Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xjXafc7OvlG-kDkHajT6EA4vJF8.roa
File: xjXafc7OvlG-kDkHajT6EA4vJF8.roa (raw, json)
Hash identifier: hseObSCchdgMez+v8i3rhFwbsdMc8bwm2J1L1murTis=
Subject key identifier: C6:35:DA:7D:CE:CE:BE:51:BE:90:39:07:6A:34:FA:10:0E:2F:24:5F
Certificate issuer: /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial: 019A4ABBA780549FDE9402C065F094AE2BD4
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xjXafc7OvlG-kDkHajT6EA4vJF8.roa
Signing time: Mon 03 Nov 2025 17:20:03 +0000
ROA not before: Mon 03 Nov 2025 17:20:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 400212
IP address blocks: 109.175.210.0/24 maxlen: 24
109.205.193.0/24 maxlen: 24
158.94.220.0/23 maxlen: 24
158.94.221.0/24 maxlen: 24
2a01:fb01::/32 maxlen: 32
2a01:fb02:8000::/34 maxlen: 34
2a01:fb06::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 20:00:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4a:bb:a7:80:54:9f:de:94:02:c0:65:f0:94:ae:2b:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Validity
Not Before: Nov 3 17:20:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c635da7dcecebe51be9039076a34fa100e2f245f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:8e:fd:cf:94:49:c6:1d:c2:1c:08:06:34:a4:
7f:c0:11:7e:a5:39:48:07:fc:48:3b:65:5e:a7:97:
74:dc:2f:5d:dc:e9:0d:5c:73:26:38:7d:5b:c1:dc:
a9:6b:65:3a:ac:f3:69:c1:fa:af:43:d2:6d:ae:0f:
4c:ce:bd:ef:2a:0a:59:57:02:0f:f7:86:7a:c1:86:
01:2f:55:72:b7:9f:cc:8f:9d:6f:42:50:2f:24:a6:
88:61:3e:ff:e9:93:bb:d6:b0:f3:95:3f:b3:bd:ce:
cf:b1:12:f6:30:30:d2:52:52:6c:5f:2d:0b:95:8d:
dc:fb:4e:ec:52:87:8f:2e:3d:9b:a2:7b:f4:5a:0b:
c0:5e:ee:f5:73:2b:66:fd:c9:4c:6c:c6:ec:4f:27:
3e:a3:56:26:e6:74:05:eb:78:c8:35:94:c3:52:bf:
af:88:a4:e2:da:59:47:97:62:86:3a:a0:20:30:5e:
e7:25:50:91:cf:a5:94:7a:73:f8:40:70:97:8d:45:
63:39:cf:59:de:c2:c2:18:72:37:85:19:75:a6:be:
38:08:76:6a:a0:f9:89:b9:1d:41:b8:5d:91:4f:e5:
ba:a7:fe:fa:e5:f6:47:26:5c:19:f5:91:04:52:ee:
cd:c4:73:b0:a0:d6:61:66:e4:6c:93:43:90:54:c0:
f5:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:35:DA:7D:CE:CE:BE:51:BE:90:39:07:6A:34:FA:10:0E:2F:24:5F
X509v3 Authority Key Identifier:
keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/xjXafc7OvlG-kDkHajT6EA4vJF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.175.210.0/24
109.205.193.0/24
158.94.220.0/23
IPv6:
2a01:fb01::/32
2a01:fb02:8000::/34
2a01:fb06::/32
Signature Algorithm: sha256WithRSAEncryption
5f:2b:73:5b:58:09:68:a8:e8:fe:0e:b4:f2:a3:9a:f6:92:14:
ba:ac:39:d7:63:de:3e:1e:35:14:b5:ca:6e:6a:be:bf:8c:bb:
4a:83:6f:7d:35:78:63:cf:70:2e:8d:02:d7:13:6f:4f:8a:51:
6c:51:b9:07:3f:07:91:d5:43:bb:51:de:4f:85:5e:ef:a5:74:
bf:b5:cb:24:8f:7c:6e:c3:b7:97:6a:ca:ea:aa:c6:19:83:85:
68:52:b7:fb:38:5d:d2:d9:e3:26:ba:09:8a:9c:d8:3b:37:63:
9d:d1:a3:da:d9:1c:4b:40:b5:8d:d6:15:fb:55:66:94:f9:a9:
a8:32:08:89:ac:03:3b:06:11:27:5e:5e:30:d6:5a:85:e3:27:
16:46:58:62:ae:85:ad:27:e4:5d:46:f3:a2:f9:db:1f:dd:6f:
2d:12:a9:0e:f9:0c:a4:7d:e9:8b:3d:13:9b:ff:5c:fc:f3:06:
64:5b:8d:33:50:df:89:18:83:19:ca:c4:4f:bd:f3:7e:8f:9d:
a4:b4:b8:48:d4:aa:fb:43:83:9f:3b:2c:61:de:dc:25:a4:3a:
fd:57:af:8e:88:4a:93:f6:f6:ce:13:bc:53:14:d5:00:e5:34:
0d:9e:74:fd:bf:3c:c2:fa:ad:f4:fe:ba:8b:e3:31:1c:99:07:
5e:54:89:7d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZpKu6eAVJ/elALAZfCUrivUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMTAzMTcyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM1ZGE3ZGNlY2ViZTUxYmU5MDM5MDc2YTM0ZmExMDBlMmYyNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI79z5RJxh3CHAgGNKR/wBF+pTlI
B/xIO2Vep5d03C9d3OkNXHMmOH1bwdypa2U6rPNpwfqvQ9Jtrg9Mzr3vKgpZVwIP
94Z6wYYBL1Vyt5/Mj51vQlAvJKaIYT7/6ZO71rDzlT+zvc7PsRL2MDDSUlJsXy0L
lY3c+07sUoePLj2bonv0WgvAXu71cytm/clMbMbsTyc+o1Ym5nQF63jINZTDUr+v
iKTi2llHl2KGOqAgMF7nJVCRz6WUenP4QHCXjUVjOc9Z3sLCGHI3hRl1pr44CHZq
oPmJuR1BuF2RT+W6p/765fZHJlwZ9ZEEUu7NxHOwoNZhZuRsk0OQVMD1FQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMY12n3Ozr5RvpA5B2o0+hAOLyRfMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEveGpYYWZjN092bEcta0RrSGFqVDZFQTR2SkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAYBAIAATASAwQAba/SAwQA
bc3BAwQBnl7cMBwEAgACMBYDBQAqAfsBAwYGKgH7AoADBQAqAfsGMA0GCSqGSIb3
DQEBCwUAA4IBAQBfK3NbWAloqOj+DrTyo5r2khS6rDnXY94+HjUUtcpuar6/jLtK
g299NXhjz3AujQLXE29PilFsUbkHPweR1UO7Ud5PhV7vpXS/tcskj3xuw7eXasrq
qsYZg4VoUrf7OF3S2eMmugmKnNg7N2Od0aPa2RxLQLWN1hX7VWaU+amoMgiJrAM7
BhEnXl4w1lqF4ycWRlhiroWtJ+RdRvOi+dsf3W8tEqkO+QykfemLPROb/1z88wZk
W40zUN+JGIMZysRPvfN+j52ktLhI1Kr7Q4OfOyxh3twlpDr9V6+OiEqT9vbOE7xT
FNUA5TQNnnT9vzzC+q30/rqL4zEcmQdeVIl9
-----END CERTIFICATE-----
Generated at Wed Nov 5 05:00:06 2025 by rpki-client