Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zsq2irLPeWb0OklGXOyw2B4D7CA.roa
File: zsq2irLPeWb0OklGXOyw2B4D7CA.roa (raw, json)
Hash identifier: pETBxStwuWemLmFDBTYHPyyXyQgeMbcEI7R/kD0vpjU=
Subject key identifier: CE:CA:B6:8A:B2:CF:79:66:F4:3A:49:46:5C:EC:B0:D8:1E:03:EC:20
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019DE2BF7095DEC78F09E66FEFE791EA129C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zsq2irLPeWb0OklGXOyw2B4D7CA.roa
Signing time: Fri 01 May 2026 08:54:49 +0000
ROA not before: Fri 01 May 2026 08:54:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42689
IP address blocks: 82.152.7.0/24 maxlen: 24
82.152.107.0/24 maxlen: 24
82.153.52.0/24 maxlen: 24
82.153.227.0/24 maxlen: 24
82.153.228.0/23 maxlen: 24
82.153.231.0/24 maxlen: 24
89.213.69.0/24 maxlen: 24
89.213.72.0/24 maxlen: 24
89.213.75.0/24 maxlen: 24
89.213.76.0/24 maxlen: 24
89.213.78.0/24 maxlen: 24
109.176.212.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:e2:bf:70:95:de:c7:8f:09:e6:6f:ef:e7:91:ea:12:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 1 08:54:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cecab68ab2cf7966f43a49465cecb0d81e03ec20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:2b:44:07:cb:63:5e:57:76:16:93:bf:a0:c3:
1e:51:91:67:2d:04:38:a9:44:a9:10:bf:b2:5f:d7:
f0:85:60:7f:7c:9d:14:c9:bf:d1:0b:70:c0:eb:bf:
a7:26:4b:a8:06:a3:64:ad:8d:61:53:43:a1:8b:e7:
bc:83:80:11:10:3b:8c:d6:db:59:10:8b:af:94:7f:
37:e7:ca:56:83:ee:b3:fd:c2:a7:e3:d2:13:29:7b:
6a:98:ce:4c:bc:19:7e:81:31:ca:30:c4:7d:40:1c:
58:f6:0c:e6:17:50:aa:eb:0a:07:2d:02:43:3a:fc:
70:ea:47:bc:79:7d:50:98:30:9e:32:bc:09:f4:8b:
ca:a0:7c:5c:3c:58:14:ac:5b:35:e0:49:37:0a:ff:
71:d7:cb:ab:ac:2e:67:9d:ab:c3:f2:af:28:f6:23:
97:17:cc:2c:6e:a8:d1:d3:60:2e:a5:d3:9f:bf:26:
be:f1:22:40:b0:6d:2f:26:b3:e7:1f:4c:bf:5e:7d:
e2:79:59:e9:cc:0a:eb:62:27:71:72:30:99:1a:33:
0d:86:c0:64:75:c6:3c:5b:d0:26:d3:db:a6:0c:74:
44:3a:20:fd:71:a6:ac:1f:03:f1:f4:1c:a0:fc:a8:
58:2e:fc:55:6a:bd:74:95:11:4e:02:f3:1e:f9:2a:
25:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:CA:B6:8A:B2:CF:79:66:F4:3A:49:46:5C:EC:B0:D8:1E:03:EC:20
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zsq2irLPeWb0OklGXOyw2B4D7CA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.7.0/24
82.152.107.0/24
82.153.52.0/24
82.153.227.0-82.153.229.255
82.153.231.0/24
89.213.69.0/24
89.213.72.0/24
89.213.75.0-89.213.76.255
89.213.78.0/24
109.176.212.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:54:dc:4c:48:03:4e:37:a0:07:00:af:78:e3:68:83:d0:09:
26:fb:b1:0f:14:13:52:6f:88:20:3d:31:90:44:dc:14:18:26:
a0:e2:18:57:5a:aa:4e:e7:d9:71:df:2c:8b:48:91:48:2c:fc:
c0:f1:6b:98:db:c7:f6:84:6e:a1:cf:d3:b5:bb:e8:e1:db:c8:
cf:69:b9:b1:55:fb:01:6b:aa:85:71:f3:dd:5a:53:bb:15:c5:
a2:35:f1:42:e9:2e:74:87:89:1a:f4:bb:a5:9e:c0:ae:73:05:
8d:43:a8:03:50:d2:a8:4b:3d:65:e5:3e:8b:fd:68:cc:56:d3:
47:9f:85:04:5d:eb:b5:56:20:b5:39:90:e2:7c:dc:15:bf:17:
c5:11:a5:7c:10:9a:32:be:0f:d3:1f:73:73:43:60:c8:d9:52:
ae:e6:d6:4c:ab:4a:56:bb:7c:28:6e:90:23:fd:43:b0:f0:b6:
0e:43:94:04:d0:2c:bf:ae:11:34:c7:41:50:72:f1:97:65:57:
fa:07:81:4d:33:42:fe:ad:24:1a:fe:bf:37:a2:f5:5c:03:8c:
be:e7:fc:b6:dd:65:c5:86:95:85:21:df:9d:19:80:29:24:e7:
9e:53:d4:0b:5a:f8:2f:b0:e0:eb:cd:be:d1:48:2b:8b:fb:a4:
3c:a4:19:cd
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZ3iv3CV3sePCeZv7+eR6hKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTAxMDg1NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWNhYjY4YWIyY2Y3OTY2ZjQzYTQ5NDY1Y2VjYjBkODFlMDNlYzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtytEB8tjXld2FpO/oMMeUZFnLQQ4
qUSpEL+yX9fwhWB/fJ0Uyb/RC3DA67+nJkuoBqNkrY1hU0Ohi+e8g4AREDuM1ttZ
EIuvlH8358pWg+6z/cKn49ITKXtqmM5MvBl+gTHKMMR9QBxY9gzmF1Cq6woHLQJD
Ovxw6ke8eX1QmDCeMrwJ9IvKoHxcPFgUrFs14Ek3Cv9x18urrC5nnavD8q8o9iOX
F8wsbqjR02AupdOfvya+8SJAsG0vJrPnH0y/Xn3ieVnpzArrYidxcjCZGjMNhsBk
dcY8W9Am09umDHREOiD9caasHwPx9Byg/KhYLvxVar10lRFOAvMe+SolNQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFM7Ktoqyz3lm9DpJRlzssNgeA+wgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvenNxMmlyTFBlV2IwT2tsR1hPeXcyQjREN0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAUpgHAwQA
UphrAwQAUpk0MAwDBABSmeMDBAFSmeQDBABSmecDBABZ1UUDBABZ1UgwDAMEAFnV
SwMEAFnVTAMEAFnVTgMEAG2w1DANBgkqhkiG9w0BAQsFAAOCAQEAj1TcTEgDTjeg
BwCveONog9AJJvuxDxQTUm+IID0xkETcFBgmoOIYV1qqTufZcd8si0iRSCz8wPFr
mNvH9oRuoc/Ttbvo4dvIz2m5sVX7AWuqhXHz3VpTuxXFojXxQukudIeJGvS7pZ7A
rnMFjUOoA1DSqEs9ZeU+i/1ozFbTR5+FBF3rtVYgtTmQ4nzcFb8XxRGlfBCaMr4P
0x9zc0NgyNlSrubWTKtKVrt8KG6QI/1DsPC2DkOUBNAsv64RNMdBUHLxl2VX+geB
TTNC/q0kGv6/N6L1XAOMvuf8tt1lxYaVhSHfnRmAKSTnnlPUC1r4L7Dg682+0Ugr
i/ukPKQZzQ==
-----END CERTIFICATE-----
Generated at Wed May 13 05:36:23 2026 by rpki-client