Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/zIANn_XjTHpNl_tFmNq6MbPyZNE.roa
File: zIANn_XjTHpNl_tFmNq6MbPyZNE.roa (raw, json)
Hash identifier: b1/JePGfEJmKChck6onI1sptZi1SnAwXlnetMtXFNvo=
Subject key identifier: CC:80:0D:9F:F5:E3:4C:7A:4D:97:FB:45:98:DA:BA:31:B3:F2:64:D1
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 0198C7BC9F480225D04AE675C872124BD5F4
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/zIANn_XjTHpNl_tFmNq6MbPyZNE.roa
Signing time: Wed 20 Aug 2025 13:48:04 +0000
ROA not before: Wed 20 Aug 2025 13:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8473
IP address blocks: 81.88.72.0/22 maxlen: 22
81.88.78.0/23 maxlen: 23
2a01:460::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.mft
rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:c7:bc:9f:48:02:25:d0:4a:e6:75:c8:72:12:4b:d5:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Aug 20 13:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cc800d9ff5e34c7a4d97fb4598daba31b3f264d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:3d:7e:0f:61:91:c1:4e:07:e1:4d:2c:7c:06:
59:bc:f4:8f:d7:98:0b:d2:30:12:48:10:ca:ab:1c:
0b:db:5a:71:17:2f:d1:5c:aa:b4:8a:dc:6e:a7:9d:
34:6d:c2:dd:1f:be:e0:a7:e0:e0:3d:4b:9a:58:6b:
69:a4:22:94:65:bc:da:ca:42:2e:c3:d1:78:12:ce:
49:8d:57:30:94:45:4e:da:74:aa:bd:f4:a9:90:0f:
36:f0:6d:5f:bf:c9:79:f8:11:b9:f5:6c:8c:87:c4:
74:d0:ce:86:5f:c8:34:d8:b6:3c:5c:83:07:29:84:
c9:45:e8:97:ac:3e:a9:aa:60:80:dd:30:34:6f:89:
e3:88:7f:64:7c:ac:9f:40:c0:e1:b7:27:0d:f5:4f:
fb:56:77:8f:3c:41:21:49:b0:ae:a1:1c:cc:60:7d:
dc:df:87:59:92:4b:f4:b4:10:54:54:55:98:f1:e1:
13:92:d8:9d:dd:76:94:b9:2f:40:f2:e0:7e:e6:35:
22:e9:e0:e1:db:92:6c:65:36:32:8f:a5:9b:dc:6c:
94:a1:69:a4:7d:2f:e9:41:ac:fb:93:ff:90:02:cd:
9c:90:bd:ca:da:71:ed:d5:7a:45:f2:cd:47:9b:5c:
a4:97:02:b0:26:a7:6e:94:9f:af:31:77:08:80:87:
2a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:80:0D:9F:F5:E3:4C:7A:4D:97:FB:45:98:DA:BA:31:B3:F2:64:D1
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/zIANn_XjTHpNl_tFmNq6MbPyZNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.72.0/22
81.88.78.0/23
IPv6:
2a01:460::/32
Signature Algorithm: sha256WithRSAEncryption
b1:29:4a:aa:7e:fb:91:37:61:ae:d2:54:77:57:cc:83:7e:2c:
fb:b3:ae:db:7f:74:06:ef:f5:76:fd:f5:55:c4:0a:7f:a4:22:
7a:d2:6f:5f:0c:58:ce:35:b7:85:e6:32:e4:20:cb:b8:79:a1:
a4:b9:a9:01:b4:23:16:41:68:95:57:25:3d:08:d8:56:b4:6f:
07:eb:c2:73:05:8d:d5:bc:ae:a5:fc:24:91:0f:e9:f2:a0:9c:
77:1c:b6:1d:ff:4a:b1:ce:44:ff:33:7f:f3:6c:1f:0b:99:45:
b9:dd:ae:4d:f9:0d:ee:f6:67:b7:61:01:40:97:3b:9a:8a:fe:
2c:ff:a3:8a:61:ef:8f:fa:54:04:06:97:f7:aa:52:b5:e2:93:
0b:cd:ee:cf:e9:87:57:54:e6:6e:69:4c:93:42:0a:a3:1f:33:
b6:53:55:2d:3e:f7:de:10:9a:ae:e5:c4:84:11:9e:58:08:23:
0e:37:27:5d:ff:a0:ac:90:39:b0:5c:2a:3d:c9:19:1b:67:2d:
18:42:2b:0b:e4:61:8d:30:c3:40:61:aa:01:88:36:3e:b5:67:
fe:af:37:26:e5:9f:60:89:ff:49:59:3b:bc:66:9b:4d:1e:03:
7a:d0:e2:0a:a9:89:83:50:c4:5c:f1:95:64:97:d9:20:3b:3d:
28:21:90:49
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZjHvJ9IAiXQSuZ1yHISS9X0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjUwODIwMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzgwMGQ5ZmY1ZTM0YzdhNGQ5N2ZiNDU5OGRhYmEzMWIzZjI2NGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzj1+D2GRwU4H4U0sfAZZvPSP15gL
0jASSBDKqxwL21pxFy/RXKq0itxup500bcLdH77gp+DgPUuaWGtppCKUZbzaykIu
w9F4Es5JjVcwlEVO2nSqvfSpkA828G1fv8l5+BG59WyMh8R00M6GX8g02LY8XIMH
KYTJReiXrD6pqmCA3TA0b4njiH9kfKyfQMDhtycN9U/7VnePPEEhSbCuoRzMYH3c
34dZkkv0tBBUVFWY8eETktid3XaUuS9A8uB+5jUi6eDh25JsZTYyj6Wb3GyUoWmk
fS/pQaz7k/+QAs2ckL3K2nHt1XpF8s1Hm1yklwKwJqdulJ+vMXcIgIcqiQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMyADZ/140x6TZf7RZjaujGz8mTRMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEveklBTm5fWGpUSHBObF90Rm1OcTZNYlB5Wk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCUVhIAwQB
UVhOMA0EAgACMAcDBQAqAQRgMA0GCSqGSIb3DQEBCwUAA4IBAQCxKUqqfvuRN2Gu
0lR3V8yDfiz7s67bf3QG7/V2/fVVxAp/pCJ60m9fDFjONbeF5jLkIMu4eaGkuakB
tCMWQWiVVyU9CNhWtG8H68JzBY3VvK6l/CSRD+nyoJx3HLYd/0qxzkT/M3/zbB8L
mUW53a5N+Q3u9me3YQFAlzuaiv4s/6OKYe+P+lQEBpf3qlK14pMLze7P6YdXVOZu
aUyTQgqjHzO2U1UtPvfeEJqu5cSEEZ5YCCMONydd/6CskDmwXCo9yRkbZy0YQisL
5GGNMMNAYaoBiDY+tWf+rzcm5Z9gif9JWTu8ZptNHgN60OIKqYmDUMRc8ZVkl9kg
Oz0oIZBJ
-----END CERTIFICATE-----
Generated at Sat Aug 23 21:47:49 2025 by rpki-client