Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zlqCLIKzKfc8q855IVtjvevL918.roa
File: zlqCLIKzKfc8q855IVtjvevL918.roa (raw, json)
Hash identifier: 7fmRXeIVNK6o19irgsZFM+y550AgQKr/Y+QPliLuf40=
Subject key identifier: CE:5A:82:2C:82:B3:29:F7:3C:AB:CE:79:21:5B:63:BD:EB:CB:F7:5F
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019CBD69B53F0FCE615389408034B7DA0D3D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zlqCLIKzKfc8q855IVtjvevL918.roa
Signing time: Thu 05 Mar 2026 09:52:27 +0000
ROA not before: Thu 05 Mar 2026 09:52:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197537
IP address blocks: 82.152.114.0/24 maxlen: 24
82.152.115.0/24 maxlen: 24
82.152.143.0/24 maxlen: 24
82.152.186.0/24 maxlen: 24
82.153.114.0/24 maxlen: 24
109.176.203.0/24 maxlen: 24
109.176.230.0/24 maxlen: 24
213.218.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 22:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:bd:69:b5:3f:0f:ce:61:53:89:40:80:34:b7:da:0d:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 5 09:52:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ce5a822c82b329f73cabce79215b63bdebcbf75f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f0:93:48:76:7c:c0:c7:f7:96:ca:16:ab:3b:
c1:e4:37:88:ee:65:af:f7:2a:5b:29:91:28:14:6f:
9d:18:d5:df:16:6f:ed:a6:e1:fc:f5:44:a9:e7:86:
07:cc:6d:31:b2:5d:d8:ff:7e:17:21:db:d6:de:36:
db:89:fe:15:74:fd:6d:2e:3e:15:91:f3:60:83:00:
5f:b1:f0:65:31:8b:e7:21:33:6f:d0:50:99:cc:fe:
ef:b9:cd:f2:2f:f0:26:ca:87:cf:f3:15:a9:6a:9d:
53:8a:d2:bc:fc:24:25:5c:e5:eb:c9:95:2d:6d:e7:
70:84:6d:dc:1c:1f:5e:31:91:a8:b4:dd:34:ce:d2:
16:d5:0b:fc:16:69:d0:4b:27:d8:40:6f:bb:d1:6b:
45:94:31:83:d0:2d:a8:32:cc:67:f9:68:c1:a3:74:
87:bb:ec:79:fc:36:28:79:a4:03:2b:13:58:36:0a:
07:5e:de:b0:13:dd:ed:1a:d6:ee:87:8a:ea:05:fe:
4e:b2:16:78:18:e4:67:77:d6:38:77:65:12:3c:a3:
58:72:24:db:2e:5e:4b:68:3f:91:c0:52:70:c5:a1:
52:15:19:eb:f2:e9:6e:cc:c3:ee:9e:7f:53:d4:ae:
5e:9e:45:65:66:61:bd:c4:72:fd:57:80:be:26:fb:
2a:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:5A:82:2C:82:B3:29:F7:3C:AB:CE:79:21:5B:63:BD:EB:CB:F7:5F
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zlqCLIKzKfc8q855IVtjvevL918.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.114.0/23
82.152.143.0/24
82.152.186.0/24
82.153.114.0/24
109.176.203.0/24
109.176.230.0/24
213.218.247.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:42:fc:f2:43:98:40:94:23:8f:47:38:bc:b6:0a:d1:d9:e2:
b3:2e:bc:6b:52:af:c0:79:82:22:55:27:15:3d:12:aa:f2:e3:
51:96:0f:24:2f:e6:41:97:69:c4:e3:a2:0e:05:3a:84:9d:23:
d2:68:58:92:ff:e1:c2:8c:79:55:78:0d:c7:2a:2c:6b:18:38:
2b:9c:79:22:90:ee:55:10:0d:3d:32:dc:8b:6a:90:d5:6b:cc:
61:3f:65:c7:29:94:8e:5c:af:0d:64:51:21:de:6f:f3:1c:c3:
be:1f:95:cb:4a:87:85:11:db:3b:1b:70:42:40:76:90:c7:55:
9e:94:33:75:75:6b:90:69:66:00:70:da:ef:79:cb:82:e0:7e:
77:e1:93:97:b3:ee:e8:d7:07:15:60:cd:ab:66:af:af:1f:4d:
59:63:17:ab:1d:4d:fd:f2:76:e9:10:84:ef:94:a9:7b:18:9e:
da:ac:4f:c3:b2:85:25:96:99:6d:40:3c:18:73:79:4a:3d:fe:
ba:62:27:89:c7:1a:7c:50:a4:26:9e:64:65:30:e9:d1:16:4b:
db:3c:46:be:08:80:a8:9f:b8:a2:c5:7e:5c:cc:bd:17:75:9f:
5e:8f:16:3e:64:66:1a:3e:12:99:85:d1:92:2a:0e:3b:e7:f3:
3f:04:96:ca
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZy9abU/D85hU4lAgDS32g09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzA1MDk1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVhODIyYzgyYjMyOWY3M2NhYmNlNzkyMTViNjNiZGViY2JmNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvCTSHZ8wMf3lsoWqzvB5DeI7mWv
9ypbKZEoFG+dGNXfFm/tpuH89USp54YHzG0xsl3Y/34XIdvW3jbbif4VdP1tLj4V
kfNggwBfsfBlMYvnITNv0FCZzP7vuc3yL/AmyofP8xWpap1TitK8/CQlXOXryZUt
bedwhG3cHB9eMZGotN00ztIW1Qv8FmnQSyfYQG+70WtFlDGD0C2oMsxn+WjBo3SH
u+x5/DYoeaQDKxNYNgoHXt6wE93tGtbuh4rqBf5OshZ4GORnd9Y4d2USPKNYciTb
Ll5LaD+RwFJwxaFSFRnr8uluzMPunn9T1K5enkVlZmG9xHL9V4C+JvsqwQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFM5agiyCsyn3PKvOeSFbY73ry/dfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvemxxQ0xJS3pLZmM4cTg1NUlWdGp2ZXZMOTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBUphyAwQA
UpiPAwQAUpi6AwQAUplyAwQAbbDLAwQAbbDmAwQA1dr3MA0GCSqGSIb3DQEBCwUA
A4IBAQBcQvzyQ5hAlCOPRzi8tgrR2eKzLrxrUq/AeYIiVScVPRKq8uNRlg8kL+ZB
l2nE46IOBTqEnSPSaFiS/+HCjHlVeA3HKixrGDgrnHkikO5VEA09MtyLapDVa8xh
P2XHKZSOXK8NZFEh3m/zHMO+H5XLSoeFEds7G3BCQHaQx1WelDN1dWuQaWYAcNrv
ecuC4H534ZOXs+7o1wcVYM2rZq+vH01ZYxerHU398nbpEITvlKl7GJ7arE/DsoUl
lpltQDwYc3lKPf66YieJxxp8UKQmnmRlMOnRFkvbPEa+CICon7iixX5czL0XdZ9e
jxY+ZGYaPhKZhdGSKg475/M/BJbK
-----END CERTIFICATE-----
Generated at Thu Mar 26 04:13:03 2026 by rpki-client