Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/txBk-VXH5xe4UoDume1p4XjQxe8.roa
File: txBk-VXH5xe4UoDume1p4XjQxe8.roa (raw, json)
Hash identifier: fvggVxYxk2NuJg8YSSyrCKqxJryG0wPDwlaCqOHmZFc=
Subject key identifier: B7:10:64:F9:55:C7:E7:17:B8:52:80:EE:99:ED:69:E1:78:D0:C5:EF
Certificate issuer: /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial: 019D4EE900D528C6F9CD0774C77F338B0842
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/txBk-VXH5xe4UoDume1p4XjQxe8.roa
Signing time: Thu 02 Apr 2026 15:56:25 +0000
ROA not before: Thu 02 Apr 2026 15:56:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29632
IP address blocks: 95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.56.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:47:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4e:e9:00:d5:28:c6:f9:cd:07:74:c7:7f:33:8b:08:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
Validity
Not Before: Apr 2 15:56:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b71064f955c7e717b85280ee99ed69e178d0c5ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:6b:79:c0:d3:93:0f:ae:f0:39:64:c7:63:ea:
66:2c:4e:07:51:07:e3:1c:45:a6:af:ce:e6:ec:37:
0a:33:d9:32:0d:b4:94:f9:e8:3e:3c:4b:b9:b9:d4:
49:5a:c4:9c:1b:04:f7:9b:52:3d:a6:a3:53:5d:7c:
d5:62:3b:8a:27:57:0c:17:40:a2:9f:2a:19:66:f7:
2d:00:6b:a0:4d:e9:45:82:85:50:fa:c7:e9:bb:aa:
4c:96:ea:d5:37:63:8d:ed:da:b4:45:5b:28:69:7a:
cd:78:cf:11:bb:04:30:fa:06:97:b7:d9:5b:8a:ea:
eb:b3:98:35:9a:16:2b:a2:cf:fa:6c:6e:15:92:58:
06:66:1f:a2:03:f8:b0:35:59:e6:0b:23:84:18:4f:
ee:46:27:af:5e:dd:57:61:84:5d:9b:07:6d:f4:5e:
db:82:fd:cb:52:41:ef:65:b6:cc:c4:44:1d:ef:14:
f5:90:6b:bf:e8:4f:c3:ab:89:60:d8:1a:c5:5c:97:
ba:d2:55:75:92:47:6b:c1:c7:f5:09:b8:db:ba:79:
14:82:40:f2:be:3f:cc:d7:8f:19:02:c9:dd:23:9b:
c0:0b:96:0c:20:f0:dc:b4:1b:e0:8c:78:a5:55:ce:
41:02:26:7c:a2:65:13:4f:42:c6:0c:2b:ba:01:e3:
42:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:10:64:F9:55:C7:E7:17:B8:52:80:EE:99:ED:69:E1:78:D0:C5:EF
X509v3 Authority Key Identifier:
keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/txBk-VXH5xe4UoDume1p4XjQxe8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.56.0/22
95.164.76.0/24
95.164.80.0/22
95.164.170.0-95.164.175.255
95.164.251.0/24
Signature Algorithm: sha256WithRSAEncryption
79:0d:de:2e:67:25:93:93:11:8a:e6:f2:38:7d:98:6c:3d:61:
bc:d8:0e:a4:42:4c:8e:53:8d:16:41:6c:b7:7f:ee:cb:0f:19:
86:4b:24:6d:1e:3a:65:e4:ce:12:f9:cb:a1:82:fa:b9:dd:fa:
66:4f:86:43:9d:a2:c7:9d:ed:9d:33:14:81:c3:ef:3f:7e:54:
35:50:e0:f9:fd:a7:aa:4f:7c:89:c0:34:5e:c5:3a:81:62:55:
4b:e1:f9:71:d4:42:2d:5c:02:92:86:b3:d3:64:2d:f5:c4:e5:
2c:68:b9:2d:ac:da:81:10:49:19:f0:b9:a2:03:df:73:7e:08:
8f:8e:27:8c:3c:be:7a:eb:45:a0:c0:d6:c2:4c:74:16:1e:e3:
72:7a:dd:d3:eb:21:38:8b:08:de:c1:54:88:90:3d:b4:d2:96:
8d:34:d2:72:79:91:0f:3a:f2:01:0b:a9:b2:15:f0:2f:43:d3:
47:bd:d2:02:41:ce:c8:bd:f1:34:f4:0b:ba:81:cc:88:68:ad:
14:22:86:b0:86:be:af:a8:7b:4a:c3:9e:14:6b:3d:57:64:b1:
30:e7:cb:27:fd:7f:dc:a9:aa:47:b1:ae:5e:7b:99:06:12:52:
cd:a7:30:e0:62:ee:22:bc:e0:4e:45:d1:90:02:cf:e2:10:28:
40:f1:a5:c8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZ1O6QDVKMb5zQd0x38ziwhCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwNDAyMTU1NjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzEwNjRmOTU1YzdlNzE3Yjg1MjgwZWU5OWVkNjllMTc4ZDBjNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmt5wNOTD67wOWTHY+pmLE4HUQfj
HEWmr87m7DcKM9kyDbSU+eg+PEu5udRJWsScGwT3m1I9pqNTXXzVYjuKJ1cMF0Ci
nyoZZvctAGugTelFgoVQ+sfpu6pMlurVN2ON7dq0RVsoaXrNeM8RuwQw+gaXt9lb
iurrs5g1mhYros/6bG4VklgGZh+iA/iwNVnmCyOEGE/uRievXt1XYYRdmwdt9F7b
gv3LUkHvZbbMxEQd7xT1kGu/6E/Dq4lg2BrFXJe60lV1kkdrwcf1CbjbunkUgkDy
vj/M148ZAsndI5vAC5YMIPDctBvgjHilVc5BAiZ8omUTT0LGDCu6AeNC4QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFLcQZPlVx+cXuFKA7pntaeF40MXvMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvdHhCay1WWEg1eGU0VW9EdW1lMXA0WGpReGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQCX6QoMAwD
BABfpDEDBABfpDIDBAJfpDgDBABfpEwDBAJfpFAwDAMEAV+kqgMEBF+koAMEAF+k
+zANBgkqhkiG9w0BAQsFAAOCAQEAeQ3eLmclk5MRiubyOH2YbD1hvNgOpEJMjlON
FkFst3/uyw8ZhkskbR46ZeTOEvnLoYL6ud36Zk+GQ52ix53tnTMUgcPvP35UNVDg
+f2nqk98icA0XsU6gWJVS+H5cdRCLVwCkoaz02Qt9cTlLGi5LazagRBJGfC5ogPf
c34Ij44njDy+eutFoMDWwkx0Fh7jcnrd0+shOIsI3sFUiJA9tNKWjTTScnmRDzry
AQupshXwL0PTR73SAkHOyL3xNPQLuoHMiGitFCKGsIa+r6h7SsOeFGs9V2SxMOfL
J/1/3KmqR7GuXnuZBhJSzacw4GLuIrzgTkXRkALP4hAoQPGlyA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:35:44 2026 by rpki-client