Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/X8VKPIZs2cxgP7KAitegaaOStYA.roa
File: X8VKPIZs2cxgP7KAitegaaOStYA.roa (raw, json)
Hash identifier: UyQbpqHhpeql1FOSwNKPw4wVEieRWnlJTJJzgyGrAow=
Subject key identifier: 5F:C5:4A:3C:86:6C:D9:CC:60:3F:B2:80:8A:D7:A0:69:A3:92:B5:80
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019C2A2F0F7E9F260AA8B3D2CD32FE82D217
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/X8VKPIZs2cxgP7KAitegaaOStYA.roa
Signing time: Wed 04 Feb 2026 19:44:13 +0000
ROA not before: Wed 04 Feb 2026 19:44:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8772
IP address blocks: 95.164.15.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.56.0/22 maxlen: 22
95.164.61.0/24 maxlen: 24
95.164.72.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.115.0/24 maxlen: 24
95.164.120.0/24 maxlen: 24
95.164.121.0/24 maxlen: 24
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.248.0/24 maxlen: 24
95.164.249.0/24 maxlen: 24
95.164.251.0/24 maxlen: 24
185.234.254.0/24 maxlen: 24
2a10:eb80::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 14:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2a:2f:0f:7e:9f:26:0a:a8:b3:d2:cd:32:fe:82:d2:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Feb 4 19:44:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5fc54a3c866cd9cc603fb2808ad7a069a392b580
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a2:92:f5:0e:93:bf:ac:8e:79:8a:93:29:0c:
fc:52:cc:35:63:08:f2:37:ae:5c:e9:1d:ca:19:99:
ee:91:68:e1:a7:cc:d0:6d:a3:f7:46:a5:2e:5b:7e:
0e:e9:cf:08:39:f2:e8:86:ab:b1:1a:a0:d8:fa:fb:
a3:8b:0d:45:e8:58:d0:02:b8:b9:0c:3f:7b:63:4c:
01:67:75:b7:21:3c:ad:37:f2:1e:ea:96:84:22:30:
e9:0e:cb:93:80:7e:5f:df:25:89:1c:06:7e:89:52:
0b:82:f9:34:f1:b2:6d:8a:33:c9:59:9d:f5:24:06:
a2:59:f9:2c:88:e8:8f:df:29:d9:64:b4:0a:db:8e:
ed:69:10:de:99:9c:c5:f3:73:4d:42:12:f0:47:f7:
dd:71:10:67:a5:51:bd:a1:a5:f3:ba:f4:cd:5a:85:
7b:e4:44:c9:fb:9e:8c:e9:5e:97:45:a5:8a:88:9e:
22:ea:90:35:92:55:10:19:07:22:e6:24:97:31:dd:
95:b9:d8:b9:e5:31:ce:14:20:8d:25:3d:eb:46:06:
ba:b0:44:22:20:18:a2:b5:79:0c:fb:6a:43:2c:1d:
5a:0a:cc:d6:f4:df:bb:b8:3c:88:51:31:cb:16:66:
d4:1c:5d:87:50:17:1b:cb:8b:b9:68:2d:8c:6c:96:
c2:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:C5:4A:3C:86:6C:D9:CC:60:3F:B2:80:8A:D7:A0:69:A3:92:B5:80
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/X8VKPIZs2cxgP7KAitegaaOStYA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.15.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.56.0/22
95.164.61.0/24
95.164.72.0-95.164.76.255
95.164.80.0/22
95.164.115.0/24
95.164.120.0/23
95.164.170.0-95.164.175.255
95.164.248.0/23
95.164.251.0/24
185.234.254.0/24
IPv6:
2a10:eb80::/29
Signature Algorithm: sha256WithRSAEncryption
aa:6d:a4:a8:60:2f:b9:0e:7a:2f:13:ba:11:f6:c7:81:03:9d:
d8:2b:4b:53:66:42:6f:ca:4d:3a:e5:af:bf:cd:94:7a:05:57:
93:d5:3a:a6:60:eb:12:23:df:88:ec:3f:42:7e:19:08:24:49:
70:6c:55:d5:8c:fb:a1:57:8c:fa:cd:28:d8:d8:b0:71:4f:15:
10:c9:85:dc:6e:5c:ce:71:7a:7a:d2:7d:12:99:92:77:66:97:
3b:05:72:a9:c9:85:72:e1:dd:cc:75:58:b8:12:21:99:1b:89:
f7:06:c4:04:38:a0:16:58:aa:5a:6e:7e:fb:d8:02:9a:a4:2b:
80:3c:a3:6c:5c:fd:3e:f1:cc:64:da:1d:49:a7:d1:af:6f:6f:
e1:c4:ef:f9:fa:cc:f2:07:b9:18:5e:db:11:7b:5e:53:28:3a:
92:b7:1a:e9:3f:7e:86:c1:7e:25:ea:d8:b7:19:5f:59:cb:f8:
25:97:b0:c3:d2:fb:51:e9:64:cb:eb:ae:02:fe:aa:b6:c8:91:
98:b2:6c:fb:e4:bc:0b:fe:40:a7:b1:41:7e:78:52:1d:c3:39:
44:35:4c:9c:29:bc:f3:62:1b:6f:73:c9:68:8d:cc:35:da:6c:
a1:cb:4f:92:8e:2f:11:cf:2a:b5:44:96:f8:86:c7:c9:a2:d7:
4b:79:b9:7e
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAZwqLw9+nyYKqLPSzTL+gtIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMjA0MTk0NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM1NGEzYzg2NmNkOWNjNjAzZmIyODA4YWQ3YTA2OWEzOTJiNTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaKS9Q6Tv6yOeYqTKQz8Usw1Ywjy
N65c6R3KGZnukWjhp8zQbaP3RqUuW34O6c8IOfLohquxGqDY+vujiw1F6FjQAri5
DD97Y0wBZ3W3ITytN/Ie6paEIjDpDsuTgH5f3yWJHAZ+iVILgvk08bJtijPJWZ31
JAaiWfksiOiP3ynZZLQK247taRDemZzF83NNQhLwR/fdcRBnpVG9oaXzuvTNWoV7
5ETJ+56M6V6XRaWKiJ4i6pA1klUQGQci5iSXMd2Vudi55THOFCCNJT3rRga6sEQi
IBiitXkM+2pDLB1aCszW9N+7uDyIUTHLFmbUHF2HUBcby4u5aC2MbJbCoQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFF/FSjyGbNnMYD+ygIrXoGmjkrWAMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvWDhWS1BJWnMyY3hnUDdLQWl0ZWdhYU9TdFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAF+kDwME
Al+kKDAMAwQAX6QxAwQAX6QyAwQCX6Q4AwQAX6Q9MAwDBANfpEgDBABfpEwDBAJf
pFADBABfpHMDBAFfpHgwDAMEAV+kqgMEBF+koAMEAV+k+AMEAF+k+wMEALnq/jAN
BAIAAjAHAwUDKhDrgDANBgkqhkiG9w0BAQsFAAOCAQEAqm2kqGAvuQ56LxO6EfbH
gQOd2CtLU2ZCb8pNOuWvv82UegVXk9U6pmDrEiPfiOw/Qn4ZCCRJcGxV1Yz7oVeM
+s0o2NiwcU8VEMmF3G5cznF6etJ9EpmSd2aXOwVyqcmFcuHdzHVYuBIhmRuJ9wbE
BDigFliqWm5++9gCmqQrgDyjbFz9PvHMZNodSafRr29v4cTv+frM8ge5GF7bEXte
Uyg6krca6T9+hsF+JerYtxlfWcv4JZeww9L7Uelky+uuAv6qtsiRmLJs++S8C/5A
p7FBfnhSHcM5RDVMnCm882Ibb3PJaI3MNdpsoctPko4vEc8qtUSW+IbHyaLXS3m5
fg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 20:04:43 2026 by rpki-client