Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Ig_zAXCn9vbFw7KxbkjMl45qbh4.roa
File: Ig_zAXCn9vbFw7KxbkjMl45qbh4.roa (raw, json)
Hash identifier: VV7LhTzcbYlq8rfyk66GOg6XaES1MuVkOsiFHAWaNpk=
Subject key identifier: 22:0F:F3:01:70:A7:F6:F6:C5:C3:B2:B1:6E:48:CC:97:8E:6A:6E:1E
Certificate issuer: /CN=65121c3f9207a37345e38702c89d179bf444aa08
Certificate serial: 019D24A2BF38EB6CCB340062039A7C5F7370
Authority key identifier: 65:12:1C:3F:92:07:A3:73:45:E3:87:02:C8:9D:17:9B:F4:44:AA:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Ig_zAXCn9vbFw7KxbkjMl45qbh4.roa
Signing time: Wed 25 Mar 2026 10:55:38 +0000
ROA not before: Wed 25 Mar 2026 10:55:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202200
IP address blocks: 139.23.122.0/24 maxlen: 24
141.29.182.0/23 maxlen: 24
141.73.124.0/23 maxlen: 24
141.73.148.0/23 maxlen: 24
141.73.154.0/23 maxlen: 24
141.73.166.0/23 maxlen: 24
141.73.240.0/23 maxlen: 24
141.73.246.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:24:a2:bf:38:eb:6c:cb:34:00:62:03:9a:7c:5f:73:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65121c3f9207a37345e38702c89d179bf444aa08
Validity
Not Before: Mar 25 10:55:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=220ff30170a7f6f6c5c3b2b16e48cc978e6a6e1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:59:08:f3:69:07:a6:22:76:c9:7e:34:d0:42:
9f:a2:57:2b:60:d3:b9:03:bf:e8:f8:45:8d:f7:26:
99:69:ec:ae:7a:64:64:c3:d0:fa:56:5d:bf:13:3b:
3d:a1:ca:a8:79:aa:31:80:47:ab:79:1d:56:fd:0f:
36:d2:69:df:f6:30:86:b8:65:a1:d5:c0:db:36:88:
4e:60:90:49:b3:3e:ca:30:09:be:59:6d:cd:fb:ab:
d9:93:46:69:36:5a:04:05:37:01:a2:99:98:ec:5d:
9a:e0:f6:2f:c3:d4:d6:a6:e9:a6:c9:a9:28:dd:2a:
6a:84:34:94:b2:11:cd:8e:84:4a:10:a3:e3:ea:37:
db:c4:e0:8c:b3:a3:e7:13:22:5d:f3:6d:be:47:4c:
4e:c1:a6:ba:61:5a:c8:c1:82:52:ed:1e:c5:b6:d0:
38:ef:94:87:3a:81:54:b0:44:ba:04:07:57:7b:31:
de:fc:e8:71:64:6e:73:4b:22:bc:8c:32:03:cb:81:
9c:c5:8a:7a:75:d0:1a:05:e8:34:b6:bf:32:a8:c1:
fb:50:30:95:7f:4c:3e:8d:fe:c7:12:60:00:72:38:
b1:68:fc:1a:af:ed:ac:4b:98:5e:47:4a:74:bd:34:
ea:f6:57:64:38:32:74:24:28:73:ba:90:fd:3c:87:
00:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:0F:F3:01:70:A7:F6:F6:C5:C3:B2:B1:6E:48:CC:97:8E:6A:6E:1E
X509v3 Authority Key Identifier:
keyid:65:12:1C:3F:92:07:A3:73:45:E3:87:02:C8:9D:17:9B:F4:44:AA:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/Ig_zAXCn9vbFw7KxbkjMl45qbh4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/12c13e-f675-4882-bbe6-48d3ca161bb0/1/ZRIcP5IHo3NF44cCyJ0Xm_REqgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.23.122.0/24
141.29.182.0/23
141.73.124.0/23
141.73.148.0/23
141.73.154.0/23
141.73.166.0/23
141.73.240.0/23
141.73.246.0/23
Signature Algorithm: sha256WithRSAEncryption
98:78:50:11:9d:aa:fe:2f:02:04:34:68:66:1c:e2:00:a1:13:
29:76:4b:b9:0b:c5:a5:12:67:61:ba:6d:d9:b5:7d:95:c6:74:
9f:5e:b4:4d:0c:ae:ae:30:9f:c6:42:1d:bf:91:c0:4d:e3:99:
53:50:89:4e:63:da:c8:e6:6c:38:da:f4:af:8a:bc:3f:fb:ce:
2b:8e:d7:be:ea:a9:8b:65:c5:88:8d:1f:9d:aa:4e:81:ca:23:
1b:e3:7f:ae:a5:a7:26:61:ca:e1:f3:14:44:59:65:f5:1c:ea:
17:b9:c5:dd:03:6d:a0:ed:79:37:ad:01:5c:5d:20:f9:e6:5d:
d1:25:16:d3:f4:0f:80:2a:bf:00:99:93:d0:21:4f:11:97:37:
f7:2b:6b:af:ef:a2:5c:10:5f:c1:2a:3d:e5:ba:cd:d8:47:66:
e6:91:1e:e6:d6:96:dd:c7:ae:3d:a7:e4:45:c0:b4:92:3b:65:
f4:f7:33:4e:59:3b:74:51:b3:80:5b:f9:84:17:9f:4a:4a:25:
bb:14:06:e6:87:9e:67:7b:94:5b:f6:ac:84:5a:4d:5a:d8:81:
12:b0:2f:17:7f:52:dc:10:4e:5f:6f:8d:59:e3:ed:b9:d2:ca:
34:77:3a:a0:de:75:ba:a8:bd:0c:f4:30:ed:67:60:5f:70:7d:
ec:0a:6a:cf
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ0kor8462zLNABiA5p8X3NwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MTIxYzNmOTIwN2EzNzM0NWUzODcwMmM4OWQxNzliZjQ0
NGFhMDgwHhcNMjYwMzI1MTA1NTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjBmZjMwMTcwYTdmNmY2YzVjM2IyYjE2ZTQ4Y2M5NzhlNmE2ZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVkI82kHpiJ2yX400EKfolcrYNO5
A7/o+EWN9yaZaeyuemRkw9D6Vl2/Ezs9ocqoeaoxgEereR1W/Q820mnf9jCGuGWh
1cDbNohOYJBJsz7KMAm+WW3N+6vZk0ZpNloEBTcBopmY7F2a4PYvw9TWpummyako
3SpqhDSUshHNjoRKEKPj6jfbxOCMs6PnEyJd822+R0xOwaa6YVrIwYJS7R7FttA4
75SHOoFUsES6BAdXezHe/OhxZG5zSyK8jDIDy4GcxYp6ddAaBeg0tr8yqMH7UDCV
f0w+jf7HEmAAcjixaPwar+2sS5heR0p0vTTq9ldkODJ0JChzupD9PIcA5QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCIP8wFwp/b2xcOysW5IzJeOam4eMB8GA1UdIwQY
MBaAFGUSHD+SB6NzReOHAsidF5v0RKoIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlJJY1A1SUhvM05GNDRjQ3lKMFhtX1JFcWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8xMmMxM2UtZjY3NS00ODgyLWJiZTYt
NDhkM2NhMTYxYmIwLzEvSWdfekFYQ245dmJGdzdLeGJrak1sNDVxYmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8xMmMxM2UtZjY3NS00ODgyLWJiZTYtNDhkM2NhMTYxYmIw
LzEvWlJJY1A1SUhvM05GNDRjQ3lKMFhtX1JFcWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAixd6AwQB
jR22AwQBjUl8AwQBjUmUAwQBjUmaAwQBjUmmAwQBjUnwAwQBjUn2MA0GCSqGSIb3
DQEBCwUAA4IBAQCYeFARnar+LwIENGhmHOIAoRMpdku5C8WlEmdhum3ZtX2VxnSf
XrRNDK6uMJ/GQh2/kcBN45lTUIlOY9rI5mw42vSvirw/+84rjte+6qmLZcWIjR+d
qk6ByiMb43+upacmYcrh8xREWWX1HOoXucXdA22g7Xk3rQFcXSD55l3RJRbT9A+A
Kr8AmZPQIU8Rlzf3K2uv76JcEF/BKj3lus3YR2bmkR7m1pbdx649p+RFwLSSO2X0
9zNOWTt0UbOAW/mEF59KSiW7FAbmh55ne5Rb9qyEWk1a2IESsC8Xf1LcEE5fb41Z
4+250so0dzqg3nW6qL0M9DDtZ2BfcH3sCmrP
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:25:01 2026 by rpki-client