Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZTpDJ1pRCWZWfKh5hQ5wiTYNuvQ.roa
File: ZTpDJ1pRCWZWfKh5hQ5wiTYNuvQ.roa (raw, json)
Hash identifier: hPfmOR4n44gEOTgzmfmHXlnEf4dg00Hnd1phF8IbUl8=
Subject key identifier: 65:3A:43:27:5A:51:09:66:56:7C:A8:79:85:0E:70:89:36:0D:BA:F4
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 019E175E56A8ECF9114ADFFDE2D67B05DB5C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZTpDJ1pRCWZWfKh5hQ5wiTYNuvQ.roa
Signing time: Mon 11 May 2026 14:08:38 +0000
ROA not before: Mon 11 May 2026 14:08:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208185
IP address blocks: 31.58.239.0/24 maxlen: 24
94.183.242.0/24 maxlen: 24
94.183.243.0/24 maxlen: 24
94.183.244.0/24 maxlen: 24
94.183.245.0/24 maxlen: 24
94.183.246.0/24 maxlen: 24
94.183.247.0/24 maxlen: 24
94.183.248.0/22 maxlen: 24
94.183.254.0/24 maxlen: 24
217.60.188.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:17:5e:56:a8:ec:f9:11:4a:df:fd:e2:d6:7b:05:db:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: May 11 14:08:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=653a43275a510966567ca879850e7089360dbaf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bf:d9:c7:2b:cb:30:06:05:f6:46:9b:16:9c:
82:44:24:eb:c2:77:c7:94:28:02:03:4f:31:d7:28:
6d:50:3f:19:8f:be:1b:d4:da:6d:3a:2b:86:d2:8a:
f2:13:20:16:aa:cd:e0:7a:d0:ca:30:25:39:91:be:
7e:a6:9c:ef:e6:48:37:64:3f:22:19:27:44:f1:8c:
e8:4d:99:49:02:69:3a:2e:57:e0:d1:6e:0d:b9:16:
ea:e7:83:df:d0:b5:6c:bc:5e:cc:18:e7:c8:fb:e3:
c0:02:8c:24:38:db:4d:8f:ce:4b:d0:03:5d:b4:87:
34:73:a3:01:29:9c:7c:1d:43:9b:2f:48:42:55:e1:
be:ad:bd:79:ab:87:51:69:5c:26:73:50:17:95:83:
63:fc:37:ac:7b:3d:62:6c:ee:05:66:9e:83:00:9a:
61:2d:11:2d:96:fe:83:38:e1:d3:fd:bf:15:d7:b4:
5d:09:63:59:41:e5:7c:e6:ac:0d:43:e8:99:64:82:
c2:64:31:51:f2:82:42:d2:6a:1e:cf:74:fc:4c:28:
79:7f:eb:d8:6c:ed:99:58:1c:51:91:62:7a:87:79:
30:50:9f:9f:4c:2e:32:48:ee:2b:3b:0d:29:3b:b2:
6e:a0:2a:c4:9a:b9:ae:9e:db:1c:80:13:b8:2d:c9:
7c:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:3A:43:27:5A:51:09:66:56:7C:A8:79:85:0E:70:89:36:0D:BA:F4
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZTpDJ1pRCWZWfKh5hQ5wiTYNuvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.58.239.0/24
94.183.242.0-94.183.251.255
94.183.254.0/24
217.60.188.0/24
Signature Algorithm: sha256WithRSAEncryption
40:46:6f:8e:f0:92:e6:d1:82:50:6a:1d:dd:33:d8:65:15:f1:
b5:b7:8d:da:9b:5c:08:af:ab:7e:85:dc:34:84:8c:4f:bf:71:
3d:c2:15:ad:34:04:d1:5a:ba:97:91:f6:db:af:d2:75:b8:8b:
cc:ef:77:98:c3:e0:ef:ce:c1:13:bb:81:df:8a:13:18:ba:83:
c0:42:4b:59:4c:f0:e8:15:b2:45:4c:89:ef:05:d8:72:75:7a:
d3:2e:40:b3:56:49:f3:07:e0:64:ea:72:d7:38:90:59:ab:db:
9b:ab:03:cc:20:72:e1:b4:3d:d8:a4:c0:33:0c:53:00:39:fb:
fe:84:e5:b4:25:44:b1:2c:2a:68:6c:9b:86:01:c7:a0:cf:c8:
55:bb:01:23:fa:6e:19:f3:3e:2f:0d:28:8a:60:ac:15:99:db:
dd:3e:21:95:bf:b7:50:ec:89:c4:a0:fd:c7:d5:a5:b3:61:8a:
79:b1:2e:7d:6b:e1:ff:1c:0e:96:41:b9:dd:96:9d:0b:46:b6:
1e:0e:42:7f:47:3c:8e:f5:91:1b:49:16:8d:83:ee:b0:c7:9c:
e4:36:9a:9c:04:50:7b:11:aa:62:9f:40:80:31:93:5e:01:de:
f3:15:3f:eb:0f:7b:92:44:45:fd:ea:2d:96:b9:07:c6:9b:21:
59:d2:09:2b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ4XXlao7PkRSt/94tZ7BdtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwNTExMTQwODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNhNDMyNzVhNTEwOTY2NTY3Y2E4Nzk4NTBlNzA4OTM2MGRiYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur/ZxyvLMAYF9kabFpyCRCTrwnfH
lCgCA08x1yhtUD8Zj74b1NptOiuG0oryEyAWqs3getDKMCU5kb5+ppzv5kg3ZD8i
GSdE8YzoTZlJAmk6Llfg0W4NuRbq54Pf0LVsvF7MGOfI++PAAowkONtNj85L0ANd
tIc0c6MBKZx8HUObL0hCVeG+rb15q4dRaVwmc1AXlYNj/Desez1ibO4FZp6DAJph
LREtlv6DOOHT/b8V17RdCWNZQeV85qwNQ+iZZILCZDFR8oJC0moez3T8TCh5f+vY
bO2ZWBxRkWJ6h3kwUJ+fTC4ySO4rOw0pO7JuoCrEmrmuntscgBO4Lcl8uwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGU6QydaUQlmVnyoeYUOcIk2Dbr0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWlRwREoxcFJDV1pXZktoNWhRNXdpVFlOdXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAHzrvMAwD
BAFet/IDBAJet/gDBABet/4DBADZPLwwDQYJKoZIhvcNAQELBQADggEBAEBGb47w
kubRglBqHd0z2GUV8bW3jdqbXAivq36F3DSEjE+/cT3CFa00BNFaupeR9tuv0nW4
i8zvd5jD4O/OwRO7gd+KExi6g8BCS1lM8OgVskVMie8F2HJ1etMuQLNWSfMH4GTq
ctc4kFmr25urA8wgcuG0PdikwDMMUwA5+/6E5bQlRLEsKmhsm4YBx6DPyFW7ASP6
bhnzPi8NKIpgrBWZ290+IZW/t1DsicSg/cfVpbNhinmxLn1r4f8cDpZBud2WnQtG
th4OQn9HPI71kRtJFo2D7rDHnOQ2mpwEUHsRqmKfQIAxk14B3vMVP+sPe5JERf3q
LZa5B8abIVnSCSs=
-----END CERTIFICATE-----
Generated at Tue May 12 22:16:12 2026 by rpki-client