.0/24
193.181.187.0/24
193.183.3.0/24
193.183.118.0/24
193.234.220.0/23
193.234.237.0/24
193.235.85.0/24
193.235.142.0/23
194.14.129.0/24
194.14.212.0/24
194.68.56.0/23
194.68.99.0/24
194.68.126.0/24
194.68.194.0/23
194.71.27.0/24
194.71.83.0/24
194.71.140.0/23
194.71.168.0/24
194.103.50.0/24
194.132.108.0/23
194.132.174.0/23
Signature Algorithm: sha256WithRSAEncryption
21:ad:f0:88:da:80:3f:d9:37:b6:52:8e:69:de:aa:b1:58:ea:
a6:d9:cf:6a:17:6b:3b:17:2f:63:e7:6f:18:60:77:09:37:b2:
53:a5:e5:46:9a:88:ad:84:b7:5c:21:ac:53:ab:1e:7f:cb:84:
a3:60:2a:f8:53:11:bd:3f:af:cf:62:66:45:09:6c:31:c0:65:
fd:19:f9:bd:4e:ee:fd:9a:8e:fc:90:7a:cd:37:c8:4a:0b:f7:
84:62:6c:d1:9f:69:09:9f:04:9e:d6:96:33:5a:af:b8:3d:06:
73:f1:38:86:8c:d1:89:45:7b:7a:03:4f:8a:74:7a:4e:83:11:
53:2c:f2:81:4b:29:d1:8d:53:0f:24:c3:22:6a:5b:52:93:1f:
4b:78:cb:57:be:73:0f:24:e6:e4:7c:60:3a:09:16:98:2b:3e:
55:8c:55:00:89:2a:5d:3e:34:c0:72:1d:f9:4e:53:2b:e4:f7:
d1:ea:96:37:55:ac:d1:f7:1b:e5:2d:cf:70:82:e3:8c:77:1f:
08:80:49:bb:62:a9:17:7b:88:6d:15:49:97:ff:04:b9:75:f9:
73:2d:d3:d7:f7:eb:7a:ac:0e:3e:16:94:dd:91:9b:01:d1:a6:
e5:4a:79:a4:ee:48:d6:76:3a:ad:bd:27:3c:08:98:a1:e9:f9:
88:0a:e3:91
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAZ1yZp1GFgRwFH1SnF2EWFeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwNDA5MTMyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzEwNmJhNmJiOGEwZWUxYjM1YjQzNGE1ZjA1MTE4YmM3N2VlOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYKOdbmMlZhkvQYzHPrpuO/kcZx0
CSKw/oUvHVhVpv//mqNsBZzw01ITnJfOdlgMrCQO5xb5qTEzq/pC8VIDNyn30hQN
6gA1wBBrwj+x1h1fny9sxJzoFefbskoKKDxSTpwWXzng4N9aQiWtLDDYEGsHpe5B
Ym1uiNAcv6KFBBBpP07XlVID/OtHE5jZOPDV1M1FJHXlwJPQp5+0qk4mUeiLP8Ai
RnSVsZETv44Jc3m6bmp2QhOzE90Saa+hmFbN0YqIZaTFwC65uzfj8JKMcOJbZt+8
dAJNwwN5969QqEMl+CjYRq5kIqLP0s5AZa8VmtPj6VwstJ2xiYrQoTAE/wIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFJMQa6a7ig7hs1tDSl8FEYvHfulUMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEva3hCcnBydUtEdUd6VzBOS1h3VVJpOGQtNlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHRBggrBgEFBQcBBwEB/wSBwTCBvjCBuwQCAAEwgbQDBADA
JCUDBADAR2EDBADAR54DBADAeRUDBADAeawDBADAecADBADApUEDBADApVYDBADB
tD0DBADBtQADBADBtbsDBADBtwMDBADBt3YDBAHB6twDBADB6u0DBADB61UDBAHB
644DBADCDoEDBADCDtQDBAHCRDgDBADCRGMDBADCRH4DBAHCRMIDBADCRxsDBADC
R1MDBAHCR4wDBADCR6gDBADCZzIDBAHChGwDBAHChK4wDQYJKoZIhvcNAQELBQAD
ggEBACGt8IjagD/ZN7ZSjmneqrFY6qbZz2oXazsXL2Pnbxhgdwk3slOl5UaaiK2E
t1whrFOrHn/LhKNgKvhTEb0/r89iZkUJbDHAZf0Z+b1O7v2ajvyQes03yEoL94Ri
bNGfaQmfBJ7WljNar7g9BnPxOIaM0YlFe3oDT4p0ek6DEVMs8oFLKdGNUw8kwyJq
W1KTH0t4y1e+cw8k5uR8YDoJFpgrPlWMVQCJKl0+NMByHflOUyvk99HqljdVrNH3
G+Utz3CC44x3HwiASbtiqRd7iG0VSZf/BLl1+XMt09f363qsDj4WlN2RmwHRpuVK
eaTuSNZ2Oq29JzwImKHp+YgK45E=
-----END CERTIFICATE-----
Generated at Fri Apr 17 23:26:51 2026 by rpki-client