Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/KZqOTg79baj8AoD8ZTcTWzUxDrY.roa
File: KZqOTg79baj8AoD8ZTcTWzUxDrY.roa (raw, json)
Hash identifier: GsTbz6kRyxTcuZicC3bVdI5BpCL5hf76eSHiBsXm+nM=
Subject key identifier: 29:9A:8E:4E:0E:FD:6D:A8:FC:02:80:FC:65:37:13:5B:35:31:0E:B6
Certificate issuer: /CN=ac5d4cea41585a0a368401699280ac1b6bb73223
Certificate serial: 019BE091312A970872A0C32ADB962579CDA2
Authority key identifier: AC:5D:4C:EA:41:58:5A:0A:36:84:01:69:92:80:AC:1B:6B:B7:32:23
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/KZqOTg79baj8AoD8ZTcTWzUxDrY.roa
Signing time: Wed 21 Jan 2026 12:39:30 +0000
ROA not before: Wed 21 Jan 2026 12:39:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31507
IP address blocks: 78.110.80.0/20 maxlen: 20
78.110.80.0/21 maxlen: 21
78.110.88.0/21 maxlen: 21
83.166.0.0/19 maxlen: 19
83.166.0.0/21 maxlen: 21
83.166.24.0/21 maxlen: 21
2a0a:1000::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.mft
rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 06:01:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:e0:91:31:2a:97:08:72:a0:c3:2a:db:96:25:79:cd:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ac5d4cea41585a0a368401699280ac1b6bb73223
Validity
Not Before: Jan 21 12:39:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=299a8e4e0efd6da8fc0280fc6537135b35310eb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:e2:a8:d4:15:9c:3c:3e:8c:84:1c:51:94:4e:
ef:a3:14:16:7c:91:8b:df:30:e2:61:7d:66:ce:28:
50:64:19:5b:e3:9f:19:1c:c0:f4:a1:37:b4:7d:1a:
f2:01:5e:93:c9:93:77:9c:03:fa:a2:6f:62:1b:fe:
9d:20:b1:a0:94:34:92:15:2f:c9:eb:63:00:fe:c4:
fa:fd:3d:49:2b:f9:e2:af:e1:cb:f6:b6:7b:3a:c8:
09:43:4a:39:29:47:8f:5b:8d:fc:1d:28:c7:dd:37:
3c:74:e5:29:71:a9:70:e6:84:5c:e4:e4:75:3f:28:
ed:b0:7b:ef:28:cf:8d:90:87:27:32:79:bf:63:83:
86:9b:f6:4f:34:f7:20:03:64:62:ac:49:4f:11:81:
26:af:f6:65:4b:8f:0b:5b:d3:ad:2f:83:9d:8d:3d:
a5:62:84:60:e5:b7:ad:95:90:24:2d:f1:a7:c5:fd:
9e:2c:e3:05:dc:63:de:7f:76:1e:c8:13:3e:94:8d:
09:94:02:f4:c3:da:c5:67:b1:c1:52:e0:7c:21:69:
c1:63:ef:76:0a:94:c2:b6:50:e1:54:28:dc:2f:d5:
b8:33:8e:2a:52:5c:49:f5:df:b3:be:39:f7:8d:0c:
86:ca:0a:90:d5:f8:96:a7:c2:be:7b:00:1f:46:3b:
39:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:9A:8E:4E:0E:FD:6D:A8:FC:02:80:FC:65:37:13:5B:35:31:0E:B6
X509v3 Authority Key Identifier:
keyid:AC:5D:4C:EA:41:58:5A:0A:36:84:01:69:92:80:AC:1B:6B:B7:32:23
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/KZqOTg79baj8AoD8ZTcTWzUxDrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.110.80.0/20
83.166.0.0/19
IPv6:
2a0a:1000::/29
Signature Algorithm: sha256WithRSAEncryption
62:18:a3:29:d3:b5:21:77:d5:c8:e8:e3:61:9c:68:05:51:7c:
ca:44:ed:b7:cb:c5:e4:d9:da:fd:8c:04:39:ed:51:be:3a:d1:
cf:aa:08:02:dc:23:21:17:d9:eb:38:69:e9:11:8d:fc:ad:e5:
b4:96:42:d9:92:e5:3f:23:c0:5e:f3:7d:fd:e8:4c:b9:e3:5e:
20:03:96:c7:40:c4:fd:4f:88:a8:de:06:fd:a1:46:49:70:16:
da:98:7d:40:46:9f:37:97:e3:21:26:d5:4a:7e:23:17:13:06:
1b:69:dc:cc:af:65:85:b6:a2:85:82:d3:dd:0c:70:2c:05:fe:
e8:fc:91:79:5b:2b:00:b1:6f:9b:1c:bd:3d:c8:df:5c:04:19:
46:a5:cd:a5:34:38:0a:d9:d6:ef:ab:2f:84:2c:2b:b6:6f:74:
b9:99:21:4a:2c:40:e1:1e:ff:af:f0:c5:ad:ef:d6:9d:e8:f5:
d4:c0:5a:99:cb:67:4f:7d:26:60:5a:a5:e6:93:fb:e0:3e:b0:
f7:99:e0:de:8a:0d:f5:70:4b:8c:c4:1f:88:5d:85:21:3b:76:
46:c9:50:f7:04:26:23:1a:59:f2:7a:f1:ea:1b:8e:2c:d5:1d:
ea:81:cc:7c:21:da:8f:b8:ed:0a:2e:e7:5e:bc:62:7e:f6:78:
03:81:21:f2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZvgkTEqlwhyoMMq25Ylec2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNWQ0Y2VhNDE1ODVhMGEzNjg0MDE2OTkyODBhYzFiNmJi
NzMyMjMwHhcNMjYwMTIxMTIzOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlhOGU0ZTBlZmQ2ZGE4ZmMwMjgwZmM2NTM3MTM1YjM1MzEwZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Ko1BWcPD6MhBxRlE7voxQWfJGL
3zDiYX1mzihQZBlb458ZHMD0oTe0fRryAV6TyZN3nAP6om9iG/6dILGglDSSFS/J
62MA/sT6/T1JK/nir+HL9rZ7OsgJQ0o5KUePW438HSjH3Tc8dOUpcalw5oRc5OR1
PyjtsHvvKM+NkIcnMnm/Y4OGm/ZPNPcgA2RirElPEYEmr/ZlS48LW9OtL4OdjT2l
YoRg5betlZAkLfGnxf2eLOMF3GPef3YeyBM+lI0JlAL0w9rFZ7HBUuB8IWnBY+92
CpTCtlDhVCjcL9W4M44qUlxJ9d+zvjn3jQyGygqQ1fiWp8K+ewAfRjs5dwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCmajk4O/W2o/AKA/GU3E1s1MQ62MB8GA1UdIwQY
MBaAFKxdTOpBWFoKNoQBaZKArBtrtzIjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckYxTTZrRllXZ28yaEFGcGtvQ3NHMnUzTWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS81YTVlODctOTVkZC00NWIzLTg3YzEt
YmFkZDY5NmNjOTg2LzEvS1pxT1RnNzliYWo4QW9EOFpUY1RXelV4RHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS81YTVlODctOTVkZC00NWIzLTg3YzEtYmFkZDY5NmNjOTg2
LzEvckYxTTZrRllXZ28yaEFGcGtvQ3NHMnUzTWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQETm5QAwQF
U6YAMA0EAgACMAcDBQMqChAAMA0GCSqGSIb3DQEBCwUAA4IBAQBiGKMp07Uhd9XI
6ONhnGgFUXzKRO23y8Xk2dr9jAQ57VG+OtHPqggC3CMhF9nrOGnpEY38reW0lkLZ
kuU/I8Be83396Ey5414gA5bHQMT9T4io3gb9oUZJcBbamH1ARp83l+MhJtVKfiMX
EwYbadzMr2WFtqKFgtPdDHAsBf7o/JF5WysAsW+bHL09yN9cBBlGpc2lNDgK2dbv
qy+ELCu2b3S5mSFKLEDhHv+v8MWt79ad6PXUwFqZy2dPfSZgWqXmk/vgPrD3meDe
ig31cEuMxB+IXYUhO3ZGyVD3BCYjGlnyevHqG44s1R3qgcx8IdqPuO0KLudevGJ+
9ngDgSHy
-----END CERTIFICATE-----
Generated at Thu Mar 26 16:41:24 2026 by rpki-client