Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/JAStZ6A9n9zWvYVE9_qtI3LhQxI.roa
File: JAStZ6A9n9zWvYVE9_qtI3LhQxI.roa (raw, json)
Hash identifier: xkXaIWm/m1ovjWJVQKRLwQEY11jjSdg+EpABOd2GRFY=
Subject key identifier: 24:04:AD:67:A0:3D:9F:DC:D6:BD:85:44:F7:FA:AD:23:72:E1:43:12
Certificate issuer: /CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Certificate serial: 019D00B9CCB4E2F54520C88223C211CEB395
Authority key identifier: CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/JAStZ6A9n9zWvYVE9_qtI3LhQxI.roa
Signing time: Wed 18 Mar 2026 11:34:29 +0000
ROA not before: Wed 18 Mar 2026 11:34:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208172
IP address blocks: 72.251.208.0/24 maxlen: 24
72.251.209.0/24 maxlen: 24
72.251.210.0/24 maxlen: 24
72.251.211.0/24 maxlen: 24
72.251.212.0/24 maxlen: 24
72.251.213.0/24 maxlen: 24
72.251.214.0/24 maxlen: 24
72.251.215.0/24 maxlen: 24
72.251.216.0/24 maxlen: 24
72.251.217.0/24 maxlen: 24
72.251.218.0/24 maxlen: 24
72.251.219.0/24 maxlen: 24
81.27.86.0/24 maxlen: 24
159.26.96.0/24 maxlen: 24
159.26.97.0/24 maxlen: 24
159.26.98.0/24 maxlen: 24
159.26.99.0/24 maxlen: 24
159.26.100.0/24 maxlen: 24
159.26.101.0/24 maxlen: 24
159.26.102.0/24 maxlen: 24
159.26.103.0/24 maxlen: 24
159.26.104.0/24 maxlen: 24
159.26.105.0/24 maxlen: 24
159.26.106.0/24 maxlen: 24
159.26.107.0/24 maxlen: 24
159.26.108.0/24 maxlen: 24
159.26.109.0/24 maxlen: 24
159.26.110.0/24 maxlen: 24
159.26.111.0/24 maxlen: 24
159.26.112.0/24 maxlen: 24
159.26.113.0/24 maxlen: 24
159.26.114.0/24 maxlen: 24
159.26.115.0/24 maxlen: 24
159.26.116.0/24 maxlen: 24
159.26.117.0/24 maxlen: 24
159.26.118.0/24 maxlen: 24
159.26.119.0/24 maxlen: 24
159.26.120.0/24 maxlen: 24
159.26.121.0/24 maxlen: 24
159.26.122.0/24 maxlen: 24
159.26.123.0/24 maxlen: 24
159.26.124.0/24 maxlen: 24
159.26.125.0/24 maxlen: 24
159.26.126.0/24 maxlen: 24
159.26.127.0/24 maxlen: 24
205.147.16.0/24 maxlen: 24
205.147.17.0/24 maxlen: 24
205.147.18.0/24 maxlen: 24
205.147.19.0/24 maxlen: 24
205.147.20.0/24 maxlen: 24
205.147.21.0/24 maxlen: 24
205.147.22.0/24 maxlen: 24
205.147.23.0/24 maxlen: 24
205.147.27.0/24 maxlen: 24
205.147.28.0/24 maxlen: 24
205.147.29.0/24 maxlen: 24
205.147.30.0/24 maxlen: 24
205.147.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.mft
rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 23:00:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:00:b9:cc:b4:e2:f5:45:20:c8:82:23:c2:11:ce:b3:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd576d876e17e67aa3b1f1c10dab39db2935e22b
Validity
Not Before: Mar 18 11:34:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2404ad67a03d9fdcd6bd8544f7faad2372e14312
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:8e:4b:8e:35:3c:bd:16:f5:bf:25:68:b0:7c:
fc:20:00:f4:67:81:8f:5b:68:d6:ab:c2:44:70:43:
19:27:e9:55:35:23:e3:9e:b6:75:78:f6:f2:28:cb:
5e:2f:19:69:dd:85:cc:58:d1:43:e1:8a:94:c0:b8:
ee:57:4c:fc:cd:2d:86:13:2b:8f:f2:78:5f:73:9c:
39:f1:be:67:57:ce:82:a4:4d:d5:5c:60:49:49:f1:
9e:05:75:ff:40:68:5d:46:ae:97:a9:2e:57:06:59:
b0:88:cf:48:d0:b7:e7:83:28:2b:95:c1:41:e8:09:
b6:1e:10:95:a5:36:a0:84:2c:82:2b:1c:19:bf:c6:
6b:7b:a4:d2:96:f1:a1:e7:69:fb:2f:50:97:4e:32:
9d:34:2f:63:7a:9b:b0:40:5a:8e:55:d7:2d:d2:b9:
5f:ca:07:ed:04:6f:0e:5f:b9:72:33:3b:82:8f:dd:
e8:a5:45:7f:65:8f:6c:3b:ab:57:44:48:2e:67:36:
06:f6:98:56:43:26:75:e4:7b:7e:8d:66:60:18:15:
19:ab:f8:ff:0f:1b:cb:2a:18:97:29:df:8a:c1:13:
26:31:22:e4:6b:ca:54:02:50:6c:ab:21:4a:66:52:
b0:ea:3f:f6:db:e5:4e:e1:66:f5:51:b2:7a:16:a5:
4f:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:04:AD:67:A0:3D:9F:DC:D6:BD:85:44:F7:FA:AD:23:72:E1:43:12
X509v3 Authority Key Identifier:
keyid:CD:57:6D:87:6E:17:E6:7A:A3:B1:F1:C1:0D:AB:39:DB:29:35:E2:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVdth24X5nqjsfHBDas52yk14is.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/JAStZ6A9n9zWvYVE9_qtI3LhQxI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/42f014-cd92-4205-aa53-1a80a2f7d7ea/1/zVdth24X5nqjsfHBDas52yk14is.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
72.251.208.0-72.251.219.255
81.27.86.0/24
159.26.96.0/19
205.147.16.0/21
205.147.27.0-205.147.31.255
Signature Algorithm: sha256WithRSAEncryption
41:c1:67:d5:5f:22:fd:e1:5b:57:56:34:f4:38:4b:bf:d6:8c:
03:3b:9a:a3:98:87:c0:26:f6:07:09:61:d2:dc:42:30:70:0a:
93:d6:cc:2d:0b:c0:04:3b:e2:bd:5b:3b:05:93:89:71:ad:d2:
56:0e:bd:ad:0a:d8:eb:65:21:de:65:31:53:a7:2e:88:07:3d:
c1:78:0d:f7:98:bf:e4:22:9f:51:db:99:35:e5:b1:3b:98:4e:
8c:11:cf:4e:a4:49:36:f4:1a:0e:0c:01:75:3e:af:97:8a:2f:
07:fc:5d:f6:95:b4:15:f6:a0:45:f1:1c:3e:9d:22:c5:cf:61:
d3:76:91:2c:5f:ba:f2:1e:81:cf:f2:d3:29:92:e4:8c:a3:9c:
e1:8c:a5:f9:82:ae:6e:03:ac:21:b0:eb:de:f3:41:00:5e:5a:
fd:1a:4a:bc:c3:6e:2a:b9:8b:54:f1:2e:ae:61:5e:61:dd:3c:
60:03:96:8e:f4:26:88:d4:88:7f:71:10:b4:e6:ec:b1:33:bd:
a9:10:9f:b8:f3:af:a9:49:09:c8:b9:eb:60:43:55:4c:0a:be:
46:97:b6:f4:41:34:65:79:a2:85:d1:de:f8:2a:d0:d5:0d:ae:
4b:38:96:9c:c3:44:05:b4:88:c4:9d:79:20:3d:cb:c5:b1:00:
80:d0:cb:3d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ0Aucy04vVFIMiCI8IRzrOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNTc2ZDg3NmUxN2U2N2FhM2IxZjFjMTBkYWIzOWRiMjkz
NWUyMmIwHhcNMjYwMzE4MTEzNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDA0YWQ2N2EwM2Q5ZmRjZDZiZDg1NDRmN2ZhYWQyMzcyZTE0MzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3I5LjjU8vRb1vyVosHz8IAD0Z4GP
W2jWq8JEcEMZJ+lVNSPjnrZ1ePbyKMteLxlp3YXMWNFD4YqUwLjuV0z8zS2GEyuP
8nhfc5w58b5nV86CpE3VXGBJSfGeBXX/QGhdRq6XqS5XBlmwiM9I0LfngygrlcFB
6Am2HhCVpTaghCyCKxwZv8Zre6TSlvGh52n7L1CXTjKdNC9jepuwQFqOVdct0rlf
ygftBG8OX7lyMzuCj93opUV/ZY9sO6tXREguZzYG9phWQyZ15Ht+jWZgGBUZq/j/
DxvLKhiXKd+KwRMmMSLka8pUAlBsqyFKZlKw6j/22+VO4Wb1UbJ6FqVP4QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCQErWegPZ/c1r2FRPf6rSNy4UMSMB8GA1UdIwQY
MBaAFM1XbYduF+Z6o7HxwQ2rOdspNeIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMt
MWE4MGEyZjdkN2VhLzEvSkFTdFo2QTluOXpXdllWRTlfcXRJM0xoUXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80MmYwMTQtY2Q5Mi00MjA1LWFhNTMtMWE4MGEyZjdkN2Vh
LzEvelZkdGgyNFg1bnFqc2ZIQkRhczUyeWsxNGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBARI+9AD
BAJI+9gDBABRG1YDBAWfGmADBAPNkxAwDAMEAM2TGwMEBc2TADANBgkqhkiG9w0B
AQsFAAOCAQEAQcFn1V8i/eFbV1Y09DhLv9aMAzuao5iHwCb2Bwlh0txCMHAKk9bM
LQvABDvivVs7BZOJca3SVg69rQrY62Uh3mUxU6cuiAc9wXgN95i/5CKfUduZNeWx
O5hOjBHPTqRJNvQaDgwBdT6vl4ovB/xd9pW0FfagRfEcPp0ixc9h03aRLF+68h6B
z/LTKZLkjKOc4Yyl+YKubgOsIbDr3vNBAF5a/RpKvMNuKrmLVPEurmFeYd08YAOW
jvQmiNSIf3EQtObssTO9qRCfuPOvqUkJyLnrYENVTAq+Rpe29EE0ZXmihdHe+CrQ
1Q2uSziWnMNEBbSIxJ15ID3LxbEAgNDLPQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:48:25 2026 by rpki-client