Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/zlj3QQBO1pX9fbxSwUBHMbiiOHk.roa
File: zlj3QQBO1pX9fbxSwUBHMbiiOHk.roa (raw, json)
Hash identifier: d8BRjHjOAoCosOpbXFORgs5eLwaEvFtFykIWpPWeeu0=
Subject key identifier: CE:58:F7:41:00:4E:D6:95:FD:7D:BC:52:C1:40:47:31:B8:A2:38:79
Certificate issuer: /CN=d1122a5cb0643f736c7ec7961809a25938668f0e
Certificate serial: 019CD20121F51733FE8310B4316C9DF24427
Authority key identifier: D1:12:2A:5C:B0:64:3F:73:6C:7E:C7:96:18:09:A2:59:38:66:8F:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0RIqXLBkP3NsfseWGAmiWThmjw4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/zlj3QQBO1pX9fbxSwUBHMbiiOHk.roa
Signing time: Mon 09 Mar 2026 09:50:15 +0000
ROA not before: Mon 09 Mar 2026 09:50:15 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 60354
IP address blocks: 185.251.112.0/24 maxlen: 24
185.251.113.0/24 maxlen: 32
185.251.115.0/24 maxlen: 24
2a0c:1940::/44 maxlen: 44
2a0c:1940:10::/44 maxlen: 128
2a0c:1947::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/0RIqXLBkP3NsfseWGAmiWThmjw4.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/0RIqXLBkP3NsfseWGAmiWThmjw4.mft
rsync://rpki.ripe.net/repository/DEFAULT/0RIqXLBkP3NsfseWGAmiWThmjw4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 21:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d2:01:21:f5:17:33:fe:83:10:b4:31:6c:9d:f2:44:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1122a5cb0643f736c7ec7961809a25938668f0e
Validity
Not Before: Mar 9 09:50:15 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ce58f741004ed695fd7dbc52c1404731b8a23879
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:4d:2a:7b:28:7f:45:b0:ce:ce:6c:b9:a2:60:
3d:d6:13:f5:81:73:40:52:4b:05:39:e9:1c:3d:f2:
94:3c:ea:8a:bd:cd:7e:6d:8d:0e:4c:28:c1:44:94:
91:8f:87:33:49:be:3f:d9:ac:d9:47:90:de:df:f1:
bc:76:f3:6b:0d:c0:d9:0b:db:63:a1:c7:66:04:8d:
6e:98:c7:82:8b:a0:0e:63:50:d8:d3:6e:62:3e:c7:
1d:52:bc:f8:3f:ff:41:bd:8a:01:a5:1c:fb:29:f3:
ee:a0:8d:a2:b4:cd:72:f2:71:e6:23:f4:db:7b:25:
b1:ce:63:a1:c6:fc:2d:92:a9:09:5c:92:0b:8e:20:
c9:80:ff:9e:bc:02:61:24:bb:fd:25:0d:de:b4:38:
50:37:24:73:54:5c:a9:26:7f:14:8b:4f:de:7c:6f:
9b:7f:49:0c:0f:59:08:15:0e:0f:b2:44:35:87:db:
c4:e3:28:d4:09:51:a5:f5:63:3d:59:38:fc:9d:f2:
c6:cd:8a:ba:ed:0e:b8:5f:77:cb:85:6c:2f:c9:3f:
cc:8e:6c:b9:9c:a6:5b:8e:c7:7f:bf:52:37:e2:46:
be:7d:32:ad:2f:4d:bb:f6:34:53:27:cb:c5:b3:78:
b7:2c:59:cf:ca:44:13:9f:8e:93:e0:dc:ba:22:b8:
30:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:58:F7:41:00:4E:D6:95:FD:7D:BC:52:C1:40:47:31:B8:A2:38:79
X509v3 Authority Key Identifier:
keyid:D1:12:2A:5C:B0:64:3F:73:6C:7E:C7:96:18:09:A2:59:38:66:8F:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RIqXLBkP3NsfseWGAmiWThmjw4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/zlj3QQBO1pX9fbxSwUBHMbiiOHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/accd38-0ae6-4b43-a168-1152f4393020/1/0RIqXLBkP3NsfseWGAmiWThmjw4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.251.112.0/23
185.251.115.0/24
IPv6:
2a0c:1940::/43
2a0c:1947::/32
Signature Algorithm: sha256WithRSAEncryption
0c:7b:ac:be:b0:71:12:a1:a1:f1:33:34:02:cd:83:02:7c:d6:
95:1e:56:1f:fb:2b:39:94:ab:54:8f:90:f3:27:49:59:43:ac:
48:46:d0:3f:c9:b2:69:54:1b:08:3d:fd:da:97:d0:ad:70:70:
bf:ad:16:c7:ec:18:55:c7:9d:4a:67:08:4d:ba:dd:72:5e:d0:
9f:46:20:3e:02:62:7c:68:7c:35:fc:7d:09:4d:c6:e1:c2:2b:
21:7f:a4:c9:32:15:d6:f6:30:80:d7:37:9f:c8:76:ab:ad:a6:
68:73:ba:62:69:74:2a:ef:07:fe:a7:96:8a:f0:d9:59:fd:0f:
6c:09:06:13:ca:2a:87:41:6a:98:e4:ed:91:21:45:51:c9:d3:
26:48:bc:5f:ac:36:1c:0f:98:a9:fd:eb:d0:2a:2d:b2:a6:1c:
04:3b:ea:9f:53:da:c0:05:40:56:7b:96:b2:78:b6:e2:d1:fe:
a7:94:41:ba:89:74:b9:91:55:d1:5c:70:fc:a4:98:a2:c2:6e:
27:27:7d:13:f5:13:61:c2:c9:e3:4f:45:0e:99:c1:f1:53:0c:
20:4c:3e:32:d6:36:d8:c1:4e:c8:ad:bf:9b:8e:5a:af:b4:d3:
c0:cf:3d:7c:34:1a:05:6f:10:39:34:4a:16:b6:5e:0f:48:07:
0a:11:1d:14
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZzSASH1FzP+gxC0MWyd8kQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTIyYTVjYjA2NDNmNzM2YzdlYzc5NjE4MDlhMjU5Mzg2
NjhmMGUwHhcNMjYwMzA5MDk1MDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTU4Zjc0MTAwNGVkNjk1ZmQ3ZGJjNTJjMTQwNDczMWI4YTIzODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE0qeyh/RbDOzmy5omA91hP1gXNA
UksFOekcPfKUPOqKvc1+bY0OTCjBRJSRj4czSb4/2azZR5De3/G8dvNrDcDZC9tj
ocdmBI1umMeCi6AOY1DY025iPscdUrz4P/9BvYoBpRz7KfPuoI2itM1y8nHmI/Tb
eyWxzmOhxvwtkqkJXJILjiDJgP+evAJhJLv9JQ3etDhQNyRzVFypJn8Ui0/efG+b
f0kMD1kIFQ4PskQ1h9vE4yjUCVGl9WM9WTj8nfLGzYq67Q64X3fLhWwvyT/Mjmy5
nKZbjsd/v1I34ka+fTKtL0279jRTJ8vFs3i3LFnPykQTn46T4Ny6IrgwMQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFM5Y90EATtaV/X28UsFARzG4ojh5MB8GA1UdIwQY
MBaAFNESKlywZD9zbH7HlhgJolk4Zo8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJJcVhMQmtQM05zZnNlV0dBbWlXVGhtanc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hY2NkMzgtMGFlNi00YjQzLWExNjgt
MTE1MmY0MzkzMDIwLzEvemxqM1FRQk8xcFg5ZmJ4U3dVQkhNYmlpT0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hY2NkMzgtMGFlNi00YjQzLWExNjgtMTE1MmY0MzkzMDIw
LzEvMFJJcVhMQmtQM05zZnNlV0dBbWlXVGhtanc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQBuftwAwQA
uftzMBYEAgACMBADBwUqDBlAAAADBQAqDBlHMA0GCSqGSIb3DQEBCwUAA4IBAQAM
e6y+sHESoaHxMzQCzYMCfNaVHlYf+ys5lKtUj5DzJ0lZQ6xIRtA/ybJpVBsIPf3a
l9CtcHC/rRbH7BhVx51KZwhNut1yXtCfRiA+AmJ8aHw1/H0JTcbhwishf6TJMhXW
9jCA1zefyHarraZoc7piaXQq7wf+p5aK8NlZ/Q9sCQYTyiqHQWqY5O2RIUVRydMm
SLxfrDYcD5ip/evQKi2yphwEO+qfU9rABUBWe5ayeLbi0f6nlEG6iXS5kVXRXHD8
pJiiwm4nJ30T9RNhwsnjT0UOmcHxUwwgTD4y1jbYwU7Irb+bjlqvtNPAzz18NBoF
bxA5NEoWtl4PSAcKER0U
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:25:20 2026 by rpki-client